Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications200-901DomainsApplication Deployment and Security
200-901Free — No Signup

Application Deployment and Security

Practice 200-901 Application Deployment and Security questions with full explanations on every answer.

92questions

Start practicing

Application Deployment and Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

200-901 Domains

Software Development and DesignUnderstanding and Using APIsCisco Platforms and DevelopmentApplication Deployment and SecurityInfrastructure and AutomationNetwork Fundamentals

Practice Application Deployment and Security questions

10Q20Q30Q50Q

All 200-901 Application Deployment and Security questions (92)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A developer wants to ensure that a Docker container running a web application can only accept incoming traffic on port 443. Which Docker run option should be used?

2

During a security audit, an engineer discovers that a CI/CD pipeline is storing API keys in plain text in environment variables. Which best practice should be implemented to mitigate this risk?

3

A network engineer is troubleshooting a Kubernetes deployment where pods are failing to start with the error 'CrashLoopBackOff'. The pod log shows 'bind: address already in use'. The deployment runs multiple replicas of a container that listens on port 8080. What is the most likely cause?

4

A developer needs to ensure that microservice A can securely communicate with microservice B over HTTPS within a Kubernetes cluster. What is the simplest approach?

5

An engineer is designing a CI/CD pipeline for a Python application. The pipeline should automatically run unit tests, build a Docker image, push it to a private registry, and deploy to a Kubernetes cluster. Which sequence of stages is correct?

6

A security policy requires that all container images in a registry are scanned for vulnerabilities before deployment. Which approach best integrates this into a CI/CD pipeline without slowing down the pipeline?

7

A DevOps engineer wants to automate the configuration of network devices using Ansible. Which file format is commonly used for Ansible playbooks?

8

In a Cisco DNA Center environment, an application needs to retrieve the network device list using REST API. Which authentication method is required?

9

Which TWO statements about Dockerfile best practices are correct? (Choose two.)

10

Which THREE security measures should be implemented in a CI/CD pipeline to protect against supply chain attacks? (Choose three.)

11

Which TWO are valid methods to secure a REST API? (Choose two.)

12

Refer to the exhibit. A Python script uses the Cisco IOS-XE RESTCONF API to retrieve the device configuration. The returned JSON is shown. What must be done to enable the GigabitEthernet0/1 interface using the API?

13

Refer to the exhibit. A developer is building a Docker image for a Node.js application. The Dockerfile contains: ``` FROM node:14 WORKDIR /usr/src/app COPY package*.json ./ RUN npm install COPY . . CMD ["node", "app.js"] ``` When building, the error shown occurs. What is the most likely cause?

14

A company runs a microservices application on a Kubernetes cluster with 10 worker nodes. The application consists of 3 services: frontend, backend, and database. The database service is stateful and uses persistent volumes. Recently, the operations team noticed that the backend service is experiencing intermittent failures with 'Connection refused' errors when trying to connect to the database. The database service is exposed via a ClusterIP service named 'database-service'. The backend service uses environment variable DB_HOST=database-service to connect. The pod logs show that the connection is attempted to an IP address that does not correspond to any database pod. Further investigation reveals that the database pod has been restarted multiple times due to OOMKilled errors. The backend service is configured with a liveness probe that checks the health endpoint every 10 seconds, and a readiness probe that checks the same endpoint every 5 seconds. The database pod has resource limits set to 512Mi memory and 500m CPU. The node running the database pod has 4Gi memory and 2 CPU cores. What is the most likely cause of the intermittent connection failures?

15

A network engineer is automating the deployment of a new VLAN across multiple Cisco switches using Ansible. The engineer has written a playbook that uses the ios_vlan module to create VLAN 100 with name 'Users'. The playbook runs successfully on the first switch but fails on the second switch with the error message: 'VLAN name is already in use'. The engineer checks the second switch and confirms that VLAN 100 does not exist, but a different VLAN with the name 'Users' exists. The engineer wants to ensure that the playbook creates VLAN 100 with the exact name 'Users' only if it does not already exist, and without conflicting with existing VLANs. Which approach should the engineer take?

16

A DevOps team is deploying a microservices application on Cisco UCS using Docker containers. They need to ensure that secrets such as database credentials are securely managed without hardcoding them in the application code or container images. Which approach should they use?

17

Which TWO of the following are valid security considerations when deploying an application to a Kubernetes cluster managed by Cisco Intersight? (Choose two.)

18

Refer to the exhibit. An engineer applied this configuration to a Cisco switch port connected to an application server. The server runs a critical business application that should not be disrupted. However, after applying the configuration, the port goes into errdisable state. What is the most likely cause?

19

Drag and drop the steps to set up a basic DHCP server on a Cisco router into the correct order.

20

Drag and drop the steps to configure a Cisco IOS device for NETCONF access into the correct order.

21

Match each network automation tool to its primary purpose.

22

Match each Python library to its typical use in network automation.

23

A developer wants to deploy a containerized application on a Cisco Container Platform (CCP) cluster. The application requires persistent storage. Which Kubernetes resource should be used to provision storage?

24

Which of the following is a best practice for securing API keys in a CI/CD pipeline?

25

An application running on Kubernetes is experiencing intermittent 503 errors. The logs show 'upstream timed out'. The application is behind a Cisco Application Policy Infrastructure Controller (APIC) load balancer. What is the most likely cause?

26

A DevOps team is using Cisco AppDynamics to monitor a microservices application. They notice that a specific service's response time spikes under load. Which AppDynamics feature should be used to drill down into the transaction trace?

27

Which Docker command is used to build an image from a Dockerfile?

28

A Kubernetes cluster is configured with a NetworkPolicy that allows ingress traffic only from pods with label 'app: frontend'. A new backend service needs to communicate with the database pod. What must be done to allow this?

29

In a CI/CD pipeline using Jenkins, which plugin is commonly used to integrate with Cisco Container Platform for deploying containers?

30

Which Cisco product provides end-to-end application visibility and performance monitoring across hybrid cloud environments?

31

A developer is using a Dockerfile to build an image. The image must be based on a minimal Linux distribution to reduce attack surface. Which base image should be used?

32

Which TWO are valid methods to secure a Docker container?

33

Which THREE are valid ways to expose ConfigMap data to a pod in Kubernetes?

34

Which THREE are best practices for securing a CI/CD pipeline?

35

A developer is deploying a microservice to a Kubernetes cluster. The application needs to read a database password securely without hardcoding it in the image. Which Kubernetes resource should be used?

36

A team is implementing a CI/CD pipeline using Jenkins. The pipeline must build a Docker image and push it to a private registry. Which Jenkins plugin is specifically designed to handle Docker builds and pushes?

37

An application exposes a REST API. To ensure that only authorized clients can access the API, the developer implements token-based authentication. Which HTTP header is typically used to transmit the bearer token?

38

A company uses a blue/green deployment strategy for their web application. The current live version is blue, and a new version green is ready. The load balancer currently routes all traffic to blue. What is the correct next step to switch traffic to green with minimal downtime?

39

A developer needs to run a temporary container that executes a command and then exits. Which Docker command should be used?

40

A developer is designing an API that needs to support rate limiting per API key. The application is deployed on multiple instances. Which approach ensures consistent rate limiting across all instances?

41

An organization uses a private Docker registry with TLS. A developer attempts to pull an image and receives the error: "x509: certificate signed by unknown authority". What is the most likely cause and solution?

42

A developer is writing a Kubernetes Deployment YAML and wants to set a CPU limit of 500 millicores. Which of the following is the correct YAML snippet?

43

An application uses OAuth 2.0 for authorization. The developer receives an access token but needs to know the user's identity. Which OAuth flow should be used to also obtain an ID token that contains user claims?

44

A developer is deploying a containerized application using Docker Compose. Which TWO statements about Docker Compose are correct?

45

A company is implementing a secure CI/CD pipeline. Which THREE practices are essential for securing the pipeline?

46

A developer is building a RESTful API with Python Flask. Which TWO are recommended security best practices for exposing the API over HTTPS?

47

Refer to the exhibit. During a rolling update, a developer notices that the new pods are not passing the readiness probe and the update stalls. What is the most likely reason?

48

Refer to the exhibit. A security audit reveals that the authentication mechanism is vulnerable. Which attack is most likely possible?

49

Refer to the exhibit. The Docker image built from this Dockerfile is larger than expected. Which optimization should be recommended?

50

A network engineer runs an Ansible playbook to backup a Cisco router configuration. The playbook fails with the error: 'ssh: connect to host 192.168.1.1 port 22: Connection timed out'. What is the most likely cause?

51

A Python script uses the Cisco Meraki API to list networks in an organization. The API returns HTTP 403 Forbidden. What is the most likely cause?

52

A DevOps team uses GitLab CI to deploy a containerized application to a Kubernetes cluster. The deployment pipeline fails at the 'deploy' stage with an error: 'unable to connect to server'. What is the most likely cause?

53

An engineer retrieves the list of devices in a Meraki network via the Dashboard API. The API returns HTTP 200 OK with an empty array. What is the most likely reason?

54

A Python script using the Cisco ACI Toolkit (aciToolkit) fails with 'LoginError: unable to login to APIC'. The APIC is reachable via HTTPS. What is the most likely cause?

55

A developer needs to securely store API keys for use in a CI/CD pipeline. Which best practice should be followed?

56

An engineer uses the Cisco Webex Teams API to send a message to a room. The API returns HTTP 403 Forbidden. What is the most likely cause?

57

A microservices application deployed on Kubernetes uses Istio service mesh. After a recent update, some services cannot communicate with each other. Which diagnostic step is most likely to identify the issue?

58

A team uses Ansible Tower for network automation. They need to restrict a user to only view job results without making any changes. Which Tower role should be assigned?

59

A developer is writing a Python script to back up Cisco router configurations via SSH. Which two libraries are appropriate for this task? (Choose two.)

60

An application is secured using OAuth 2.0 for Cisco Webex API access. Which three components are involved in the authorization code grant flow? (Choose three.)

61

A network automation script using NX-API on a Nexus switch fails intermittently with HTTP 500 errors. Which two troubleshooting steps are most effective in diagnosing the issue? (Choose two.)

62

Refer to the exhibit. A developer from subnet 10.10.10.0/24 cannot reach the RESTCONF API on the IOS-XE device. What is the most likely cause?

63

Refer to the exhibit. A Meraki network has a group policy 'Block Social Media' that references a content filtering rule. The policy is applied to VLAN 1. Users in that VLAN cannot access instagram.com but can access facebook.com. What is the most likely reason?

64

Refer to the exhibit. A developer builds this Docker image and runs it. The container starts but cannot be accessed on port 5000 from the host. What is the most likely cause?

65

A developer is deploying a containerized application to a Kubernetes cluster. To ensure that the application can securely access a third-party API, what is the best practice for storing the API key?

66

During a CI/CD pipeline, a security scan reveals that a Docker image contains a vulnerability in a base layer. Which action BEST addresses the issue?

67

A microservice application uses JWT for authentication. The JWT is signed with RS256. Which practice ensures that the public key used for verification is securely distributed to all services?

68

A company wants to implement a zero-trust model for API access between microservices. What is the most effective way to authenticate service-to-service communication?

69

In a Kubernetes deployment, the container image pull policy is set to "Always". This causes performance issues during rollouts because the image registry is slow. What is the best practice to reduce pull time while maintaining security?

70

A security team wants to ensure that only signed Docker images are deployed in production. Which CI/CD pipeline step validates the image signature before deployment?

71

An application running in a Kubernetes pod needs to access an external database securely. The database credentials are rotated every 24 hours. Which approach ensures that the pod always uses the current credentials without manual intervention?

72

A developer is creating a Helm chart for a stateless web application. Where should the application's configuration settings (like log level and feature flags) be stored?

73

During a security audit, it is found that a microservice exposes its internal IP address in error responses. This could help attackers map the network. What is the BEST remediation?

74

A company is implementing an API gateway for its microservices. Which TWO security features should be enabled at the gateway to protect backend services?

75

A DevOps team is securing a CI/CD pipeline that deploys containerized applications to Kubernetes. Which THREE practices enhance security?

76

Which THREE are valid methods for managing Kubernetes application configuration?

77

Refer to the exhibit. A security audit requires that the container cannot run as root. Which part of the pod spec ensures this?

78

Refer to the exhibit. What is the most effective action to eliminate both vulnerabilities in the container image?

79

A company has a microservices application deployed on Kubernetes. There are three services: frontend, backend, and database. The frontend is exposed via an Ingress. The API gateway is used for authentication. Recently, after updating the backend service, users are experiencing 401 Unauthorized errors when accessing endpoints that previously worked. The authentication mechanism uses JWT tokens issued by an external identity provider. The JWT tokens are validated by the API gateway. The backend service itself does not validate tokens; it relies on the gateway to forward user identity via headers. The development team checked the logs and found that the backend is receiving requests with the correct JWT from the gateway but still returning 401. What is the most likely cause?

80

A developer is building a REST API for a Cisco DNA Center application. The API must allow external partners to retrieve network device inventory. Which security mechanism should be implemented to ensure that only authorized partners can access the API while maintaining the ability to revoke access for a specific partner without affecting others?

81

During a security audit of a microservices application deployed on Cisco Container Platform, the auditor discovers that some containers are running with privileged access. The development team argues that certain containers need to modify kernel parameters. Which security best practice should be recommended to minimize risk while allowing necessary kernel adjustments?

82

Which TWO of the following are recommended practices for securing a CI/CD pipeline in a DevOps environment? (Choose two.)

83

Which THREE of the following are common security vulnerabilities listed in the OWASP Top 10? (Choose three.)

84

A company uses Cisco Meraki APs and an internal web application hosted on AWS. The application store customer payment data. The security team discovers that sensitive application logs are being transmitted in plaintext over the network to the SIEM. The DevOps team wants to improve security without changing the application code because it is proprietary and cannot be modified. Which solution should be recommended?

85

A team is deploying a new microservice on Cisco Container Platform. The microservice needs to access a database hosted on a separate VM. The security policy requires that only the microservice can communicate with the database, and all traffic must be encrypted. The team is using Kubernetes network policies and mutual TLS. During testing, the microservice cannot reach the database. The database team reports that the database is reachable from other services. What is the most likely cause?

86

An organization uses Ansible for configuration management and wants to secure the automation secrets (e.g., SSH keys, API tokens). The secrets are currently stored in plaintext in inventory files. The security team requires that secrets be encrypted at rest and decrypted only at runtime by authorized users. Which solution should be implemented?

87

A developer is deploying a Python web application on Cisco UCS servers using a CI/CD pipeline that runs on Jenkins. The application uses a PostgreSQL database. The security team mandates that all database credentials must be rotated every 30 days. Currently, credentials are stored as plaintext in a configuration file in the application repository. Which approach should the developer take to meet the rotation requirement without storing secrets in the repository?

88

A company has a web application running on Cisco DNA Center. The application uses OAuth 2.0 for authentication with an external identity provider (IdP). Recently, users have reported that they are being logged out unexpectedly after a few minutes of inactivity, even though the IdP token has a 1-hour expiration. The application developer wants to maintain usability while keeping security controls. What is the most likely cause and solution?

89

A financial services company deploys a multi-tier application on Cisco UCS with separate VMs for web, app, and database tiers. The security team runs a vulnerability scan and finds that the web server is vulnerable to SQL injection. The development team cannot fix the code immediately because of a pending third-party library update. The company needs to deploy a security control to mitigate the vulnerability as soon as possible without changing the application. Which of the following is the best immediate mitigation?

90

Which TWO of the following are best practices for securely managing API tokens in a CI/CD pipeline?

91

Refer to the exhibit. An application is deployed on a server at 192.168.1.10, listening on TCP port 8080. The ACL is applied inbound on the server's network interface. Which clients will be able to access the application?

92

A network administrator is deploying a custom container application on a Cisco Catalyst 9300 switch running IOS XE 16.12. The application is packaged as a .tar file and installed using 'app-hosting install app myapp flash:myapp.tar'. The administrator configures the app-hosting context as follows: app-hosting app myapp app-default-gateway 192.168.1.1 app-vnic gateway0 guest-interface 0 guest-ipaddress 192.168.1.10 netmask 255.255.255.0 app-resource profile custom cpu 1000 memory 2048 storage 5000 The administrator also creates a virtual port group 'vg0' and assigns it to the management interface. The application fails to start with the error: 'Application failed to start: guest interface not ready'. The administrator verifies that the .tar file is valid, the resources are sufficient, and the gateway is reachable. What is the most likely cause of the failure?

Practice all 92 Application Deployment and Security questions

Other 200-901 exam domains

Software Development and DesignUnderstanding and Using APIsCisco Platforms and DevelopmentInfrastructure and AutomationNetwork Fundamentals

Frequently asked questions

What does the Application Deployment and Security domain cover on the 200-901 exam?

The Application Deployment and Security domain covers the key concepts tested in this area of the 200-901 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 200-901 domains — no account required.

How many Application Deployment and Security questions are in the 200-901 question bank?

The Courseiva 200-901 question bank contains 92 questions in the Application Deployment and Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Application Deployment and Security for 200-901?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Application Deployment and Security questions for 200-901?

Yes — the session launcher on this page draws questions exclusively from the Application Deployment and Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 200-901 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide