Terraform-Associate-003 HashiCorp Certified: Terraform Associate (003) (HCTA0-003) Free Practice Exam Questions (2025 Updated)

Terraforminstalls providers during the terraform init phase.

Providers aredownloaded and installedwhen running terraform init.

A (terraform plan)is incorrect because terraform plan only calculates changes but does not install providers.

C (terraform refresh)is incorrect because terraform refresh only updates the state but does not install providers.

Official Terraform Documentation Reference:

Provider Installation - HashiCorp Documentation

This is what you must do to successfully retrieve this value from your networking module, as it will expose the attribute as an output value that can be referenced by other modules or resources. The error message indicates that the networking module does not have an output value named vnet_id, which causes the reference to fail.

Detailed Explanation:

Rationale for Correct Answer (B):IaC best practice is to manage infrastructure through version-controlled code. Changes should be reviewed and approved (via PRs), ensuring collaboration, traceability, and automation.

Analysis of Incorrect Options:

A, D, E: Making direct/manual changes bypasses IaC practices and causes drift.

C: Running code without PR review skips collaboration and approval.

Key Concept:Infrastructure as Code emphasizes version control + peer review + automation.

The correct way to reference an attribute from the vsphere_datacenter data source for use with the datacenter_id argument within the vsphere_folder resource in the following configuration is data.vsphere_datacenter.dc.id. This follows the syntax for accessing data source attributes, which is data.TYPE.NAME.ATTRIBUTE. In this case, the data source type is vsphere_datacenter, the data source name is dc, and the attribute we want to access is id. The other options are incorrect becausethey either use the wrong syntax, the wrong punctuation, or the wrong case. References = [Data Source: vsphere_datacenter], [Data Source: vsphere_folder], [Expressions: Data Source References]

terraform initdoes not create a main.tf file.

Itinitializesthe Terraform working directory, downloads provider plugins, and configures the backend.

Terraform does not generate an example configuration (main.tf); users must create it manually.

Official Terraform Documentation Reference:

terraform init - HashiCorp Documentation

Speculative Plans: Terraform Cloud’sspeculative planfeature runs automatically when changes are detected in a linked VCS repository, enabling users to review potential infrastructure changes without committing them.

Automatic Integration: This feature automates the planning process by triggering when changes are committed, aiding teams in previewing infrastructure changes seamlessly.

For further understanding, see theTerraform Cloud VCS Integrationdocumentation.

terraform validatechecks for syntax errors and internal consistencyin the configuration files.

However, itdoes notcheck if resource configurations are valid with the provider.

Official Terraform Documentation Reference:

terraform validate - HashiCorp Documentation

Infrastructure as Code (IaC) provides several benefits, including the ability to version control infrastructure, reuse code, and automate infrastructure management. However, IaC is typically associated with declarative configuration files and does not inherently provide a graphical user interface (GUI). A GUI is a feature that may be provided by specific tools or platforms built on top of IaC principles but is not a direct benefit of IaC itself1.

References = The benefits of IaC can be verified from the official HashiCorp documentation on “What is Infrastructure as Code with Terraform?” provided by HashiCorp Developer1.

Terraform follows adeclarativeapproach, meaning it ensures the infrastructure matches the configuration.

If you run terraform apply againwithout any changes, Terraform willdetect that the infrastructure is already up to dateand willdo nothing.

The command will complete successfully with the message"No changes. Your infrastructure matches the configuration."

Official Terraform Documentation Reference:

Terraform Apply - HashiCorp Documentation

This is the Terraform style convention for indenting a nesting level compared to the one above it. The other options are not consistent with the Terraform style guide.

It is not a best practice to store secret data in the same version control repository as your Terraform configuration, as it could expose your sensitive information to unauthorized parties or compromise your security. You should use environment variables, vaults, or other mechanisms to store and provide secret data to Terraform.

The correct syntax to pass a variable from the root module to a child module isservers = var.num_servers. Terraform uses dot notation to reference variables.

This is how Terraform determines dependencies between resources, by using the references between them in the configuration files and other factors that affect the order of operations.

Detailed Explanation:

Rationale for Correct Answer (A):Terraform does not automatically update state references when resource identifiers are renamed. Instead, you must use a moved block in your configuration to inform Terraform how to map the old resource to the new one. This prevents Terraform from destroying and recreating the resource.

Analysis of Incorrect Options:

B & C: Incorrect syntax — moved requires from and to.

D: Incorrect, Terraform won’t auto-detect renames and will plan to destroy and recreate the resource unless a moved block is provided.

Key Concept:The moved block is essential for refactoring resource names without losing resources in state.

Detailed Explanation:

Rationale for Correct Answer (C):Credentials should not be hardcoded in Terraform files. Best practice is to configure them via environment variables or secret managers.

Analysis of Incorrect Options:

A: Shared servers introduce risk and drift.

B: Storing secrets in config/version control is insecure.

D: Incorrect since option C is valid.

Key Concept:Separation of credentials from code is a Terraform security best practice.

This is the variable type that you could use for this input, as it can store multiple attributes of different types within a single value. The other options are either invalid or incorrect for this use case.

Terraform keeps track of the infrastructure state via the state file. When you initially ran terraform plan, Terraform determined that the port should be changed from80 to 443. However, since another team member manually modified the load balancer, Terraform's local state file is now outdated.

When you run terraform apply, Terraform willcompare the expected state (from the plan) with the actual state (from the provider API).

Since the port is already set to443, but the local state file still shows80, Terraform willfail with an errordue to the state mismatch.

To resolve this, you should run terraform refresh or use terraform apply -refresh-only to update the local state before applying changes.

Official Terraform Documentation Reference:

State Management - HashiCorp Documentation

Managing Drift in Terraform

The purpose of state in Terraform is to keep track of the real-world resources managed by Terraform, mapping them to the configuration. The state file contains metadata about these resources, such as resource IDs and other important attributes, which Terraform uses to plan and manage infrastructure changes. The state enables Terraform to know what resources are managed by which configurations and helps in maintaining the desired state of the infrastructure.References = This role of state in Terraform is outlined in Terraform's official documentation, emphasizing its function in mapping configuration to real-world resources and storing vital metadata .

The terraform apply command changes both the cloud infrastructure and the state file after you approve the execution plan. The command creates, updates, or destroys the infrastructure resources to match theconfiguration. It also updates the state file to reflect the new state of the infrastructure. The .terraform directory, the execution plan, and the Terraform code are not changed by the terraform apply command. References = Command: apply and Purpose of Terraform State