Back to All Certifications
HashiCorp Certified: Terraform Associate (004) logo
HashiCorp

HashiCorp Certified: Terraform Associate (004)

The Terraform Associate certification validates knowledge of fundamental Terraform Community Edition and HCP Terraform concepts and skills. It is designed for cloud engineers with professional experience using Terraform in production environments. The exam tests on Terraform 1.12 and covers topics including IaC concepts, core workflow, configuration, modules, state management, and HCP Terraform.

Exam Details

Duration
60 minutes
Questions
57 questions
Passing Score
70%
Format
Multiple choice, multiple response, true/false, and code

What This Exam Really Tests

This exam fundamentally evaluates whether you understand Terraform as a stateful, declarative system — not just as a CLI tool — testing whether you grasp the lifecycle of infrastructure from code to state to drift management. It probes your ability to reason about how Terraform resolves dependencies, manages state as the source of truth, and orchestrates workflows across providers and teams. The exam distinguishes practitioners who have actually debugged real infrastructure problems from those who have only read documentation.

Key Success Factors

  • State is the hidden core of this exam — nearly every domain connects back to it. Questions about drift, import, backends, locking, and even modules all test whether you truly understand that Terraform's state file IS the infrastructure model, not just a cache. Candidates who treat state as an afterthought fail questions scattered across every domain.
  • The 25% weight on Terraform Configuration is deceptive — it's not testing syntax memorization, it's testing your ability to reason about expression evaluation order, type constraints, and dynamic block behavior. HashiCorp wants to see if you can predict what Terraform will do with complex variable types, for_each vs count tradeoffs, and output dependencies before you hit apply.
  • HCP Terraform's 6.25% weight undersells its conceptual importance — the exam uses it as a lens to test whether you understand collaborative infrastructure governance, workspace isolation strategies, and the difference between local and remote execution models. Understanding why teams use HCP Terraform reveals deeper knowledge of the entire Terraform workflow.

Common Pitfalls to Avoid

  • Candidates memorize the init-plan-apply workflow steps but fail questions about WHEN and WHY you'd use flags like -target, -refresh=false, or -replace, which reveals they've never used Terraform to recover from real-world state corruption or partial failures.
  • Most candidates underestimate provider versioning and the terraform required_providers block, treating it as boilerplate rather than understanding version constraint operators (~>, >=, exact), provider lock files, and the security and stability implications of loose versus strict version pinning in production environments.
💡

Approach every question by asking 'what does Terraform's state know, and what will it do next?' — candidates who internalize Terraform as a state reconciliation engine rather than a script runner will correctly reason through even unfamiliar scenarios.

Exam Domains

Infrastructure as Code (IaC) with Terraform

12.5%

This domain tests conceptual understanding rather than hands-on syntax, so expect definition-based and scenario-comparison questions. Focus on articulating IaC benefits like idempotency, version control, and repeatability versus manual provisioning. Terraform's provider-agnostic model and its position in the multi-cloud landscape are frequent question anchors.

IaC benefits vs. manual provisioning (idempotency, drift detection, auditability)Terraform's provider plugin model enabling multi-cloud workflowsDeclarative vs. imperative IaC approaches

💡 Easiest domain conceptually, but candidates lose points by confusing declarative with imperative models or underselling specific IaC benefits like self-documentation and peer review via version control.

Practice this domain's questions

Terraform Fundamentals

12.5%

This domain bridges concepts and mechanics — expect questions on how providers are sourced, versioned, and initialized, as well as how state is created and used. Pay close attention to the provider version constraint syntax (e.g., ~>, >=) and the difference between required_providers and provider blocks. Understanding that state is the source of truth mapping real infrastructure to configuration is critical.

Provider version constraint syntax (~>, >=, =, !=)The role of required_providers block inside terraform {}How state maps configuration to real-world resources

💡 Version constraint syntax is a frequent trap — candidates confuse ~> (pessimistic constraint) with >= (minimum version). Also, know that providers are downloaded into .terraform/ during init, not apply.

Practice this domain's questions

Core Terraform Workflow

12.5%

This is the most procedural domain — questions map directly to CLI commands and their outputs. You must know the exact sequence (init → validate → plan → apply → destroy) and what each command does and does not do. Pay special attention to what terraform plan -out does, what terraform fmt -recursive covers, and the difference between terraform validate and a plan-time check.

Exact CLI command flags and their effects (e.g., -auto-approve, -out, -target, -refresh=false)What terraform fmt standardizes (style only, not logic)Distinguishing validate (syntax/schema) from plan (provider API checks)

💡 Candidates often confuse terraform validate with terraform plan — validate does NOT contact provider APIs. Also, terraform destroy is equivalent to terraform apply -destroy, which may appear as a trick option.

Practice this domain's questions

Terraform Configuration

25%

As the highest-weighted domain at 25%, this is where the exam is won or lost — expect the largest number of questions covering HCL syntax, variable types, expressions, and dependency management. Know the difference between resource and data blocks at a syntactic and behavioral level, and be proficient with built-in functions like length(), toset(), lookup(), and merge(). Sensitive variable handling and lifecycle meta-arguments (create_before_destroy, prevent_destroy) are high-value topics.

Variable types (string, list, map, object, tuple, set) and type constraintsExpressions: for expressions, conditional expressions, splat expressionsResource meta-arguments: depends_on, lifecycle, count, for_eachSensitive data: sensitive = true on variables/outputs, external secrets via Vault providerData sources: when to use them vs. resources, and how to reference their attributes

💡 The most common pitfall is confusing count.index with for_each keys — with for_each, use each.key and each.value. Also, sensitive = true on a variable does not encrypt state; it only suppresses CLI output.

Practice this domain's questions

Terraform Modules

12.5%

Module questions focus on sourcing (registry, local path, Git, S3), variable scoping rules, and version pinning. Understand that child modules cannot access parent module variables unless explicitly passed, and that outputs from child modules must be explicitly declared to be accessible. The Terraform Registry module source format (namespace/module/provider) and version argument behavior are frequently tested.

Module source types: local path (./), registry (namespace/name/provider), Git URLsPassing variables into modules vs. accessing module outputsVersion pinning with the version argument in module blocks

💡 Candidates often forget that local path modules (source = './modules/vpc') do not support the version argument — version pinning only works with registry and some remote sources. Also, module outputs must be explicitly exposed via output blocks inside the module.

Practice this domain's questions

Terraform State Management

12.5%

State management questions test both conceptual knowledge (why state exists, what drift is) and practical backend configuration. Know the backend block syntax for common remote backends (S3, Azure Blob, HCP Terraform), understand that state locking prevents concurrent runs, and know the difference between terraform refresh (deprecated standalone command) and the -refresh-only plan mode. Resource drift — when real infrastructure diverges from state — and its resolution is a key scenario topic.

Backend block configuration and limitations (no variables/references allowed in backend block)State locking mechanics: which backends support it and what happens on lock failureDetecting and resolving drift: terraform plan -refresh-only and terraform apply -refresh-onlyterraform state subcommands: list, show, mv, rm, pull

💡 A critical pitfall: the backend block cannot reference variables or locals — it must use hardcoded values or be configured via partial configuration with -backend-config. Also, terraform state rm removes a resource from state but does NOT destroy the real resource.

Practice this domain's questions

Maintain Infrastructure with Terraform

6.25%

Despite its low weight (6.25%), this domain covers operationally important topics including terraform import, state inspection, and debug logging. Know that terraform import requires you to write the resource block manually before importing, and that TF_LOG accepts levels TRACE, DEBUG, INFO, WARN, ERROR with TRACE being the most verbose. The terraform state show and terraform state list commands are commonly tested in 'how do you inspect' scenarios.

terraform import syntax: terraform import resource_type.name provider_idTF_LOG environment variable levels and TF_LOG_PATH for log outputInspecting state: terraform state list (all resources) vs. terraform state show (single resource detail)

💡 Candidates frequently miss that terraform import does not generate configuration — you must write the resource block first, then import. Also, after import, running terraform plan may still show changes if the configuration does not perfectly match the imported resource's actual attributes.

Practice this domain's questions

HCP Terraform

6.25%

This domain covers HashiCorp Cloud Platform (HCP) Terraform features including remote runs, workspace organization, and governance via Sentinel policies and role-based access control. Know the difference between HCP Terraform workspaces (isolated environments with their own state and variables) and local Terraform workspaces (terraform workspace command). Understand the cloud block as the modern replacement for the remote backend block and how CLI-driven vs. VCS-driven workflows differ.

HCP Terraform workspace types: CLI-driven, VCS-driven, and API-driven runsGovernance features: Sentinel policy enforcement tiers and team access controlscloud block configuration vs. legacy remote backend blockProjects as an organizational layer above workspaces

💡 Candidates confuse HCP Terraform workspaces with CLI workspaces (terraform workspace new/select) — they are fundamentally different concepts. HCP Terraform workspaces are full isolated environments; CLI workspaces are state-level multiplexing within a single configuration directory.

Practice this domain's questions

Master HashiCorp Certified: Terraform Associate (004) with AI-Driven Precision Practice

CertForge targets your Terraform weak spots across all 8 exam domains so you pass faster.

Domain-Mapped Practice Questions

AI generates fresh Terraform questions across all 8 domains, from IaC concepts to Terraform Cloud workflows.

Adaptive Weak Area Detection

CertForge pinpoints whether you struggle with state management, modules, or providers and drills those gaps.

Exam-Format Practice Tests

Full-length simulations mirror the real Terraform Associate (004) format, building confidence and pacing skills.

Pass Threshold Prediction

Know if you are ready before exam day with a score prediction calibrated to Terraform Associate passing standards.

Why CertForge? CertForge replaces static Terraform study guides with adaptive AI that learns exactly where you will fail.

Compare with Other Certifications

Select a certification to compare exam structure and domain coverage side-by-side.

Ready to Start Your Journey?

Begin your HashiCorp Certified: Terraform Associate (004) preparation with CertForge's curriculum-aware learning system