Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage automation security and operations practice sets

EX294 Manage automation security and operations • Complete Question Bank

EX294 Manage automation security and operations — All Questions With Answers

Complete EX294 Manage automation security and operations question bank — all 0 questions with answers and detailed explanations.

48
Questions
Free
No signup
Certifications/EX294/Practice Test/Manage automation security and operations/All Questions
Question 1mediummultiple choice
Read the full Ansible explanation →

An Ansible automation controller job template uses a custom credential type that requires a secret token. The token is stored as an extra variable in the job template definition. A security audit reveals the token is visible in plaintext in the job output. Which action should the administrator take to secure the secret?

Question 2hardmultiple choice
Read the full Ansible explanation →

A Red Hat Ansible Automation Platform deployment uses automation mesh to manage remote nodes across a high-latency WAN. An administrator notices that some job runs fail intermittently due to connection timeouts. The administrator wants to improve reliability without changing network infrastructure. Which configuration change is most effective?

Question 3easymultiple choice
Read the full Ansible explanation →

An organization requires that all Ansible playbooks be executed using a specific service account that has limited permissions. The account can only run playbooks from a specific directory. Which approach best enforces this requirement in automation controller?

Question 4hardmultiple choice
Read the full Ansible explanation →

A managed node is not responding to Ansible automation. The administrator verifies that the node is reachable via SSH and that the SSH key is correctly deployed. However, 'ansible all -m ping' fails with 'UNREACHABLE'. The automation controller uses a custom execution environment. What is the most likely cause?

Question 5mediummultiple choice
Read the full Ansible explanation →

An Ansible playbook uses 'become: yes' to install packages. The playbook works when run manually by the administrator but fails when run from automation controller with 'Missing sudo password'. The administrator has configured a machine credential with the SSH key and the 'Become password' field is blank. What is the most likely issue?

Question 6mediummulti select
Read the full Ansible explanation →

An automation controller administrator must ensure that a playbook's output does not expose sensitive data. Which TWO actions should be taken? (Choose exactly two.)

Question 7hardmulti select
Read the full Manage automation security and operations explanation →

An organization has multiple automation controller clusters spread across different geographic regions. The security policy requires that job artifacts (such as logs and assets) must remain in the region where the job ran. Which THREE configurations support this requirement? (Choose exactly three.)

Question 8hardmultiple choice
Read the full Ansible explanation →

You are managing an Ansible Automation Platform deployment that uses automation mesh with one control node and two execution nodes. The control node is in the DMZ, and the execution nodes are in a private network. The organization's security policy requires that all secrets (e.g., SSH keys, API tokens) be encrypted at rest and never transmitted in plaintext. You have configured vault-encrypted credentials and set the vault password as a credential on the control node. However, a recent audit reveals that when a job runs, the vault password is visible in the job output on the execution nodes. The execution nodes are configured to stream job events back to the control node. The automation controller version is 4.3. The following settings are in place: 'no_log' is not set for any variables; the vault password is stored as a 'Vault password' credential type. The job template uses a custom credential type that injects the vault password as an environment variable. The execution nodes have access to the vault password via that environment variable. The audit shows the environment variable is printed in the job output because the playbook uses the 'env' module to display environment variables for debugging. You must prevent the vault password from appearing in any job output without breaking the ability to decrypt vault-encrypted variables. Which action should you take?

Question 9easymulti select
Read the full Ansible explanation →

A managed node is configured with an Ansible vault-encrypted variable file. When running a playbook that uses these variables, the user receives a 'decryption failed' error. Which two steps should the user take to resolve the issue?

Question 10hardmultiple choice
Read the full Ansible explanation →

Your team manages a fleet of 200 Red Hat Enterprise Linux 8 servers. Security policy requires that all servers have a specific set of security configurations: (1) SELinux must be enforcing, (2) the firewall must allow only SSH and HTTPS, (3) SSH root login must be disabled, and (4) the 'auditd' service must be running and enabled. You have created an Ansible role 'security-hardening' that applies these settings. The role is idempotent and uses the 'lineinfile' module to modify /etc/ssh/sshd_config, the 'firewalld' module to configure firewall rules, the 'selinux' module to set SELinux to enforcing, and the 'service' module to enable and start auditd. You run the playbook against a test group of 10 servers, and it reports 'changed=0' for all tasks, indicating the servers are already compliant. However, a subsequent manual audit reveals that on two servers, SELinux is permissive and SSH root login is still permitted. What is the most likely cause of this discrepancy?

Question 11mediumdrag order
Read the full Manage automation security and operations explanation →

Drag and drop the steps to configure a container using Podman with a custom Dockerfile in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 12mediummatching
Read the full Manage automation security and operations explanation →

Match each Linux command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Socket statistics

Query systemd journal

Show current SELinux mode

Manage firewalld rules

Extend a logical volume

Question 13easymultiple choice
Read the full Ansible explanation →

An automation team wants to securely store SSH private keys for use in playbooks. Which Ansible feature should they use?

Question 14mediummultiple choice
Read the full Ansible explanation →

A playbook fails with 'ERROR! 'become' is not a valid attribute for a Play'. What is the most likely cause?

Question 15hardmultiple choice
Read the full Manage automation security and operations explanation →

An organization uses Automation Controller with multiple teams. They want to ensure that team members can only launch job templates that are explicitly assigned to their team. Which configuration approach should be used?

Question 16easymultiple choice
Read the full Ansible explanation →

A developer wants to encrypt a string in a playbook variable file. Which command should they use?

Question 17mediummultiple choice
Read the full Ansible explanation →

An Ansible playbook is failing due to an undefined variable. Which approach would best help identify the source of the variable?

Question 18hardmultiple choice
Read the full Ansible explanation →

A Red Hat Ansible Automation Platform installation uses a custom execution environment. The playbook runs fail with 'execution environment not found'. The execution environment is stored in a private registry requiring authentication. What must be configured?

Question 19easymultiple choice
Read the full Manage automation security and operations explanation →

An administrator needs to limit the number of concurrent jobs that can run on a specific automation controller node. Which setting should be adjusted?

Question 20mediummultiple choice
Read the full Ansible explanation →

A playbook using the 'uri' module is timing out when connecting to an external API. The network team confirms connectivity. What Ansible configuration parameter can be adjusted to increase the timeout?

Question 21hardmultiple choice
Read the full Manage automation security and operations explanation →

A security team requires that all automation controller job logs be forwarded to an external SIEM system. Which integration should be used?

Question 22mediummultiple choice
Read the full Ansible explanation →

Refer to the exhibit. The user ran ansible-navigator without specifying an inventory. What does the warning indicate about the target hosts?

Network Topology
$ ansible-navigator run playbook.ymlmode stdoutPLAY [all] *********************************************************************TASK [Gathering Facts] *********************************************************ok: [localhost]TASK [debug] *******************************************************************ok: [localhost] => {"msg": "Hello"PLAY RECAP *********************************************************************localhostok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Question 23hardmultiple choice
Read the full Manage automation security and operations explanation →

Refer to the exhibit. An administrator deployed this configuration using the controller_configuration role. After deployment, user jdoe can administer Engineering organization but cannot launch a job template within it. What is the most likely reason?

Exhibit

---
controller_configuration:
  organizations:
    - name: Engineering
      description: Engineering Team
  teams:
    - name: Dev
      organization: Engineering
      description: Developers
  users:
    - username: jdoe
      first_name: John
      last_name: Doe
      password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          ...encrypted...
      teams:
        - name: Dev
          organization: Engineering
      roles:
        - name: admin
          type: organization
          organization: Engineering
Question 24easymultiple choice
Read the full Manage automation security and operations explanation →

Refer to the exhibit. An automation job failed with the given error. What is the most likely cause?

Exhibit

TASK [deploy app] **************************************************************
fatal: [web01.example.com]: FAILED! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true}
Question 25mediummulti select
Read the full Manage automation security and operations explanation →

Which two actions are appropriate when configuring a custom execution environment for an automation controller job? (Choose two.)

Question 26hardmulti select
Read the full Ansible explanation →

An organization needs to implement security best practices for Ansible automation. Which three measures should be taken? (Choose three.)

Question 27easymulti select
Read the full Manage automation security and operations explanation →

Which two conditions could prevent an automation controller job from starting? (Choose two.)

Question 28easymultiple choice
Read the full Ansible explanation →

A systems administrator needs to securely store a database password for use in an Ansible playbook. The password should be encrypted at rest and decrypted only at runtime when the playbook is executed. Which approach should the administrator take?

Question 29easymultiple choice
Read the full Manage automation security and operations explanation →

An automation team wants to grant a group of operators the ability to launch job templates in automation controller but prevent them from modifying the job template configuration. They also need to troubleshoot failed jobs by viewing job output. Which predefined role should be assigned to the team for a specific job template?

Question 30easymultiple choice
Read the full Ansible explanation →

A company uses Ansible Automation Platform and wants to ensure that all playbook runs are logged for audit purposes. What is the simplest way to achieve centralized logging of job runs?

Question 31mediummultiple choice
Read the full Ansible explanation →

An administrator is configuring a job template in automation controller that runs a playbook to deploy a web application. The playbook requires a database password that changes quarterly. To avoid updating the credential each quarter, what is the best approach to dynamically provide the password without exposing it in the playbook?

Question 32mediummultiple choice
Read the full Manage automation security and operations explanation →

A workflow template in automation controller consists of three job templates that must run sequentially with different credentials. The first job template uses a machine credential to provision a VM, the second uses a network credential to configure the switch, and the third uses a cloud credential to deploy the application. To secure the credential usage, what should the administrator configure?

Question 33mediummultiple choice
Read the full Manage automation security and operations explanation →

An organization uses automation controller and has multiple teams. They want to create an inventory that automatically includes all hosts from a cloud provider that belong to the 'production' tag, and this inventory should be accessible only to the SRE team. What is the correct way to achieve this?

Question 34hardmultiple choice
Read the full Ansible explanation →

After rotating the Ansible Vault password in the automation controller, several job templates that use vault credentials start failing with 'decryption failed'. The vault credential has been updated with the new password. What is the most likely cause of the failure?

Question 35hardmultiple choice
Read the full Ansible explanation →

An organization uses a proprietary API service that requires token-based authentication with a base64-encoded payload including username, password, and tenant ID. The administrator wants to create a custom credential type in automation controller so that users can input these three values separately, and the playbook receives the final token. Which input configuration fields should be defined?

Question 36hardmultiple choice
Read the full Ansible explanation →

An administrator is migrating playbooks to use execution environments in automation controller. They want to ensure that all playbook runs use a custom execution environment that includes the necessary Python libraries and is signed to comply with security policy. What should the administrator do?

Question 37easymulti select
Read the full Ansible explanation →

A systems administrator is securing Ansible automation. Which two practices help protect sensitive data in playbooks? (Choose two.)

Question 38mediummulti select
Read the full Manage automation security and operations explanation →

An automation controller administrator needs to limit access to a sensitive inventory. Which two methods can be used to restrict access to that inventory? (Choose two.)

Question 39hardmulti select
Read the full Manage automation security and operations explanation →

An organization uses automation controller with multiple projects and teams. They want to enforce that only the operations team can run job templates that make changes in production, while the development team can only run job templates that deploy to development environments. Which three components should be configured to achieve this? (Choose three.)

Question 40easymultiple choice
Read the full Ansible explanation →

Refer to the exhibit. A playbook fails with the given error. What is the most likely cause?

Exhibit

The following error is displayed when running a playbook:
fatal: [server1]: FAILED! => {"msg": "Attempting to decrypt but no vault secrets found"}
Question 41mediummultiple choice
Read the full Manage automation security and operations explanation →

Refer to the exhibit. What is the most likely cause of the job being in 'pending' state?

Exhibit

Refer to the exhibit. In automation controller, a job template named 'Deploy App' has the following configuration:
- Inventory: Production
- Project: App_Project
- Credential: Machine credential 'prod_ssh'
- Verbosity: 0 (Normal)
- Job Type: Run
- Extra Variables: {"env": "production"}
A member of the Operations team launches this job template and sees the job status as 'pending' for several minutes before it eventually runs. What is the most likely cause?
Question 42hardmultiple choice
Read the full Ansible explanation →

A company has deployed Ansible Automation Platform with a single automation controller node. The operations team uses a workflow that includes three job templates: A, B, and C, each requiring different credentials. Recently, the workflow started failing intermittently with errors such as 'Timeout' and 'Connection refused' on certain hosts. The inventory is dynamic from a cloud provider. The administrator checks that the credentials are valid and the hosts are online. The job execution history shows that the failures occur only when the workflow attempts to run job template B on a subset of hosts that are located in a different subnet. Job templates A and C run fine on all hosts. What is the most likely cause and the best course of action?

Question 43mediummulti select
Read the full Manage automation security and operations explanation →

Which TWO of the following are best practices for securing automation controller secrets and credentials?

Question 44hardmultiple choice
Read the full Ansible explanation →

A large enterprise runs a multi-tenant Ansible Automation Platform deployment. The security team has mandated strict role-based access control (RBAC) for three departments: Network (manages routers/switches), Security (manages firewalls/IDS), and Operations (manages servers/applications). Each department must have its own projects, inventories, job templates, and credentials. Additionally, credentials must not be viewable by users who do not own them. The platform currently uses a single organization with one team and all users have admin permissions. Which course of action best meets these requirements?

Question 45easymultiple choice
Read the full Ansible explanation →

A junior administrator needs to rotate the password for a database user stored in an Ansible Vault-encrypted file (secrets.yml). The current password is unknown to the admin, but they have the vault password file (vault-pass.txt). The admin wants to edit the file securely without exposing the decrypted content in the terminal history or logs. Which command should they run?

Question 46mediummulti select
Read the full Manage automation security and operations explanation →

Which TWO are valid ways to restrict access to job templates in Automation Controller?

Question 47hardmultiple choice
Read the full Ansible explanation →

Refer to the exhibit. A playbook fails with the above error when using ansible-vault. What is the most likely cause?

Exhibit

$ ansible-vault view secret.yml
Vault password:
ERROR! Vault password is incorrect for vault id 'default' at line 1 of secret.yml
Question 48easymultiple choice
Read the full Ansible explanation →

A systems administrator at a growing company uses Red Hat Ansible Automation Platform to manage configuration of web servers. They have a job template named 'Web Server Config' that runs a playbook to apply security hardening. The playbook includes variables encrypted with Ansible Vault using the default vault ID. The administrator has created a credential of type 'Ansible Vault Password' in Automation Controller and assigned it to the job template. When the job runs, it fails with the error: 'Decryption failed (no vault secrets would be found that would decrypt)'. However, other job templates that use the same vault credential run successfully. The administrator checks that the vault password is correct and that the credential is properly assigned. They also verify that the playbook's path is correct and the inventory is populated. What is the most likely cause of the failure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

EX294 Practice Test 1 — 10 Questions→EX294 Practice Test 2 — 10 Questions→EX294 Practice Test 3 — 10 Questions→EX294 Practice Test 4 — 10 Questions→EX294 Practice Test 5 — 10 Questions→EX294 Practice Exam 1 — 20 Questions→EX294 Practice Exam 2 — 20 Questions→EX294 Practice Exam 3 — 20 Questions→EX294 Practice Exam 4 — 20 Questions→Free EX294 Practice Test 1 — 30 Questions→Free EX294 Practice Test 2 — 30 Questions→Free EX294 Practice Test 3 — 30 Questions→EX294 Practice Questions 1 — 50 Questions→EX294 Practice Questions 2 — 50 Questions→EX294 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Deploy Ansible Automation PlatformManage inventories and credentialsManage task execution and rolesCoordinate rolling updatesTransform data with filters and pluginsCreate content collections and execution environmentsImplement advanced Ansible automationManage automation security and operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage automation security and operations setsAll Manage automation security and operations questionsEX294 Practice Hub