Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Use Terraform outside the core workflow practice sets

TF-003 Use Terraform outside the core workflow • Complete Question Bank

TF-003 Use Terraform outside the core workflow — All Questions With Answers

Complete TF-003 Use Terraform outside the core workflow question bank — all 0 questions with answers and detailed explanations.

91
Questions
Free
No signup
Certifications/TF-003/Practice Test/Use Terraform outside the core workflow/All Questions
Question 1easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A developer runs `terraform plan` and it fails with a provider plugin error. Which command should they run first to resolve the issue?

Question 2mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team uses Terraform Cloud for remote state management. They want to ensure that state file changes are only made through the Terraform Cloud API and not through direct access to the storage backend. Which feature should they enable?

Question 3hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform with multiple cloud providers and wants to integrate with their existing CI/CD pipeline. They need to enforce that all infrastructure changes go through code review and automated testing before being applied to production. Which approach best meets these requirements?

Question 4easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

An operator runs `terraform apply` and receives an error that the state file is locked. What is the most likely cause?

Question 5mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization wants to use Terraform to manage infrastructure in multiple environments (dev, staging, prod) with the same configuration but different variable values. Which approach should they use?

Question 6hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team uses Terraform Cloud with a VCS-backed workflow. They notice that a recent commit triggered a run that failed because of an invalid configuration. The team fixed the configuration and wants to re-run the plan without committing again. Which action should they take?

Question 7easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A user wants to see the current state of resources in a human-readable format without making changes. Which command should they use?

Question 8mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company wants to use Terraform to manage resources across AWS and Azure. They need a single workflow that can apply changes to both providers. What is the best practice?

Question 9hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

During a `terraform apply`, the operation fails mid-way due to a network outage, leaving some resources created. The operator wants to resume applying from where it left off without destroying the already-created resources. What should they do?

Question 10mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid use cases for using Terraform Cloud's Sentinel policies? (Choose two.)

Question 11easymulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE of the following are valid methods to manage Terraform state in a team environment? (Choose three.)

Question 12hardmulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are true about Terraform Cloud's run lifecycle? (Choose two.)

Question 13mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

Based on the exhibit, what will happen to the existing Elastic IP (aws_eip.web_eip) when this plan is applied?

Exhibit

Refer to the exhibit.

```
$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # aws_instance.web will be created
  + resource "aws_instance" "web" {
      + ami           = "ami-0c55b159cbfafe1f0"
      + instance_type = "t2.micro"
      + tags          = {
          + "Name" = "WebServer"
        }
    }

  # aws_security_group.web_sg will be updated in-place
  ~ resource "aws_security_group" "web_sg" {
        id     = "sg-12345678"
      ~ name   = "web_sg_old" -> "web_sg_new"
      ~ tags   = {
          "Name" = "Web SG"
        }
    }

  # aws_eip.web_eip will be destroyed
  - resource "aws_eip" "web_eip" {
      id     = "eipalloc-12345678"
      domain = "vpc"
    }

Plan: 1 to add, 1 to change, 1 to destroy.
```
Question 14hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A user receives the error shown in the exhibit when running `terraform init`. The user is behind a corporate proxy. Which environment variable should be set to resolve this issue?

Exhibit

Refer to the exhibit.

```
Error: Failed to query available provider packages

Could not retrieve the list of available versions for provider hashicorp/aws:
  could not connect to the registry: the request failed after 2 attempts, please check your internet connection
```
Question 15hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

You are a platform engineer at a large enterprise that uses Terraform Cloud with a VCS-backed workflow for all infrastructure. Your team manages a configuration that provisions AWS EC2 instances for a critical application. Recently, a junior team member accidentally committed a change that removed a required tag from the EC2 instance resource. The change passed the plan stage but was blocked by a Sentinel policy during the apply, preventing the infrastructure from being updated. The team needs to fix the configuration and apply the change. However, the repository is configured to automatically trigger runs on every push to the main branch. The team wants to avoid triggering an unwanted run while they work on the fix. What should the team do?

Question 16mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

You are managing a Terraform configuration that deploys resources across multiple AWS accounts using provider aliases. The configuration uses a single backend (S3) to store the state file. Recently, you discovered that the state file has become very large (over 100 MB) and is causing slow operations and timeouts. The team wants to improve performance without losing the ability to manage all resources with a single `terraform apply`. You need to propose a solution. Which approach should you take?

Question 17easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A DevOps team is using Terraform Cloud to manage infrastructure. They want to integrate Terraform into their CI/CD pipeline by triggering runs programmatically. Which approach should they use to invoke a Terraform run from an external system?

Question 18mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization uses Terraform Cloud for team collaboration. They have a workspace that manages production infrastructure. Due to a security policy, they must ensure that all changes go through a peer review process before they are applied. How can they enforce this requirement?

Question 19hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform to manage multi-cloud infrastructure. They have separate Terraform configurations for AWS and Azure, each with its own state file. They want to share a common set of networking variables (e.g., allowed IP ranges) between these configurations without duplicating data. Which approach best achieves this?

Question 20mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid ways to import existing infrastructure into Terraform management? (Choose TWO.)

Question 21hardmultiple choice
Review the full subnetting walkthrough →

You are a platform engineer at a large e-commerce company that uses Terraform Enterprise to manage thousands of infrastructure resources across multiple teams. The company has a central 'networking' workspace that provisions shared VPCs and subnets, and several application workspaces that consume these networking resources via remote state data sources. Recently, the networking team changed the CIDR block of a shared subnet from '10.0.1.0/24' to '10.0.2.0/24' and applied the change successfully. However, the application teams are now reporting that their Terraform runs are failing with errors indicating that the subnet ID they reference does not exist. The application workspaces use the following configuration to consume the subnet:

```hcl data "terraform_remote_state" "networking" { backend = "remote" config = { organization = "mycompany" workspaces = { name = "networking"

}
  }
}

resource "aws_instance" "app" { subnet_id = data.terraform_remote_state.networking.outputs.subnet_id ...

}

```

The application workspaces have not been modified recently. The networking workspace output 'subnet_id' now contains the ID of the updated subnet. What is the most likely cause of the failures?

Question 22hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization uses Terraform Cloud to manage infrastructure across multiple teams. They need to enforce that all workspaces use a specific version of Terraform and that no workspace can be deleted accidentally. Which approach meets these requirements without using Sentinel or Terraform Enterprise?

Question 23easymulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid ways to use Terraform outside the core workflow? (Choose two.)

Question 24mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

The user runs `terraform init` successfully, but then `terraform plan` still fails with a different error: "Error: No configuration files found in this directory." The directory contains backend.tf and main.tf. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
# backend.tf
terraform {
  backend "remote" {
    organization = "myorg"
    workspaces {
      name = "example-workspace"
    }
  }
}

# main.tf
resource "null_resource" "example" {
  triggers = {
    always = timestamp()
  }
  provisioner "local-exec" {
    command = "echo '${self.id}'"
  }
}
```

When running `terraform plan` locally, the user receives the error: "Error: Backend initialization required: please run 'terraform init'".
Question 25mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which three of the following are valid ways to use Terraform outside the core provisioning workflow? (Choose three.)

Question 26mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which four of the following are valid ways to integrate Terraform into an automated pipeline or use it outside the core manual workflow? (Choose all that apply.)

Question 27mediumdrag order
Read the full Use Terraform outside the core workflow explanation →

Drag and drop the steps to use Terraform workspaces for environment separation in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 28mediummatching
Read the full Use Terraform outside the core workflow explanation →

Match each Terraform meta-argument to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Create multiple instances from one resource block

Create multiple instances from a map or set of strings

Explicitly specify hidden resource dependencies

Control resource creation/destruction behavior

Select a non-default provider configuration

Question 29hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A CI/CD pipeline runs 'terraform plan' and needs to automatically approve only if no resources will be destroyed. Which approach should be used?

Question 30easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team wants to import an existing AWS S3 bucket named 'my-bucket' into Terraform state. The resource block is defined as 'aws_s3_bucket.my_bucket'. Which command should be used?

Question 31hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization uses Terraform with remote state stored in S3 and DynamoDB for state locking. During a plan, they receive the error: 'Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed'. What is the most likely cause?

Question 32easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A developer wants to use a module from the Terraform Registry in their configuration. Which block is required in the root module?

Question 33hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform Cloud and wants to enforce policies that all EC2 instances must be of type t2.micro or t2.small. Which feature should they use?

Question 34hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team uses Terraform with multiple workspaces and wants to automatically trigger a plan when a pull request is opened in their Git repository. They use Terraform Cloud. Which feature enables this?

Question 35mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company has a Terraform configuration that creates many AWS resources. They want to check the estimated cost of the plan before applying. Which approach should they use?

Question 36mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid ways to use Terraform outside the core workflow (i.e., in automation or CI/CD pipelines)?

Question 37mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE of the following are best practices for Terraform state management?

Question 38mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO are valid methods to import existing infrastructure into Terraform?

Question 39easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. A Terraform plan fails with the error shown. What is the most likely cause?

Exhibit

Error: Error acquiring the state lock

  on <empty> line 0:
  (source code not available)

ConditionalCheckFailedException: The conditional request failed
Question 40easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. A team deploys this configuration. They run 'terraform apply' once and the instance is created. Later, they modify the instance type and run 'terraform apply' again. They notice the provisioner does not run on the second apply. Why?

Exhibit

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  provisioner "local-exec" {
    command = "echo ${aws_instance.web.private_ip} > /tmp/ip.txt"
  }
}
Question 41mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. A Terraform Cloud plan includes an EC2 instance of type 't2.medium'. The team uses Sentinel policies. Which action should they take to proceed?

Exhibit

Sentinel policy "restrict-instance-types" evaluation resulted in "failure".
Description: Instance types must be t2.micro or t2.small.
Question 42easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team needs to share a Terraform module across multiple projects within their organization. What is the best practice?

Question 43hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform with a remote backend (AWS S3). They want to ensure that the state file is encrypted at rest. Which configuration approach guarantees this?

Question 44easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company wants to integrate Terraform with their CI/CD pipeline to automatically deploy infrastructure. Which Terraform feature should they use to ensure state files are stored securely and accessible by the pipeline?

Question 45mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team is using Terraform Cloud and wants to enforce that all AWS resources created by Terraform have a specific tag. Which feature should they use?

Question 46hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A Terraform practitioner wants to ensure that the access keys used by a provider are not visible in plan output. Which Terraform attribute should be used when defining the provider?

Question 47easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

Which Terraform command is used to validate the syntax of configuration files without accessing any cloud provider?

Question 48mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team uses an S3 backend with DynamoDB for state locking. They notice that sometimes terraform plan fails because the state is locked. What is the best practice to handle this in an automated pipeline?

Question 49mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization wants to use Terraform to manage resources across multiple accounts and regions, with different team members responsible for different environments. Which Terraform feature helps separate state and configuration for each environment?

Question 50easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A developer wants to see the list of resources currently managed by Terraform in the state file. Which command should they use?

Question 51hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform Cloud and wants to ensure that only approved modules from the private registry are used in configurations. How can they enforce this?

Question 52hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A Terraform configuration uses a module from the public registry. After a provider update, the module's resources fail to create. What is the most probable cause?

Question 53mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are best practices when using Terraform in a CI/CD pipeline? (Choose two.)

Question 54hardmulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE of the following are capabilities of Terraform Cloud's Sentinel policy framework? (Choose three.)

Question 55easymulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid methods for importing existing infrastructure into Terraform management? (Choose two.)

Question 56mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. The user runs 'terraform plan' and sees that Terraform wants to create the instance. However, the instance already exists in the AWS account with the same configuration. What is the most likely reason?

Exhibit

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}
Question 57hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. A user encounters this error while running 'terraform plan'. What is the best course of action?

Exhibit

Error: Error acquiring the state lock
...
Lock Info:
  ID:        abc123
  Path:      terraform.tfstate
  Operation: OperationTypeInvalid
  Who:       user@host
  Version:   0.12.0
  Created:   2019-10-17 12:00:00
  Info:
Question 58easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. Which command was most likely executed?

Exhibit

Initializing modules...
Downloading registry.terraform.io/hashicorp/consul/aws 0.1.0...
- consul in modules/consul
Question 59easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A DevOps team is integrating Terraform into a CI/CD pipeline using Jenkins. They want to ensure that the pipeline fails if the Terraform plan contains destructive changes. Which approach best achieves this?

Question 60mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization uses Terraform Cloud and wants to automate run triggers when a new version of a module is published in a private module registry. What is the recommended method?

Question 61hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team using a remote S3 backend with DynamoDB locking is experiencing frequent 'Error acquiring the state lock' messages in their CI/CD pipeline. The pipeline runs multiple concurrent jobs for different workspaces. What is the most likely cause and solution?

Question 62easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A developer wants to use Terraform in a CI pipeline where the pipeline runs on pull requests. They need to preview infrastructure changes without applying them. Which command should be used?

Question 63mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform Cloud and wants to enforce policy checks before any apply. They have a set of Sentinel policies. Where should they configure these policies to run automatically on all runs?

Question 64hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

During a CI/CD pipeline run, terraform apply fails halfway through due to a network error. The state file is locked. The team wants to resume from the last successful apply. What should they do?

Question 65easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team is migrating from using local state to a remote backend for collaboration. They want to ensure that team members cannot overwrite each other's changes. Which feature should they enable?

Question 66mediummultiple choice
Read the full Ansible explanation →

An organization uses Terraform to provision infrastructure and then Ansible to configure it. They want to pass dynamic IP addresses from Terraform to Ansible. What is a recommended approach?

Question 67hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team has a monolithic Terraform configuration managing multiple AWS accounts. They want to decompose it into smaller configurations that can be managed independently. What is the recommended strategy?

Question 68mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are benefits of using Terraform Cloud Run Tasks?

Question 69hardmulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE of the following are necessary steps to configure OIDC (OpenID Connect) for authenticating Terraform in a CI/CD pipeline?

Question 70easymulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO of the following are valid ways to pass variables to Terraform in an automated pipeline?

Question 71mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform with remote state stored in an S3 bucket. An operator accidentally runs 'terraform destroy' on a production workspace and wants to recover the state before the operation. What is the best course of action?

Question 72hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A DevOps engineer is troubleshooting a failed 'terraform plan' command. The error message is: 'Error: Error acquiring the state lock' followed by a message that the lock is held by another process. The team uses Terraform Cloud with remote state. Which of the following is the most likely cause and correct resolution?

Question 73easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

Which Terraform command is used to bring existing infrastructure that was created outside of Terraform under Terraform management?

Question 74mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A team uses Terraform workspaces to manage multiple environments (dev, staging, prod). They are currently in the 'dev' workspace and want to run a plan for the 'staging' workspace without switching workspaces. Which command sequence should they use?

Question 75hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

An organization uses Terraform Cloud with a VCS-backed workspace connected to a GitHub repository. They want to trigger a speculative plan without creating a run (i.e., without costing compute resources or being displayed in the workspace). Which approach is appropriate?

Question 76easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

What is the purpose of the 'terraform validate' command?

Question 77mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A developer accidentally deleted a resource from the Terraform state file using 'terraform state rm'. The resource still exists in the cloud provider. How can the developer re-import the resource without affecting other resources?

Question 78mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform with a backend configured to store state in Azure Blob Storage. They want to view the current state of resources without performing a plan or apply. Which command should be used?

Question 79mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO Terraform backends support remote state locking?

Question 80mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE are valid methods to create and manage Terraform workspaces?

Question 81hardmulti select
Read the full Use Terraform outside the core workflow explanation →

Which THREE are valid use cases for the 'terraform state replace-provider' command?

Question 82hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise uses Terraform Cloud with remote execution mode to manage infrastructure across multiple AWS accounts. Each environment (dev, staging, prod) has a separate workspace. The security team requires that all changes to production must be approved by a senior engineer before applying. Additionally, developers should be able to plan changes in production to preview the impact, but not apply them. The current setup uses the same Terraform Cloud team membership for all workspaces. When a developer runs a plan in production, the plan succeeds but they are unable to apply. However, the security team notices that the developer can accidentally apply if they quickly approve their own plan via the UI because the workspace is configured with 'Auto Apply' enabled. The security team wants to enforce the approval process without removing the developer's ability to plan. Which combination of changes should be made? (Select only one option.)

Question 83mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A DevOps engineer is responsible for maintaining Terraform configurations that manage resources in AWS. The team uses an S3 backend with DynamoDB state locking. The engineer notices that a recent 'terraform plan' command failed with the following error: 'Error: Failed to get existing workspaces: AccessDenied: Access Denied'. Other team members are able to run plans successfully from their machines. The engineer has verified that they have the correct AWS credentials configured via environment variables and that they can list the contents of the S3 bucket using the AWS CLI. The DynamoDB table exists and the engineer can describe it. What is the most likely cause of this error?

Question 84mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform with multiple workspaces (dev, staging, prod) and a remote backend in an S3 bucket with a DynamoDB lock table. The backend configuration is defined in the main.tf with partial configuration. Developers are required to provide the backend configuration via command-line flags during 'terraform init'. One developer accidentally ran 'terraform init' without the required flags on a Monday morning. The init succeeded and created a local state file in the project directory. Over the next few days, other team members made changes to the workspace and pushed updates to the remote state. The developer who ran local init then runs 'terraform plan' and sees a plan that would recreate all resources. They realize their mistake. How can this situation be prevented in the future?

Question 85easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A small startup uses Terraform to manage infrastructure on AWS. They store the state file directly in a Git repository (gitignored but accidentally committed) and have no remote backend. The team has two engineers: Alice and Bob. They both run Terraform from their local machines. Recently, they experienced state conflicts where Alice's apply would succeed but subsequently Bob's apply would fail due to state drift. They want a simple solution without adding too much complexity. What should they do?

Question 86mediummulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO are benefits of using Terraform Cloud's remote operations with a CLI-driven run workflow?

Question 87hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A DevOps team manages infrastructure for a large e-commerce platform using Terraform with a remote backend in an S3 bucket with DynamoDB state locking. Recently, a team member ran `terraform apply` from their local machine but the command failed with the error: 'Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed'. The state file is not locked according to the DynamoDB table. After investigation, the team finds that the DynamoDB table has a TTL attribute enabled on the 'LockID' field, and old lock records are automatically deleted after a few minutes. The team suspects that another engineer's `terraform plan` process from a CI/CD pipeline might have created a lock that was subsequently deleted by TTL before it was released, causing the conflict. Which action should the team take to prevent this issue from recurring?

Question 88easymultiple choice
Read the full Use Terraform outside the core workflow explanation →

A small startup is using Terraform to deploy AWS resources. They have two separate environments: development and production. Currently, they manage two sets of Terraform configuration files in different directories, each with its own state file stored locally. The CEO wants to reduce duplication and simplify management. The team decides to restructure into a single configuration with workspaces. After implementing workspaces, they run `terraform workspace new dev` and `terraform workspace new prod`, then `terraform apply` in the dev workspace. However, when they switch to prod and run `terraform apply`, the plan shows that Terraform wants to recreate all resources instead of managing the existing production resources. What is the most likely reason for this behavior?

Question 89easymulti select
Read the full Use Terraform outside the core workflow explanation →

Which TWO statements about using Terraform with remote backends are correct?

Question 90mediummultiple choice
Read the full Use Terraform outside the core workflow explanation →

Refer to the exhibit. An operator runs terraform plan and gets the following output. They have not modified the Terraform configuration since the last successful apply. What is the most likely cause of the planned changes?

Exhibit

Terraform will perform the following actions:

  # aws_instance.web will be updated in-place
  ~ resource "aws_instance" "web" {
      ~ ami            = "ami-abc123" -> "ami-def456"
        id             = "i-1234567890abcdef0"
      ~ instance_type  = "t2.micro" -> "t2.small"
        tags           = {
            "Name" = "web-server"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.
Question 91hardmultiple choice
Read the full Use Terraform outside the core workflow explanation →

A company uses Terraform Cloud with a remote state backend and runs infrastructure as code through a CI/CD pipeline (GitHub Actions). The pipeline executes 'terraform plan' and 'terraform apply' using a service account with appropriate permissions. Recently, the team introduced a Sentinel policy to enforce that all AWS resources have mandatory tags (Environment, Owner, Project). The policy passes when runs are triggered manually from the Terraform Cloud UI, but fails consistently when the CI/CD pipeline runs the plan. The infrastructure configuration files are identical in both cases. The team verifies that the service account used by CI/CD has the same workspace permissions as the UI user. What is the most likely cause of the failure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

TF-003 Practice Test 1 — 10 Questions→TF-003 Practice Test 2 — 10 Questions→TF-003 Practice Test 3 — 10 Questions→TF-003 Practice Test 4 — 10 Questions→TF-003 Practice Test 5 — 10 Questions→TF-003 Practice Exam 1 — 20 Questions→TF-003 Practice Exam 2 — 20 Questions→TF-003 Practice Exam 3 — 20 Questions→TF-003 Practice Exam 4 — 20 Questions→Free TF-003 Practice Test 1 — 30 Questions→Free TF-003 Practice Test 2 — 30 Questions→Free TF-003 Practice Test 3 — 30 Questions→TF-003 Practice Questions 1 — 50 Questions→TF-003 Practice Questions 2 — 50 Questions→TF-003 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Understand IaC conceptsUnderstand Terraform basicsUnderstand Terraform's purposeUse Terraform outside the core workflowInteract with Terraform modulesUse the core Terraform workflowImplement and maintain stateRead, generate and modify configuration

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Use Terraform outside the core workflow setsAll Use Terraform outside the core workflow questionsTF-003 Practice Hub