20+ practice questions focused on Application Deployment and Security — one of the most tested topics on the Cisco DevNet Associate 200-901 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Application Deployment and Security PracticeA developer wants to ensure that a Docker container running a web application can only accept incoming traffic on port 443. Which Docker run option should be used?
Explanation: Option C is correct because the `-p 443:443` flag publishes container port 443 to the host port 443, mapping incoming traffic on the host's port 443 to the container's port 443. This ensures the web application inside the container only accepts incoming traffic on port 443, as the host firewall and Docker's port mapping restrict access to that specific port.
During a security audit, an engineer discovers that a CI/CD pipeline is storing API keys in plain text in environment variables. Which best practice should be implemented to mitigate this risk?
Explanation: Option C is correct because dedicated secrets management services like HashiCorp Vault or AWS Secrets Manager provide secure storage, access control, and audit logging for sensitive data. They allow the CI/CD pipeline to retrieve API keys at runtime via authenticated API calls, ensuring secrets are never stored in plain text in environment variables or configuration files. This approach aligns with the principle of least privilege and eliminates the risk of exposure through source code or build logs.
A network engineer is troubleshooting a Kubernetes deployment where pods are failing to start with the error 'CrashLoopBackOff'. The pod log shows 'bind: address already in use'. The deployment runs multiple replicas of a container that listens on port 8080. What is the most likely cause?
Explanation: The 'bind: address already in use' error indicates that the container's process cannot bind to port 8080 because it is already occupied. When `hostPort: 8080` is specified in the pod spec, Kubernetes instructs the container runtime to map the container port to the same port on the node's network namespace. If multiple replicas of the deployment are scheduled on the same node, each pod attempts to bind to port 8080 on the host, causing a conflict and the CrashLoopBackOff state. This is a common misconfiguration when using hostPort without ensuring that replicas are spread across different nodes.
A developer needs to ensure that microservice A can securely communicate with microservice B over HTTPS within a Kubernetes cluster. What is the simplest approach?
Explanation: Option D is correct because using a ClusterIP Service for microservice B provides a stable DNS name within the cluster, allowing microservice A to communicate over HTTPS without exposing the service externally. This approach leverages Kubernetes' internal service discovery and can be paired with a service mesh or mutual TLS (mTLS) for secure communication, meeting the requirement for simplicity and security.
An engineer is designing a CI/CD pipeline for a Python application. The pipeline should automatically run unit tests, build a Docker image, push it to a private registry, and deploy to a Kubernetes cluster. Which sequence of stages is correct?
Explanation: Option D is correct because a CI/CD pipeline for a Python application must first run unit tests to validate code quality, then build the Docker image from the tested code, push the image to a private registry, and finally deploy to Kubernetes. This sequence ensures that only tested and built artifacts are deployed, preventing deployment of broken or untested code.
+15 more Application Deployment and Security questions available
Practice all Application Deployment and Security questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Application Deployment and Security. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Application Deployment and Security questions on the 200-901 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Application Deployment and Security is tested as part of the Cisco DevNet Associate 200-901 blueprint. Practicing with targeted Application Deployment and Security questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 200-901 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Application Deployment and Security is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Application Deployment and Security practice session with instant scoring and detailed explanations.
Start Application Deployment and Security Practice →