HashiCorp Certified: Terraform Associate (004) (HCTA0-004)
Last Update Feb 28, 2026
Total Questions : 301
We are offering FREE Terraform-Associate-004 HashiCorp exam questions. All you do is to just go and sign up. Give your details, prepare Terraform-Associate-004 free exam questions and then go for complete pool of HashiCorp Certified: Terraform Associate (004) (HCTA0-004) test questions that will help you more.
What functionality do providers offer in Terraform?(Pick 3 correct responses)
What is the provider for the resource shown in the Exhibit?
resource "aws_vpc" "main" {
name = "test"
}
You used Terraform to create an ephemeral development environment in the cloud and are now ready to destroy all the infrastructure described by your Terraform configuration. To be safe, you would like to first see all the infrastructure that Terraform will delete.
Which command should you use to show all the resources that will be deleted? (Pick the 2 correct responses)
A resource block is shown in the Exhibit space of this page. What is the Terraform resource name of the resource block?
terraform validate uses provider APIs to verify your infrastructure settings.
Which command should you run to check if all code in a Terraform configuration that references multiple modules is properly formatted without making changes?
Which parameters does the import block require? (Pick the 2 correct responses below.)
A resource block is shown in the Exhibit space of this page. How would you reference the name value of the second instance of this resource?
You have created a main.tf Terraform configuration consisting of an application server, a database and a load balanced. You ran terraform apply and Terraform created all of the resources successfully.
Now you realize that you do not actually need the load balancer, so you run terraform destroy without any flags. What will happen?
What is the Terraform style convention for indenting a nesting level compared to the one above it?
You have a simple Terraform configuration containing one virtual machine (VM) in a cloud provider. You run terraform apply and the VM is created successfully.
What will happen if you delete the VM using the cloud provider console, then run terraform apply again without changing any Terraform code?
What is the Terraform style convention for indenting a nesting level compared to the one above it?
If a module declares a variable without a default value, you must pass the value of the variable within the module block when you call the module in your configuration.
Which of the following is not a valid source path for specifying a module?
What functionality do providers offer in Terraform? (Pick the 3 correct responses below.)
Exhibit.
You need to deploy resources into two different regions in the same Terraform configuration. To do this, you declare multiple provider configurations as shown in the Exhibit space on this page.
What meta-argument do you need to configure in a resource block to deploy the resource to the us-west-2 AWS region?
Your team adopts AWS CloudFormation as the standardized method for provisioning public cloud resources. Which scenario presents a challenge for your team?
A developer on your team is going to leaf down an existing deployment managed by Terraform and deploy a new one. However, there is a server resource named aws instant.ubuntu[l] they would like to keep. What command should they use to tell Terraform to stop managing that specific resource?
Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Cloud automatically and proactively enforce this security control?
Exhibit:
Root module configuration:
output "vnet_id" {
value = module.my_network.vnet_id
}
Error:
Error: Reference to undeclared output value
on main.tf line 12, in output "vnet_id":
12: value = module.my_network.vnet_id
You are using a networking module in your Terraform configuration with the name my_network. Your root module includes the configuration shown. When you run terraform validate, you get the error shown. Which option would successfully retrieve this value from your networking module?
Which of these actions are forbidden when the Terraform state file is locked? (Pick the 3 correct responses)
Which of the following are advantages of using infrastructure as code (laC) instead of provisioning with a graphical user interface (GUI)? Choose two correct answers.
What kind of configuration block will manage an infrastructure object with settings specified within the block?
Outside of the required_providers block, Terraform configurations always refer to providers by their local names.
Exhibit:
resource "azurerm_linux_web_app" "app" {
name = "example-app"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
service_plan_id = azurerm_service_plan.plan.id
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.app.id]
}
}
resource "azurerm_role_assignment" "kv_access" {
scope = azurerm_key_vault.kv.id
role_definition_name = "Key Vault Secrets User"
principal_id = azurerm_user_assigned_identity.app.principal_id
}
Two resource blocks are shown: azurerm_linux_web_app and azurerm_role_assignment. When provisioned, the web app will use the role assignment during creation, so the role assignment must be created first. How do you ensure the azurerm_role_assignment resource is created first?
What command can you run to generateDOT (Graphviz)formatted data to visualize Terraform dependencies?
You decide to move a Terraform state file to Amazon S3 from another location. You write the code below into a file called backend.tf.
Which command will migrate your current state file to the new S3 remote backend?
You can configure Terraform to log to a file using the TF_LOG environment variable.
You're writing a Terraform configuration that needs to read input from a local file called id_rsa.pub . Which built-in Terraform function can you use to import the file's contents as a string?
If a DevOps team adopts AWS CloudFormation as their standardized method for provisioning public cloud resoruces, which of the following scenarios poses a challenge for this team?
All standard backend types support state locking, and remote operations like plan, apply, and destroy.
Running terraform fmt without any flags in a directory with Terraform configuration files will check the formatting of those files, but will never change their contents.
You should run terraform fnt to rewrite all Terraform configurations within the current working directory to conform to Terraform-style conventions.
You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for readability.
How can you format Terraform HCL (HashiCorp Configuration Language) code according to standard Terraform style convention?
You need to destroy all of the resources in your Terraform workspace, except for aws_instance.ubuntu[1], which you want to keep. How can you tell Terraform to stop managing that specific resource without destroying it?
You are tasked with making a change to an infrastructure stack running in a public cloud using HCP Terraform/Terraform Cloud. Which pattern follows IaC best practices?
You have a simple Terraform configuration containing one VM (virtual machine) in a cloud provider. You run terraform apply and the VM is created successfully. What will happen if you run terraform apply again immediately afterwards without changing any Terraform code?
Module variable assignments are inherited from the parent module and you do not need to explicitly set them.
Which command(s) adds existing resources in a public cloud into Terraform state?
You are writing a child Terraform module that provisions an AWS instance. You want to reference the IP address returned by the child module in the root configuration. You name the instance resource "main'.
Which of these is the correct way to define the output value?
You can define multiple backend blocks in your Terraform configuration to store your state in multiple locations.
Which method for sharing Terraform configurations fulfills the following criteria:
1. Keeps the configurations confidential within your organization
2. Support Terraform’s semantic version constrains
3. Provides a browsable directory
Which option cannot be used to keep secrets out of Terraform configuration files?
A developer launched a VM outside of the Terraform workflow and ended up with two servers with the same name. They are unsure which VM is managed with Terraform, but they do have a list of all active VM IDs. Which method could you use to determine which instance Terraform manages?
You want to define multiple data disks as nested blocks inside the resource block for a virtual machine. What Terraform feature would help you define the blocks using the values in a variable?
Your security team scanned some Terraform workspaces and found secrets stored in plaintext in state files. How can you protect that data?
A resource block is shown in the Exhibit section of this page. How would you reference the attribute name of this resource in HCL?
A senior admin accidentally deleted some of your cloud instances. What will Terraform do when you run terraform apply?
Which of these workflows is only enabled by the use of Infrastructure as Code?
You can develop a custom provider to manage its resources using Terraform.
It is best practice to store secret data in the same version control repository as your Terraform configuration.
Multiple team members are collaborating on infrastructure using Terraform and want to format the* Terraform code following standard Terraform-style convention.
How should they ensure the code satisfies conventions?
Exhibit:
Error: Saved plan is stale
The given plan file can no longer be applied because the state was changed by another operation after the plan was created.
You have a saved execution plan containing desired changes for infrastructure managed by Terraform. After running terraform apply my.tfplan, you receive the error shown. How can you apply the desired changes? (Pick the 2 correct responses below.)
You add a new resource to an existing Terraform configuration, but do not update the version constraint in the configuration. The existing and new resources use the same provider. The working contains a .terraform.lock, hc1 file.
How will Terraform choose which version of the provider to use?
You have used Terraform lo create an ephemeral development environment in the (loud and are now ready to destroy all the Infrastructure described by your Terraform configuration To be safe, you would like to first see all the infrastructure that Terraform will delete.
Which command should you use to show all of the resources that mil be deleted? Choose two correct answers.
If one of your modules uses a local value, you can expose that value to callers of the module by defining a Terraform output in the module’s configuration.
Which of the following methods, used to provision resources into a public cloud, demonstrates the concept of infrastructure as code?
You can reference a resource created with for_each using a Splat ( *) expression.
What kind of configuration block will create an infrastructure object with settings specified within the block?
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example.
Git::https://example.com/vpc.git)?
Exhibit:
resource "kubernetes_namespace" "example" {
name = "test"
}
A resource block is shown in the exhibit. How would you reference the name attribute of this resource in HCL?
Which two steps are required to provision new infrastructure in the Terraform workflow? Choose two correct answers.
You are creating a reusable Terraform configuration and want to include an optional billing_dept tag so your Finance team can track team-specific spending on resources. Which of the following billing_dept variable declarations will achieve this?
TESTED 28 Feb 2026
