Back to HashiCorp Terraform Associate TF-003 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise HashiCorp Terraform Associate TF-003 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

7
scenario questions
TF-003
exam code
HashiCorp
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related TF-003 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

A DevOps engineer is troubleshooting a failed 'terraform plan' command. The error message is: 'Error: Error acquiring the state lock' followed by a message that the lock is held by another process. The team uses Terraform Cloud with remote state. Which of the following is the most likely cause and correct resolution?

Question 2mediummultiple choice
Full question →

A company uses Terraform to manage infrastructure in multiple AWS accounts. An engineer runs terraform plan and sees that a security group rule will be updated, but the change is not intended. The engineer wants to understand why Terraform is proposing the change without affecting other resources. Which approach should the engineer take to troubleshoot?

Question 3mediummulti select
Full question →

A team runs terraform plan and sees changes that are unexpected. Which TWO actions should they take to investigate before applying?

Question 4hardmultiple choice
Full question →

Refer to the exhibit. A team is troubleshooting a Terraform deployment. What information can be inferred from this state file?

Exhibit

{
  "version": 4,
  "terraform_version": "1.5.0",
  "resources": [
    {
      "mode": "managed",
      "type": "aws_instance",
      "name": "web",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "attributes": {
            "id": "i-0a1b2c3d4e5f67890",
            "instance_type": "t2.micro"
          },
          "dependencies": [
            "aws_security_group.web_sg"
          ]
        }
      ]
    }
  ]
}
Question 5hardmultiple choice
Full question →

A DevOps engineer is troubleshooting a failed 'terraform apply'. The error message says: 'Error: Error applying IAM policy: The policy failed validation'. The IAM policy is defined using HCL in a JSON-encoded string. What is the most efficient way to debug this issue?

Question 6hardmultiple choice
Full question →

A developer is troubleshooting a Terraform configuration that fails during `terraform plan` with the error: "Error: Invalid reference". The error points to a line that references `var.environment` in a module block. What is the most likely cause?

Question 7hardmultiple choice
Read the full NAT/PAT explanation →

A large enterprise uses Terraform Cloud with remote execution mode to manage infrastructure across multiple AWS accounts. Each environment (dev, staging, prod) has a separate workspace. The security team requires that all changes to production must be approved by a senior engineer before applying. Additionally, developers should be able to plan changes in production to preview the impact, but not apply them. The current setup uses the same Terraform Cloud team membership for all workspaces. When a developer runs a plan in production, the plan succeeds but they are unable to apply. However, the security team notices that the developer can accidentally apply if they quickly approve their own plan via the UI because the workspace is configured with 'Auto Apply' enabled. The security team wants to enforce the approval process without removing the developer's ability to plan. Which combination of changes should be made? (Select only one option.)

These TF-003 practice questions are part of Courseiva's free HashiCorp certification practice question bank. Courseiva provides original exam-style TF-003 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.