Practice 200-901 Application Deployment and Security questions with full explanations on every answer.
Start practicing
Application Deployment and Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A developer creates a Dockerfile for a Python web application. Which instruction should be used to copy the application source code into the container image?
2A Docker container needs to be started in detached mode with port mapping from host port 8080 to container port 80. Which command accomplishes this?
3In a docker-compose.yaml file, which key is used to define the container image to be built from a Dockerfile in the current directory?
4A company deploys a microservice using Kubernetes. The service must be accessible externally via a stable IP address and load-balanced across pods. Which Service type should be used?
5A CI/CD pipeline has a stage that runs security vulnerability scans on dependencies. Which tool is specifically designed to scan Python packages for known vulnerabilities?
6A developer is writing a Dockerfile for a Node.js application. They want to set a build-time variable for the application version that can be changed without modifying the Dockerfile. Which instruction should be used?
7A Kubernetes pod needs to read configuration data such as database hostname, which is non-sensitive and may change across environments. Which resource should be used to store this data and inject it into the pod?
8A developer needs to apply a Kubernetes deployment manifest from a file named 'deployment.yaml'. Which kubectl command should be used?
9In a Docker bridge network, two containers can communicate with each other using which identifier by default?
10A developer needs to view the logs of a running Docker container with ID 'abc123'. Which command should be used?
11A Kubernetes Deployment is configured with rolling update strategy. A new version of the image is pushed, and the deployment is updated. During the rollout, the new pods are failing health checks. Which command can be used to pause the rollout and prevent further updates?
12A CI/CD pipeline using GitHub Actions needs to build a Docker image and push it to Docker Hub. Which event trigger should be used to run the workflow only when code is pushed to the main branch?
13A developer is implementing secure coding practices to prevent SQL injection. Which approach is most effective when building a SQL query with user input?
14In a Docker Compose file with multiple services, one service depends on another to be healthy before starting. Which key should be used to express this dependency and ensure the dependent service is started first?
15A Kubernetes pod needs to run a database that requires persistent storage. Which volume type should be used to store data that persists beyond the pod lifecycle?
16Which TWO actions are best practices for managing secrets in a CI/CD pipeline?
17Which TWO Docker network drivers allow a container to communicate with the host's network stack directly?
18Which THREE options are valid methods to expose a Kubernetes service to external traffic?
19A developer creates a Dockerfile with the following content: FROM python:3.9-slim, COPY app.py /app/, RUN pip install flask, EXPOSE 5000, CMD ["python", "/app/app.py"]. When building the image with 'docker build -t myapp .', what is the purpose of the EXPOSE instruction?
20A CI/CD pipeline for a microservice application includes stages: code commit, build Docker image, push to registry, deploy to staging, run integration tests, and deploy to production. The team wants to ensure that if integration tests fail, the pipeline stops and does not proceed to production. Which CI/CD concept is used to enforce this behavior?
21In a Kubernetes deployment, a developer needs to expose a set of pods internally within the cluster on a stable IP address. The pods are stateless and serve HTTP traffic. Which Service type should be used?
22A developer runs the command: docker run -d -p 8080:80 --name web nginx. Which of the following best describes what happens?
23A team uses GitHub Actions for CI/CD. Their workflow includes a job that builds a Docker image and pushes it to a private registry. The job needs to authenticate to the registry using secrets stored in GitHub. Which approach is most secure for passing credentials?
24A developer writes a web application that accepts user input and displays it on a page. To prevent cross-site scripting (XSS), what is the most effective defense?
25In a Docker Compose file, a service 'web' depends on 'db'. The 'db' service uses a volume to persist data. Which compose key ensures that the database starts before the web service?
26A Kubernetes Deployment has replicas: 3. The team updates the container image to a new version. The rollout gets stuck because the new pod fails readiness probes. Which kubectl command will display the rollout status and help diagnose the issue?
27A developer needs to share a Docker image with a colleague. They decide to push the image to a registry. Which Docker command pushes an image to a registry?
28A Kubernetes environment has multiple teams sharing the same cluster. One team wants to deploy applications without interfering with other teams' resources. Which Kubernetes resource should be used to isolate the team's resources?
29A developer has a Docker container running a database. They need to inspect the database logs to debug a connection issue. Which command will show the logs in real-time?
30A CI/CD pipeline for a Python project should run unit tests and check for known vulnerabilities in dependencies. Which tool can be integrated into the pipeline to perform dependency scanning?
31A developer is deploying a containerized application with Docker Compose. The application requires environment variables for database credentials that should not be hardcoded in the docker-compose.yml file. Which two methods securely provide these credentials? (Choose two.)
32A Kubernetes cluster has a deployment named 'frontend' that needs to be updated to a new image version. The update should be performed with zero downtime. Which three kubectl commands or approaches can achieve this? (Choose three.)
33A developer is writing a CI/CD pipeline using Jenkins Declarative Pipeline. They want to ensure that sensitive credentials (e.g., API keys) are never exposed in console logs. Which two security practices should be implemented? (Choose two.)
34You are writing a Dockerfile. Which instruction should you use to set the working directory for subsequent RUN, CMD, ENTRYPOINT, COPY, and ADD instructions?
35A developer runs 'docker run -d -p 8080:80 --name web nginx:alpine'. The container fails to start. Which command is the most appropriate to investigate the issue?
36In a Kubernetes cluster, you need to expose a set of pods running a web application to external traffic on a specific port. Which Service type should you use to provide a stable external IP address?
37A CI/CD pipeline includes stages for code commit, build, unit test, integration test, staging deploy, and production deploy. Which change would best prevent a faulty build from reaching production?
38You are writing a Dockerfile for a Python application. Which instruction should you use to install the dependencies from a requirements.txt file?
39A developer needs to share a Docker image built from a Dockerfile with team members. Which command correctly builds the image and tags it as 'myapp:v1'?
40A Kubernetes Deployment manages a set of identical pods. You update the container image to a new version. The rollout gets stuck. Which kubectl command should you use to view the rollout status and determine the cause?
41In a Docker Compose file, you want to ensure that the 'web' service starts only after the 'db' service is healthy. Which key should you use under the 'web' service?
42A developer wants to run a container in the background with port mapping and a named volume. Which command accomplishes this?
43A web application is vulnerable to SQL injection. Which secure coding practice should the developer implement in the code to prevent this?
44In a Kubernetes cluster, you need to store non-sensitive configuration data (e.g., database hostname) that can be consumed by pods as environment variables. Which resource should you use?
45A developer needs to ensure that environment variables containing database credentials are not hardcoded in the application code. Which approach is most secure for managing secrets in a CI/CD pipeline?
46Which TWO commands are used to view information about Docker containers? (Select two.)
47Which THREE are valid Kubernetes Service types? (Select three.)
48Which TWO practices help prevent sensitive data exposure in a CI/CD pipeline? (Select two.)
49A developer is creating a Dockerfile for a Python Flask application. The application runs on port 5000. Which directive should be used to document that the container listens on this port?
50A team uses a Jenkins declarative pipeline to deploy a microservice. The pipeline includes stages: Checkout, Build Docker Image, Run Unit Tests, Push to Registry, Deploy to Staging, and Deploy to Production. Which stage should run immediately after 'Build Docker Image' to ensure code quality before the image is pushed?
51A Kubernetes deployment is configured with replicas: 3. During a rolling update, the deployment strategy is set to RollingUpdate with maxSurge: 1 and maxUnavailable: 0. What is the maximum number of pods that will be running during the update?
52A developer is writing a web application and needs to prevent SQL injection attacks. Which coding practice is most effective?
53In Docker, which command is used to build an image from a Dockerfile and tag it as 'myapp:v1'?
54A DevOps engineer runs a container using 'docker run -d -p 8080:80 nginx'. The host firewall blocks incoming traffic on port 8080 from external networks but allows from the local host. Which command would allow the engineer to test the container's web server from the same machine?
55A Kubernetes cluster runs a microservice that needs to read configuration values from a ConfigMap and sensitive database credentials from a Secret. The pod manifest references both resources. How should the Secret be mounted to avoid exposing sensitive data in logs or environment variables?
56In a Docker Compose file, which key is used to define the dependency order between services?
57A developer commits code to a GitHub repository and wants automated tests to run, followed by building a Docker image and pushing it to Docker Hub only if tests pass. Which CI/CD tool can be configured using a YAML file placed in the .github/workflows directory?
58A developer uses Kubernetes and wants to expose a deployment named 'web-app' externally via a cloud load balancer. Which Service type should be used?
59A developer is writing a Dockerfile for a Node.js application. The application uses environment variables for configuration. Which Dockerfile instruction should be used to set a default value for the NODE_ENV variable?
60Which Docker networking mode provides the most isolation by not connecting the container to any network?
61A CI/CD pipeline uses GitLab CI. The pipeline must build a Docker image and then run security scans on the image before pushing. Which GitLab CI keyword allows defining a sequence of jobs that must run in order?
62A developer wants to ensure that a containerized application restarts automatically if it exits with a non-zero code. The application is run using Docker. Which flag should be used?
63A Kubernetes pod runs two containers that need to share a filesystem. Which volume type should be used to enable file sharing between the containers within the same pod?
64A developer is building a web application and wants to implement security best practices. Which TWO actions should be taken? (Choose two.)
65A developer is using Docker Compose to run a multi-service application. Which THREE keys are valid top-level keys in a docker-compose.yml file? (Choose three.)
66A Kubernetes administrator wants to use kubectl to troubleshoot a pod named 'my-pod' that is not starting. Which TWO commands are useful? (Choose two.)
67A developer wants to create a Docker image that runs a Python application. Which instruction should be placed at the end of the Dockerfile to specify the command that runs when the container starts?
68A Docker container running a web application needs to be accessible on the host's port 8080. The application inside the container listens on port 80. Which docker run command achieves this?
69In a Kubernetes cluster, a developer needs to ensure that a set of pods can be accessed by other pods using a stable IP address and DNS name, even if pods are recreated. Which resource should be created?
70A CI/CD pipeline is configured to build a Docker image, run unit tests, and push the image to a registry. To ensure that only successfully tested images are pushed, which stage order is correct?
71A developer needs to store a database password securely in a Kubernetes cluster. Which resource should be used?
72Which Docker network driver allows a container to share the host's network stack, giving it direct access to host interfaces?
73A developer is writing a web application and wants to prevent SQL injection attacks. Which coding practice should be followed when constructing SQL queries?
74In a Jenkins declarative pipeline, a stage named 'Deploy to Production' should only run after manual approval. Which directive should be used to achieve this?
75A developer runs 'docker-compose up -d' for a multi-service application. What does the '-d' flag do?
76A Kubernetes pod contains two containers that need to share a local filesystem. Which volume type should be used to enable this?
77A developer notices that after a new deployment, the application is not receiving traffic. The Service selector does not match the pod labels. Which kubectl command can be used to inspect the Service's selector?
78Which Docker command is used to view the logs of a running container in real-time?
79In a Dockerfile, which instruction is used to set an environment variable that will be available at runtime?
80A developer wants to perform a rolling update of a Kubernetes Deployment. Which command will update the image and initiate the rollout?
81A CI/CD pipeline uses GitHub Actions. The workflow should trigger only when a pull request is opened against the 'main' branch. Which 'on' trigger configuration is correct?
82Which TWO practices help prevent hardcoded credentials in application code? (Choose TWO.)
83Which THREE steps are essential in a typical CI/CD pipeline for a containerized application? (Choose THREE.)
84Which TWO Kubernetes resources are used to provide configuration data to pods? (Choose TWO.)
85A developer creates a Dockerfile for a Python web application. Which instruction should be used to define the working directory inside the container for subsequent commands?
86A team is deploying a microservice that must scale independently. The service uses environment variables for configuration. Which Kubernetes resource should be used to store non-sensitive configuration data separate from the container image?
87A developer wants to run a Docker container in detached mode, mapping host port 8080 to container port 80, and mounting a host directory for persistent data. Which command accomplishes this?
88In a CI/CD pipeline using Jenkins, which stage is typically executed immediately after the build stage to ensure code quality before deployment?
89A Kubernetes pod has two containers: a main application and a sidecar proxy. They need to communicate via localhost. Which pod networking model allows this?
90A developer needs to enforce HTTPS for a web application. Which security measure should be implemented in the application or reverse proxy?
91A docker-compose.yml defines a web service with environment variables. Which key in the service definition should be used to set environment variables?
92A company uses GitHub Actions for CI/CD. They want to automatically scan dependencies for known vulnerabilities on every push. Which action should be added to the workflow?
93A Kubernetes Deployment is updated with a new image tag, but the rollout fails. Which kubectl command should be used to view the rollout status and troubleshoot?
94A developer needs to prevent SQL injection in a web application. Which coding practice should be used when constructing database queries?
95Which Docker command is used to view the logs of a running container in real-time?
96A Kubernetes Service must expose a pod running a database to other pods in the same cluster, but not externally. Which Service type should be used?
97A developer is writing a Dockerfile for a Node.js application. Which TWO instructions are commonly used to define the command that runs when the container starts?
98A CI/CD pipeline includes stages for security scanning. Which TWO tools or services are specifically designed for dependency vulnerability scanning?
99A company is adopting DevSecOps practices. Which THREE practices should be implemented to secure application deployment?
The Application Deployment and Security domain covers the key concepts tested in this area of the 200-901 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 200-901 domains — no account required.
The Courseiva 200-901 question bank contains 99 questions in the Application Deployment and Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Application Deployment and Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included