Day 24 of my 30-Day Terraform Challenge was pure exam preparation.
No new AWS resources.
No new modules.
No new deployments.
Just one goal:
to close the gap between “I understand Terraform” and “I can answer Terraform questions accurately under time pressure.”
After spending the last few weeks building real infrastructure with Terraform, today was about sharpening the details that matter for the Terraform Associate exam.
GitHub reference:
👉 Day 24 GitHub Link
Why Day 24 Was Different
Most of the challenge so far has been hands-on:
- EC2
- ALBs
- Auto Scaling Groups
- remote state
- modules
- testing
- GitHub Actions
- Terraform Cloud concepts
- Sentinel policies
- deployment workflows
That hands-on work helped a lot.
But certification exams test precision.
It is not enough to know that Terraform uses state.
You need to know exactly what happens when you run:
terraform state rm
terraform import
terraform init -upgrade
terraform apply -refresh-only
That was the focus for today.
The Resources I Used
For Day 24, I focused on the official HashiCorp exam preparation resources:
Terraform Associate Study Guide
https://developer.hashicorp.com/terraform/tutorials/certification-004/associate-study-004Official Sample Questions
https://developer.hashicorp.com/terraform/tutorials/certification-004/associate-questions-004Terraform Associate Review Tutorial
https://developer.hashicorp.com/terraform/tutorials/certification-004/associate-review-004
The official sample questions were especially useful for understanding the style of questions, but they are not a full mock exam. They are more like a format check.
The review tutorial was useful as a checklist of what to study, not as a question bank.
My Exam Simulation Result
I did a 57-question timed simulation based on the official domains and my weak areas from Day 23.
Result:
Total questions: 57
Correct answers: 44
Wrong answers: 13
Score: 77.2%
Passing target: 70%
Result: Pass
That was encouraging.
But more importantly, it showed me exactly where my weak spots were.
Topics I Missed
The questions I missed were not random. They clustered around common exam traps:
-
.terraform.lock.hclvsterraform.tfstate terraform init -upgrade- provider alias syntax
terraform apply -refresh-only- Terraform Cloud vs Terraform Enterprise
- backend migration behavior
-
random_passwordand secrets in state -
terraform state rmvs real infrastructure -
terraform importbehavior
This was actually good news.
It means the gap is not “I do not understand Terraform.”
The gap is “I need to memorize exact command behavior.”
That is much easier to fix.
The Biggest Exam Traps I Reviewed
1. State vs lock file
This is one of the easiest things to mix up.
terraform.tfstate
Tracks real infrastructure and maps it to Terraform resources.
.terraform.lock.hcl
Tracks provider versions and checksums.
The lock file is about dependency consistency.
The state file is about infrastructure reality.
2. terraform state rm
This command does not destroy infrastructure.
It only removes the resource from Terraform state.
So if you run:
terraform state rm aws_instance.web
the EC2 instance still exists in AWS. Terraform just stops managing it.
That is a very exam-friendly trap.
3. terraform import
terraform import brings an existing real-world object into Terraform state.
But it does not write the .tf resource block for you.
You still need to write the matching configuration yourself.
4. terraform apply -refresh-only
This updates Terraform state to match real infrastructure.
It is not the same as a normal apply.
It is useful when you want Terraform to refresh its understanding of reality without making normal create/update/destroy changes.
5. Sensitive values
This one matters a lot.
sensitive = true
masks values in CLI output.
But it does not guarantee the value is absent from state.
That means state security is still important.
6. Provider aliases
The correct syntax is:
provider "aws" {
region = "us-east-1"
}
provider "aws" {
alias = "west"
region = "us-west-2"
}
resource "aws_s3_bucket" "example" {
provider = aws.west
bucket = "example-west-bucket"
}
The key part is:
provider = aws.west
Not alias = aws.west.
My Exam-Day Strategy
The Terraform Associate exam is time-sensitive.
The strategy I am taking is:
- Move quickly through easy questions.
- Flag uncertain questions.
- Do not spend too long on one hard question.
- Return to flagged questions at the end.
- Watch carefully for wording like “state,” “real infrastructure,” “configuration,” and “select TWO.”
- Eliminate obviously wrong answers first.
The biggest reminder for myself:
hard questions and easy questions are worth the same.
So it is better to secure all the easy points first.
The Topics I Will Review Again
Before the exam, I want to revisit:
- Terraform state commands
- backend migration
- provider aliases
- HCP Terraform vs Terraform Enterprise
- sensitive values in state
terraform init -upgradeterraform importterraform apply -refresh-only
These are now my final review targets.
What Helped Most
The most useful preparation was not just reading.
It was combining:
- real hands-on Terraform work
- official documentation
- practice questions
- timed simulation
- reviewing every wrong answer
The timed simulation was especially helpful because it showed how easy it is to make small mistakes under pressure.
My Main Takeaway
The Terraform Associate exam rewards precise understanding.
It tests whether you know what Terraform does:
- to configuration
- to state
- to real infrastructure
- during each command
That precision only comes from practice.
Day 24 gave me a clear picture of where I stand:
I am in passing range, but I still have a few sharp edges to clean up.
And honestly, that feels like a good place to be.
Follow My Journey
This is Day 24 of my 30-Day Terraform Challenge.
The book is complete.
The labs are done.
Now the focus is certification readiness.
See you on Day 25.
Top comments (0)