Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsEX294DomainsManage automation security and operations
EX294Free — No Signup

Manage automation security and operations

Practice EX294 Manage automation security and operations questions with full explanations on every answer.

48questions

Start practicing

Manage automation security and operations — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

EX294 Domains

Deploy Ansible Automation PlatformManage inventories and credentialsManage task execution and rolesCoordinate rolling updatesTransform data with filters and pluginsCreate content collections and execution environmentsImplement advanced Ansible automationManage automation security and operations

Practice Manage automation security and operations questions

10Q20Q30Q50Q

All EX294 Manage automation security and operations questions (48)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

An Ansible automation controller job template uses a custom credential type that requires a secret token. The token is stored as an extra variable in the job template definition. A security audit reveals the token is visible in plaintext in the job output. Which action should the administrator take to secure the secret?

2

A Red Hat Ansible Automation Platform deployment uses automation mesh to manage remote nodes across a high-latency WAN. An administrator notices that some job runs fail intermittently due to connection timeouts. The administrator wants to improve reliability without changing network infrastructure. Which configuration change is most effective?

3

An organization requires that all Ansible playbooks be executed using a specific service account that has limited permissions. The account can only run playbooks from a specific directory. Which approach best enforces this requirement in automation controller?

4

A managed node is not responding to Ansible automation. The administrator verifies that the node is reachable via SSH and that the SSH key is correctly deployed. However, 'ansible all -m ping' fails with 'UNREACHABLE'. The automation controller uses a custom execution environment. What is the most likely cause?

5

An Ansible playbook uses 'become: yes' to install packages. The playbook works when run manually by the administrator but fails when run from automation controller with 'Missing sudo password'. The administrator has configured a machine credential with the SSH key and the 'Become password' field is blank. What is the most likely issue?

6

An automation controller administrator must ensure that a playbook's output does not expose sensitive data. Which TWO actions should be taken? (Choose exactly two.)

7

An organization has multiple automation controller clusters spread across different geographic regions. The security policy requires that job artifacts (such as logs and assets) must remain in the region where the job ran. Which THREE configurations support this requirement? (Choose exactly three.)

8

You are managing an Ansible Automation Platform deployment that uses automation mesh with one control node and two execution nodes. The control node is in the DMZ, and the execution nodes are in a private network. The organization's security policy requires that all secrets (e.g., SSH keys, API tokens) be encrypted at rest and never transmitted in plaintext. You have configured vault-encrypted credentials and set the vault password as a credential on the control node. However, a recent audit reveals that when a job runs, the vault password is visible in the job output on the execution nodes. The execution nodes are configured to stream job events back to the control node. The automation controller version is 4.3. The following settings are in place: 'no_log' is not set for any variables; the vault password is stored as a 'Vault password' credential type. The job template uses a custom credential type that injects the vault password as an environment variable. The execution nodes have access to the vault password via that environment variable. The audit shows the environment variable is printed in the job output because the playbook uses the 'env' module to display environment variables for debugging. You must prevent the vault password from appearing in any job output without breaking the ability to decrypt vault-encrypted variables. Which action should you take?

9

A managed node is configured with an Ansible vault-encrypted variable file. When running a playbook that uses these variables, the user receives a 'decryption failed' error. Which two steps should the user take to resolve the issue?

10

Your team manages a fleet of 200 Red Hat Enterprise Linux 8 servers. Security policy requires that all servers have a specific set of security configurations: (1) SELinux must be enforcing, (2) the firewall must allow only SSH and HTTPS, (3) SSH root login must be disabled, and (4) the 'auditd' service must be running and enabled. You have created an Ansible role 'security-hardening' that applies these settings. The role is idempotent and uses the 'lineinfile' module to modify /etc/ssh/sshd_config, the 'firewalld' module to configure firewall rules, the 'selinux' module to set SELinux to enforcing, and the 'service' module to enable and start auditd. You run the playbook against a test group of 10 servers, and it reports 'changed=0' for all tasks, indicating the servers are already compliant. However, a subsequent manual audit reveals that on two servers, SELinux is permissive and SSH root login is still permitted. What is the most likely cause of this discrepancy?

11

Drag and drop the steps to configure a container using Podman with a custom Dockerfile in the correct order.

12

Match each Linux command to its function.

13

An automation team wants to securely store SSH private keys for use in playbooks. Which Ansible feature should they use?

14

A playbook fails with 'ERROR! 'become' is not a valid attribute for a Play'. What is the most likely cause?

15

An organization uses Automation Controller with multiple teams. They want to ensure that team members can only launch job templates that are explicitly assigned to their team. Which configuration approach should be used?

16

A developer wants to encrypt a string in a playbook variable file. Which command should they use?

17

An Ansible playbook is failing due to an undefined variable. Which approach would best help identify the source of the variable?

18

A Red Hat Ansible Automation Platform installation uses a custom execution environment. The playbook runs fail with 'execution environment not found'. The execution environment is stored in a private registry requiring authentication. What must be configured?

19

An administrator needs to limit the number of concurrent jobs that can run on a specific automation controller node. Which setting should be adjusted?

20

A playbook using the 'uri' module is timing out when connecting to an external API. The network team confirms connectivity. What Ansible configuration parameter can be adjusted to increase the timeout?

21

A security team requires that all automation controller job logs be forwarded to an external SIEM system. Which integration should be used?

22

Refer to the exhibit. The user ran ansible-navigator without specifying an inventory. What does the warning indicate about the target hosts?

23

Refer to the exhibit. An administrator deployed this configuration using the controller_configuration role. After deployment, user jdoe can administer Engineering organization but cannot launch a job template within it. What is the most likely reason?

24

Refer to the exhibit. An automation job failed with the given error. What is the most likely cause?

25

Which two actions are appropriate when configuring a custom execution environment for an automation controller job? (Choose two.)

26

An organization needs to implement security best practices for Ansible automation. Which three measures should be taken? (Choose three.)

27

Which two conditions could prevent an automation controller job from starting? (Choose two.)

28

A systems administrator needs to securely store a database password for use in an Ansible playbook. The password should be encrypted at rest and decrypted only at runtime when the playbook is executed. Which approach should the administrator take?

29

An automation team wants to grant a group of operators the ability to launch job templates in automation controller but prevent them from modifying the job template configuration. They also need to troubleshoot failed jobs by viewing job output. Which predefined role should be assigned to the team for a specific job template?

30

A company uses Ansible Automation Platform and wants to ensure that all playbook runs are logged for audit purposes. What is the simplest way to achieve centralized logging of job runs?

31

An administrator is configuring a job template in automation controller that runs a playbook to deploy a web application. The playbook requires a database password that changes quarterly. To avoid updating the credential each quarter, what is the best approach to dynamically provide the password without exposing it in the playbook?

32

A workflow template in automation controller consists of three job templates that must run sequentially with different credentials. The first job template uses a machine credential to provision a VM, the second uses a network credential to configure the switch, and the third uses a cloud credential to deploy the application. To secure the credential usage, what should the administrator configure?

33

An organization uses automation controller and has multiple teams. They want to create an inventory that automatically includes all hosts from a cloud provider that belong to the 'production' tag, and this inventory should be accessible only to the SRE team. What is the correct way to achieve this?

34

After rotating the Ansible Vault password in the automation controller, several job templates that use vault credentials start failing with 'decryption failed'. The vault credential has been updated with the new password. What is the most likely cause of the failure?

35

An organization uses a proprietary API service that requires token-based authentication with a base64-encoded payload including username, password, and tenant ID. The administrator wants to create a custom credential type in automation controller so that users can input these three values separately, and the playbook receives the final token. Which input configuration fields should be defined?

36

An administrator is migrating playbooks to use execution environments in automation controller. They want to ensure that all playbook runs use a custom execution environment that includes the necessary Python libraries and is signed to comply with security policy. What should the administrator do?

37

A systems administrator is securing Ansible automation. Which two practices help protect sensitive data in playbooks? (Choose two.)

38

An automation controller administrator needs to limit access to a sensitive inventory. Which two methods can be used to restrict access to that inventory? (Choose two.)

39

An organization uses automation controller with multiple projects and teams. They want to enforce that only the operations team can run job templates that make changes in production, while the development team can only run job templates that deploy to development environments. Which three components should be configured to achieve this? (Choose three.)

40

Refer to the exhibit. A playbook fails with the given error. What is the most likely cause?

41

Refer to the exhibit. What is the most likely cause of the job being in 'pending' state?

42

A company has deployed Ansible Automation Platform with a single automation controller node. The operations team uses a workflow that includes three job templates: A, B, and C, each requiring different credentials. Recently, the workflow started failing intermittently with errors such as 'Timeout' and 'Connection refused' on certain hosts. The inventory is dynamic from a cloud provider. The administrator checks that the credentials are valid and the hosts are online. The job execution history shows that the failures occur only when the workflow attempts to run job template B on a subset of hosts that are located in a different subnet. Job templates A and C run fine on all hosts. What is the most likely cause and the best course of action?

43

Which TWO of the following are best practices for securing automation controller secrets and credentials?

44

A large enterprise runs a multi-tenant Ansible Automation Platform deployment. The security team has mandated strict role-based access control (RBAC) for three departments: Network (manages routers/switches), Security (manages firewalls/IDS), and Operations (manages servers/applications). Each department must have its own projects, inventories, job templates, and credentials. Additionally, credentials must not be viewable by users who do not own them. The platform currently uses a single organization with one team and all users have admin permissions. Which course of action best meets these requirements?

45

A junior administrator needs to rotate the password for a database user stored in an Ansible Vault-encrypted file (secrets.yml). The current password is unknown to the admin, but they have the vault password file (vault-pass.txt). The admin wants to edit the file securely without exposing the decrypted content in the terminal history or logs. Which command should they run?

46

Which TWO are valid ways to restrict access to job templates in Automation Controller?

47

Refer to the exhibit. A playbook fails with the above error when using ansible-vault. What is the most likely cause?

48

A systems administrator at a growing company uses Red Hat Ansible Automation Platform to manage configuration of web servers. They have a job template named 'Web Server Config' that runs a playbook to apply security hardening. The playbook includes variables encrypted with Ansible Vault using the default vault ID. The administrator has created a credential of type 'Ansible Vault Password' in Automation Controller and assigned it to the job template. When the job runs, it fails with the error: 'Decryption failed (no vault secrets would be found that would decrypt)'. However, other job templates that use the same vault credential run successfully. The administrator checks that the vault password is correct and that the credential is properly assigned. They also verify that the playbook's path is correct and the inventory is populated. What is the most likely cause of the failure?

Practice all 48 Manage automation security and operations questions

Other EX294 exam domains

Deploy Ansible Automation PlatformManage inventories and credentialsManage task execution and rolesCoordinate rolling updatesTransform data with filters and pluginsCreate content collections and execution environmentsImplement advanced Ansible automation

Frequently asked questions

What does the Manage automation security and operations domain cover on the EX294 exam?

The Manage automation security and operations domain covers the key concepts tested in this area of the EX294 exam blueprint published by Red Hat. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all EX294 domains — no account required.

How many Manage automation security and operations questions are in the EX294 question bank?

The Courseiva EX294 question bank contains 48 questions in the Manage automation security and operations domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Manage automation security and operations for EX294?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Manage automation security and operations questions for EX294?

Yes — the session launcher on this page draws questions exclusively from the Manage automation security and operations domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your EX294 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

EX200CKA