00:00

QUESTION 101

- (Exam Topic 1)
Your security team scanned some Terraform workspaces and found secrets stored in a plaintext in state files. How can you protect sensitive data stored in Terraform state files?

Correct Answer: B

QUESTION 102

- (Exam Topic 3)
Mary has created a database instance in AWS and for ease of use is outputting the value of the database password with the following code:
* 1. output "db_password"
* 2. {
* 3. value = local.db_password
* 4. }
Mary wants to hide the output value in the CLI after terraform apply? What is the best way?

Correct Answer: B

QUESTION 103

- (Exam Topic 3)
Ric wants to enable detail logging and he wants highest verbosity of logs. Which of the following environment variable settings is correct option for him to select.

Correct Answer: C
https://www.terraform.io/docs/internals/debugging.html

QUESTION 104

- (Exam Topic 2)
Which of the following best describes the default local backend?

Correct Answer: B
The local backend stores state on the local filesystem, locks that state using system APIs, and performs operations locally.
terraform { backend "local" {
path = "relative/path/to/terraform.tfstate"
}
}
https://www.terraform.io/docs/backends/types/local.html

QUESTION 105

- (Exam Topic 2)
Terraform import command can import resources into modules as well directly into the root of your state.

Correct Answer: A
Import will find the existing resource from ID and import it into your Terraform state at the given ADDRESS. ADDRESS must be a valid resource address. Because any resource address is valid, the import command can import resources into modules as well directly into the root of your state.
Terraform is able to import existing infrastructure. This allows us take resources we've created by some other means (i.e. via console) and bring it under Terraform management.
This is a great way to slowly transition infrastructure to Terraform.
The terraform import command is used to import existing infrastructure.
To import a resource, first write a resource block for it in our configuration, establishing the name by which it will be known to Terraform. For example:
resource "aws_instance" "import_example" {
# ...instance configuration...
}
Now terraform import can be run to attach an existing instance to this resource configuration:
$ terraform import aws_instance.import_example i-03efafa258104165f aws_instance.import_example: Importing from ID "i-03efafa258104165f"... aws_instance.import_example: Import complete!
Imported aws_instance (ID: i-03efafa258104165f) aws_instance.import_example: Refreshing state... (ID: i-03efafa258104165f) Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
This command locates the AWS instance with ID i-03efafa258104165f (which has been created outside Terraform) and attaches its existing settings, as described by the EC2 API, to the name aws_instance.import_example in the Terraform state.
As a result of the above command, the resource is recorded in the state file. We can now run terraform plan to see how the configuration compares to the imported resource, and make any adjustments to the configuration to align with the current (or desired) state of the imported object.
https://www.terraform.io/docs/commands/import.html