Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage inventories and credentials practice sets

EX294 Manage inventories and credentials • Complete Question Bank

EX294 Manage inventories and credentials — All Questions With Answers

Complete EX294 Manage inventories and credentials question bank — all 0 questions with answers and detailed explanations.

75
Questions
Free
No signup
Certifications/EX294/Practice Test/Manage inventories and credentials/All Questions
Question 1mediummultiple choice
Read the full Ansible explanation →

An administrator needs to store a secret API token in Ansible Automation Controller so that it can be used in job templates without exposing the token in plain text. Which type of credential should be used?

Question 2hardmultiple choice
Read the full Ansible explanation →

A team uses Ansible Automation Controller with multiple organizations. Each organization has its own set of machines that require different SSH keys. The administrator wants to ensure that users from one organization cannot use credentials from another organization. What is the best way to achieve this isolation?

Question 3easymultiple choice
Read the full Ansible explanation →

An Ansible playbook uses the `ansible_password` variable to connect to a Windows host. The value is stored in an encrypted Ansible Vault file. Which credential type in Automation Controller would allow the vault password to be supplied at runtime?

Question 4mediummultiple choice
Read the full Ansible explanation →

An administrator wants to create a custom credential type to store a third-party API key. The API key must be passed to the playbook as an environment variable `MY_API_KEY`. What is the correct Injector configuration in the custom credential type definition?

Question 5easymultiple choice
Read the full Manage inventories and credentials explanation →

A junior admin is troubleshooting why a job template fails with 'Permission denied' when connecting to a target host. The job template uses a machine credential that appears correct. What is the first thing to check?

Question 6mediummulti select
Read the full Ansible explanation →

Which TWO of the following are valid methods to supply a credential password in Ansible Automation Controller?

Question 7hardmulti select
Read the full Ansible explanation →

Which THREE of the following are best practices for managing credentials in Ansible Automation Controller?

Question 8mediummultiple choice
Read the full Ansible explanation →

The inventory above is used in a job template in Automation Controller. The job template also has a machine credential assigned that specifies username 'root' and an SSH key. When the job runs against host web1, which username will Ansible use to connect?

Network Topology
$ ansible-inventory -i inventory.ymllistRefer to the exhibit.```bash"_meta": {"hostvars": {"web1": {"ansible_host": "192.168.1.10","ansible_user": "admin","ansible_ssh_private_key_file": "/home/automation/keys/web_key"},"all": {"children": ["webservers"]"webservers": {"hosts": ["web1"]```
Question 9hardmultiple choice
Read the full Manage inventories and credentials explanation →

The job template running against host db1 uses a machine credential with an SSH key. The key is correctly configured in Automation Controller. However, the job fails with the error shown. What is the most likely cause?

Exhibit

Refer to the exhibit.

Error message from a job run:
```
fatal: [db1]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",
    "unreachable": true
}
```
Question 10hardmultiple choice
Read the full Ansible explanation →

A company uses Ansible Automation Controller to manage a mix of Linux and Windows servers. Each server is in a separate inventory group. The Linux servers use SSH keys stored in machine credentials, and the Windows servers use username/password stored in machine credentials. Recently, a new security policy requires that all credentials must be rotated every 90 days. The automation team has 50 Linux servers and 20 Windows servers. They want to minimize manual effort and avoid exposing secrets in plain text during rotation. They currently have a Jenkins pipeline that can run scripts on the controller node. Which approach best meets the requirements?

Question 11hardmultiple choice
Read the full Ansible explanation →

A system administrator is managing Ansible Tower and wants to use an Azure Resource Manager credential to provision virtual machines. However, the credential fails authentication with the error '401 Unauthorized'. Which action should the administrator take to resolve the issue?

Question 12easymultiple choice
Read the full Ansible explanation →

An Ansible Tower administrator needs to allow a team of developers to run playbooks against specific inventory groups without allowing them to modify the inventory or credentials. Which approach best satisfies the requirement?

Question 13mediummulti select
Read the full Ansible explanation →

Which TWO statements about machine credentials in Ansible Tower are correct? (Choose two.)

Question 14mediummultiple choice
Read the full Ansible explanation →

Refer to the exhibit. A user runs a playbook that creates hosts and then attempts to use a constructed inventory plugin. However, the constructed inventory does not group hosts by OS distribution. What is the most likely cause?

Exhibit

Refer to the exhibit.

---
- name: Generate inventory
  hosts: localhost
  gather_facts: no
  tasks:
    - name: Create static inventory
      add_host:
        name: "web{{ item }}"
        group: webservers
        ansible_host: "192.168.1.{{ item }}"
      loop:
        - 10
        - 11
        - 12
    - name: Create dynamic group
      group_by:
        key: "os_{{ ansible_distribution }}"
      when: ansible_distribution is defined

---
# inventory.yml
plugin: constructed
strict: false
keyed_groups:
  - key: ansible_distribution
    prefix: distro
    separator: "_"
Question 15hardmultiple choice
Read the full Ansible explanation →

A company manages its infrastructure using Ansible Tower. There are two teams: Team Alpha manages web servers in the 'webservers' group, and Team Beta manages database servers in the 'dbservers' group. Both teams need to use the same SSH credential to connect to their respective servers. The credential is stored in Tower as 'shared_ssh_key'. Team Alpha reports that they can launch jobs against the 'webservers' group, but Team Beta gets an error when trying to launch jobs against the 'dbservers' group: 'You do not have permission to use this credential.' Both teams are members of the same organization. The inventory is a single inventory source with separate groups. The credential has been assigned to the organization. What is the most likely cause of Team Beta's issue, and what is the correct solution?

Question 16easymultiple choice
Read the full Ansible explanation →

An administrator wants to use a custom inventory script to dynamically generate hosts in Ansible Tower. Which of the following is a valid approach to manage credentials for accessing the script's API?

Question 17mediummulti select
Read the full Ansible explanation →

Which TWO of the following are valid methods to manage credentials in Ansible Tower?

Question 18mediumdrag order
Read the full Ansible explanation →

Drag and drop the steps to create and apply a simple Ansible playbook that installs httpd into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediumdrag order
Read the full Manage inventories and credentials explanation →

Drag and drop the steps to configure a systemd service to start automatically at boot in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediummatching
Read the full NAT/PAT explanation →

Match each Linux file system path to its typical content.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configuration files

Variable data (logs, databases)

User system resources (binaries, libraries)

Temporary files

Process and kernel information

Question 21mediummatching
Read the full Manage inventories and credentials explanation →

Match each storage concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Logical Volume Manager for flexible storage

Redundant array of independent disks

Default Linux filesystem (journaling)

High-performance 64-bit filesystem

Virtual memory on disk

Question 22easymultiple choice
Read the full Ansible explanation →

A systems administrator needs to use a different SSH private key for a group of hosts in an Ansible inventory. Which inventory variable should be set at the group level?

Question 23mediummultiple choice
Read the full Ansible explanation →

An Ansible Tower/AWX administrator wants to prevent users from viewing credential passwords in plain text. Which credential type should be used for SSH passwords?

Question 24hardmultiple choice
Read the full Ansible explanation →

A DevOps engineer is designing a dynamic inventory script for a cloud provider. The script must return host variables in a specific JSON format. According to Ansible best practices, which top-level keys should be present in the script output?

Question 25easymultiple choice
Read the full Ansible explanation →

An Ansible administrator wants to use an encrypted vault file to store sensitive variables. Which command creates a new vault file and prompts for a password?

Question 26mediummultiple choice
Read the full Ansible explanation →

A team uses Ansible AWX and needs to run a job template that uses a custom credential of type 'OpenStack' to authenticate to an OpenStack cloud. Which field in the job template is used to specify this credential?

Question 27hardmultiple choice
Read the full Ansible explanation →

An Ansible playbook uses the `ansible_user` variable at the host level, but the SSH connection still uses root. Which configuration setting could override the playbook's user setting?

Question 28easymultiple choice
Read the full Ansible explanation →

A junior admin wants to remove a credential from Ansible Tower. Which role-based access control permission is required to delete a credential?

Question 29mediummultiple choice
Read the full Ansible explanation →

An Ansible inventory file uses the `gce.py` dynamic inventory script for Google Cloud. After running the script, the inventory contains hosts but no variables. What is the most likely cause?

Question 30hardmultiple choice
Read the full Ansible explanation →

An Ansible playbook uses a vault-encrypted variable `db_password` from a vars file. The playbook fails with 'Decryption failed' error. Which of the following could be the cause?

Question 31mediummulti select
Read the full Ansible explanation →

A team is configuring an inventory to manage Windows hosts via Ansible. Which TWO inventory variables must be defined for each host?

Question 32hardmulti select
Read the full Ansible explanation →

An Ansible Tower administrator needs to create a custom credential type that uses an SSH private key and a username. Which THREE components should be defined in the credential type's configuration?

Question 33easymulti select
Read the full Ansible explanation →

An Ansible playbook uses the `fetch` module to retrieve files from managed hosts. Which TWO inventory variables are commonly used to construct unique destination paths for each host?

Question 34mediummultiple choice
Read the full Ansible explanation →

Refer to the exhibit. A playbook runs against the `web` group. What username will be used for host web2?

Exhibit

# inventory file
[web]
web1 ansible_host=192.168.1.10 ansible_user=admin
web2 ansible_host=192.168.1.11

[web:vars]
ansible_user=deploy
Question 35hardmultiple choice
Read the full Ansible explanation →

Refer to the exhibit. An Ansible playbook targeting server1 fails with a permissions error when connecting. The administrator notices the SSH private key is being used. Which change will likely fix the issue?

Network Topology
# ansible-navigator inventorylist"all": {"hosts": {"server1": {"ansible_host": "10.0.0.1","ansible_user": "centos","ansible_ssh_private_key_file": "/home/centos/.ssh/id_rsa"},"vars": {"ansible_ssh_common_args": "-o StrictHostKeyChecking=no"
Question 36easymultiple choice
Read the full Ansible explanation →

Refer to the exhibit. A playbook includes this vars file and runs `systemctl restart httpd`. The playbook fails because it cannot decrypt the vault. Which of the following is the most likely cause?

Exhibit

# vars/main.yml
db_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  62616133626435323435303036383837623839646538646134313734326438
  32336262656134333766346133343462663230663738636261343861336662
  0a3532666463313035616265643237343763366261666338663462643761
  3733
Question 37easymultiple choice
Read the full Ansible explanation →

A company uses a static inventory file for Ansible Tower. They need to add a new host to an existing group. Which action should they take?

Question 38easymultiple choice
Read the full Ansible explanation →

An administrator needs to store a database password securely for use in playbooks. Which credential type should they create?

Question 39easymultiple choice
Read the full Manage inventories and credentials explanation →

An organization has multiple inventories for different environments. They want to reuse a set of hosts across inventories without duplicating host definitions. Which feature should they use?

Question 40mediummultiple choice
Read the full Ansible explanation →

A playbook requires a secret token that changes every hour. The token is stored in a password vault. Which setting should be used to have Tower retrieve the token at runtime?

Question 41mediummultiple choice
Read the full Ansible explanation →

Ansible Tower is configured with a dynamic inventory source from VMware vCenter. The playbook needs to limit execution to hosts with a specific custom attribute. How should this be achieved?

Question 42mediummultiple choice
Read the full Ansible explanation →

A team is using Ansible Tower with multiple credentials per job template. The playbook uses the 'become' method to escalate privileges on remote hosts. The become password is different from the SSH password. Which configuration ensures the become password is used?

Question 43hardmultiple choice
Read the full Ansible explanation →

An organization uses multiple Satellite servers for inventory. They want to combine data from all satellites into one unified inventory in Ansible Tower. Which approach is best?

Question 44hardmultiple choice
Read the full Ansible explanation →

A job template uses a custom credential type that injects environment variables for a third-party API. The credential input defines a field 'api_key'. The playbook uses {{ api_key }} but it's empty. What is the most likely cause?

Question 45hardmultiple choice
Read the full Ansible explanation →

An Ansible Tower administrator notices that a job template using a dynamic inventory source from AWS EC2 is not updating when new instances are launched. The inventory source is set to update on launch. What is the most likely cause?

Question 46mediummulti select
Read the full Ansible explanation →

Which TWO actions are valid for managing inventory group membership in Ansible Tower?

Question 47mediummulti select
Read the full Ansible explanation →

Which THREE are valid credential types in Ansible Tower?

Question 48hardmulti select
Read the full Ansible explanation →

Which THREE considerations are important when using dynamic inventories in Ansible Tower?

Question 49easymultiple choice
Read the full Ansible explanation →

An Ansible Tower administrator wants to allow a team to run playbooks against a set of production web servers without giving them direct SSH access to the hosts. Which inventory configuration approach should be used?

Question 50mediummultiple choice
Read the full NAT/PAT explanation →

A sysadmin receives an error when running a job template: 'ERROR! the role 'common' was not found in the specified roles path'. The role exists in a source control repository referenced in the project. What is the most likely cause?

Question 51hardmultiple choice
Read the full Ansible explanation →

An organization uses multiple Ansible Automation Platform clusters in different geographies. Each cluster has its own set of credentials for different environments. An administrator needs to ensure that job templates launched in the EMEA cluster can only use EMEA-specific credentials, while the APAC cluster uses APAC-specific credentials, without duplicating job template definitions. What is the best approach?

Question 52easymultiple choice
Read the full Manage inventories and credentials explanation →

A junior admin created a custom credential type for a third-party API. When running a job that uses this credential, the job fails with 'type object 'Credentials' has no attribute' error. What is the most likely issue?

Question 53mediummultiple choice
Read the full Manage inventories and credentials explanation →

An administrator needs to restrict access to an inventory so that only members of the 'WebTeam' can update its host variables and group memberships. Other users should be able to view the inventory but not modify it. Which role-based access control (RBAC) configuration should be applied?

Question 54hardmultiple choice
Read the full Ansible explanation →

During a playbook run, the task 'debug: msg={{ ansible_facts.distribution }}' outputs 'CentOS' for a host. However, the host's inventory variable 'distribution' is set to 'RedHat'. The administrator expected the inventory variable to override the fact. What is the most likely cause of this behavior?

Question 55easymultiple choice
Read the full Manage inventories and credentials explanation →

An administrator needs to provide a set of credentials to a job template that requires a machine credential for SSH and a source control credential for the project. What is the correct way to associate these credentials?

Question 56mediummultiple choice
Read the full Manage inventories and credentials explanation →

An inventory is sourced from an external dynamic inventory plugin. The plugin returns hosts with groups including 'webservers' and 'dbservers'. An administrator wants to add a custom variable to all hosts in the 'webservers' group without modifying the plugin script. How can this be achieved?

Question 57hardmultiple choice
Read the full Ansible explanation →

An organization uses an external secrets management system (e.g., HashiCorp Vault) to store sensitive credentials. They want to integrate it with Ansible Automation Platform so that job templates automatically retrieve credentials from Vault without storing them in the AAP database. Which approach is supported?

Question 58mediummulti select
Read the full Ansible explanation →

Which TWO statements about inventory groups in Ansible Automation Platform are correct? (Choose exactly two.)

Question 59hardmulti select
Read the full Ansible explanation →

Which THREE considerations are important when designing a credential strategy in Ansible Automation Platform? (Choose exactly three.)

Question 60easymulti select
Read the full Ansible explanation →

Which THREE actions can an administrator perform using the inventory management features in Ansible Automation Platform? (Choose exactly three.)

Question 61easymultiple choice
Read the full Ansible explanation →

An Ansible Tower administrator needs to add a single host to an existing inventory. The host has a static IP address and requires SSH access with a specific username and private key. Which of the following is the correct approach?

Question 62mediummultiple choice
Read the full Ansible explanation →

A system administrator maintains a dynamic inventory script that queries a cloud provider API to build host lists. The script returns valid JSON, but after importing into Ansible Tower, the inventory shows zero hosts. The script is executable and placed in the expected project directory. What is the most likely cause?

Question 63hardmultiple choice
Read the full Ansible explanation →

An organization has multiple Ansible Tower projects that use different cloud providers. The security team mandates that cloud API credentials stored in Tower must have restricted access and be reusable across job templates without exposing the secret key. Which credential type and organization strategy best meets these requirements?

Question 64hardmultiple choice
Read the full Ansible explanation →

A team uses a single Ansible Tower inventory called 'Production' containing hosts for multiple environments (dev, stage, prod). They want to apply different variables to hosts based on environment. Which inventory structure meets this requirement with minimal administrative overhead?

Question 65easymulti select
Read the full Manage inventories and credentials explanation →

Which TWO methods can be used to limit the hosts that a job template runs against when launching a job? (Choose exactly two.)

Question 66mediummulti select
Read the full Ansible explanation →

Which THREE of the following are valid ways to define host variables in an Ansible inventory? (Choose exactly three.)

Question 67easymultiple choice
Read the full Ansible explanation →

Your organization uses Ansible Tower to manage a growing number of Linux servers. Currently, there is a single inventory called 'All Servers' that contains all hosts. A new project requires that certain sensitive variables (e.g., API keys) be stored securely and not exposed in job logs. The security team also wants to limit which users can use these credentials. You have been asked to implement a solution. After evaluating, you plan to create a custom credential type with a 'password' field for the API key and assign it to the job template. However, during a test run, the API key is still visible in the job output. What is the most likely reason?

Question 68easymultiple choice
Read the full Ansible explanation →

You are an Ansible Tower administrator for a company that uses a dynamic inventory script to pull hosts from AWS. The script has been working for months, but after a recent security update, the job template that uses this inventory fails with the error: 'ERROR! Unable to parse /path/to/inventory/script.py as an inventory source'. The script is executable and the path is correct. What is the most likely cause?

Question 69mediummultiple choice
Read the full Ansible explanation →

Your team manages a large Ansible Tower environment with multiple organizations. Each organization has its own projects, inventories, and job templates. You need to create a set of cloud credentials (AWS access key) that can be used by any job template in any organization, but you want to restrict modification of the credential to only a few administrators. What is the best way to achieve this while maintaining flexibility?

Question 70mediummultiple choice
Read the full Ansible explanation →

An Ansible Tower administrator notices that a job template fails intermittently with a 'Host unreachable' error for a specific group of servers. The inventory is static and the host entries have correct IPs. The credential used for SSH is a machine credential with a username and password, and it works for other hosts. Upon checking the job output, the error occurs during the 'Gathering Facts' step. The SSH service on these servers is running and reachable from the Tower node. What is the most likely cause?

Question 71hardmultiple choice
Read the full Ansible explanation →

As an Ansible Tower administrator, you are tasked with setting up a job template that interacts with multiple cloud providers. The job template uses a custom credential type that includes two fields: 'api_token' (type password) and 'region' (type text). During a test run, the job fails with an error that the 'region' variable is not defined in the playbook. The playbook references {{ region }} and {{ api_token }}. You verified that the credential is assigned to the job template and the values are populated. What is the most likely issue?

Question 72hardmultiple choice
Read the full Ansible explanation →

You manage an Ansible Tower instance that has multiple inventories synced from different sources (static, dynamic cloud, and satellite). Recently, a job template that uses an inventory synced from Red Hat Satellite fails with 'No hosts matched' even though hosts exist in Satellite. The inventory sync job runs successfully and shows hosts populated in Tower. The job template uses a limit field set to '*' and there are no tags or other filters. The playbook is simple: 'hosts: all'. What is the most likely cause?

Question 73mediummulti select
Read the full Ansible explanation →

An administrator is configuring Ansible Tower for a multi-environment deployment. The team has separate Azure service principals for dev, test, and prod, and uses Ansible Vault to encrypt sensitive variables. Which TWO configuration practices ensure secure credential management and clear inventory separation?

Question 74hardmultiple choice
Read the full Manage inventories and credentials explanation →

What is the most likely cause of the failure?

Exhibit

Refer to the exhibit.
```yaml
inventory_source:
  name: Production Inventory
  organization: Default
  source: scm
  source_project: "Ansible Inventory Repo"
  source_path: "inventories/production/hosts.yml"
  credential: "GitHub Personal Access Token"
  update_on_launch: true
  update_cache_timeout: 0
```
The administrator has noticed that the inventory sync fails with authentication errors. The GitHub Personal Access Token credential is of type 'Machine' instead of 'Source Control'.
Question 75easymultiple choice
Read the full Ansible explanation →

An administrator is managing an Ansible Automation Platform deployment that runs job templates against a dynamic inventory sourced from VMware vCenter. The administrator updated the vCenter credentials in Tower after a password rotation. However, subsequent inventory syncs continue to fail with authentication errors. The administrator has confirmed that the new credentials work when tested directly on the controller node using the 'govc' CLI tool. The inventory source is configured to use the updated credential and the update_on_launch flag is set to true. Which action should the administrator take to resolve the issue?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

EX294 Practice Test 1 — 10 Questions→EX294 Practice Test 2 — 10 Questions→EX294 Practice Test 3 — 10 Questions→EX294 Practice Test 4 — 10 Questions→EX294 Practice Test 5 — 10 Questions→EX294 Practice Exam 1 — 20 Questions→EX294 Practice Exam 2 — 20 Questions→EX294 Practice Exam 3 — 20 Questions→EX294 Practice Exam 4 — 20 Questions→Free EX294 Practice Test 1 — 30 Questions→Free EX294 Practice Test 2 — 30 Questions→Free EX294 Practice Test 3 — 30 Questions→EX294 Practice Questions 1 — 50 Questions→EX294 Practice Questions 2 — 50 Questions→EX294 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Deploy Ansible Automation PlatformManage inventories and credentialsManage task execution and rolesCoordinate rolling updatesTransform data with filters and pluginsCreate content collections and execution environmentsImplement advanced Ansible automationManage automation security and operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage inventories and credentials setsAll Manage inventories and credentials questionsEX294 Practice Hub