Terraform Associate (003) Mock Exams & Practice Exam Questions | HashiCorp Terraform Associate

Tip: Begin with 20–25 question domain drills for weak areas, then move to mixed sets and full mocks. Aim for consistent ~75–80% on mixed sets before test day.

---

Suggested progression

1. Domain drills (daily): 2× 20–25 questions focused on a single theme (Workflow; State/Backends; Variables/Expressions; Modules/Versioning; Providers/Auth; Change Mgmt; Workspaces/Envs; Policy/CI awareness).
2. Scenario sets (alternate days): 1× 20–25 items emphasizing plan reading, import/replace/refresh-only flows, and workspace vs separate-state decisions.
3. Mixed sets (weekly): 1× 30–40 questions blending 3–4 domains to test transfer.
4. Full mocks (final 1–2 weeks): 2–3 complete exams mirroring tone/coverage. Review every miss and tag weak objectives.

Timeboxing

• Domain set: ~30–35 minutes
• Scenario set: ~35–45 minutes
• Mixed set: ~55–65 minutes
• Full mock: ~90 minutes (leave a buffer to revisit flagged items)

---

Scoring & review

• Mark + return: Flag items you’re unsure about; review after completing the set.
• Two-bullet rule: For each miss, write (1) why your choice was wrong, (2) why the correct choice matches Terraform best practices (state safety, version pinning, plan review, least privilege).
• Spaced repetition: Re-test the same theme within 24–48 hours.

---

Fast remediations (common weak spots)

• State & backends: Be able to configure remote state + locking (S3+DynamoDB / azurerm / gcs). Know state list/show/mv/rm.
• Stable fan-out: Prefer for_each (keyed) over count (index churn).
• Safe change flow: plan -out → review → apply plan.bin. Use -replace=addr for intentional re-create; avoid taint.
• Drift checks: Use plan -refresh-only to reconcile external changes before deciding remediation.
• Workspaces vs separate state: Workspaces = multiple state instances of one config; for real prod isolation, prefer separate backends/states.
• Lifecycle guards: create_before_destroy, prevent_destroy, ignore_changes, replace_triggered_by—know the right picker.
• Import: Add HCL + import block (or legacy terraform import) → plan → apply.

---

What to pair with practice

• Syllabus: Objective-by-domain outline → view
• Cheatsheet: High-yield commands, flags, and workflows → open
• Overview: Format, pacing, and 2–4 week plan → read

---

Tips for exam-style pacing

• First pass fast: ~60–70 seconds per item; flag long HCL snippets.
• Aim your reading: Skim the final ask first; then scan code for the specific flag/block (backend, lifecycle, for_each, import/replace).
• Eliminate aggressively: Toss answers that bypass the DAG intent (overuse of -target), endanger state (no locking), or ignore review (no plan artifact).
• Prefer safety & auditability: Remote state with locking, version pinning, reviewed plans, least-privilege credentials.

---

Ready to drill?

Open the app above and choose:

• Domain Drills: Workflow • State/Backends • Variables/Expressions • Modules/Versioning • Providers/Auth • Change Mgmt • Workspaces/Envs • Policy/CI
• Scenario Sets: Plan reading • Import/Replace/Refresh-only • Lifecycle pickers • Workspaces vs separate state
• Full Mocks: Exam-length simulations with review mode

---

Exam snapshot

• Certification: HashiCorp Terraform Associate (003)
• Audience: Cloud/DevOps/platform engineers, SREs, developers who write/review Terraform
• Experience target: ~3–6 months hands-on with Terraform + a cloud provider
• Format: Multiple-choice (single/multiple); code/CLI snippets and plan interpretation
• Focus: Practical fundamentals over vendor trivia

Study funnel: Read this Overview → work the Syllabus objective-by-objective → keep the Cheatsheet open for commands/workflows → validate with Practice .

---

What the exam measures (at a glance)

1) Core workflow
init → fmt/validate → plan → apply → destroy, plans vs binary plan files, review practices.

2) State & backends
What state is, why it’s sensitive, local vs remote, locking (e.g., S3+DynamoDB), reconfigure with -backend-config, state CLI for surgical moves.

3) Variables, outputs & expressions
Types/validation, sensitive, var precedence, locals, for_each vs count, dynamic blocks, common functions.

4) Modules & versioning
Module structure, pinning module/provider versions, composition, registry usage and documentation.

5) Providers & authentication
Provider config and constraints, multiple providers/aliases, common auth flows (env/CLI profiles/ADC).

6) Change management
-replace for intentional recreate, refresh-only plans for drift, judicious use of -target, lifecycle meta-args (create_before_destroy, ignore_changes, prevent_destroy).

7) Workspaces & environments
When workspaces are enough vs when to use separate states/backends for real isolation.

8) Policy awareness & CI
Plan review, least-privilege credentials, remote runs/state, Sentinel/OPA awareness.

---

Readiness checklist (be honest)

• I can run the full init → plan → apply loop and explain each step.
• I can configure a remote backend with locking and describe why it matters.
• I know variable precedence, can write validation, use locals, and mark sensitive.
• I choose for_each over count when stable addressing is needed.
• I can import existing resources and intentionally recreate using -replace.
• I can detect external drift with plan -refresh-only and decide next steps.
• I know when to prefer workspaces vs separate state/backends.
• I pin versions, commit the lock file, and review binary plans in PRs.

If fewer than ~6 boxes are checked, spend two extra days with the Cheatsheet + targeted drills.

---

Compact 2–4 week study plan

Week 1 — Workflow & State

• CLI loop, plan files, review discipline
• Backends, locking, state moves (state mv/rm/show)

Week 2 — Variables/Modules/Providers

• Var types/validation/precedence, locals, loops/functions
• Module usage & version pinning; multi-provider auth and aliases

Week 3 — Changes, Import & Environments

• -replace, lifecycle meta-args, refresh-only
• Import blocks/legacy import; workspaces vs separate states

Week 4 (optional) — Polish & Mocks

• Sentinel/OPA awareness; CI patterns
• 1–2 full mock exams; remediate recurring miss themes next day

Daily cadence: 30–45 min reading → 20–25 question drill → convert misses into two bullets (why wrong / why right) → re-drill within 24–48h.

---

High-yield workflows to memorize

Safe change flow
Make change → fmt/validate → plan -out=plan.bin → review → apply plan.bin.

Import flow
Add HCL for the resource → import block (or terraform import) → plan → apply.

Intentional recreate
plan -replace=addr → apply -replace=addr (prefer over taint).

Drift detection
plan -refresh-only → decide remediate vs tolerate (possibly ignore_changes).

Stable fan-out
Prefer for_each with meaningful keys; avoid index churn from count.

---

Common decision pickers

• Need zero downtime on replace → lifecycle.create_before_destroy = true.
• External system mutates one field → lifecycle.ignore_changes = [that_field].
• Prod vs non-prod isolation → separate states/backends; workspaces for lighter variants.
• Multi-region/provider setup → provider aliases; explicit provider = on resources/modules.

---

Exam-day tactics

• First pass fast, flag long code items.
• Read the final ask before parsing HCL; focus on the relevant block/flag.
• Prefer answers that are safe and auditable (reviewed plans, pinned versions, remote state with locking).
• Use -target sparingly; favor architectural fixes or staged applies.

---

What to read next

• Syllabus: domain objectives & quick links → Open
• Cheatsheet: commands, flags, and workflows → Open
• Practice: timed drills & mocks → Start