HashiCorp · Terraform-Associate
Validates knowledge of infrastructure as code concepts and the ability to use HashiCorp Terraform in production, covering resource lifecycle management, HCL configuration, providers and modules, state management, and collaborative workflows with HCP Terraform.
Questions
628
Duration
60 minutes
Passing Score
70%
Difficulty
AssociateLast Updated
Feb 2026
Use this Terraform-Associate practice exam to prepare for HashiCorp Certified: Terraform Associate with realistic questions, detailed explanations, and focused study modes. The practice bank includes 628 questions for HashiCorp Terraform-Associate, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to patterns in your missed answers. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The HashiCorp Certified: Terraform Associate (004) validates foundational knowledge of infrastructure as code (IaC) using HashiCorp Terraform Community Edition and HCP Terraform. The certification demonstrates that a candidate understands core Terraform concepts including the resource lifecycle, HCL configuration syntax, provider and module usage, state management, and collaborative workflows. Version 004 of the exam covers Terraform 1.12 and introduces updated objectives around lifecycle rules such as `depends_on` and `create_before_destroy`, custom configuration validation conditions, ephemeral values and write-only arguments for sensitive data handling, and HCP Terraform workspace and project organization.
This certification is widely recognized across the cloud and DevOps industry as a benchmark for Terraform proficiency. It is delivered online via Certiverse, proctored remotely, and is valid for two years from the date of passing. Recertification is available by passing the same exam or a higher-level Terraform exam within six months of expiration. The credential includes a digital badge issued through Credly, suitable for sharing on LinkedIn, resumes, and professional profiles.
The Terraform Associate is designed for cloud engineers, DevOps engineers, and infrastructure practitioners who work with or are transitioning into infrastructure automation roles. Candidates are expected to have foundational Terraform skills—either through professional production experience or hands-on work in a personal or demo environment. The exam is appropriate for those in roles such as Cloud Infrastructure Engineer, DevOps Engineer, Site Reliability Engineer, or Platform Engineer who use Terraform to provision and manage cloud or on-premises resources.
Candidates should have basic terminal proficiency and a working understanding of on-premises and cloud architecture. The exam is not intended for complete beginners to cloud infrastructure but is well-suited for those who have completed introductory Terraform tutorials and want to formalize their knowledge with a vendor-recognized credential.
HashiCorp does not mandate formal prerequisites for the Terraform Associate exam, but recommends that candidates possess basic terminal skills and a general understanding of on-premises and cloud architecture prior to sitting the exam. Familiarity with at least one major cloud provider (AWS, Azure, or GCP) and its core services is beneficial, though provider-specific knowledge is explicitly not tested on the exam itself.
Professional experience using Terraform in production is recommended but not required—HashiCorp acknowledges that performing the exam objectives in a personal or demo environment may be sufficient preparation. Candidates should be comfortable reading and writing HCL configuration files, running Terraform CLI commands, and understanding concepts such as state, providers, modules, and the plan/apply workflow before attempting the exam.
The Terraform Associate (004) is a 60-minute, online-proctored exam delivered through the Certiverse platform. The exam consists of approximately 57–60 questions in multiple-choice format, including true/false, single-select, and multi-select question types. The exam is available only in English. The registration fee is $70.50 USD plus applicable taxes and fees.
HashiCorp uses a scaled scoring model and does not publicly disclose the exact number of scored versus unscored items. The passing score is broadly understood to require approximately 70% mastery across all domains. Candidates receive a pass/fail result immediately upon completion, with detailed objective-level performance feedback delivered within approximately 48 hours. The resulting credential is valid for two years.
Earning the Terraform Associate credential positions engineers competitively for roles that require infrastructure automation expertise, including Cloud Infrastructure Engineer, DevOps Engineer, Platform Engineer, and Site Reliability Engineer. According to HashiCorp, 88% of exam takers agree that passing a HashiCorp Associate-level exam makes job candidates more desirable to employers. Terraform's dominant position in the IaC market — used by organizations across every major industry vertical — means the certification is recognized by a broad range of employers and is frequently listed as a preferred or required qualification in infrastructure-related job postings.
The Terraform Associate complements cloud provider certifications (AWS, Azure, GCP) by validating multi-cloud, provider-agnostic infrastructure skills that those vendor-specific certs do not cover. It is commonly pursued alongside or after an associate-level cloud certification to build a well-rounded infrastructure credential profile. For engineers looking to advance further, HashiCorp offers the Terraform Authoring and Operations Professional certification as a logical next step, validating advanced production-level Terraform expertise.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 628 questions.
Preview — answers shown1. A DevOps team manages Terraform configurations with a remote S3 backend. They need to reconfigure the backend to point to a new S3 bucket and migrate the existing state to the new location. Which terraform init flag should they use? (Select one!)
Explanation
The -migrate-state flag reconfigures the backend and automatically migrates existing state to the new backend configuration. This is the safest option when changing backend locations because it preserves state data. The -reconfigure flag reconfigures the backend but ignores any saved configuration and does not automatically migrate state. The -upgrade flag updates modules and providers to the latest allowed versions but does not change backend configuration. Using -backend-config alone provides partial backend configuration but does not trigger state migration; it must be combined with -migrate-state to migrate the state file.
2. A configuration declares a module that creates networking resources. The module is called three times with count = 3 to create identical networks in different regions. The team realizes they need to pass different provider configurations to each module instance. What changes are required? (Select two!)
Multiple correct answersExplanation
Module blocks support the providers meta-argument to pass aliased provider configurations to child modules, enabling each module instance to use different provider configurations. Child modules should NOT contain provider blocks because this breaks compatibility with count, for_each, and depends_on meta-arguments. Replacing count with for_each is not necessary for passing providers. The provider meta-argument does not support dynamic selection with count.index syntax.
3. A DevOps team manages Terraform configurations where an aws_instance resource must be replaced whenever a specific AMI data source returns a new ID. They want to automate this replacement without manual intervention. Which lifecycle meta-argument should they use? (Select one!)
Explanation
The replace_triggered_by lifecycle meta-argument automatically replaces a resource when referenced resources or attributes change. This is the correct approach for triggering replacement based on data source changes. The ignore_changes argument tells Terraform to disregard specific attributes during updates, which is the opposite of what is needed. The create_before_destroy argument controls the order of resource recreation but does not trigger replacements based on external changes. The prevent_destroy argument blocks resource destruction and would not enable automatic replacement.
4. An operations team has an aws_security_group resource with create_before_destroy enabled. An aws_instance resource depends on this security group. What behavior will Terraform exhibit for the instance resource? (Select one!)
Explanation
Terraform automatically propagates create_before_destroy to dependent resources to prevent dependency cycles. When a resource has create_before_destroy enabled, any resources that depend on it implicitly inherit this behavior and cannot override it to false. This is stored in the state file. Dependent resources do not use default destroy-then-create behavior when the dependency has create_before_destroy. Explicit configuration is not required because the behavior is automatically inherited. The instance cannot be replaced before the security group because it depends on the security group.
5. A cloud architect implements a postcondition check in a resource lifecycle block that verifies an EC2 instance receives a public IP address. The condition fails during terraform apply. What happens to dependent resources that reference this instance? (Select one!)
Explanation
Postcondition failures prevent downstream dependent resources from executing. When a postcondition check fails during resource creation or updates, Terraform halts the operation and returns an error, blocking all resources that depend on the failed resource. This ensures dependent infrastructure does not build on resources that fail validation requirements. Postconditions do not generate warnings—they produce hard errors. Terraform does not prompt for user decisions during apply operations with failed postconditions. Dependent resources never receive null values as they never execute.
$17.99
One-time access to this exam