Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Application Deployment and Security practice sets

200-901 Application Deployment and Security • Complete Question Bank

200-901 Application Deployment and Security — All Questions With Answers

Complete 200-901 Application Deployment and Security question bank — all 0 questions with answers and detailed explanations.

92
Questions
Free
No signup
Certifications/200-901/Practice Test/Application Deployment and Security/All Questions
Question 1easymultiple choice
Read the full Application Deployment and Security explanation →

A developer wants to ensure that a Docker container running a web application can only accept incoming traffic on port 443. Which Docker run option should be used?

Question 2mediummultiple choice
Read the full Application Deployment and Security explanation →

During a security audit, an engineer discovers that a CI/CD pipeline is storing API keys in plain text in environment variables. Which best practice should be implemented to mitigate this risk?

Question 3hardmultiple choice
Read the full Application Deployment and Security explanation →

A network engineer is troubleshooting a Kubernetes deployment where pods are failing to start with the error 'CrashLoopBackOff'. The pod log shows 'bind: address already in use'. The deployment runs multiple replicas of a container that listens on port 8080. What is the most likely cause?

Question 4easymultiple choice
Read the full Application Deployment and Security explanation →

A developer needs to ensure that microservice A can securely communicate with microservice B over HTTPS within a Kubernetes cluster. What is the simplest approach?

Question 5mediummultiple choice
Study the full Python automation breakdown →

An engineer is designing a CI/CD pipeline for a Python application. The pipeline should automatically run unit tests, build a Docker image, push it to a private registry, and deploy to a Kubernetes cluster. Which sequence of stages is correct?

Question 6hardmultiple choice
Read the full Application Deployment and Security explanation →

A security policy requires that all container images in a registry are scanned for vulnerabilities before deployment. Which approach best integrates this into a CI/CD pipeline without slowing down the pipeline?

Question 7easymultiple choice
Read the full Ansible explanation →

A DevOps engineer wants to automate the configuration of network devices using Ansible. Which file format is commonly used for Ansible playbooks?

Question 8mediummultiple choice
Read the full Application Deployment and Security explanation →

In a Cisco DNA Center environment, an application needs to retrieve the network device list using REST API. Which authentication method is required?

Question 9mediummulti select
Read the full Application Deployment and Security explanation →

Which TWO statements about Dockerfile best practices are correct? (Choose two.)

Question 10hardmulti select
Read the full Application Deployment and Security explanation →

Which THREE security measures should be implemented in a CI/CD pipeline to protect against supply chain attacks? (Choose three.)

Question 11easymulti select
Read the full Application Deployment and Security explanation →

Which TWO are valid methods to secure a REST API? (Choose two.)

Question 12mediummultiple choice
Study the full Python automation breakdown →

Refer to the exhibit. A Python script uses the Cisco IOS-XE RESTCONF API to retrieve the device configuration. The returned JSON is shown. What must be done to enable the GigabitEthernet0/1 interface using the API?

Exhibit

Refer to the exhibit.
```
{
  "hostname": "Router1",
  "interfaces": [
    {
      "name": "GigabitEthernet0/0",
      "ip": "10.1.1.1",
      "mask": "255.255.255.0",
      "enabled": true
    },
    {
      "name": "GigabitEthernet0/1",
      "ip": "192.168.1.1",
      "mask": "255.255.255.0",
      "enabled": false
    }
  ]
}
```
Question 13hardmultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. A developer is building a Docker image for a Node.js application. The Dockerfile contains: ``` FROM node:14 WORKDIR /usr/src/app COPY package*.json ./ RUN npm install COPY . . CMD ["node", "app.js"] ``` When building, the error shown occurs. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
Error: EACCES: permission denied, mkdir '/usr/src/app/node_modules/.cache'
    at Object.mkdirSync (fs.js:753:3)
    at ...
```
Question 14hardmultiple choice
Read the full Application Deployment and Security explanation →

A company runs a microservices application on a Kubernetes cluster with 10 worker nodes. The application consists of 3 services: frontend, backend, and database. The database service is stateful and uses persistent volumes. Recently, the operations team noticed that the backend service is experiencing intermittent failures with 'Connection refused' errors when trying to connect to the database. The database service is exposed via a ClusterIP service named 'database-service'. The backend service uses environment variable DB_HOST=database-service to connect. The pod logs show that the connection is attempted to an IP address that does not correspond to any database pod. Further investigation reveals that the database pod has been restarted multiple times due to OOMKilled errors. The backend service is configured with a liveness probe that checks the health endpoint every 10 seconds, and a readiness probe that checks the same endpoint every 5 seconds. The database pod has resource limits set to 512Mi memory and 500m CPU. The node running the database pod has 4Gi memory and 2 CPU cores. What is the most likely cause of the intermittent connection failures?

Question 15mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is automating the deployment of a new VLAN across multiple Cisco switches using Ansible. The engineer has written a playbook that uses the ios_vlan module to create VLAN 100 with name 'Users'. The playbook runs successfully on the first switch but fails on the second switch with the error message: 'VLAN name is already in use'. The engineer checks the second switch and confirms that VLAN 100 does not exist, but a different VLAN with the name 'Users' exists. The engineer wants to ensure that the playbook creates VLAN 100 with the exact name 'Users' only if it does not already exist, and without conflicting with existing VLANs. Which approach should the engineer take?

Question 16mediummultiple choice
Read the full Application Deployment and Security explanation →

A DevOps team is deploying a microservices application on Cisco UCS using Docker containers. They need to ensure that secrets such as database credentials are securely managed without hardcoding them in the application code or container images. Which approach should they use?

Question 17hardmulti select
Read the full Application Deployment and Security explanation →

Which TWO of the following are valid security considerations when deploying an application to a Kubernetes cluster managed by Cisco Intersight? (Choose two.)

Question 18easymultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. An engineer applied this configuration to a Cisco switch port connected to an application server. The server runs a critical business application that should not be disrupted. However, after applying the configuration, the port goes into errdisable state. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
interface GigabitEthernet1/0/1
 description CONNECTION TO APP SERVER
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
```
Question 19mediumdrag order
Read the full DHCP explanation →

Drag and drop the steps to set up a basic DHCP server on a Cisco router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediumdrag order
Read the full REST/YANG explanation →

Drag and drop the steps to configure a Cisco IOS device for NETCONF access into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 21mediummatching
Read the full Application Deployment and Security explanation →

Match each network automation tool to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configuration management and automation

API testing and development

Network test automation framework

SSH-based network device interaction

Python automation framework for networking

Question 22mediummatching
Study the full Python automation breakdown →

Match each Python library to its typical use in network automation.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

HTTP library for REST API calls

SSH protocol implementation

NETCONF client for network devices

Validate JSON data structures

Parse and emit YAML files

Question 23mediummultiple choice
Read the full Application Deployment and Security explanation →

A developer wants to deploy a containerized application on a Cisco Container Platform (CCP) cluster. The application requires persistent storage. Which Kubernetes resource should be used to provision storage?

Question 24easymultiple choice
Read the full Application Deployment and Security explanation →

Which of the following is a best practice for securing API keys in a CI/CD pipeline?

Question 25hardmultiple choice
Read the full Application Deployment and Security explanation →

An application running on Kubernetes is experiencing intermittent 503 errors. The logs show 'upstream timed out'. The application is behind a Cisco Application Policy Infrastructure Controller (APIC) load balancer. What is the most likely cause?

Question 26mediummultiple choice
Read the full Application Deployment and Security explanation →

A DevOps team is using Cisco AppDynamics to monitor a microservices application. They notice that a specific service's response time spikes under load. Which AppDynamics feature should be used to drill down into the transaction trace?

Question 27easymultiple choice
Read the full Application Deployment and Security explanation →

Which Docker command is used to build an image from a Dockerfile?

Question 28hardmultiple choice
Read the full Application Deployment and Security explanation →

A Kubernetes cluster is configured with a NetworkPolicy that allows ingress traffic only from pods with label 'app: frontend'. A new backend service needs to communicate with the database pod. What must be done to allow this?

Question 29mediummultiple choice
Read the full Application Deployment and Security explanation →

In a CI/CD pipeline using Jenkins, which plugin is commonly used to integrate with Cisco Container Platform for deploying containers?

Question 30easymultiple choice
Read the full Application Deployment and Security explanation →

Which Cisco product provides end-to-end application visibility and performance monitoring across hybrid cloud environments?

Question 31hardmultiple choice
Read the full Application Deployment and Security explanation →

A developer is using a Dockerfile to build an image. The image must be based on a minimal Linux distribution to reduce attack surface. Which base image should be used?

Question 32easymulti select
Read the full Application Deployment and Security explanation →

Which TWO are valid methods to secure a Docker container?

Question 33mediummulti select
Read the full Application Deployment and Security explanation →

Which THREE are valid ways to expose ConfigMap data to a pod in Kubernetes?

Question 34hardmulti select
Read the full Application Deployment and Security explanation →

Which THREE are best practices for securing a CI/CD pipeline?

Question 35easymultiple choice
Read the full Application Deployment and Security explanation →

A developer is deploying a microservice to a Kubernetes cluster. The application needs to read a database password securely without hardcoding it in the image. Which Kubernetes resource should be used?

Question 36easymultiple choice
Read the full Application Deployment and Security explanation →

A team is implementing a CI/CD pipeline using Jenkins. The pipeline must build a Docker image and push it to a private registry. Which Jenkins plugin is specifically designed to handle Docker builds and pushes?

Question 37easymultiple choice
Read the full Application Deployment and Security explanation →

An application exposes a REST API. To ensure that only authorized clients can access the API, the developer implements token-based authentication. Which HTTP header is typically used to transmit the bearer token?

Question 38mediummultiple choice
Review the full routing breakdown →

A company uses a blue/green deployment strategy for their web application. The current live version is blue, and a new version green is ready. The load balancer currently routes all traffic to blue. What is the correct next step to switch traffic to green with minimal downtime?

Question 39mediummultiple choice
Read the full Application Deployment and Security explanation →

A developer needs to run a temporary container that executes a command and then exits. Which Docker command should be used?

Question 40mediummultiple choice
Read the full Application Deployment and Security explanation →

A developer is designing an API that needs to support rate limiting per API key. The application is deployed on multiple instances. Which approach ensures consistent rate limiting across all instances?

Question 41hardmultiple choice
Read the full Application Deployment and Security explanation →

An organization uses a private Docker registry with TLS. A developer attempts to pull an image and receives the error: "x509: certificate signed by unknown authority". What is the most likely cause and solution?

Question 42hardmultiple choice
Read the full Application Deployment and Security explanation →

A developer is writing a Kubernetes Deployment YAML and wants to set a CPU limit of 500 millicores. Which of the following is the correct YAML snippet?

Question 43hardmultiple choice
Read the full Application Deployment and Security explanation →

An application uses OAuth 2.0 for authorization. The developer receives an access token but needs to know the user's identity. Which OAuth flow should be used to also obtain an ID token that contains user claims?

Question 44mediummulti select
Read the full Application Deployment and Security explanation →

A developer is deploying a containerized application using Docker Compose. Which TWO statements about Docker Compose are correct?

Question 45hardmulti select
Read the full Application Deployment and Security explanation →

A company is implementing a secure CI/CD pipeline. Which THREE practices are essential for securing the pipeline?

Question 46easymulti select
Study the full Python automation breakdown →

A developer is building a RESTful API with Python Flask. Which TWO are recommended security best practices for exposing the API over HTTPS?

Question 47mediummultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. During a rolling update, a developer notices that the new pods are not passing the readiness probe and the update stalls. What is the most likely reason?

Exhibit

apiVersion: apps/v1
kind: Deployment
metadata:
  name: webapp
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  selector:
    matchLabels:
      app: webapp
  template:
    metadata:
      labels:
        app: webapp
    spec:
      containers:
      - name: web
        image: nginx:1.21
        ports:
        - containerPort: 80
        readinessProbe:
          httpGet:
            path: /health
            port: 80
          initialDelaySeconds: 5
          periodSeconds: 10
Question 48hardmultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. A security audit reveals that the authentication mechanism is vulnerable. Which attack is most likely possible?

Exhibit

from flask import Flask, request, jsonify
import jwt

app = Flask(__name__)
app.config['SECRET_KEY'] = 'my-secret'

@app.route('/login', methods=['POST'])
def login():
    username = request.json.get('username')
    password = request.json.get('password')
    # Verify username/password (omitted)
    token = jwt.encode({'user': username}, app.config['SECRET_KEY'], algorithm='HS256')
    return jsonify({'token': token})

@app.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization')
    if not token:
        return jsonify({'msg': 'Missing token'}), 401
    try:
        # token format: "Bearer <token>"
        token = token.split()[1]
        data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])
        return jsonify({'msg': 'Access granted', 'user': data['user']})
    except:
        return jsonify({'msg': 'Invalid token'}), 401
Question 49easymultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. The Docker image built from this Dockerfile is larger than expected. Which optimization should be recommended?

Exhibit

FROM python:3.9-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
EXPOSE 5000
CMD ["python", "app.py"]
Question 50easymultiple choice
Read the full Ansible explanation →

A network engineer runs an Ansible playbook to backup a Cisco router configuration. The playbook fails with the error: 'ssh: connect to host 192.168.1.1 port 22: Connection timed out'. What is the most likely cause?

Question 51easymultiple choice
Study the full Python automation breakdown →

A Python script uses the Cisco Meraki API to list networks in an organization. The API returns HTTP 403 Forbidden. What is the most likely cause?

Question 52mediummultiple choice
Read the full Application Deployment and Security explanation →

A DevOps team uses GitLab CI to deploy a containerized application to a Kubernetes cluster. The deployment pipeline fails at the 'deploy' stage with an error: 'unable to connect to server'. What is the most likely cause?

Question 53mediummultiple choice
Read the full Application Deployment and Security explanation →

An engineer retrieves the list of devices in a Meraki network via the Dashboard API. The API returns HTTP 200 OK with an empty array. What is the most likely reason?

Question 54hardmultiple choice
Study the full Python automation breakdown →

A Python script using the Cisco ACI Toolkit (aciToolkit) fails with 'LoginError: unable to login to APIC'. The APIC is reachable via HTTPS. What is the most likely cause?

Question 55easymultiple choice
Read the full Application Deployment and Security explanation →

A developer needs to securely store API keys for use in a CI/CD pipeline. Which best practice should be followed?

Question 56mediummultiple choice
Read the full Application Deployment and Security explanation →

An engineer uses the Cisco Webex Teams API to send a message to a room. The API returns HTTP 403 Forbidden. What is the most likely cause?

Question 57hardmultiple choice
Read the full Application Deployment and Security explanation →

A microservices application deployed on Kubernetes uses Istio service mesh. After a recent update, some services cannot communicate with each other. Which diagnostic step is most likely to identify the issue?

Question 58mediummultiple choice
Read the full Ansible explanation →

A team uses Ansible Tower for network automation. They need to restrict a user to only view job results without making any changes. Which Tower role should be assigned?

Question 59easymulti select
Study the full Python automation breakdown →

A developer is writing a Python script to back up Cisco router configurations via SSH. Which two libraries are appropriate for this task? (Choose two.)

Question 60mediummulti select
Read the full Application Deployment and Security explanation →

An application is secured using OAuth 2.0 for Cisco Webex API access. Which three components are involved in the authorization code grant flow? (Choose three.)

Question 61hardmulti select
Read the full Application Deployment and Security explanation →

A network automation script using NX-API on a Nexus switch fails intermittently with HTTP 500 errors. Which two troubleshooting steps are most effective in diagnosing the issue? (Choose two.)

Question 62mediummultiple choice
Read the full REST/YANG explanation →

Refer to the exhibit. A developer from subnet 10.10.10.0/24 cannot reach the RESTCONF API on the IOS-XE device. What is the most likely cause?

Exhibit

configure terminal
 ip http server
 ip http secure-server
 ip http authentication local
 ip http access-class 23
!
access-list 23 permit 192.168.1.0 0.0.0.255
Question 63hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A Meraki network has a group policy 'Block Social Media' that references a content filtering rule. The policy is applied to VLAN 1. Users in that VLAN cannot access instagram.com but can access facebook.com. What is the most likely reason?

Exhibit

{
  "network": {"id": "N_12345", "name": "Office"},
  "vlan": {"id": "1", "subnet": "192.168.1.0/24"},
  "groupPolicy": {"name": "Block Social Media", "contentFiltering": {"blockedUrlPatterns": {"id": "456"}}}
}
Question 64easymultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. A developer builds this Docker image and runs it. The container starts but cannot be accessed on port 5000 from the host. What is the most likely cause?

Network Topology
RUN pip installno-cache-dir -r requirements.txtFROM python:3.8-slimWORKDIR /appCOPY requirements.txt .COPY . .EXPOSE 5000CMD ["python", "app.py"]
Question 65easymultiple choice
Read the full Application Deployment and Security explanation →

A developer is deploying a containerized application to a Kubernetes cluster. To ensure that the application can securely access a third-party API, what is the best practice for storing the API key?

Question 66mediummultiple choice
Read the full Application Deployment and Security explanation →

During a CI/CD pipeline, a security scan reveals that a Docker image contains a vulnerability in a base layer. Which action BEST addresses the issue?

Question 67hardmultiple choice
Read the full Application Deployment and Security explanation →

A microservice application uses JWT for authentication. The JWT is signed with RS256. Which practice ensures that the public key used for verification is securely distributed to all services?

Question 68easymultiple choice
Read the full Application Deployment and Security explanation →

A company wants to implement a zero-trust model for API access between microservices. What is the most effective way to authenticate service-to-service communication?

Question 69mediummultiple choice
Read the full Application Deployment and Security explanation →

In a Kubernetes deployment, the container image pull policy is set to "Always". This causes performance issues during rollouts because the image registry is slow. What is the best practice to reduce pull time while maintaining security?

Question 70mediummultiple choice
Read the full NAT/PAT explanation →

A security team wants to ensure that only signed Docker images are deployed in production. Which CI/CD pipeline step validates the image signature before deployment?

Question 71hardmultiple choice
Read the full Application Deployment and Security explanation →

An application running in a Kubernetes pod needs to access an external database securely. The database credentials are rotated every 24 hours. Which approach ensures that the pod always uses the current credentials without manual intervention?

Question 72easymultiple choice
Read the full Application Deployment and Security explanation →

A developer is creating a Helm chart for a stateless web application. Where should the application's configuration settings (like log level and feature flags) be stored?

Question 73mediummultiple choice
Read the full Application Deployment and Security explanation →

During a security audit, it is found that a microservice exposes its internal IP address in error responses. This could help attackers map the network. What is the BEST remediation?

Question 74mediummulti select
Read the full Application Deployment and Security explanation →

A company is implementing an API gateway for its microservices. Which TWO security features should be enabled at the gateway to protect backend services?

Question 75hardmulti select
Read the full Application Deployment and Security explanation →

A DevOps team is securing a CI/CD pipeline that deploys containerized applications to Kubernetes. Which THREE practices enhance security?

Question 76easymulti select
Read the full Application Deployment and Security explanation →

Which THREE are valid methods for managing Kubernetes application configuration?

Question 77mediummultiple choice
Read the full Application Deployment and Security explanation →

Refer to the exhibit. A security audit requires that the container cannot run as root. Which part of the pod spec ensures this?

Exhibit

apiVersion: v1
kind: Pod
metadata:
  name: webapp
spec:
  containers:
  - name: webapp
    image: myapp:latest
    securityContext:
      runAsUser: 1000
      runAsGroup: 3000
      allowPrivilegeEscalation: false
    volumeMounts:
    - name: config
      mountPath: /etc/config
  volumes:
  - name: config
    configMap:
      name: app-config
Question 78hardmultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. What is the most effective action to eliminate both vulnerabilities in the container image?

Network Topology
+Trivy vulnerability scan report:Base image: alpine:3.14
Question 79hardmultiple choice
Read the full Application Deployment and Security explanation →

A company has a microservices application deployed on Kubernetes. There are three services: frontend, backend, and database. The frontend is exposed via an Ingress. The API gateway is used for authentication. Recently, after updating the backend service, users are experiencing 401 Unauthorized errors when accessing endpoints that previously worked. The authentication mechanism uses JWT tokens issued by an external identity provider. The JWT tokens are validated by the API gateway. The backend service itself does not validate tokens; it relies on the gateway to forward user identity via headers. The development team checked the logs and found that the backend is receiving requests with the correct JWT from the gateway but still returning 401. What is the most likely cause?

Question 80mediummultiple choice
Read the full Application Deployment and Security explanation →

A developer is building a REST API for a Cisco DNA Center application. The API must allow external partners to retrieve network device inventory. Which security mechanism should be implemented to ensure that only authorized partners can access the API while maintaining the ability to revoke access for a specific partner without affecting others?

Question 81hardmultiple choice
Read the full Application Deployment and Security explanation →

During a security audit of a microservices application deployed on Cisco Container Platform, the auditor discovers that some containers are running with privileged access. The development team argues that certain containers need to modify kernel parameters. Which security best practice should be recommended to minimize risk while allowing necessary kernel adjustments?

Question 82mediummulti select
Read the full Application Deployment and Security explanation →

Which TWO of the following are recommended practices for securing a CI/CD pipeline in a DevOps environment? (Choose two.)

Question 83easymulti select
Read the full Application Deployment and Security explanation →

Which THREE of the following are common security vulnerabilities listed in the OWASP Top 10? (Choose three.)

Question 84easymultiple choice
Read the full Application Deployment and Security explanation →

A company uses Cisco Meraki APs and an internal web application hosted on AWS. The application store customer payment data. The security team discovers that sensitive application logs are being transmitted in plaintext over the network to the SIEM. The DevOps team wants to improve security without changing the application code because it is proprietary and cannot be modified. Which solution should be recommended?

Question 85easymultiple choice
Read the full Application Deployment and Security explanation →

A team is deploying a new microservice on Cisco Container Platform. The microservice needs to access a database hosted on a separate VM. The security policy requires that only the microservice can communicate with the database, and all traffic must be encrypted. The team is using Kubernetes network policies and mutual TLS. During testing, the microservice cannot reach the database. The database team reports that the database is reachable from other services. What is the most likely cause?

Question 86easymultiple choice
Read the full Ansible explanation →

An organization uses Ansible for configuration management and wants to secure the automation secrets (e.g., SSH keys, API tokens). The secrets are currently stored in plaintext in inventory files. The security team requires that secrets be encrypted at rest and decrypted only at runtime by authorized users. Which solution should be implemented?

Question 87mediummultiple choice
Study the full Python automation breakdown →

A developer is deploying a Python web application on Cisco UCS servers using a CI/CD pipeline that runs on Jenkins. The application uses a PostgreSQL database. The security team mandates that all database credentials must be rotated every 30 days. Currently, credentials are stored as plaintext in a configuration file in the application repository. Which approach should the developer take to meet the rotation requirement without storing secrets in the repository?

Question 88mediummultiple choice
Read the full Application Deployment and Security explanation →

A company has a web application running on Cisco DNA Center. The application uses OAuth 2.0 for authentication with an external identity provider (IdP). Recently, users have reported that they are being logged out unexpectedly after a few minutes of inactivity, even though the IdP token has a 1-hour expiration. The application developer wants to maintain usability while keeping security controls. What is the most likely cause and solution?

Question 89hardmultiple choice
Read the full Application Deployment and Security explanation →

A financial services company deploys a multi-tier application on Cisco UCS with separate VMs for web, app, and database tiers. The security team runs a vulnerability scan and finds that the web server is vulnerable to SQL injection. The development team cannot fix the code immediately because of a pending third-party library update. The company needs to deploy a security control to mitigate the vulnerability as soon as possible without changing the application. Which of the following is the best immediate mitigation?

Question 90easymulti select
Read the full Application Deployment and Security explanation →

Which TWO of the following are best practices for securely managing API tokens in a CI/CD pipeline?

Question 91mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. An application is deployed on a server at 192.168.1.10, listening on TCP port 8080. The ACL is applied inbound on the server's network interface. Which clients will be able to access the application?

Exhibit

ip access-list extended APP-SECURITY
 deny tcp any any eq 8080
 permit tcp 192.168.1.0 0.0.0.255 any eq 8080
 permit udp any any eq 53
Question 92hardmultiple choice
Read the full Application Deployment and Security explanation →

A network administrator is deploying a custom container application on a Cisco Catalyst 9300 switch running IOS XE 16.12. The application is packaged as a .tar file and installed using 'app-hosting install app myapp flash:myapp.tar'. The administrator configures the app-hosting context as follows:

app-hosting app myapp app-default-gateway 192.168.1.1 app-vnic gateway0 guest-interface 0 guest-ipaddress 192.168.1.10 netmask 255.255.255.0 app-resource profile custom cpu 1000 memory 2048 storage 5000

The administrator also creates a virtual port group 'vg0' and assigns it to the management interface. The application fails to start with the error: 'Application failed to start: guest interface not ready'. The administrator verifies that the .tar file is valid, the resources are sufficient, and the gateway is reachable. What is the most likely cause of the failure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

200-901 Practice Test 1 — 10 Questions→200-901 Practice Test 2 — 10 Questions→200-901 Practice Test 3 — 10 Questions→200-901 Practice Test 4 — 10 Questions→200-901 Practice Test 5 — 10 Questions→200-901 Practice Exam 1 — 20 Questions→200-901 Practice Exam 2 — 20 Questions→200-901 Practice Exam 3 — 20 Questions→200-901 Practice Exam 4 — 20 Questions→Free 200-901 Practice Test 1 — 30 Questions→Free 200-901 Practice Test 2 — 30 Questions→Free 200-901 Practice Test 3 — 30 Questions→200-901 Practice Questions 1 — 50 Questions→200-901 Practice Questions 2 — 50 Questions→200-901 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Software Development and DesignUnderstanding and Using APIsCisco Platforms and DevelopmentApplication Deployment and SecurityInfrastructure and AutomationNetwork Fundamentals

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Application Deployment and Security setsAll Application Deployment and Security questions200-901 Practice Hub