DEV Community

Mukami
Mukami

Posted on

Fine-tuning My Terraform Exam Prep with Practice Exams

#terraform #aws #practice #exam

Four Exams. 228 Questions. One Clear Picture.

Day 29 of the 30-Day Terraform Challenge — and today I did something that felt excessive.

Two more practice exams. 57 questions each. Same conditions. No notes. No looking up answers.

Four exams in two days. 228 questions total.

But the exams weren't the point. The analysis after them was.

The Four-Exam Score Trend

Exam Score Percentage Notes
Exam 1 (Day 28) 42/57 74% First run, nervous
Exam 2 (Day 28) 44/57 77% Warm-up effect
Exam 3 (Today) 45/57 79% Feeling confident
Exam 4 (Today) 43/57 75% Fatigued, rushed last 10 questions

Trend analysis: Scores are consistently above 70% (range 74-79%). The drop on Exam 4 was fatigue — I finished with only 2 minutes left and rushed the final questions.

Readiness rating: Nearly Ready. My knowledge is solid, but endurance is a factor. On the real exam, I need to pace myself better.

Persistent Wrong-Answer Topics

Across all four exams, these topics appeared in my wrong answers more than once:

1. terraform state rm vs terraform destroy

  • Wrong understanding: Thought state rm would delete the real resource
  • Correct understanding: state rm removes from state only. destroy deletes real infrastructure. The resource continues running in AWS after state rm.

2. terraform plan -target includes dependencies

  • Wrong understanding: Thought -target only plans the specified resource
  • Correct understanding: It plans the targeted resource AND any resources that depend on it

3. terraform apply -refresh-only

  • Wrong understanding: Thought it was part of normal apply
  • Correct understanding: It only updates state to match real infrastructure without making changes

4. Sentinel policy execution timing

  • Wrong understanding: Thought Sentinel runs before plan
  • Correct understanding: Runs after plan, before apply — evaluates proposed changes before they happen

5. Provider version constraint ~> 1.0.0

  • Wrong understanding: Thought it meant any 1.x version
  • Correct understanding: It means >= 1.0.0 and < 1.1.0 — only the last digit can increment

6. Workspace behaviour

  • Wrong understanding: Thought workspaces are separate directories
  • Correct understanding: Each workspace has its own state file; terraform.workspace returns the workspace name as a string

Hands-On Exercises to Close the Gaps

Exercise 1: State Commands 

# Deploy test resource
echo 'resource "random_id" "test" { byte_length = 4 }' > main.tf
terraform init && terraform apply -auto-approve

# Verify resource exists
terraform state list
# Output: random_id.test

# Remove from state only
terraform state rm random_id.test
terraform state list
# Output: (empty) — gone from state

# Resource still exists in AWS? For random_id it's generated, but for EC2 it would still run
Enter fullscreen mode Exit fullscreen mode

What this reinforced: state rm only removes from state. The real resource continues to exist.

Exercise 2: Workspace Practice 

# Create workspaces
terraform workspace new dev
terraform workspace new staging
terraform workspace list
# Output: default, dev, staging

# Switch and verify
terraform workspace select dev
terraform workspace show
# Output: dev

# Delete (cannot delete current workspace)
terraform workspace select default
terraform workspace delete staging
Enter fullscreen mode Exit fullscreen mode

What this reinforced: Workspaces are separate state files; terraform.workspace is the expression you use in config.

Exercise 3: Provider Version Constraints 

# Example 1: ~> 5.0
# Means: >= 5.0.0 and < 6.0.0 (any 5.x version)
required_providers {
  aws = { source = "hashicorp/aws", version = "~> 5.0" }
}

# Example 2: ~> 5.1.0
# Means: >= 5.1.0 and < 5.2.0 (only patch increments)
required_providers {
  aws = { source = "hashicorp/aws", version = "~> 5.1.0" }
}

# Example 3: >= 5.0, < 6.0
# Means: exactly the same as ~> 5.0 (explicit version)
required_providers {
  aws = { source = "hashicorp/aws", version = ">= 5.0, < 6.0" }
}
Enter fullscreen mode Exit fullscreen mode

Final Study Priority List (Day 30)

Priority Topic Specific Focus
1 State commands Difference between state rm and destroy
2 CLI flags -target, -refresh-only, -upgrade behaviour
3 Provider constraints ~> vs >= vs exact version ranges
4 Workspaces CLI workspaces vs TFC workspaces
5 Sentinel policies Execution timing and enforcement flow

What I Learned

Fatigue is real. My score dropped on Exam 4 because I was tired. On the real exam, I need to pace myself and not rush the last questions.

Persistent gaps are the only ones that matter. A one-off mistake is fine. A topic you miss twice is a genuine gap that needs hands-on practice.

Hands-on beats reading. Every concept I got wrong more than once, I fixed by running actual commands.

I'm not ready, but I'm nearly ready. Consistently above 70% across four exams tells me I know the material. The last day is about closing the persistent gaps and building endurance.

The Bottom Line

Four exams. 228 questions. 74-79% consistently.

Not perfect. But clear.

I know exactly where my gaps are:

  • State commands
  • CLI flags
  • Provider constraints
  • Workspaces
  • Sentinel

One day left. Hands-on practice only. No more exams.

A gap you close today is a point you won't lose tomorrow.

Resources:

Top comments (0)