最上級のTerraform-Associate-003試験問題HashiCorpテスト最高成績で最速合格をゲットせよ!
試験準備には最適なTerraform-Associate-003試験問題2025年最新のTerraform Associate究極な195問があります
HashiCorp Terraform-Associate-003 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 47
Your root module contains a variable named num_servers. Which is the correct way to pass its value to a child module with an input named servers?
- A. servers = num_servers
- B. servers = ${var.num_servers}
- C. servers = var.num_servers
- D. servers = var(num_servers)
正解:C
解説:
The correct syntax to pass a variable from the root module to a child module is servers = var.num_servers. Terraform uses dot notation to reference variables.
References:
Terraform Variables
質問 # 48
Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Cloud automatically and proactively enforce this security control?
- A. With a Sentinel policy, which runs before every apply
- B. Auditing cloud storage buckets with a vulnerability scanning tool
- C. With an S3 module with proper settings for buckets
- D. By adding variables to each Terraform Cloud workspace to ensure these settings are always enabled
正解:A
解説:
The best way to automatically and proactively enforce the security control that new AWS S3 buckets must be private and encrypted at rest is with a Sentinel policy, which runs before every apply. Sentinel is a policy as code framework that allows you to define and enforce logic-based policies for your infrastructure. Terraform Cloud supports Sentinel policies for all paid tiers, and can run them before any terraform plan or terraform apply operation. You can write a Sentinel policy that checks the configuration of the S3 buckets and ensures that they have the proper settings for privacy and encryption, and then assign the policy to your Terraform Cloud organization or workspace. This way, Terraform Cloud will prevent any changes that violate the policy from being applied.
References = [Sentinel Policy Framework], [Manage Policies in Terraform Cloud], [Write and Test Sentinel Policies for Terraform]
質問 # 49
The public Terraform Module Registry is free to use.
- A. False
- B. True
正解:B
解説:
Explanation
The public Terraform Module Registry is free to use, as it is a public service that hosts thousands of self-contained packages called modules that are used to provision infrastructure. You can browse, use, and publish modules to the registry without any cost.
質問 # 50
You must use different Terraform commands depending on the cloud provider you use.
- A. False
- B. True
正解:A
解説:
Explanation
You do not need to use different Terraform commands depending on the cloud provider you use. Terraform commands are consistent across different providers, as they operate on the Terraform configuration files and state files, not on the provider APIs directly.
質問 # 51
What is the provider for this resource?
- A. Vpc
- B. aws
- C. Main
- D. Test
正解:B
解説:
In the given Terraform configuration snippet:
resource "aws_vpc" "main" {
name = "test"
}
The provider for the resource aws_vpc is aws. The provider is specified by the prefix of the resource type. In this case, aws_vpc indicates that the resource type vpc is provided by the aws provider.
Reference:
Terraform documentation on providers: Terraform Providers
質問 # 52
You much initialize your working directory before running terraform validate.
- A. False
- B. True
正解:B
解説:
Explanation
You must initialize your working directory before running terraform validate, as it will ensure that all the required plugins and modules are installed and configured properly. If you skip this step, you may encounter errors or inconsistencies when validating your configuration files.
質問 # 53
When using Terraform to deploy resources into Azure, which scenarios are true regarding state files? (Choose two.)
- A. Changing resources via the Azure Cloud Console records the change in the current state file
- B. Changing resources via the Azure Cloud Console does not update current state file
- C. When you change a resource via the Azure Cloud Console, Terraform records the changes in a new state file
- D. When you change a Terraform-managed resource via the Azure Cloud Console, Terraform updates the state file to reflect the change during the next plan or apply
正解:B、D
解説:
Terraform state is a representation of the infrastructure that Terraform manages. Terraform uses state to track the current status of the resources it creates and to plan future changes. However, Terraform state is not aware of any changes made to the resources outside of Terraform, such as through the Azure Cloud Console, the Azure CLI, or the Azure API. Therefore, changing resources via the Azure Cloud Console does not update the current state file, and it may cause inconsistencies or conflicts with Terraform's desired configuration. To avoid this, it is recommended to manage resources exclusively through Terraform or to use the terraform import command to bring existing resources under Terraform's control.
When you change a Terraform-managed resource via the Azure Cloud Console, Terraform does not immediately update the state file to reflect the change. However, the next time you run terraform plan or terraform apply, Terraform will compare the state file with the actual state of the resources in Azure and detect any drifts or differences. Terraform will then update the state file to match the current state of the resources and show you the proposed changes in the execution plan. Depending on the configuration and the change, Terraform may try to undo the change, modify the resource further, or recreate the resource entirely. To avoid unexpected or destructive changes, it is recommended to review the execution plan carefully before applying it or to use the terraform refresh command to update the state file without applying any changes.
References = Purpose of Terraform State, Terraform State, Managing State, Importing Infrastructure, [Command: plan], [Command: apply], [Command: refresh]
質問 # 54
What does this code do?
- A. Requires any version of the AWS provider > = 3.0 and <4.0
- B. Requires any version of the AWS provider > = 3.0 major release. like 4.1
- C. Requires any version of the AWS provider > 3.0
- D. Requires any version of the AWS provider >= 3.0
正解:A
解説:
Explanation
This is what this code does, by using the pessimistic constraint operator (~>), which specifies an acceptable range of versions for a provider or module.
質問 # 55
A developer on your team is going lo leaf down an existing deployment managed by Terraform and deploy a new one. However, there is a server resource named aws instant.ubuntu[l] they would like to keep. What command should they use to tell Terraform to stop managing that specific resource?
- A. Terraform state rm:aws_instance.ubuntu[1]
- B. Terraform plan rm:aws_instance.ubuntu[1]
- C. Terraform destory rm:aws_instance.ubuntu[1]
- D. Terraform apply rm:aws_instance.ubuntu[1]
正解:A
解説:
To tell Terraform to stop managing a specific resource without destroying it, you can use the terraform state rm command. This command will remove the resource from the Terraform state, which means that Terraform will no longer track or update the corresponding remote object. However, the object will still exist in the remote system and you can later use terraform import to start managing it again in a different configuration or workspace. The syntax for this command is terraform state rm <address>, where <address> is the resource address that identifies the resource instance to remove. For example, terraform state rm aws_instance.ubuntu[1] will remove the second instance of the aws_instance resource named ubuntu from the state. Reference = : Command: state rm : Moving Resources
質問 # 56
What is a key benefit of the Terraform state file?
- A. A state file is the desired state expressed by the Terraform code files
- B. A state file is a source of truth for resources provisioned with a public cloud console
- C. A state file can schedule recurring infrastructure tasks
- D. A state file is a source of truth for resources provisioned with Terraform
正解:D
解説:
Explanation
This is a key benefit of the Terraform state file, as it stores and tracks the metadata and attributes of the resources that are managed by Terraform, and allows Terraform to compare the current state with the desired state expressed by your configuration files.
質問 # 57
Which of the following arguments are required when declaring a Terraform output?
- A. sensitive
- B. value
- C. default
- D. description
正解:B
解説:
When declaring a Terraform output, thevalueargument is required. Outputs are a way to extract information from Terraform-managed infrastructure, and thevalueargument specifies what data will be outputted. While other arguments likedescriptionandsensitivecan provide additional context or security around the output, valueis the only mandatory argument needed to define an output.References= The requirement of thevalue argument for outputs is specified in Terraform's official documentation, which provides guidelines on defining and using outputs in Terraform configurations.
質問 # 58
Your security team scanned some Terraform workspaces and found secrets stored in plaintext in state files.
How can you protect that data?
- A. Store the state in an encrypted backend
- B. Edit your state file to scrub out the sensitive data
- C. Delete the state file every time you run Terraform
- D. Always store your secrets in a secrets.tfvars file
正解:A
解説:
This is a secure way to protect sensitive data in the state file, as it will be encrypted at rest and in transit2. The other options are not recommended, as they could lead to data loss, errors, or security breaches.
質問 # 59
Which of the following is not true of Terraform providers?
- A. HashiCorp maintains some providers
- B. None of the above
- C. An individual person can write a Terraform Provider
- D. Cloud providers and infrastructure vendors can write, maintain, or collaborate on Terraform
- E. A community of users can maintain a provider
- F. providers
正解:B
解説:
All of the statements are true of Terraform providers. Terraform providers are plugins that enable Terraform to interact with various APIs and services1. Anyone can write a Terraform provider, either as an individual or as part of a community2. HashiCorp maintains some providers, such as the AWS, Azure, and Google Cloud providers3. Cloud providers and infrastructure vendors can also write, maintain, or collaborate on Terraform providers, such as the VMware, Oracle, and Alibaba Cloud providers. Reference =
* 1: Providers - Configuration Language | Terraform | HashiCorp Developer
* 2: Plugin Development - How Terraform Works With Plugins | Terraform | HashiCorp Developer
* 3: Terraform Registry
* : Terraform Registry
質問 # 60
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example.
Git::https://example.com/vpc.git)?
- A. Add version = "1.0.0" parameter to module block
- B. Append pref=v1.0.0 argument to the source path
- C. Nothing modules stored on GitHub always default to version 1.0.0
正解:B
解説:
The best way to specify a tag of v1.0.0 when referencing a module stored in Git is to append ?ref=v1.0.0 argument to the source path. This tells Terraform to use a specific Git reference, such as a branch, tag, or commit, when fetching the module source code. For example, source =
"git::https://example.com/vpc.git?ref=v1.0.0". This ensures that the module version is consistent and reproducible across different environments. References = [Module Sources], [Module Versions]
質問 # 61
It is best practice to store secret data in the same version control repository as your Terraform configuration.
- A. False
- B. True
正解:A
解説:
It is not a best practice to store secret data in the same version control repository as your Terraform configuration, as it could expose your sensitive information to unauthorized parties or compromise your security. You should use environment variables, vaults, or other mechanisms to store and provide secret data to Terraform.
質問 # 62
You are using a networking module in your Terraform configuration with the name label my-network. In your main configuration you have the following code:
When you run terraform validate, you get the following error:
What must you do to successfully retrieve this value from your networking module?
- A. Define the attribute vmet_id as a variable in the networking modeule
- B. Change the reference value module.my,network,outputs,vnet_id
- C. Change the reference value to my-network,outputs,vmet_id
- D. Define the attribute vnet_id as an output in the networking module
正解:D
解説:
This is what you must do to successfully retrieve this value from your networking module, as it will expose the attribute as an output value that can be referenced by other modules or resources. The error message indicates that the networking module does not have an output value named vnet_id, which causes the reference to fail.
質問 # 63
......
注目のTerraform-Associate-003豪華セット試験ガイドで最速合格を目指そう:https://www.goshiken.com/HashiCorp/Terraform-Associate-003-mondaishu.html
Terraform-Associate-003試験ガイド豪華セットで最速合格を目指そう:https://drive.google.com/open?id=17jqKvpsm-w1ncKaevnvyXxKWTppERvDc