0
0
Terraformcloud~20 mins

GCS backend configuration in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
GCS Backend Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Identify the correct GCS backend configuration block
Which Terraform backend configuration block correctly sets up Google Cloud Storage (GCS) as the backend with bucket name my-terraform-state and prefix env/prod?
A
terraform {
  backend "gcs" {
    bucket = "my-terraform-state"
    prefix = "env/prod"
  }
}
B
terraform {
  backend "gcs" {
    bucket_name = "my-terraform-state"
    prefix = "env/prod"
  }
}
C
terraform {
  backend "gcs" {
    bucket = "my-terraform-state"
    path = "env/prod"
  }
}
D
terraform {
  backend "gcs" {
    bucket = "my-terraform-state"
    prefix_path = "env/prod"
  }
}
Attempts:
2 left
💡 Hint
The GCS backend requires the bucket name under the key 'bucket' and the state file path prefix under 'prefix'.
service_behavior
intermediate
1:30remaining
What happens if the GCS backend bucket does not exist?
When Terraform initializes with a GCS backend configuration pointing to a non-existent bucket, what is the expected behavior?
ATerraform creates a new bucket with a default name and continues.
BTerraform creates the bucket automatically and proceeds with initialization.
CTerraform ignores the missing bucket and uses local state instead.
DTerraform throws an error indicating the bucket does not exist and stops initialization.
Attempts:
2 left
💡 Hint
Terraform requires the backend storage bucket to exist before initialization.
security
advanced
2:00remaining
Which IAM role is required for Terraform to write state to a GCS backend?
To allow Terraform to store and update state files in a GCS bucket, which minimum IAM role should be granted to the service account used by Terraform?
Aroles/storage.objectAdmin
Broles/storage.objectViewer
Croles/storage.admin
Droles/storage.objectCreator
Attempts:
2 left
💡 Hint
Terraform needs permissions to read, write, and delete objects in the bucket.
Architecture
advanced
2:30remaining
How to configure Terraform backend for multiple environments using GCS?
You want to manage separate Terraform states for 'dev' and 'prod' environments using the same GCS bucket named tf-states. Which backend configuration correctly isolates the states?
A
terraform {
  backend "gcs" {
    bucket = "tf-states"
    prefix = "dev"
  }
}

terraform {
  backend "gcs" {
    bucket = "tf-states"
    prefix = "prod"
  }
}
B
terraform {
  backend "gcs" {
    bucket = "tf-states"
    prefix = "env/dev"
  }
}

terraform {
  backend "gcs" {
    bucket = "tf-states"
    prefix = "env/prod"
  }
}
CUse one backend block with prefix = "dev,prod" to manage both environments.
DCreate separate buckets named tf-states-dev and tf-states-prod instead of using prefixes.
Attempts:
2 left
💡 Hint
Use different prefixes inside the same bucket to separate state files per environment.
Best Practice
expert
3:00remaining
What is the recommended way to secure Terraform state files in GCS?
Which practice best secures Terraform state files stored in a GCS bucket?
ADisable bucket versioning and allow full storage admin access to all team members.
BUse default Google-managed encryption and grant all users read access for transparency.
CEnable bucket versioning, restrict IAM roles to least privilege, and enable CMEK (Customer Managed Encryption Keys).
DMake the bucket public for easy access and enable lifecycle rules to delete old states.
Attempts:
2 left
💡 Hint
Protect state files by controlling access, encrypting data, and keeping history.