Best TA-002-P Exam Dumps for the Preparation of Latest TA-002-P Exam Questions [Q117-Q140]

Best TA-002-P Exam Dumps for the Preparation of Latest TA-002-P Exam Questions

Download Latest & Valid Questions For HashiCorp TA-002-P exam

As the use of cloud computing continues to grow, the demand for IT professionals with Terraform expertise has also increased. The TA-002-P certification exam covers a range of topics including Terraform basics, configuration, modules, providers, and remote state management. Passing the exam demonstrates a candidate’s proficiency in these areas and their ability to use Terraform to automate infrastructure.

 

NEW QUESTION # 117
What Terraform feature is shown in the example below?

• A. data source
• B. dynamic block
• C. conditional expression
• D. local values

Answer: B

NEW QUESTION # 118
How can terraform plan aid in the development process?

• A. Initializes your working directory containing your Terraform configuration files
• B. Validates your expectations against the execution plan without permanently modifying state
• C. Formats your Terraform configuration files
• D. Reconciles Terraform's state against deployed resources and permanently modifies state using the current status of deployed resources

Answer: B

NEW QUESTION # 119
Terraform will sync all resources in state by default for every plan and apply, hence for larger infrastructures this can slow down terraform plan and terraform apply commands?

• A. True
• B. False

Answer: A

Explanation:
Explanation
For small infrastructures, Terraform can query your providers and sync the latest attributes from all your resources. This is the default behavior of Terraform: for every plan and apply, Terraform will sync all resources in your state.
For larger infrastructures, querying every resource is too slow. Many cloud providers do not provide APIs to query multiple resources at once, and the round trip time for each resource is hundreds of milliseconds. On top of this, cloud providers almost always have API rate limiting so Terraform can only request a certain number of resources in a period of time. Larger users of Terraform make heavy use of the -refresh=false flag as well as the -target flag in order to work around this. In these scenarios, the cached state is treated as the record of truth.
https://www.terraform.io/docs/state/purpose.html

NEW QUESTION # 120
Which of the following is considered a Terraform plugin?

• A. Terraform language
• B. Terraform tooling
• C. Terraform logic
• D. Terraform provider

Answer: D

Explanation:
Terraform is built on a plugin-based architecture. All providers and provisioners that are used in Terraform configurations are plugins, even the core types such as AWS and Heroku. Users of Terraform are able to write new plugins in order to support new functionality in Terraform.
https://www.terraform.io/docs/plugins/basics.html

NEW QUESTION # 121
You want terraform plan and terraform apply to be executed in Terraform Cloud's run environment but the
output is to be streamed locally. Which one of the below you will choose?

• A. Terraform Backends.
• B. Local Backends.
• C. Remote Backends.
• D. This can be done using any of the local or remote backends.

Answer: C

Explanation:
Explanation
When using full remote operations, operations like terraform plan or terraform apply can be executed in
Terraform Cloud's run environment, with log output streaming to the local terminal. Remote plans and applies
use variable values from the associated Terraform Cloud workspace.
Terraform Cloud can also be used with local operations, in which case only state is stored in the Terraform
Cloud backend.
https://www.terraform.io/docs/backends/types/remote.html

NEW QUESTION # 122
I78
correct?

• A. Storing state remotely can provide better security.
• B. The Terraform state can contain sensitive data, therefore the state file should be protected from unauthorized access.
• C. When using local state, the state file is stored in plain-text.
• D. Terraform Cloud always encrypts state at rest.
• E. The state file is always encrypted at rest.
• F. Using the mask feature, you can instruct Terraform to mask sensitive data in the state file.

Answer: A,B,C,D

Explanation:
Terraform state can contain sensitive data, depending on the resources in use and your definition of "sensitive." The state contains resource IDs and all resource attributes. For resources such as databases, this may contain initial passwords.
When using local state, state is stored in plain-text JSON files.
When using remote state, state is only ever held in memory when used by Terraform. It may be encrypted at rest, but this depends on the specific remote state backend.
Storing Terraform state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when remote state is in use, and some backends can be configured to encrypt the state data at rest.
Recommendations
If you manage any sensitive data with Terraform (like database passwords, user passwords, or private keys), treat the state itself as sensitive data.
Storing state remotely can provide better security. As of Terraform 0.9, Terraform does not persist state to the local disk when remote state is in use, and some backends can be configured to encrypt the state data at rest.
For example:
* Terraform Cloud always encrypts state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes. This can be used to control access and track activity. Terraform Enterprise also supports detailed audit logging.
* The S3 backend supports encryption at rest when the encrypt option is enabled. IAM policies and logging can be used to identify any invalid access. Requests for the state go over a TLS connection.

NEW QUESTION # 123
Select all Operating Systems that Terraform is available for. (select five)

• A. macOS
• B. Linux
• C. Unix
• D. Windows
• E. Solaris
• F. FreeBSD

Answer: A,B,D,E,F

Explanation:
Explanation
Terraform is available for macOS, FreeBSD, OpenBSD, Linux, Solaris, Windows
https://www.terraform.io/downloads.html

NEW QUESTION # 124
The current implementation of Terraform import can only import resources into the state. It does not generate
configuration.

• A. True
• B. False

Answer: A

Explanation:
Explanation
The current implementation of Terraform import can only import resources into the state. It does not generate
configuration. A future version of Terraform will also generate configuration.
Because of this, prior to running terraform import it is necessary to write manually a resource configuration
block for the resource, to which the imported object will be mapped.
While this may seem tedious, it still gives Terraform users an avenue for importing existing resources.
https://www.terraform.io/docs/import/index.html#currently-state-only

NEW QUESTION # 125
Which of the following represents a feature of Terraform Cloud that is NOT free to customers?

• A. Private Module Registry
• B. Roles and Team Management
• C. WorkSpace Management
• D. VCS Integration

Answer: B

Explanation:
Explanation
Role Based Access Controls (RBAC) for controlling permissions for who has access to what configurations within an organization and it is not free to customers.
https://www.hashicorp.com/products/terraform/pricing/

NEW QUESTION # 126
Your team lead does not trust the junior terraform engineers who now have access to the git repo . So , he wants you to have some sort of a checking layer , whereby , you can ensure that the juniors will not create any non-compliant resources that might lead to a security audit failure in future. What can you do to efficiently enforce this?

• A. Create a design /security document (in PDF) and share to the team , and ask them to always follow that document , and never deviate from it.
• B. Use Terraform OSS Sentinel Lite version , which will save cost , since there is no charge for OSS , but it can still check for most non-compliant rules using Policy-As-Code.
• C. Since your team is using Hashicorp Terraform Enterprise Edition , enable Sentinel , and write Policy-As-Code rules that will check for non-compliant resource provisioning , and prevent/report them.
• D. Create a git master branch , and implement PR . Every change needs to be reviewed by you , before being merged to the master branch.

Answer: C

Explanation:
Sentinel is an embedded policy-as-code framework integrated with the HashiCorp Enterprise products. It enables fine-grained, logic-based policy decisions, and can be extended to use information from external sources.
https://www.terraform.io/docs/cloud/sentinel/index.html

NEW QUESTION # 127
Terraform import command can import resources into modules as well directly into the root of your state.

• A. True
• B. False

Answer: A

Explanation:
Explanation
Import will find the existing resource from ID and import it into your Terraform state at the given ADDRESS.
ADDRESS must be a valid resource address. Because any resource address is valid, the import command can
import resources into modules as well directly into the root of your state.
Terraform is able to import existing infrastructure. This allows us take resources we've created by some other
means (i.e. via console) and bring it under Terraform management.
This is a great way to slowly transition infrastructure to Terraform.
The terraform import command is used to import existing infrastructure.
To import a resource, first write a resource block for it in our configuration, establishing the name by which it
will be known to Terraform. For example:
resource "aws_instance" "import_example" {
# ...instance configuration...
}
Now terraform import can be run to attach an existing instance to this resource configuration:
$ terraform import aws_instance.import_example i-03efafa258104165f
aws_instance.import_example: Importing from ID "i-03efafa258104165f"...
aws_instance.import_example: Import complete!
Imported aws_instance (ID: i-03efafa258104165f)
aws_instance.import_example: Refreshing state... (ID: i-03efafa258104165f)
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
This command locates the AWS instance with ID i-03efafa258104165f (which has been created outside
Terraform) and attaches its existing settings, as described by the EC2 API, to the name
aws_instance.import_example in the Terraform state.
As a result of the above command, the resource is recorded in the state file. We can now run terraform plan to
see how the configuration compares to the imported resource, and make any adjustments to the configuration
to align with the current (or desired) state of the imported object.
https://www.terraform.io/docs/commands/import.html

NEW QUESTION # 128
You have multiple team members collaborating on infrastructure as code (IaC) using Terraform, and want to apply formatting standards for readability.
How can you format Terraform HCL (HashiCorp Configuration Language) code according to standard Terraform style convention?

• A. Manually apply two spaces indentation and align equal sign "=" characters in every Terraform file (*.tf)
• B. Run the terraform fmt command during the code linting phase of your CI/CD process
• C. Write a shell script to transform Terraform files using tools such as AWK, Python, and sed
• D. Designate one person in each team to review and format everyone's code

Answer: A

Explanation:
Explanation
Indent two spaces for each nesting level.
When multiple arguments with single-line values appear on consecutive lines at the same nesting level, align their equals signs.
Reference: https://www.terraform.io/docs/language/syntax/style.html

NEW QUESTION # 129
Terraform works well in Windows but a Windows server is required.

• A. True
• B. False

Answer: B

NEW QUESTION # 130
Terraform Cloud always encrypts state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes.

• A. True
• B. False

Answer: A

Explanation:
Terraform Cloud always encrypts state at rest and protects it with TLS in transit. Terraform Cloud also knows the identity of the user requesting state and maintains a history of state changes. This can be used to control access and track activity. Terraform Enterprise also supports detailed audit logging.
https://www.terraform.io/docs/state/sensitive-data.html#recommendations

NEW QUESTION # 131
How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?

• A. All of the above
• B. It doesn't show the output of a terraform apply locally
• C. It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
• D. It is only available to paying customers

Answer: C

Explanation:
Explanation
Backends define where Terraform's state snapshots are stored. A given Terraform configuration can either
specify a backend, integrate with Terraform Cloud, or do neither and default to storing state locally.
If you and your team are using Terraform to manage meaningful infrastructure, we recommend using the
remote backend with Terraform Cloud or Terraform Enterprise.
Reference: https://www.terraform.io/docs/language/settings/backends/index.html

NEW QUESTION # 132
Which of these is the best practice to protect sensitive values in state files?

• A. Enhanced remote backends
• B. Blockchain
• C. Secure Sockets Layer (SSL)
• D. Signed Terraform providers

Answer: A

Explanation:
Explanation
Use of remote backends and especially the availability of Terraform Cloud, there are now a variety of backends that will encrypt state at rest and will not store the state in cleartext on machines running. Reference:
https://www.terraform.io/docs/extend/best-practices/sensitive-state.html

NEW QUESTION # 133
Terraform validate reports syntax check errors from which of the following scenarios?

• A. The state files does not match the current infrastructure
• B. There is missing value for a variable
• C. None of the above
• D. Code contains tabs indentation instead of spaces

Answer: B

Explanation:
Explanation
The terraform validate command is used to validate the syntax of the terraform files. Terraform performs a
syntax check on all the terraform files in the directory, and will display an error if any of the files doesn't
validate. This command does not check formatting (e.g. tabs vs spaces, newlines, comments etc.). The
following can be reported: invalid HCL syntax (e.g. missing trailing quote or equal sign) invalid HCL
references (e.g. variable name or attribute which doesn't exist) same provider declared multiple times same
module declared multiple times same resource declared multiple times invalid module name interpolation used
in places where it's unsupported (e.g. variable, depends_on, module.source, provider) missing value for a
variable (none of -var foo=... flag, -var-file=foo.vars flag, TF_VAR_foo environment variable,
terraform.tfvars, or default value in the configuration)
https://www.typeerror.org/docs/terraform/commands/validate
https://learning-ocean.com/tutorials/terraform/terraform-validate

NEW QUESTION # 134
In terraform, most resource dependencies are handled automatically. Which of the following statements describes best how terraform resource dependencies are handled?

• A. Resource dependencies are identified and maintained in a file called resource.dependencies. Each terraform provider is required to maintain a list of all resource dependencies for the provider and it's included with the plugin during initialization when terraform init is executed. The file is located in the terraform.d folder.
• B. The terraform binary contains a built-in reference map of all defined Terraform resource dependencies. Updates to this dependency map are reflected in terraform versions. To ensure you are working with the latest resource dependency map you much be running the latest version of Terraform.
• C. Terraform analyses any expressions within a resource block to find references to other objects, and treats those references as implicit ordering requirements when creating, updating, or destroying resources.
  Explanation
  https://www.terraform.io/docs/configuration/resources.html
• D. Resource dependencies are handled automatically by the depends_on meta_argument, which is set to true by default.

Answer: C

NEW QUESTION # 135
Multiple providers can be declared within a single Terraform configuration file.

• A. True
• B. False

Answer: A

Explanation:
You can optionally define multiple configurations for the same provider, and select which one to use on a per-resource or per-module basis. The primary reason for this is to support multiple regions for a cloud platform; other examples include targeting multiple Docker hosts, multiple Consul hosts, etc.
To include multiple configurations for a given provider, include multiple provider blocks with the same provider name, but set the alias meta-argument to an alias name to use for each additional configuration.
For Example
# The default provider configuration
provider "aws" {
region = "us-east-1"
}
# Additional provider configuration for west coast region
provider "aws" {
alias = "west"
region = "us-west-2"
}
The provider block without alias set is known as the default provider configuration. When alias is set, it creates an additional provider configuration. For providers that have no required configuration arguments, the implied empty configuration is considered to be the default provider configuration.
https://www.terraform.io/docs/configuration/providers.html

NEW QUESTION # 136
You have created a terraform script that uses a lot of new constructs that have been introduced in terraform v0.12. However, many developers who are cloning the script from your git repo, are using v0.11, and getting errors. What can be done from your end to solve this problem?

• A. Add a condition in front of each such specific construct, to check whether the running terraform version id v0.11 or v0.12, and ,work accordingly.
• B. Add comments in your code to tell developers to use v0.12 . If they use v0.11 , that should be their problem , which they need to figure out.
• C. Force developer to use v0.12 by using terraform setting 'required_version' and set it to >=0.12.
• D. Refactor the code to support both v0.11, and v0.12. It might be a difficult process, but there is no other way.

Answer: C

Explanation:
Explanation
https://www.terraform.io/docs/configuration/terraform.html

NEW QUESTION # 137
While using generic git repository as a module source, which of the below options allows terraform to select a
specific version or tag instead of selecting the HEAD.

• A. By default, Terraform will clone and use the default branch (referenced by HEAD) in the selected
  repository and you can not override this.
• B. Append ref argument as
  module "vpc" { source = "git::https://example.com/vpc.git#ref=v1.2.0"}
• C. Append ref argument as
  module "vpc" { source = "git::https://example.com/vpc.git?ref=v1.2.0"}
• D. Append version argument as
  module "vpc" { source = "git::https://example.com/vpc.git?version=v1.2.0"}

Answer: C

Explanation:
Explanation
By default, Terraform will clone and use the default branch (referenced by HEAD) in the selected repository.
You can override this using the ref argument:
module "vpc" {
source = "git::https://example.com/vpc.git?ref=v1.2.0"
}
The value of the ref argument can be any reference that would be accepted by the git checkout command,
including branch and tag names.
https://www.terraform.io/docs/modules/sources.html

NEW QUESTION # 138
You have multiple developers working on a terraform project (using terraform OSS), and have saved the
terraform state in a remote S3 bucket . However ,team is intermittently experiencing inconsistencies in the
provisioned infrastructure / failure in the code . You have traced this problem to simultaneous/concurrent runs
of terraform apply command for 2/more developers . What can you do to fix this problem?

• A. Structure your team in such a way that only one individual will run terraform apply , everyone will just
  make changes and share with him. Then there will be no chance of any inconsistencies.
• B. Enable terraform state locking for the S3 backend using DynamoDB table. This prevents others from
  acquiring the lock and potentially corrupting your state.
• C. Use terraform workspaces feature, this will fix this problem by default , as every developer will have
  their own state file , and terraform will merge them on server side on its own.
• D. Stop using remote state , and store the developer tfstate in their own machine . Once a day , all
  developers should sit together and merge the state files manually , to avoid any inconsistencies.

Answer: B

Explanation:
Explanation
S3 backend support state locking using DynamoDB.
https://www.terraform.io/docs/state/locking.html

NEW QUESTION # 139
True or False? Each Terraform workspace uses its own state file to manage the infrastructure associated with that particular workspace.

• A. True
  Explanation
  The persistent data stored in the backend belongs to a workspace. Initially, the backend has only one workspace, called "default", and thus there is only one Terraform state associated with that configuration.
• B. False

Answer: A

NEW QUESTION # 140
......

Exam Materials for You to Prepare & Pass TA-002-P Exam: https://www.realvalidexam.com/TA-002-P-real-exam-dumps.html

Ensure Success With Updated Verified TA-002-P Exam Dumps: https://drive.google.com/open?id=1Y9C2e96_1TPlSiDuyEpIunfVNfZyhwR_