Practice EX294 Implement advanced Ansible automation questions with full explanations on every answer.
Start practicing
Implement advanced Ansible automation — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
An Ansible playbook fails intermittently when deploying web servers. The error message indicates that a required package is not available in the repository. Which approach would best ensure that the required packages are consistently available before the playbook runs?
2An administrator wants to reuse a set of tasks that configure a firewall across multiple playbooks. Which Ansible feature should be used to achieve this?
3A playbook uses the 'include_tasks' module to dynamically include tasks based on a variable. The playbook runs successfully on some hosts but fails on others with a 'template error' message. What is the most likely cause?
4An Ansible playbook is designed to run on a group of database servers. The administrator wants to ensure that a task runs only on the primary database server, which is defined in the inventory with a variable 'primary: true'. Which conditional should be used?
5A playbook uses the 'block' and 'rescue' keywords to handle errors. The block contains three tasks. The first task fails. What happens next?
6An administrator needs to securely pass a database password to a playbook without exposing it in logs or the command line. Which approach is the most secure?
7A system administrator wants to run a playbook on all hosts in the 'webservers' group, but only if the host is currently online. Which approach should be used?
8An Ansible playbook includes a role that defines default variables in 'defaults/main.yml' and role variables in 'vars/main.yml'. A playbook sets the same variable in the play's 'vars' section. Which variable value takes precedence?
9Which TWO statements about Ansible collections are correct?
10Which THREE of the following are valid uses of the 'ansible.builtin.include_role' module?
11Which TWO of the following are advantages of using 'ansible-pull' over 'ansible-playbook'?
12You are managing a large infrastructure of 500 Linux servers. The servers are divided into groups: 'web', 'app', and 'db'. Each group has specific configuration requirements. You have developed a set of Ansible roles to manage these configurations. Recently, you noticed that when you run the playbook against all servers, the 'web' role is applied to 'app' servers due to a variable misconfiguration. The playbook uses include_role with a variable that determines which role to apply. The variable is defined in group_vars/all.yml as 'server_role: web'. However, each group should have its own role: 'web' for web servers, 'app' for app servers, 'db' for db servers. The playbook includes the role based on '{{ server_role }}'. What is the best course of action to fix this issue without modifying the playbook structure?
13You have an Ansible playbook that uses the 'lineinfile' module to manage the /etc/ssh/sshd_config file. The playbook runs without errors, but after execution, the SSH service becomes unreachable on some hosts. Investigation reveals that the file contains duplicate lines for 'Port 22' and 'PermitRootLogin no'. The playbook uses the following task: - name: Ensure SSH settings ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" loop: - { key: 'Port', value: '22' } - { key: 'PermitRootLogin', value: 'no' } The playbook is run multiple times. What is the most likely cause of the duplicate lines?
14An Ansible automation team is designing a playbook to manage network devices. They need to ensure that the playbook can handle transient network failures by retrying failed tasks a specific number of times with a delay between retries. Which approach should they use?
15An Ansible playbook that deploys a web application includes a task that uses the `uri` module to call an external API. The task occasionally fails due to API rate limiting. Which combination of keywords should be added to the task to automatically retry up to 5 times with a 30-second delay between attempts, and only fail if all retries are exhausted?
16A systems administrator needs to run a playbook that applies configuration changes to a set of servers. They want to ensure that if any task fails on a host, the playbook continues with the next host without aborting the entire play. Which play-level keyword should they use?
17An Ansible automation engineer is developing a role that manages a microservice. The role needs to include conditional tasks based on whether a variable `microservice_version` is defined. If defined, it should use that version; otherwise, it should default to `latest`. Which of the following is the most efficient and idiomatic way to implement this default value within the role?
18Which TWO statements about Ansible roles are correct? (Select exactly 2)
19Your team is responsible for managing a fleet of 200 RHEL 8 servers using Ansible Tower. You have been asked to implement a secure automation workflow that meets the following requirements: 1. All playbooks must be stored in a private Git repository hosted on an internal GitLab server. 2. Credentials to access the Git repository must be stored securely in Ansible Tower. 3. The automation must run on a schedule every night at 2:00 AM. 4. If a playbook run fails, the team must be notified via email. 5. The playbooks require SSH private keys to connect to the managed hosts; these keys must be stored securely. 6. A development team needs to be able to launch the same job template manually, but they must not be able to modify the job template or view the credentials. You have created a Machine Credential for SSH and a Source Control Credential for Git. You have also created a Job Template that references the project, inventory, and credentials. What is the correct sequence of steps to satisfy all requirements?
20An engineer runs the playbook as shown. What is the expected result?
21An Ansible Automation Platform administrator is reviewing a job template that runs a playbook against a large inventory. To improve performance without sacrificing accuracy, which TWO strategies should be implemented? (Choose two.)
22A large enterprise manages its infrastructure with Ansible Automation Platform. The operations team reports that job runs are taking longer than expected, especially for playbooks that include role dependencies. After investigation, they notice that the control node has high CPU and memory usage during job execution. The inventory contains 500 hosts, and the playbooks use several roles that include dynamic includes (include_tasks) based on conditional variables. The team wants to reduce the load on the control node without changing the playbook logic or reducing functionality. Which action should the team take?
23Drag and drop the steps to configure a network bond (bond0) using nmcli in the correct order.
24Match each Ansible fact variable to its description.
25A team wants to ensure that a sensitive variable, such as a database password, is not printed when ansible-playbook runs with -v (verbose). What is the best method to achieve this?
26An Ansible playbook runs tasks on a group of web servers. During a rolling update, the playbook should ensure that no more than 2 servers are taken out of service at the same time. Which play keyword should be used?
27A playbook uses the 'include_tasks' module to load platform-specific tasks. The playbook fails intermittently with 'Could not find or access file' error on some runs but works on others. Which of the following is the most likely cause?
28An administrator wants to reuse a set of tasks across multiple playbooks. Which Ansible approach is most appropriate?
29A playbook uses 'vars_prompt' to ask for a confirmation before proceeding with destructive changes. However, when the playbook is run from a CI/CD pipeline, it hangs indefinitely. What is the best way to handle this?
30A playbook uses the 'block' feature to group tasks and includes a 'rescue' section. If a task inside the block fails, what happens?
31An Ansible role has multiple dependencies defined in meta/main.yml. One of the dependent roles should be executed before the role's own tasks, but only if a certain condition is met. How can this be implemented?
32A playbook uses 'delegate_to: localhost' for a task that modifies a local file. The playbook runs against multiple servers. The administrator notices that the local file is overwritten by each parallel execution, causing corruption. Which strategy should be used to prevent this?
33An Ansible playbook uses 'async' and 'poll' to run a long-running task. The task returns a changed status and the playbook continues. However, the remote server reports that the task failed after the playbook finished. What is the most likely reason?
34An administrator wants to ensure that Ansible facts gathered from a host are consistent across multiple playbook runs. Which two actions can help achieve this? (Choose two.)
35Which three of the following are valid methods to pass variables to an Ansible playbook at runtime? (Choose three.)
36An Ansible playbook repeatedly uses the same pattern: check if a service is running, if not start it, and then verify it's running. Which three Ansible features can be used to reduce code duplication? (Choose three.)
37Refer to the exhibit. What is the purpose of the 'failed_when' condition?
38Refer to the exhibit. Which of the following is the most likely cause of this error?
39Refer to the exhibit. A playbook targeting the 'webservers' group uses '{{ http_port }}'. What will be the value of 'http_port' on 'web2'?
40A developer reports that a role's behavior is not as expected. They set a variable in the playbook's vars section, but the role still uses the value from its vars/main.yml. Which of the following explains this issue?
41An Ansible playbook uses async and poll to run a long-running task. The task reports 'async task did not complete within the requested time'. Which of the following is the most likely cause?
42An Ansible playbook uses a rolling update strategy with serial: 1. After the first host is updated, the playbook stops and shows 'PLAY RECAP' with only one host. What is the most likely reason?
43An Ansible playbook contains many tasks. An administrator wants to run only a subset of tasks by passing '--tags ' at the command line. Which of the following must be added to the tasks?
44A role contains a handler. The playbook includes the role and also defines a task that notifies the same handler. When the playbook runs, the handler executes only once. Which of the following best explains this behavior?
45An Ansible playbook uses the 'constructed' inventory plugin with 'keyed_groups' to create groups based on 'ansible_distribution'. Despite correct configuration, hosts are not assigned to the expected groups. What is the most likely cause?
46An Ansible playbook uses a 'block' to group multiple tasks and includes a 'rescue' section. If a task inside the block fails, what will happen?
47An Ansible playbook sets a variable with a dictionary value in the play's vars and also in group_vars/all. When the play runs, the dictionary in group_vars completely replaces the one in play vars. What is the most likely reason?
48An Ansible playbook uses delegation to run a task on localhost while targeting remote hosts. The task fails with 'connection refused' for the remote host. What is the most likely cause?
49Which TWO of the following are valid methods to include external variable files into an Ansible playbook?
50Which THREE of the following are valid attributes of the ansible.builtin.service module?
51Which TWO of the following are correct about Ansible Vault?
52Refer to the exhibit. The playbook fails with this error. What is the most likely cause?
53Refer to the exhibit. An administrator wants to view the decrypted value of 'db_password' without modifying the file. Which command should be used?
54Refer to the exhibit. An Ansible playbook targeting 'production' hosts fails with 'deploy_user is undefined'. What is the most likely cause?
55An Ansible playbook uses the lineinfile module to ensure a specific line is present in a configuration file. However, after running the playbook multiple times, the line is duplicated each time. Which option best explains this behavior?
56An automation engineer wants to run a playbook only on hosts that belong to both the 'webservers' group and the 'production' group. Which inventory grouping method achieves this?
57A playbook uses the copy module to deploy a configuration file. The file should be templated with variables, but the engineer mistakenly uses the 'src' parameter with a static file instead of 'content' or a template module. What is the most likely outcome?
58An organization uses separate network hops that require different SSH usernames for different inventory groups. Which Ansible configuration approach ensures each group uses the correct SSH user without duplicating playbooks?
59An Ansible role has tasks that need to run in a specific order, and some tasks must use a different shell interpreter. Which feature allows the role to control task execution order and environment settings?
60A playbook uses a loop over a list of packages to ensure they are installed. However, the playbook runs slowly because each package is processed individually. Which optimization technique should be used to improve performance?
61A system administrator uses the ansible-vault encrypt_string command to encrypt a sensitive variable. The variable is included in a playbook via a vars_prompt. When the playbook runs, the vault password is provided, but the playbook fails with 'Vault password is required for decryption' for the prompted variable. What is the most likely cause?
62An Ansible Tower/AWX job template uses a custom inventory script that dynamically queries an API. The script returns JSON including groups and hosts. Recently, the API started returning HTTP 500 errors intermittently, causing inventory sync failures. Which Ansible approach can make the inventory source more resilient?
63A playbook uses the 'win_chocolatey' module to install software on Windows hosts. The playbook is idempotent for most packages, but one package consistently fails with 'The package is already installed' error despite being reinstalled each run. Which approach ensures true idempotency?
64Which TWO statements about Ansible roles are correct?
65Which TWO conditions are necessary for the 'local_action' directive to work as intended?
66Which THREE factors are essential for achieving idempotent behavior in Ansible plays?
67Given the inventory above, which user will Ansible use when connecting to 'web2'?
68The playbook above fails with 'template source file not found' for the copy task. Which change should be made to fix it?
69Given the command and error above, what is the most likely cause of the failure?
70An administrator needs to securely store a database password used across multiple roles in a shared repository. Which approach is recommended?
71A playbook uses import_playbook to include other playbooks. The main playbook is run with --check mode. Which statement is true?
72A company uses dynamic inventory from a cloud provider. The playbook needs to run tasks only on instances with a specific tag. The ansible_ec2_tags variable is not available. What is the most efficient method to filter hosts?
73An organization has a set of common tasks used in many playbooks. The tasks are updated frequently. What is the most maintainable way to share them?
74A playbook uses serial: 2 and sets any_errors_fatal: true. The first batch of 2 hosts both fail. What happens?
75A playbook uses an Ansible collection that includes a custom module. The module's documentation is missing. What is the best way to locate the module's source code?
76An administrator wants to run a playbook with a different user for a specific host. Which variable should be set?
77A playbook uses the 'block' and 'rescue' keywords. If a task in the block fails, but the rescue tasks also fail, what happens?
78Which two statements about Ansible roles are correct? (Select exactly 2.)
79Which three methods can be used to pass variables to an Ansible playbook? (Select exactly 3.)
80Which two statements about ansible-vault are true? (Select exactly 2.)
81Refer to the exhibit. An Ansible playbook contains the following block structure. If the task inside the block fails, which of the following describes the execution order of the rescue and always sections?
82A company has a large infrastructure with over 1000 servers. They run a playbook that configures NTP on all servers. The playbook takes over 30 minutes due to sequential execution. The team wants to reduce execution time. Which approach should they take?
83A new technician runs a playbook that uses the yum module to install packages. The playbook fails with 'No package matching' for a custom package. The package is available on a third-party repository. Which step should the technician take?
84An administrator needs to apply a set of firewall rules to multiple servers. They have created a playbook that uses the firewalld module. When running the playbook, they receive 'ERROR! module not found: firewalld'. The control node has the module available locally. What is the most likely cause?
85A playbook must execute cleanup tasks after a block of tasks, both on success and failure. Which two of the following should be used within the block to achieve this?
86An organization uses Ansible to manage an AWS EC2 environment. The Ansible control node runs on a Linux server, and the team uses a dynamic inventory script (ec2.py) to automatically populate hosts. Recently, they need to run a playbook only against EC2 instances that have a specific tag, 'Environment', set to 'production'. The team has placed the ec2.ini configuration file in the same directory as the inventory script. However, when they run the playbook with '-i ec2.py', the playbook runs against all instances instead of only production ones. The team verifies that the tag exists on the correct instances and that the environment variable AWS_PROFILE is set correctly. Which action should resolve the issue?
87A DevOps team is developing a collection of Ansible roles to standardize web server deployments. One role, 'webserver-base', configures the firewall and installs common packages. Another role, 'webserver-app', depends on 'webserver-base' and adds application-specific configurations. The team wants to ensure that when 'webserver-app' is applied to a host, 'webserver-base' is automatically applied first. They currently have a 'meta/main.yml' file in 'webserver-app' that lists 'webserver-base' as a dependency. However, when they run a playbook that includes 'webserver-app' in a role list, they notice that 'webserver-base' runs after 'webserver-app' sometimes, causing configuration conflicts. They verify that the dependency is correctly defined and that no other roles are involved. What change should they make to ensure 'webserver-base' always runs before 'webserver-app'?
88An organization uses Ansible Tower to manage automation across different teams. One team has a job template that uses a custom Python virtual environment located at '/opt/custom_venv' to run a playbook that uses the 'docker_container' module from the 'community.docker' collection. The playbook runs successfully from the command line when using the '--ask-become-pass' option and the virtual environment activated. However, when the team runs the same playbook via the Ansible Tower job template, it fails with an error indicating that the 'docker_container' module is not found. The job template is configured to use the custom virtual environment under the 'CUSTOM VIRTUAL ENVIRONMENT' setting. The team confirms that the virtual environment has the collection installed (verified by running 'ansible-galaxy collection list' inside the venv). What is the most likely cause of the failure?
89A company uses Ansible Vault to encrypt sensitive data in playbooks. They have multiple environments (dev, test, prod) and use a separate vault password file for each environment. The passwords are stored in files named 'vault-pass-dev', 'vault-pass-test', and 'vault-pass-prod'. To run a playbook against the test environment, they use the command 'ansible-playbook site.yml -i test -e @test-vars.yml --vault-id test@vault-pass-test'. This runs successfully from the command line. However, when they define the same vault-id in an Ansible Tower credential and attempt to run the job, the job fails with 'ERROR! Decryption failed (no vault secrets would be found that could decrypt the vault encrypted file)' for a vault-encrypted variable file that was encrypted with a different vault ID (e.g., 'dev'). The team expects that Tower would use the provided vault credential to decrypt all vault-encrypted files. Which change should be made to ensure correct decryption in Tower?
90Refer to the exhibit. When running the playbook with the limit set to 'webservers', why does the playbook fail on web2?
91Refer to the exhibit. After the playbook run fails on the 'Verify config' task, what happens to the 'restart service' handler?
92Refer to the exhibit. The playbook copies all .conf files from the control node to host1. If the playbook runs again on the same host without any changes, which task status is expected?
93Refer to the exhibit. The playbook fails because the httpd package is not found. Which is the most likely cause?
94Refer to the exhibit. The playbook fails with an error about the package list. What is the issue?
The Implement advanced Ansible automation domain covers the key concepts tested in this area of the EX294 exam blueprint published by Red Hat. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all EX294 domains — no account required.
The Courseiva EX294 question bank contains 94 questions in the Implement advanced Ansible automation domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Implement advanced Ansible automation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included