HashiCorp Certified: Terraform Associate (004) (HCTA0-004)
Last Update Apr 15, 2026
Total Questions : 318
We are offering FREE Terraform-Associate-004 HashiCorp exam questions. All you do is to just go and sign up. Give your details, prepare Terraform-Associate-004 free exam questions and then go for complete pool of HashiCorp Certified: Terraform Associate (004) (HCTA0-004) test questions that will help you more.
By default, if you do not define a backend for your configuration, where does Terraform store information about the resources that it manages?
You have declared a variable called var.list which is a list of objects that all have an attribute id . Which options will produce a list of the IDs? Choose two correct answers.
Where in your Terraform configuration do you specify remote state storage settings?
You can configure Terraform to log to a file using the TF_LOG environment variable.
You have created a main.tf Terraform configuration consisting of an application server, a database and a load balanced. You ran terraform apply and Terraform created all of the resources successfully.
Now you realize that you do not actually need the load balancer, so you run terraform destroy without any flags. What will happen?
How can you trigger a run in a Terraform Cloud workspace that is connected to a Version Control System (VCS) repository?
Exhibit:
Error: Saved plan is stale
The given plan file can no longer be applied because the state was changed by another operation after the plan was created.
You have a saved execution plan containing desired changes for infrastructure managed by Terraform. After running terraform apply my.tfplan, you receive the error shown. How can you apply the desired changes? (Pick the 2 correct responses below.)
Which of the following is true about terraform apply?(Pick 2 correct responses)
Which of the following can you do with terraform plan?
Pick the two correct responses below.
Which argument can you use toprevent unexpected updatesto a module ' s configuration when calling Terraform Registry modules?
Which parameters does the import block require? (Pick the 2 correct responses below.)
What are some benefits of using Sentinel with Terraform Cloud/Terraform Cloud? Choose three correct answers.
Which of the following methods, used to provision resources into a public cloud, demonstrates the concept of infrastructure as code?
Which is a benefit of using infrastructure as code (IaC) tools compared to native platform APIs?
You corrected a typo in a resource name, changing it from aws_s3_bucket.photoes to aws_s3_bucket.photos. You want to update the Terraform state so that the existing resource is recognized under the new name, without destroying and recreating it. Which configuration should you use?
What command can you run to generateDOT (Graphviz)formatted data to visualize Terraform dependencies?
You add a new provider to your configuration and immediately run terraform apply in the CD using the local backend. Why does the apply fail?
You want to create a string that combines a generated random_id and a variable and reuse that string several times in your configuration. What is the simplest correct way to implement this without repeating the random_id and variable?
Which two steps are required to provision new infrastructure in the Terraform workflow? Choose two correct answers.
Which of these are benefits of using Sentinel with HCP Terraform/Terraform Cloud? (Pick the 3 correct responses)
When should you write Terraform configuration files for existing infrastructure that you want to start managing with Terraform?
You ' re building a CI/CD (continuous integration/continuous delivery) pipeline and need to inject sensitive variables into your Terraform run. How can you do this safely?
In Terraform HCL, an object type of object({name=string, age-number}) would match this value.
If you manually destroy infrastructure, what is the best practice reflecting this change in Terraform?
Which option cannot be used to keep secrets out of Terraform configuration files?
If one of your modules uses a local value, you can expose that value to callers of the module by defining a Terraform output in the module’s configuration.
How would you reference the volume IDs associated with the ebs_block_device blocks in this configuration?
Which of the following is availableonlyinHCP Terraform workspacesandnot in Terraform CLI?
Exhibit:
resource " azurerm_linux_web_app " " app " {
name = " example-app "
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
service_plan_id = azurerm_service_plan.plan.id
identity {
type = " UserAssigned "
identity_ids = [azurerm_user_assigned_identity.app.id]
}
}
resource " azurerm_role_assignment " " kv_access " {
scope = azurerm_key_vault.kv.id
role_definition_name = " Key Vault Secrets User "
principal_id = azurerm_user_assigned_identity.app.principal_id
}
Two resource blocks are shown: azurerm_linux_web_app and azurerm_role_assignment. When provisioned, the web app will use the role assignment during creation, so the role assignment must be created first. How do you ensure the azurerm_role_assignment resource is created first?
Which argument can you set on a module block to prevent Terraform from updating the module’s configuration during an init or get operation?
While attempting to deploy resources into your cloud provider using Terraform, you begin to see some odd behavior and experience slow responses. In order to troubleshoot you decide to turn on Terraform debugging. Which environment variables must be configured to make Terraform ' s logging more verbose?
You are working on some new application features and you want to spin up a copy of your production deployment to perform some quick tests. In order to avoid having to configure a new state backend, what open source Terraform feature would allow you create multiple states but still be associated with your current code?
Terraform configuration (including any module references) can contain only one Terraform provider type.
It is best practice to store secret data in the same version control repository as your Terraform configuration.
A developer launched a VM outside of the Terraform workflow and ended up with two servers with the same name. They are unsure which VM is managed with Terraform, but they do have a list of all active VM IDs. Which method could you use to determine which instance Terraform manages?
You have a list of numbers that represents the number of free CPU cores on each virtual cluster:
numcpus = [ 18, 3, 7, 11, 2 ]
What Terraform function could you use to select the largest number from the list?
You are writing a child Terraform module that provisions an AWS instance. You want to reference the IP address returned by the child module in the root configuration. You name the instance resource " main ' .
Which of these is the correct way to define the output value?
You want to define multiple data disks as nested blocks inside the resource block for a virtual machine. What Terraform feature would help you define the blocks using the values in a variable?
What feature stops multiple users from operating on the Terraform state at the same time?
You’ve updated your Terraform configuration, and you need to preview the proposed changes to your infrastructure. Which command should you run?
Which of the following does terraform apply change after you approve the execution plan? (Choose two.)
Which is the best way to specify a tag of v1.0.0 when referencing a module stored in Git (for example.
Git::https://example.com/vpc.git)?
When you initialize Terraform, where does it cache modules from the public Terraform Registry?
Terraform requires using a different provider for each cloud provider where you want to deploy resources.
Your team is using version 3.1.4 of a module from the public Terraform Registry, and they are worried about possible breaking changes in future versions of the module. Which version argument should you add to the module block to prevent newer versions from being used?
Which are forbidden actions when the terraform state file is locked? Choose three correct answers.
Outside of the required_providers block, Terraform configurations always refer to providers by their local names.
The_________determines how Terraform creates, updates, or delete resources.
Exhibit:
resource " kubernetes_namespace " " example " {
name = " test "
}
A resource block is shown in the exhibit. How would you reference the name attribute of this resource in HCL?
terraform apply will fail if you have not run terraform plan first to update the plan output.
Multiple team members are collaborating on infrastructure using Terraform and want to format the* Terraform code following standard Terraform-style convention.
How should they ensure the code satisfies conventions?
Which of the following module source paths does not specify a remote module?
You want to use API tokens and other secrets within your team ' s Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick 3)
Exhibit:
Root module configuration:
output " vnet_id " {
value = module.my_network.vnet_id
}
Error:
Error: Reference to undeclared output value
on main.tf line 12, in output " vnet_id " :
12: value = module.my_network.vnet_id
You are using a networking module in your Terraform configuration with the name my_network. Your root module includes the configuration shown. When you run terraform validate, you get the error shown. Which option would successfully retrieve this value from your networking module?
How does the use of Infrastructure as Code (IaC) enhance the reliability of your infrastructure?
Pick the two correct responses below.
You modified your Terraform configuration to fix a typo in the resource ID by renaming it from photoes to photos. What configuration will you add to update the resource ID in state without destroying the existing resource?
Original configuration:
resource " aws_s3_bucket " " photoes " {
bucket_prefix = " images "
}
Updated configuration:
resource " aws_s3_bucket " " photos " {
bucket_prefix = " images "
}
If a module declares a variable without a default value, you must pass the value of the variable within the module block when you call the module in your configuration.
When you use a backend that requires authentication, it is best practice to:
You want to use API tokens and other secrets within your team ' s Terraform workspaces. Where does HashiCorp recommend you store these sensitive values? (Pick the 3 correct responses)
You ' re writing a Terraform configuration that needs to read input from a local file called id_rsa.pub. Which built-in Terraform function can you use to import the file ' s contents as a string?
Setting the TF_LOG environment variable to DEBUG causes debug messages to be logged into stdout.
Which of the following commands would you use to access all of the attributes and details of a resource managed by Terraform?
How does the Terraform cloud integration differ from other state backends such as S3, Consul,etc?
You created infrastructure outside the Terraform workflow that you now want to manage using Terraform. Which command brings the infrastructure into Terraform state?
Which provider authentication method prevents credentials from being stored in the state file?
As a member of an operations team that uses infrastructure as code (lac) practices, you are tasked with making a change to an infrastructure stack running in a public cloud. Which pattern would follow laC best practices for making a change?
A resource block is shown in the Exhibit space of this page. How would you reference the name value of the second instance of this resource?
If a DevOps team adopts AWS CloudFormation as their standardized method for provisioning public cloud resoruces, which of the following scenarios poses a challenge for this team?
Your team adopts AWS CloudFormation as the standardized method for provisioning public cloud resources. Which scenario presents a challenge for your team?
Which command should you run to check if all code in a Terraform configuration that references multiple modules is properly formatted without making changes?
The HCP Terraform private registry keeps the module configurations confidential within your organization.
TESTED 15 Apr 2026
