CCNA AI and Network Operations Questions

65 of 215 questions · Page 3/3 · AI and Network Operations · Answers revealed

151
MCQmedium

A network engineer is automating the configuration of a new branch office router. The engineer needs a protocol that uses a YANG data model, supports both configuration and operational state retrieval, and operates over SSH for secure transport. Which protocol should the engineer use?

A.SNMP
B.NETCONF
C.RESTCONF
D.CLI scripting
AnswerB

NETCONF uses YANG data models, supports both configuration and operational state retrieval, and operates over SSH for secure transport. It is the ideal choice for automating network device configuration in a secure manner.

Why this answer

NETCONF (Network Configuration Protocol) is the correct choice because it uses YANG data models for configuration and operational state retrieval, and it operates over SSH (RFC 6242) for secure transport. Unlike SNMP, NETCONF provides transactional configuration changes and separates configuration from operational state data, making it ideal for automated router configuration.

Exam trap

Cisco often tests the distinction between NETCONF and RESTCONF, where the trap is that both use YANG, but candidates forget that NETCONF specifically requires SSH transport, while RESTCONF uses HTTP/HTTPS, making NETCONF the only correct answer when the question specifies 'operates over SSH'.

Why the other options are wrong

A

SNMP does not use YANG data models and typically operates over UDP, not SSH.

C

RESTCONF uses HTTP/HTTPS for transport, not SSH, so it does not meet the requirement of operating over SSH.

D

CLI scripting lacks a standardized data model like YANG and is not a protocol that operates over SSH in the same structured manner as NETCONF.

152
MCQmedium

A network administrator needs to configure VLANs and access ports on 200 managed switches across multiple locations. The administrator requires a solution that uses a push‑based deployment model, does not require any agent software to be installed on the switches, and can be executed from a central control node. Which automation tool is most suitable for this task?

A.Puppet
B.Chef
C.Ansible
D.Python scripts
AnswerC

Ansible operates in a push mode over SSH, requiring no agents on managed devices.

Why this answer

Ansible is the most suitable tool because it uses a push-based model (SSH) to apply configurations directly to network devices without requiring any agent software. It operates from a central control node, making it ideal for managing 200 switches across multiple locations with a single playbook execution.

Exam trap

Cisco often tests the distinction between push-based (Ansible) and pull-based (Puppet, Chef) models, and the trap here is assuming that any scripting language like Python is a complete automation tool rather than a component that requires additional orchestration.

Why the other options are wrong

A

Requires agents and is pull‑based, failing both the agentless and push requirements.

B

Agents are mandatory, and the pull mechanism contradicts the push requirement.

D

Lacks built‑in push‑based orchestration, idempotency, and agentless design without significant custom development, making it less suitable than a purpose‑built tool.

153
MCQmedium

An automation script must retrieve the current configuration state of a device from a REST API without modifying anything. Which HTTP method should it use?

A.DELETE
B.GET
C.PUT
D.POST
AnswerB

This is correct because GET is the standard HTTP method for retrieving data without changing the resource.

Why this answer

When a script only needs to read information, the normal REST choice is GET. In plain terms, GET asks the server, “Show me the current data,” without telling it to create, replace, or delete anything. That is why GET is the standard method for retrieving device state, configuration details, statistics, or inventory information from an API endpoint.

The other methods imply change. POST commonly creates or submits data. PUT commonly updates an existing resource. DELETE removes something. For a read-only query, GET is the clean and expected method.

Exam trap

Avoid confusing HTTP methods that modify data (POST, PUT, DELETE) with GET, which is read-only.

Why the other options are wrong

A

The DELETE method is used to remove a resource from the server, which directly modifies the state of the device's configuration. Since the question specifies that the script must retrieve the configuration without making any modifications, DELETE is not appropriate.

C

The PUT method is used to update or replace a resource on a server, which contradicts the requirement of retrieving the current configuration state without making any modifications.

D

The POST method is used to send data to a server to create or update a resource, which contradicts the requirement of retrieving the current configuration state without modifying anything.

154
Multi-Selectmedium

Which two statements accurately describe controller-based networking at the CCNA level?

Select 2 answers
A.A controller can centralize management and policy logic.
B.Northbound APIs can allow external applications to communicate with the controller.
C.Controllers eliminate all need for switches and routers.
D.Controllers are unrelated to automation.
E.Controllers require Telnet for all communication.
AnswersA, B

This is correct because centralization is a core feature of controller-based networking.

Why this answer

Option A is correct because a software-defined networking (SDN) controller centralizes management, policy logic, and network intelligence, reducing manual per-device configuration. Option B is correct because northbound APIs (e.g., REST APIs) allow external applications, orchestration tools, and automation scripts to interact with the controller for dynamic network control. Option C is wrong because controllers do not eliminate switches and routers; these devices still forward packets based on instructions from the controller.

Option D is wrong because controllers are fundamental to network automation—they provide programmable interfaces and centralized logic that enable automated provisioning and policy enforcement. Option E is wrong because modern controllers use secure communication channels such as HTTPS, SSH, or TLS, not Telnet (which is insecure and rarely used in controller architectures).

Exam trap

A frequent exam trap is selecting answers that imply controllers replace all network devices or that they are unrelated to automation. Some candidates mistakenly believe that controller-based networking removes the need for switches and routers, which is incorrect because these devices still perform actual packet forwarding. Others overlook the role of controllers in automation, ignoring that controllers expose northbound APIs specifically to enable external applications and automation tools to interact with the network.

Misunderstanding these points can lead to choosing incorrect options that overstate or understate the controller’s role.

Why the other options are wrong

C

This option is incorrect because controllers do not eliminate the need for switches and routers; these devices still perform the actual packet forwarding in the network.

D

This option is incorrect since controllers are highly relevant to automation, providing APIs and centralized control that enable automated network management workflows.

E

This option is incorrect because controller communication is not universally based on Telnet; modern controllers use secure protocols and APIs rather than relying solely on Telnet.

155
PBQhard

Which option performs the RESTCONF operations correctly?

Network Topology
G0/0192.168.1.1/30G0/0192.168.1.2/30linkR1R2

Hints

  • Check the YANG module path: ietf-interfaces vs Cisco-IOS-XE-native
  • Ensure the Accept header matches the data format (yang-data+json)
  • For PATCH, the Content-Type must be application/yang-data+json, not application/json
A.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/yang-data+json; then PATCH same URI with Content-Type: application/yang-data+json and body {"ietf-interfaces:interface":{"duplex":"full"}}; expect 204 No Content.
B.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/json; then PATCH same URI with Content-Type: application/json and body {"duplex":"full"}; expect 204 No Content.
C.GET /restconf/data/Cisco-IOS-XE-native:interface/GigabitEthernet0/0 with Accept: application/yang-data+json; then PATCH same URI with Content-Type: application/yang-data+json and body {"Cisco-IOS-XE-native:interface":{"duplex":"full"}}; expect 204 No Content.
D.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/yang-data+json; then PATCH same URI with Content-Type: application/yang-data+json and body {"duplex":"full"}; expect 200 OK.
AnswerA
solution
! R1
GET request URI: /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
GET headers: Accept: application/yang-data+json
PATCH request URI: /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
PATCH headers: Content-Type: application/yang-data+json
PATCH body: {"ietf-interfaces:interface": {"duplex": "full"}}

Why this answer

The correct base URI for RESTCONF is /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0. The Accept header must be application/yang-data+json. If the Content-Type header is incorrect (e.g., application/json), the router will return a 415 Unsupported Media Type error.

Using the wrong YANG module path, such as Cisco-IOS-XE-native:interface/GigabitEthernet0/0, will result in a 404 Not Found because the data model does not match. After a successful GET, the PATCH request must include the same URI with Content-Type: application/yang-data+json and a JSON body specifying "duplex": "full". The response should be a 204 No Content if successful.

Exam trap

Watch out for the required media type: RESTCONF uses application/yang-data+json, not generic application/json. Also, the YANG path must match the data model; for standard interface settings, use ietf-interfaces, not Cisco-IOS-XE-native. Finally, remember that a successful PATCH returns 204 No Content, not 200 OK.

Why the other options are wrong

B

The specific factual error is that RESTCONF requires the media type application/yang-data+json for YANG data, not generic application/json.

C

The specific factual error is that the duplex setting is defined in the ietf-interfaces YANG model, not in Cisco-IOS-XE-native. The URI path must match the data model.

D

The specific factual errors are: (1) The PATCH body must be structured as {"ietf-interfaces:interface":{"duplex":"full"}} to match the YANG data tree; (2) The success response for PATCH is 204 No Content, not 200 OK.

156
MCQeasy

Which data format is commonly used with REST APIs to represent objects, arrays, and key-value pairs?

A.JSON
B.STP
C.EIGRP
D.802.1Q
AnswerA

Correct. JSON is the API data format being described.

Why this answer

JSON is a common data-interchange format used in APIs and automation systems.

Exam trap

Avoid assuming older technologies like XML are still the most common choice for modern REST APIs.

Why the other options are wrong

B

STP (Spanning Tree Protocol) is a network protocol used for preventing loops in Ethernet networks, and it is not a data format used with REST APIs. Therefore, it does not represent objects, arrays, or key-value pairs.

C

EIGRP (Enhanced Interior Gateway Routing Protocol) is a routing protocol used for exchanging routing information within an autonomous system, not a data format for representing objects or key-value pairs in APIs.

D

802.1Q is a networking standard used for VLAN tagging in Ethernet frames, not a data format for representing objects or key-value pairs in APIs. It does not relate to REST API data representation.

157
Multi-Selectmedium

An engineer is comparing data serialization formats used by controllers and automation tools. Which two statements correctly describe JSON?

Select 2 answers
A.It represents data as key-value pairs and arrays
B.It is commonly used in REST API payloads
C.It requires closing tags like XML
D.It can only represent numeric values
AnswersA, B

Objects and arrays are core JSON structures.

Why this answer

Option A is correct because JSON structures data using key-value pairs (objects) and ordered lists (arrays), which are fundamental to its syntax. Option B is correct as JSON is the standard payload format for REST API requests and responses due to its lightweight nature and ease of parsing. Option C is incorrect because JSON does not use closing tags; instead, it relies on curly braces {} for objects and square brackets [] for arrays.

Option D is incorrect because JSON supports multiple data types beyond numeric values, including strings, booleans, null, arrays, and nested objects.

Exam trap

A frequent exam trap is assuming JSON requires closing tags similar to XML, which is incorrect. JSON uses braces and brackets to define objects and arrays without paired tags, so confusing these formats can lead to wrong answers. Another common mistake is believing JSON only supports numeric values, ignoring that it also supports strings, booleans, null, arrays, and nested objects.

Misunderstanding these details can cause candidates to incorrectly reject JSON as a serialization format in automation scenarios, especially when comparing it to XML or other data formats.

Why the other options are wrong

C

Option C is incorrect because JSON does not require closing tags like XML; it uses braces and brackets to delimit data structures, making this statement false.

D

Option D is incorrect as JSON supports a variety of data types beyond numeric values, including strings, booleans, arrays, objects, and null, so it is not limited to numbers.

158
Drag & Dropmedium

Drag and drop the following steps into the correct order to implement a basic network monitoring workflow using telemetry and streaming analytics on Cisco IOS-XE.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The workflow begins with collecting telemetry data from devices, then streams it to an analytics platform for processing. The data is visualized on dashboards for monitoring, and finally alerts are generated when predefined thresholds are exceeded to enable a response.

Exam trap

Students often reverse the order of streaming and monitoring; data must be streamed before it can be visualized.

159
Drag & Dropmedium

Drag and drop the following steps into the correct order to set up gRPC streaming telemetry subscription on a Cisco IOS-XE device.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct sequence starts by entering global configuration mode. Next, create a telemetry subscription because the subscription provides the sub-mode where the remaining elements are configured. Within the subscription, configure the receiver to specify the destination, protocol, and encoding.

Then, define the sensor path to select the YANG data nodes to be streamed. Finally, associate the sensor group to bind the sensor path to the subscription. While the order of configuring the receiver and defining the sensor path is flexible inside the subscription—neither depends on the other—the subscription itself must exist before any subcomponent.

Exam trap

A common mistake is trying to define a sensor path or associate a sensor group before the telemetry subscription has been created; the subscription must be established first to host those elements.

160
MCQmedium

An API call returns HTTP status code 401. What does that usually mean?

A.The resource was moved permanently
B.The request was successful but no content was returned
C.Authentication is required or the credentials are invalid
D.The server cannot parse JSON
AnswerC

401 points to an authentication problem.

Why this answer

A 401 response means the request lacks valid authentication credentials. The token may be missing, expired, or invalid.

Exam trap

A frequent exam trap is confusing the 401 Unauthorized status code with other HTTP errors such as 403 Forbidden or 400 Bad Request. Candidates might incorrectly assume a 401 means the server cannot parse the request or that the resource was moved, which are actually indicated by 400 and 301 status codes respectively. This misunderstanding leads to incorrect troubleshooting steps in automation scenarios.

Remember, 401 always points to missing or invalid authentication credentials, not to resource relocation or malformed requests.

Why the other options are wrong

A

Option A is incorrect because a 301 status code indicates that the requested resource has been moved permanently to a new URL, not an authentication issue. Confusing 301 with 401 can lead to misdiagnosing API errors.

B

Option B is incorrect since a 204 status code means the request was successful but no content was returned. It does not indicate any authentication problem, unlike 401 which specifically relates to authorization failures.

D

Option D is incorrect because a server's inability to parse JSON usually results in a 400 Bad Request error, not a 401 Unauthorized. The 401 code is strictly about authentication, not parsing or syntax errors.

161
Matchingmedium

Match each API or automation concept to the most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Credential-like value used to help control API access

Secure transport commonly used for API communication

Centralized management and policy platform

Application-facing interface used to communicate with the controller

Why these pairings

These pairings accurately describe common API and automation concepts.

Exam trap

Do not confuse API architectural styles (REST) with protocols (SOAP), automation mechanisms (webhooks), or networking architectures (SDN). Focus on the defining characteristics of each concept.

162
Drag & Dropmedium

Drag and drop the following steps into the correct order to sequence the actions an automation system performs when automating the remediation of a network configuration drift detected via NETCONF/YANG.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The automation system first detects the drift, then analyzes and plans remediation, executes the fix, and finally verifies the change.

Exam trap

This question tests your understanding of the logical sequence in automated remediation workflows. A common trap is to think that analysis or execution might come before detection, but detection is always the first step in any monitoring-based automation. Remember: you can't fix what you haven't detected.

163
MCQhard

Why might a controller return interface information as a JSON array instead of a single JSON object?

A.Because an array is the appropriate structure for an ordered list of multiple interface entries.
B.Because a JSON object cannot contain fields.
C.Because arrays are used only for IPv6 interfaces.
D.Because arrays eliminate the need for API authentication.
AnswerA

This is correct because arrays are used to represent lists of repeated items.

Why this answer

A controller might return interface information as a JSON array because there are multiple interface records to present as a list. In practical terms, an array is the correct structure when the response includes several similar items, such as multiple interfaces, routes, or VLANs. Each element in the array can then be its own object with fields like name, status, or IP address.

This is a data-structure recognition question. It is not about networking behavior directly, but about understanding how automation systems represent repeated information.

Exam trap

A frequent exam trap is believing that JSON objects cannot contain multiple fields or that arrays are only used for specific interface types like IPv6. This misunderstanding leads to incorrect assumptions about data representation in network automation. Candidates might also confuse data structure choices with unrelated concepts like API authentication, mistakenly thinking arrays affect security.

The trap lies in conflating the purpose of JSON arrays as a data structure for multiple similar items with other unrelated networking or security concepts. Understanding that arrays simply represent ordered lists of items, such as multiple interfaces, is crucial to avoid this confusion.

Why the other options are wrong

B

This option is incorrect because JSON objects do contain fields; they are collections of key-value pairs representing attributes of a single entity, so the claim that objects cannot contain fields is false.

C

This option is wrong because JSON arrays are a general data structure used for any list of items, not exclusively for IPv6 interfaces; interface type does not dictate JSON structure.

D

This option is incorrect because the choice of JSON data structure (array vs. object) does not affect API authentication or security; these are separate concerns unrelated to data formatting.

164
MCQmedium

A network automation script sends this HTTP request to a controller API: POST /api/v1/devices What does the POST method typically indicate in a RESTful API?

A.It retrieves an existing resource without changing it
B.It creates a new resource or submits data to be processed
C.It deletes the targeted resource permanently
D.It replaces the entire existing resource in an idempotent way
AnswerB

Correct. This is correct. POST commonly creates a new resource or submits data to the API for processing. In automation questions, that usually means the script is asking the controller to add something or perform an action using the payload it sends.

Why this answer

POST usually means the client is submitting information to create a new resource or asking the server to process the provided payload. In a controller-based networking context, that often means onboarding a device, creating an object, or starting a workflow. This question is testing method recognition rather than deep programming skill.

GET is commonly used for retrieval, DELETE for removal, and PUT for full replacement or update behavior that is typically idempotent. POST is different because repeating the same POST can create multiple objects or trigger repeated actions, depending on the API design. For CCNA purposes, the plain-English takeaway is simple: POST is generally associated with create-or-submit behavior, not read-only retrieval.

Exam trap

Remember that POST is for creating resources, not retrieving, deleting, or updating them.

Why the other options are wrong

A

Option A is incorrect because the POST method is not used for retrieving resources; instead, it is intended for creating new resources or submitting data for processing in a RESTful API context.

C

The POST method is used to create or submit data, not to delete resources. Option C incorrectly describes the function of the DELETE method in RESTful APIs, which is responsible for removing resources.

D

Option D is incorrect because the POST method is not idempotent and does not replace an existing resource; it is primarily used to create new resources or submit data.

165
PBQhard

You are connected to R1 (192.0.2.1/24). Use RESTCONF to query the operational state of GigabitEthernet0/0 using the ietf-interfaces YANG module. Then, send a PATCH request to disable the interface (set 'enabled' to false) using the Cisco-IOS-XE-native YANG module. Identify the error when a PATCH request is sent with the wrong Content-Type header (application/json instead of application/yang-data+json) and when the PATCH URI uses an incorrect YANG path (ietf-interfaces instead of Cisco-IOS-XE-native).

Hints

  • RESTCONF requires Content-Type: application/yang-data+json for write operations.
  • The ietf-interfaces module is read-only for operational state; use Cisco-IOS-XE-native for configuration changes.
  • Check the URI path: /restconf/data/ followed by the YANG module and container/leaf.
A.The PATCH request fails with a 415 Unsupported Media Type error because the Content-Type header must be application/yang-data+json, not application/json.
B.The PATCH request fails with a 404 Not Found error because the URI uses ietf-interfaces, which is a read-only module for operational state; the server cannot write to it.
C.The PATCH request succeeds but the interface is not disabled because the body must use 'shutdown' instead of 'enabled'.
D.The PATCH request fails with a 400 Bad Request error because the body must be XML, not JSON.
AnswerA
solution
! R1
GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 --header 'Accept: application/yang-data+json'
PATCH /restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/0 --header 'Content-Type: application/yang-data+json' -d '{"Cisco-IOS-XE-native:interface":{"GigabitEthernet":[{"name":"0/0","shutdown":true}]}}'

Why this answer

The correct GET request uses the ietf-interfaces YANG module path to retrieve interface state. For the PATCH, the Cisco-IOS-XE-native module is used because it supports writing native configuration (including shutdown). Sending PATCH with Content-Type: application/json is rejected because RESTCONF requires application/yang-data+json.

Using ietf-interfaces in the PATCH URI fails because that module is read-only for operational state; the server returns 404 or 405. The correct PATCH body sets 'shutdown' to true within the native interface container.

Exam trap

The trap is that candidates may focus on the YANG module path error (ietf-interfaces vs Cisco-IOS-XE-native) and miss that the question explicitly asks about the error when the Content-Type header is wrong. Always read the question carefully to identify the specific condition being tested.

Why the other options are wrong

B

The specific factual error is that the question asks about the error when the Content-Type header is wrong, not the URI path. The URI path error is a separate issue.

C

The specific factual error is that a wrong Content-Type header causes a rejection before any body parsing, so the request does not succeed.

D

The specific factual error is that RESTCONF does accept JSON; the issue is the exact media type string, not the format.

166
Matchingeasy

Match each data format or API term to its best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight structured data format often used in API responses

Data modeling language for network configuration and state

Architecture style that commonly uses HTTP methods such as GET and POST

Credential or value used to authorize API requests

Why these pairings

JSON, XML, and YAML are data formats; REST is an architectural style that commonly uses HTTP methods, while SOAP and gRPC are API protocols. Each has distinct characteristics: JSON is lightweight, XML is verbose, YAML is human-readable, REST uses HTTP verbs, SOAP is strict, and gRPC is high-performance.

Exam trap

The trap is confusing data formats with API protocols. Many candidates mistakenly think XML or JSON are protocols because they are used with REST/SOAP, but they are formats. Remember: formats describe data structure; protocols define communication rules.

167
PBQmedium

You are connected to R1 via the console. R1 is a Cisco ISR 4321 router running IOS-XE. The network manager wants to monitor interface utilization changes. Use RESTCONF to retrieve the operational state of GigabitEthernet0/0/0 on R1. The device has RESTCONF enabled with username 'admin' and password 'cisco'. The management IP is 192.168.1.1.

Hints

  • RESTCONF uses HTTPS on port 443 by default.
  • The interface name in the URI must be URL-encoded (e.g., '/' becomes '%2F').
  • Use the 'Accept' header to request JSON data.
A.curl -X GET -u admin:cisco https://192.168.1.1/restconf/data/ietf-interfaces:interfaces-state/interface=GigabitEthernet0%2F0%2F0
B.curl -X GET -u admin:cisco https://192.168.1.1/restconf/data/ietf-interfaces:interfaces/GigabitEthernet0/0/0
C.curl -X POST -u admin:cisco https://192.168.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0%2F0%2F0
D.curl -X GET -u admin:cisco https://192.168.1.1/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/GigabitEthernet0/0/0
AnswerA
solution
! R1
curl -k -X GET https://192.168.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0%2F0%2F0 -u admin:cisco -H "Accept: application/yang-data+json"

Why this answer

RESTCONF uses GET to retrieve data. To retrieve operational state (including interface counters), the path must lead to the `interfaces-state` container, not `interfaces`. The correct YANG data model for operational interface state is `ietf-interfaces:interfaces-state`, and the interface name must be URL-encoded to replace slashes with `%2F`.

Option C uses POST, which is wrong. Option B lacks URL encoding and uses the config container. Option D uses a Cisco-specific module and unencoded slashes, and is not the standard operational state path.

Exam trap

The most common mistake is using the `ietf-interfaces:interfaces` configuration container instead of the `ietf-interfaces:interfaces-state` operational state container, causing retrieval of the running configuration rather than live interface counters and utilization.

Why the other options are wrong

B

The request uses unencoded slashes in the interface name and the configuration container `interfaces`, not `interfaces-state`, so it will not retrieve operational state.

C

RESTCONF uses GET for retrieval; POST is used to create new resources or invoke operations, not to read operational data.

D

This uses a Cisco-IOS-XE-specific module and unencoded slashes, while the task expects the standard ietf-interfaces operational state path.

168
Matchingeasy

Match each basic automation term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Software interface used for communication

Structured data format

Secure transport for the communication

Credential-like value used to help control access

Why these pairings

An API is a software interface that allows applications to communicate by defining how requests and responses are handled. JSON is a structured data format using key-value pairs, making it easy for machines to parse and generate. HTTPS provides secure transport by encrypting HTTP traffic with TLS, ensuring data confidentiality and integrity.

A token acts as a credential-like value, often a bearer token, used to authenticate and authorize access to resources.

Exam trap

Be careful not to confuse JSON with a programming language or script; JSON is a data format, not executable code. Also, remember HTTPS is the secure transport, not the data payload, and a token is an access-control artifact, not the actual credential itself.

169
Matchingmedium

Match each term to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight data-interchange format

Data modeling language for structured configuration and state

Architectural style using HTTP methods such as GET and POST

Streaming operational data from devices to collectors

Why these pairings

These terms are correctly matched with their definitions in the context of network programmability and SDN.

Exam trap

Do not confuse northbound and southbound APIs: northbound is for applications, southbound is for devices. Also, avoid invented terms like eastbound or westbound for these roles.

170
Multi-Selectmedium

Which three statements accurately describe the role of Cisco's AI-powered security features (such as Cisco AI Network Analytics, Stealthwatch, or DNA Center's AI-Enhanced Analytics) in network security operations? (Choose three.)

Select 3 answers
.AI models can detect zero-day exploits by analyzing behavioral anomalies
.AI-powered systems can correlate logs from multiple sources to identify complex attack chains
.AI can automate the response to certain security incidents, such as blocking malicious IPs
.AI is only effective against known, signature-based threats
.AI eliminates the need for firewall rules and access control lists
.AI security models require no human oversight once deployed

Why this answer

Cisco's AI-powered security features detect zero-day exploits by analyzing behavioral anomalies and deviations from learned baselines, without relying on signatures. These systems correlate logs from multiple Cisco products (e.g., firewalls, endpoints, cloud) to uncover multi-step attack chains. AI can also automate responses such as blocking malicious IPs via Cisco security controls, reducing mean time to respond (MTTR).

However, AI complements but does not replace traditional security tools like firewall rules or ACLs, and it requires ongoing human oversight for validation and tuning.

Exam trap

Cisco often tests the misconception that AI is only for signature-based detection or that it fully replaces traditional security controls, when in reality AI complements existing tools and still requires human oversight.

171
MCQmedium

A network operations team is implementing an automated system to detect and remediate interface flapping on core switches. The system must be able to query the network device for interface status and execute commands to disable or reconfigure the interface if a pattern of flapping is detected. Which protocol or technology enables the system to programmatically interact with the network device for both monitoring and configuration changes?

A.SNMP
B.NETCONF
C.CLI scripting
D.Syslog
AnswerB

NETCONF is a network management protocol that provides mechanisms to install, manipulate, and delete configuration of network devices using structured XML, making it ideal for automated remediation tasks.

Why this answer

NETCONF is the correct choice because it is a standardized network configuration protocol that allows automated systems to retrieve operational data and push configuration changes securely. In this scenario, the system would use NETCONF to query interface status and then apply remediation configurations. SNMP can monitor but has limited configuration capabilities, CLI scripting is non-programmatic and error-prone, and Syslog is only for logging.

Exam trap

Many candidates confuse SNMP with configuration protocols, but SNMP is not designed for robust configuration management; NETCONF and RESTCONF are the modern programmatic interfaces emphasized in CCNA automation topics.

Why the other options are wrong

A

SNMP is limited to monitoring and basic sets, not suited for complex remediation workflows.

C

CLI scripting lacks structured programmability and is error-prone for automation.

D

Syslog is a logging protocol and cannot be used to push configuration changes.

172
PBQhard

You are connected to R1 via console. R1 is a Cisco ISR 4321 running IOS-XE 17.3. The initial configuration on R1 already includes the SNMPv2c community string 'CourseivaRO' with read-only access and a corresponding SNMPv2c trap host for 192.0.2.100 (these are already in place and do not need to be reconfigured). Your task is to add the following additional configurations: (a) [already configured] (b) Create an SNMPv3 user 'monitor' with SHA authentication and AES 128-bit encryption, using authentication password 'AuthPass123' and privacy password 'PrivPass456'; (c) Configure SNMP traps (linkUp, linkDown, authenticationFailure) to be sent to the NMS server at 192.0.2.100 using SNMPv3 with only authentication (no privacy). (d) Enable NetFlow on GigabitEthernet0/0/0, with flow export to collector 203.0.113.50 using UDP port 2055, NetFlow version 9, and set the source interface to Loopback0 (IP 10.0.0.1/32). Finally, verify your configuration with show snmp and show ip cache flow.

Network Topology
G0/0192.168.1.1/30192.0.2.100InternetR1NMS

Hints

  • The SNMPv3 user must be configured before the trap host for v3, and the user must reference the v3 group (use the community string as the group name).
  • NetFlow requires both global export parameters and interface-level ip flow ingress (or egress) command.
  • Use 'show run | section snmp' to verify SNMP configs and 'show run | include flow' for NetFlow.
A.snmp-server user monitor CourseivaRO v3 auth sha AuthPass123 priv aes 128 PrivPass456 snmp-server host 192.0.2.100 version 3 auth monitor interface GigabitEthernet0/0/0 ip flow ingress ip flow-export destination 203.0.113.50 2055 ip flow-export source Loopback0 ip flow-export version 9
B.snmp-server user monitor CourseivaRO v3 auth md5 AuthPass123 priv des56 PrivPass456 snmp-server host 192.0.2.100 version 3 priv monitor interface GigabitEthernet0/0/0 ip flow egress ip flow-export destination 203.0.113.50 2055 ip flow-export source Loopback0 ip flow-export version 5
C.snmp-server user monitor CourseivaRO v3 auth sha AuthPass123 priv aes 128 PrivPass456 snmp-server host 192.0.2.100 version 3 priv monitor interface GigabitEthernet0/0/0 ip flow ingress ip flow-export destination 203.0.113.50 2055 ip flow-export source Loopback0 ip flow-export version 9
D.snmp-server user monitor CourseivaRO v3 auth sha AuthPass123 priv aes 128 PrivPass456 snmp-server host 192.0.2.100 version 3 auth monitor interface GigabitEthernet0/0/0 ip flow ingress ip flow-export destination 203.0.113.50 2055 ip flow-export source Loopback0 ip flow-export version 5
AnswerA
solution
! R1
snmp-server user monitor CourseivaRO v3 auth sha AuthPass123 priv aes 128 PrivPass456
snmp-server host 192.0.2.100 version 3 auth monitor
ip flow-export destination 203.0.113.50 2055
ip flow-export source loopback0
ip flow-export version 9
interface GigabitEthernet0/0/0
ip flow ingress

Why this answer

Option A is correct because it uses the correct SNMPv3 user creation with SHA and AES 128, and the trap host command specifies 'auth' (authentication only) as required by the updated stem. Option B is wrong because it uses MD5/DES and egress flow, and version 5. Option C is wrong because it uses 'priv' for traps, which would include encryption – the stem requires only authentication.

Option D is wrong because it uses version 5 for NetFlow and B also uses incorrect auth/priv algorithms.

Exam trap

Pay close attention to the exact security level for traps: 'auth' means authentication only, while 'priv' includes encryption. Also, ensure NetFlow is enabled on the correct direction (ingress) and that the version is explicitly set to 9. Do not assume default values.

Why the other options are wrong

B

The specific factual errors: MD5 and DES are not the required algorithms; 'priv' level requires encryption but the question specifies 'auth' level; NetFlow egress is not the default and not requested; version 5 is not version 9.

C

The specific factual error: The trap host command specifies 'priv' security level, which requires the user to have a privacy password and sends encrypted traps, but the requirement is for 'auth' only.

D

The specific factual error: NetFlow version 5 is an older version that does not support templates and is not the required version 9.

173
PBQhard

You are connected to R1 via the console. R1 is a router acting as an NTP client to an external NTP server at 203.0.113.10. The NTP source interface must be Loopback0 (192.0.2.1/32). Additionally, configure R1 to send syslog messages of severity 'critical' and higher to a syslog server at 198.51.100.50. Currently, R1 shows 'Clock is unsynchronized, stratum 16'. Verify that NTP synchronizes and that only critical syslog messages are sent. The existing running configuration already has some NTP and syslog commands that need correction.

Network Topology
203.0.113.10198.51.100.50NetworkR1NTP ServerSyslog Server

Hints

  • The NTP source interface is not set; the router may be using an unreachable interface.
  • Check the logging trap level; it is currently set to 'debugging', which sends all messages.
  • Use 'ntp source' followed by the loopback interface name.
A.Configure 'ntp source Loopback0' and 'logging trap critical'
B.Configure 'ntp server 203.0.113.10 source Loopback0' and 'logging trap 2'
C.Configure 'ntp source Loopback0' and 'logging trap 7'
D.Configure 'ntp server 203.0.113.10' and 'logging host 198.51.100.50'
AnswerA
solution
! R1
ntp source Loopback0
logging trap critical

Why this answer

The NTP client was not synchronizing because the NTP source interface was not specified; the router uses the outgoing interface which may not be reachable or consistent. The 'ntp source Loopback0' command ensures NTP packets use a stable, routable IP address. For syslog, the logging trap was set to 'debugging', which sends all messages (severity 7).

The requirement is to send only 'critical' (severity 2) and higher. The command 'logging trap critical' changes the filter. After both fixes, 'show ntp status' should show synchronized, stratum <16, and 'show logging' should show 'level critical' for trap logging.

Exam trap

Be careful: NTP source interface is configured with a separate 'ntp source' command, not as a parameter of 'ntp server'. Also, remember syslog severity levels: lower numbers are more severe (0=emergency, 1=alert, 2=critical, 3=error, 4=warning, 5=notice, 6=informational, 7=debugging). 'logging trap critical' is equivalent to 'logging trap 2'.

Why the other options are wrong

B

The NTP command syntax is incorrect; 'ntp server' does not accept a 'source' parameter. The correct approach is a separate 'ntp source' command.

C

The logging trap level 7 corresponds to debugging, which is the most verbose level. The requirement is for critical (severity 2) and higher, so this would send too many messages.

D

The commands listed are already configured and do not fix the synchronization issue or the syslog filtering. The NTP source interface is missing, and the logging trap level is still debugging.

174
Multi-Selectmedium

Which two statements correctly describe a RESTful API used by network controllers? Choose two.

Select 2 answers
A.It commonly uses HTTP methods such as GET and POST
B.It requires SNMP traps for every successful request
C.It is typically stateless between client requests
D.It can only return XML, never JSON
AnswersA, C

That is a core part of REST-style APIs.

Why this answer

REST commonly uses HTTP methods such as GET, POST, PUT, PATCH, and DELETE. It is also stateless, which means each request includes the information needed for the server to process it.

Exam trap

Be careful not to confuse RESTful APIs with protocols that maintain state or require specific data formats like XML.

Why the other options are wrong

B

RESTful APIs do not require SNMP traps; they use HTTP methods for communication, and SNMP traps are unrelated to REST API operations.

D

RESTful APIs are format-agnostic and commonly support both XML and JSON, with JSON being the more prevalent format due to its lightweight nature. The statement that RESTful APIs can only return XML is incorrect.

175
Matchingmedium

Drag and drop the AI/ML concepts on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Identifies deviations from normal network behavior, such as sudden traffic spikes or unusual login attempts.

Uses historical data and machine learning to forecast future network events, such as capacity needs or potential failures.

Translates high-level business intent into automated network configurations and policies, ensuring continuous alignment.

Trains a model on labeled data to classify or predict outcomes, e.g., identifying known attack signatures.

Discovers hidden patterns or clusters in unlabeled data, e.g., grouping similar traffic flows.

Learns optimal actions through trial-and-error interactions with the network environment, e.g., dynamic routing adjustments.

Why these pairings

These pairs correctly match fundamental AI/ML concepts with their definitions, as commonly tested in Cisco/IT certifications.

Exam trap

Be careful not to confuse the hierarchy: AI is the broadest, then machine learning, then deep learning. Also, avoid literal interpretations of 'neural' as mimicking the brain.

176
Matchingmedium

Match each JSON term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Field name

Content associated with a field

Group of key-value pairs

Ordered list of items

Why these pairings

JSON terms: Object is a collection of key/value pairs; Array is an ordered list; Key is the name; Value is the data; String is text in quotes; Boolean is true/false.

Exam trap

The trap is that candidates may misremember the definitions of JSON data types, especially confusing objects with arrays because both can contain multiple values. Remember: objects use curly braces and have named keys; arrays use square brackets and are ordered lists.

177
PBQhard

You are connected to R1, a router that must send SNMP traps to a management server at 203.0.113.10 and export NetFlow data to a collector at 203.0.113.20. Currently, SNMPv2c traps are not being sent, and SNMPv3 is not configured for read-only access with authentication and privacy. Additionally, NetFlow export is missing the destination and version configuration. Configure the necessary commands on R1 to enable SNMPv2c traps (community string 'public'), configure SNMPv3 user 'admin' with SHA authentication and AES 128 encryption (password 'cisco123' for both auth and priv), and set NetFlow export to version 9.

Network Topology
G0/0203.0.113.1/24203.0.113.10linkR1Management Server

Hints

  • Use the 'snmp-server host' command to specify the trap destination and community.
  • For SNMPv3, you must first create a group with the appropriate security level before creating the user.
  • NetFlow export version is configured globally with 'ip flow-export version'.
A.snmp-server host 203.0.113.10 traps version 2c public snmp-server group MyGroup v3 priv snmp-server user admin MyGroup v3 auth sha cisco123 priv aes 128 cisco123 ip flow-export version 9
B.snmp-server host 203.0.113.10 traps version 2c public snmp-server group MyGroup v3 auth snmp-server user admin MyGroup v3 auth sha cisco123 priv aes 128 cisco123 ip flow-export version 9
C.snmp-server host 203.0.113.10 traps version 2c public snmp-server user admin v3 auth sha cisco123 priv aes 128 cisco123 ip flow-export version 9
D.snmp-server host 203.0.113.10 traps version 2c public snmp-server group MyGroup v3 priv snmp-server user admin MyGroup v3 auth sha cisco123 priv aes 128 cisco123 ip flow-export destination 203.0.113.20 2055
AnswerA
solution
! R1
snmp-server host 203.0.113.10 traps version 2c public
snmp-server group MyGroup v3 priv
snmp-server user admin MyGroup v3 auth sha cisco123 priv aes 128 cisco123
ip flow-export version 9

Why this answer

The configuration is missing SNMPv3 user setup, trap destination, and NetFlow export version. First, enable SNMPv2c traps with `snmp-server host 203.0.113.10 traps version 2c public`. Then, configure SNMPv3 user with `snmp-server user admin MyGroup v3 auth sha cisco123 priv aes 128 cisco123` after creating a group with `snmp-server group MyGroup v3 priv`.

For NetFlow, set the export version with `ip flow-export version 9`. Finally, verify with `show snmp` to see trap host and v3 user, and `show ip cache flow` to confirm export configuration.

Exam trap

Watch out for the SNMPv3 group keyword: 'priv' is required when using encryption (AES 128), not just 'auth'. Also, remember that the 'snmp-server user' command requires a group name. For NetFlow, the version is set with 'ip flow-export version 9', not 'ip flow-export destination'.

Why the other options are wrong

B

The group keyword 'auth' only enables authentication, not encryption. AES 128 requires the 'priv' keyword.

C

The 'snmp-server user' command requires a group name. Omitting the group will result in an error or incomplete configuration.

D

The command 'ip flow-export destination' sets the collector IP and port, not the export version. The version is set with 'ip flow-export version 9'.

178
MCQhard

Why might an automation script prefer a token-based API session over repeatedly prompting a human operator for credentials?

A.Because tokens support controlled repeated API access in a way that is practical for automation workflows.
B.Because tokens eliminate the need for any security controls.
C.Because tokens automatically create VLANs on the switch.
D.Because tokens replace all routing protocols.
AnswerA

This is correct because token-based access fits repeated software-driven interaction well.

Why this answer

Token-based API sessions allow scripts to make repeated, programmatic requests without requiring a human to re-enter credentials each time. This makes them more practical for automation workflows than constant interactive prompts. Options B, C, and D are incorrect: tokens do not eliminate the need for security controls (they still require proper management like expiration and revocation); they have nothing to do with VLAN creation; and they do not replace routing protocols—tokens are strictly used for authentication and authorization in API interactions.

Exam trap

Avoid assuming that token-based sessions eliminate authentication or are inherently more secure.

Why the other options are wrong

B

Tokens do not eliminate security controls; they still require mechanisms like expiration, revocation, and secure storage.

C

Tokens are unrelated to VLAN creation; VLANs are configured via switch CLI or network management protocols, not API tokens.

D

Tokens do not replace routing protocols; routing protocols handle packet forwarding, while tokens handle API access authentication.

179
Multi-Selectmedium

Which TWO statements correctly describe NTP stratum levels and syslog severity levels in a Cisco IOS-XE environment?

Select 2 answers
A.An NTP stratum value of 1 indicates a higher accuracy than a stratum value of 3.
B.A syslog severity level of 5 (notice) is more severe than a level of 4 (warning).
C.The 'ntp server' command under global configuration configures the device as an NTP client.
D.Syslog severity level 0 (emergency) indicates a normal operational message.
E.NTP stratum 0 is assigned to devices that are directly connected to an authoritative time source.
AnswersA, C

Stratum 1 is directly synchronized to a stratum 0 reference clock (like GPS), while stratum 3 is two hops away, making stratum 1 more accurate.

Why this answer

Option A is correct because a lower NTP stratum number indicates higher accuracy; stratum 1 is directly synchronized to a precise reference clock (e.g., GPS) and is thus more accurate than stratum 3, which is two hops away. Option C is correct because the 'ntp server' command configures a device to synchronize its clock to a specified NTP server, making it an NTP client. Option B is incorrect: syslog severity level 4 (warning) is more severe than level 5 (notice) because lower severity numbers indicate higher severity.

Option D is incorrect: severity level 0 (emergency) is the most severe level, indicating a system-wide critical event, not a normal operational message. Option E is incorrect: NTP stratum 0 is assigned to an authoritative time source itself (e.g., atomic clock), not to devices directly connected to it; devices connected to stratum 0 sources are stratum 1.

Exam trap

Candidates often mistakenly equate lower syslog severity numbers with lower importance, not realizing that a smaller number means a higher severity; similarly, they may think higher NTP stratum numbers mean higher accuracy.

Why the other options are wrong

B

Syslog severity levels use inverse numbering: level 4 (warning) is more severe than level 5 (notice), so the statement is false.

D

Syslog level 0 (emergency) is the highest severity, indicating a catastrophic system failure, not a normal operational message.

E

NTP stratum 0 is the reference clock itself; devices synchronized directly to it are stratum 1, not stratum 0.

180
Multi-Selectmedium

Which three statements accurately describe the role of AI in software-defined networking (SDN) and intent-based networking (IBN)? (Choose three.)

Select 3 answers
.AI can analyze network state and suggest or enforce configuration changes to meet defined business intent
.IBN systems may use AI to verify that the current network state matches the desired intent
.AI can assist in translating high-level business policies into low-level device configurations
.SDN controllers replace AI for all decision-making, making AI unnecessary in IBN
.AI in SDN is only used for traffic engineering, not for security or compliance
.Intent-based networking eliminates the need for any monitoring or feedback loops

Why this answer

AI enhances SDN and IBN by analyzing network state to suggest or enforce configuration changes that align with business intent, verifying that the current state matches the desired intent, and translating high-level policies into low-level device configurations. These capabilities enable automation, continuous validation, and policy-driven operations. The incorrect options are wrong because: (1) SDN controllers do not replace AI; AI can augment decision-making beyond basic controller logic. (2) AI in SDN is used for security, compliance, and many other areas, not just traffic engineering. (3) Intent-based networking relies on monitoring and feedback loops to maintain alignment with intent; it does not eliminate them.

Exam trap

Cisco often tests the misconception that SDN and IBN are purely rule-based or that AI replaces existing control mechanisms, when in fact AI augments them for dynamic, intent-driven operations.

Why the other options are wrong

A

SDN controllers do not replace AI; AI can augment control and decision-making, making this statement false.

B

AI in SDN applies to security, compliance, and analytics, not only traffic engineering, so this statement is incorrect.

C

Intent-based networking requires continuous monitoring and feedback loops to ensure match with intent, so this statement is false.

181
PBQhard

You are connected to the console of R1, a Cisco IOS-XE router. The network operations team needs to automate the backup of the running configuration to a TFTP server using a Python netmiko script. However, the script is failing. Your task is to write the correct netmiko commands to connect to R1 and save the configuration to the TFTP server at 192.168.1.100.

Network Topology
G0/0192.168.1.1/24192.168.1.100/24linkR1TFTP Server

Hints

  • Netmiko uses 'send_command' to send CLI commands.
  • The command to backup is 'copy running-config tftp://<server-ip>/<filename>'.
  • Ensure the TFTP server is reachable from R1.
A.from netmiko import ConnectHandler connection = ConnectHandler(device_type='cisco_ios', ip='192.168.1.1', username='admin', password='cisco') connection.send_command('copy running-config tftp://192.168.1.100/r1-config', expect_string=r'\[confirm\]') connection.send_command('\n') connection.disconnect()
B.from netmiko import ConnectHandler connection = ConnectHandler(device_type='cisco_ios', ip='192.168.1.1', username='admin', password='cisco') connection.send_command('copy running-config tftp://192.168.1.100/r1-config') connection.disconnect()
C.from netmiko import ConnectHandler connection = ConnectHandler(device_type='cisco_ios', ip='192.168.1.1', username='admin', password='cisco') connection.send_command('copy running-config tftp://192.168.1.100/r1-config', expect_string=r'#')
D.from netmiko import ConnectHandler connection = ConnectHandler(device_type='cisco_ios', ip='192.168.1.1', username='admin', password='cisco') connection.send_command('copy running-config tftp://192.168.1.100/r1-config\n') connection.disconnect()
AnswerA
solution
! R1
copy running-config tftp://192.168.1.100/r1-config

Why this answer

The 'copy running-config tftp://...' command in Cisco IOS prompts with '[confirm]'. To handle this interactively in netmiko, the expect_string must use a regular expression that matches the literal characters '[' and ']', which requires escaping them as '\[' and '\]'. The corrected script uses r'\[confirm\]' and then sends a newline to confirm, ensuring the backup completes.

Options B and D fail to expect the prompt, and C uses an incorrect prompt match (expect_string=r'#' would only wait for the privileged EXEC prompt, missing the confirmation).

Exam trap

The key trap is that the 'copy' command in Cisco IOS is interactive even when the full destination is specified. Candidates often forget to handle the '[confirm]' prompt, assuming the command completes silently. Always test scripts interactively first to identify prompts.

Why the other options are wrong

B

The specific factual error is that the 'copy' command in Cisco IOS requires a confirmation (pressing Enter) when the destination filename is provided. The script must send an additional newline to complete the operation.

C

The specific factual error is that the 'copy' command generates an intermediate prompt ('[confirm]') before returning to the router prompt. The script should wait for that intermediate prompt, not the final prompt.

D

The specific factual error is that including a newline in the command string does not simulate an interactive response to a subsequent prompt. The script must send the newline separately after the command is issued.

182
Drag & Dropmedium

Drag and drop the following steps into the correct order to retrieve the current OSPF configuration via RESTCONF and apply a change to the OSPF process ID on a Cisco IOS-XE device.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, send a GET request to retrieve the current OSPF configuration. Then parse the JSON/XML payload to identify the OSPF process ID. Next, modify the OSPF process ID in the payload.

Finally, send a PUT or PATCH request to apply the change.

Exam trap

Do not assume that modification or update is the first step. RESTCONF operations require a read-modify-write sequence. Always start with a GET to retrieve the current configuration.

183
Multi-Selecteasy

Which two statements correctly describe JSON?

Select 2 answers
A.It commonly represents data as key-value pairs
B.It is often used in REST API payloads
C.It requires angle-bracket tags around every field
D.It is a routing protocol used by controllers
E.It can only carry integer values
AnswersA, B

That is a core JSON pattern.

Why this answer

JSON is a lightweight data-interchange format commonly used in APIs. It represents data using key-value pairs and arrays. It is not the same as XML, which uses angle-bracket tags.

JSON is not a routing protocol. JSON can carry various data types including strings, numbers, booleans, arrays, objects, and null, not only integers.

Exam trap

A common exam trap is mistaking JSON for XML or a routing protocol. Some candidates incorrectly believe JSON requires angle-bracket tags around fields, which is actually an XML characteristic. Others confuse JSON with routing protocols used by controllers, which it is not.

JSON is solely a data format for representing structured data, primarily using key-value pairs and arrays. Misunderstanding this can lead to selecting incorrect answers that describe XML or routing protocols instead of JSON’s actual function in network automation and programmability.

Why the other options are wrong

C

Option C is incorrect because JSON does not use angle-bracket tags; that syntax belongs to XML. Confusing JSON with XML is a common mistake but not accurate for this question.

D

Option D is incorrect as JSON is not a routing protocol. It is a data format used for representing information, not for routing or control plane functions in networks.

E

Option E is incorrect because JSON can carry various data types beyond integers, including strings, booleans, arrays, objects, and null values. Limiting JSON to integers is a misunderstanding.

184
Matchingmedium

Match each automation-related data term to the most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A lightweight structured data format

An ordered list of values or objects

A name used to identify a field in structured data

A data modeling language used to describe network information

Why these pairings

JSON is a lightweight data-interchange format that uses human-readable text to store and transmit data objects. An array in structured data is an ordered collection of items, indexed by integers. A key is a unique identifier used to map to a value in a key-value pair, such as in JSON objects.

YANG is specifically a data modeling language designed for defining configuration and state data for network devices, often used with NETCONF/RESTCONF.

Exam trap

A common mistake is confusing YANG with a data format like JSON or XML, when actually YANG is a modeling language that defines the structure and constraints for data, which is then serialized into formats like JSON or XML.

185
Drag & Dropmedium

Drag and drop the following steps into the correct order to retrieve a specific interface configuration via RESTCONF and apply a change to the interface description.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

Retrieve the current interface config, parse it, modify the description, apply the update, and verify the change.

Exam trap

The trap is that all steps are valid actions, but the question asks for the correct order. Candidates must recognize that retrieval (GET) must come before modification (PUT), and verification (another GET) comes after the update.

186
Multi-Selectmedium

Which three options correctly describe how AI can optimize network performance and quality of service (QoS)? (Choose three.)

Select 3 answers
.Predicting traffic congestion and proactively rerouting flows to avoid bottlenecks
.Automatically adjusting QoS queue weights based on learned application traffic patterns
.Identifying and prioritizing latency-sensitive applications such as VoIP and video conferencing
.Replacing all hardware switches with software-based AI routers to eliminate latency
.Guaranteeing line-rate throughput on all interfaces regardless of traffic load
.Eliminating packet loss entirely by using AI to predict every transmission failure

Why this answer

AI optimizes network performance and QoS by analyzing traffic patterns and making real-time adjustments. Predicting congestion and rerouting flows prevents packet loss and delays. Automatically adjusting queue weights ensures bandwidth is allocated based on learned application needs.

Identifying and prioritizing latency-sensitive traffic like VoIP ensures low jitter and delay, meeting QoS requirements. The incorrect options are unrealistic: replacing all hardware switches with software-based AI routers cannot eliminate latency because hardware still provides fast forwarding; AI cannot guarantee line-rate throughput on all interfaces regardless of traffic load because bandwidth is limited; and AI cannot entirely eliminate packet loss by predicting every transmission failure because physical and unpredictable errors still occur.

Exam trap

Cisco often tests the misconception that AI only applies to security or automation, not to QoS, but here all three options are valid, so candidates must recognize that AI can directly enhance traffic engineering and queue management.

187
MCQhard

Why is idempotency valuable in network automation?

A.It guarantees every API call will use TCP instead of UDP.
B.It ensures repeated runs converge on the same desired state safely.
C.It encrypts device credentials stored in scripts.
D.It forces the controller to use only one management protocol.
AnswerB

Correct. That property reduces drift and repeated-change problems.

Why this answer

Idempotent operations can be applied repeatedly without causing unintended changes once the desired state is already present.

Exam trap

Avoid confusing idempotency with concepts like redundancy or performance enhancements. Focus on its role in maintaining consistent configurations.

Why the other options are wrong

A

This option is incorrect because idempotency does not relate to the transport layer protocols like TCP or UDP; it focuses on the behavior of operations in terms of repeated execution leading to the same outcome.

C

Option C is incorrect because idempotency does not relate to the encryption of device credentials; it refers to the property of operations that can be applied multiple times without changing the result beyond the initial application.

D

Option D is incorrect because idempotency does not dictate the use of a single management protocol; rather, it refers to the property of operations yielding the same result regardless of how many times they are executed.

188
Multi-Selectmedium

Which three options describe common applications of AI/ML in network telemetry and monitoring? (Choose three.)

Select 3 answers
.Baseline profiling to detect unusual traffic patterns that may indicate an attack
.Dynamic threshold tuning based on learned normal behavior to reduce false positives
.Automated root cause analysis by correlating events across multiple network devices
.Directly rewriting routing tables in OSPF without any protocol interaction
.Replacing SNMP with AI-generated proprietary agents on every device
.Eliminating the need for network logs by using only synthetic data

Why this answer

Baseline profiling (correct) uses machine learning to learn normal traffic patterns and detect anomalies like attacks. Dynamic threshold tuning (correct) leverages learned behavior to adjust thresholds automatically, reducing false positives. Automated root cause analysis (correct) correlates events across devices using AI to identify the source of issues.

Directly rewriting routing tables in OSPF (wrong) is not an AI/ML application—OSPF has its own protocol mechanisms, and AI would not bypass them without integration. Replacing SNMP with AI-generated proprietary agents (wrong) is impractical and unnecessary; AI enhances rather than replaces standard protocols. Eliminating network logs with synthetic data (wrong) contradicts monitoring needs; logs remain essential for audit and analysis, and AI uses real data for training.

Exam trap

Cisco often tests the distinction between AI/ML applications that *augment* existing network operations (like anomaly detection and threshold tuning) versus options that propose unrealistic or protocol-breaking changes (like directly modifying OSPF tables or replacing SNMP), so candidates must recognize that AI/ML works *with* standard protocols, not against them.

189
Matchingmedium

Match each JSON concept to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A set of key-value pairs enclosed in braces

An ordered list enclosed in square brackets

The name that identifies a field

The content associated with a key

Why these pairings

These pairings match fundamental JSON concepts with their correct definitions as per the JSON specification.

Exam trap

Be careful not to confuse JSON with XML or other data formats. JSON uses key-value pairs and does not use tags. Also, remember that JSON is text-based, not binary, and it is a data format, not a query language.

190
MCQmedium

A controller API returns this data: { "device": { "hostname": "Dist-1", "interfaces": [ {"name": "Gig0/0", "status": "up"}, {"name": "Gig0/1", "status": "down"} ] } } Which statement is correct?

A.The response is XML because it contains nested elements
B.The interfaces field is an array of objects
C.The hostname field is a list
D.The format shown is YAML
AnswerB

Correct. This is correct. The interfaces field is enclosed in square brackets, which in JSON means an array. Each item inside the array is an object containing keys such as name and status.

Why this answer

The interfaces field is an array of objects. The giveaway is the square brackets around the interface entries. In JSON, square brackets represent an array, and braces represent an object.

Each interface entry inside that array has key-value pairs such as name and status, which makes each entry its own object. In plain language, the controller is returning a list of interface records for one device. The hostname field, by contrast, is a single value.

This style of question appears in automation topics because the exam wants you to recognize common data structures used in controller APIs without requiring deep programming expertise. Understanding the difference between an object and an array is usually enough.

Exam trap

Be careful not to confuse JSON arrays with objects or strings. Pay attention to the brackets and braces used.

Why the other options are wrong

A

This option is wrong because the response is in JSON format, not XML. JSON uses curly braces and key-value pairs, while XML uses tags to define elements.

C

The hostname field is a string, not a list, as it contains a single value ('Dist-1') and does not represent multiple items or entries.

D

This option is wrong because the format shown in the response is JSON, not YAML. YAML uses indentation and a different syntax for data representation, which is not present here.

191
Multi-Selecteasy

A developer is interacting with a REST API exposed by a network controller. Which two statements correctly describe common REST behavior?

Select 2 answers
A.GET is commonly used to retrieve resource data
B.POST always replaces an existing resource completely
C.JSON is a common data format used in REST APIs
D.REST requires SNMP as the transport mechanism
AnswersA, C

GET requests are typically read operations.

Why this answer

REST APIs commonly use HTTP methods such as GET, POST, PUT, and DELETE, and JSON is one of the most common payload formats.

Exam trap

A common exam trap is assuming that POST always replaces an existing resource completely, which is incorrect. In REST API design, POST is typically used to create new resources or trigger server-side processing, whereas PUT is the method that fully replaces an existing resource. Confusing these two can lead to incorrect assumptions about how network controllers handle configuration changes or data updates.

This misunderstanding may cause candidates to select POST as the answer for resource replacement questions, which is a frequent mistake in Cisco automation and programmability topics.

Why the other options are wrong

B

Option B is incorrect because POST does not always replace an existing resource completely; it usually creates new resources or triggers processing. PUT is the method associated with full resource replacement.

D

Option D is incorrect because REST APIs do not require SNMP as the transport mechanism; they typically use HTTP or HTTPS protocols for communication.

192
Drag & Dropmedium

Drag and drop the following steps into the correct order to troubleshoot an end-to-end connectivity issue using a bottom-up approach.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct troubleshooting order follows the OSI model bottom-up: start with physical connectivity (A), then verify Layer 3 addressing (B), use diagnostic tools (C) to isolate the failure, and finally implement the solution and verify restoration (D). Skipping layers can lead to misdiagnosis.

Exam trap

A common mistake is to begin with tools like ping before confirming physical and IP configuration; always validate lower layers first.

193
Multi-Selectmedium

Which TWO statements accurately describe how AI/ML concepts are applied to network operations in modern enterprise networks?

Select 2 answers
A.Supervised machine learning models can be used to classify network traffic into predefined categories, such as identifying whether traffic is voice, video, or data.
B.Anomaly detection algorithms, often based on unsupervised learning, can identify unusual network behavior that may indicate a security threat or device malfunction.
C.Reinforcement learning is primarily used to automatically classify email traffic as spam or not spam based on a labeled dataset.
D.Clustering algorithms, a type of unsupervised learning, are used to predict the exact bandwidth usage of a specific application over the next hour.
E.Predictive analytics in network operations relies solely on static thresholds defined by network administrators to forecast potential failures.
AnswersA, B

Supervised learning trains on labeled data to classify new traffic, enabling accurate identification of application types for QoS or security policies.

Why this answer

Option A is correct because supervised learning uses labeled data to classify traffic (e.g., voice, video, data). Option B is correct because anomaly detection often uses unsupervised learning to identify deviations from normal behavior. Option C is wrong because reinforcement learning is not used for spam classification; that task uses supervised learning.

Option D is wrong because clustering groups data but cannot predict exact bandwidth usage; prediction requires regression models. Option E is wrong because predictive analytics in network operations leverages machine learning models, not solely static thresholds defined by administrators.

Exam trap

Cisco often tests the distinction between supervised and unsupervised learning by pairing a correct application (e.g., anomaly detection) with a plausible but incorrect application (e.g., clustering for exact prediction), so candidates must remember that clustering groups data without predicting specific values.

Why the other options are wrong

C

This is incorrect because spam classification is a supervised learning problem, not a reinforcement learning one.

D

This is incorrect because clustering groups data, it doesn't forecast numeric values like bandwidth usage.

E

This is incorrect because predictive analytics typically involves dynamic ML models, not just static thresholds.

194
MCQmedium

Which HTTP method is typically used to retrieve data from a REST API without modifying the resource?

A.POST
B.PUT
C.GET
D.DELETE
AnswerC

Correct. GET retrieves a resource representation.

Why this answer

GET requests are used to retrieve resource information. They are intended for read operations rather than creation, replacement, or deletion.

Exam trap

A common exam trap is confusing the GET method with POST or PUT because all involve interacting with REST API resources. Candidates might incorrectly select POST or PUT, thinking they retrieve data, but POST is primarily for creating resources and PUT for updating them. GET is unique because it only retrieves data without changing the resource.

Misunderstanding this can lead to selecting an incorrect method that modifies the network device state, which is not the intent of the question. Remember, GET is the only method designed to safely fetch data without side effects.

Why the other options are wrong

A

POST is incorrect because it is used to create new resources or submit data that modifies the server state, not for retrieving existing data. Selecting POST would imply changing the resource, which contradicts the question's requirement for a non-modifying method.

B

PUT is incorrect as it replaces or updates an existing resource entirely. It modifies the resource state, which is not the intended action when simply retrieving data from a REST API.

D

DELETE is incorrect because it removes a resource from the server. Using DELETE would modify the resource by deleting it, which is the opposite of the question's intent to retrieve data without modification.

195
Multi-Selectmedium

Which four of the following correctly describe how AI/ML techniques can improve network operations in a modern enterprise? (Choose all that apply.)

Select 4 answers
.AI models can analyze historical traffic data to predict future bandwidth congestion
.Natural language processing (NLP) can be used to automate responses to helpdesk tickets based on intent
.Reinforcement learning can adjust firewall rules dynamically in response to evolving attack patterns
.Unsupervised learning can identify unknown device types on the network by clustering behavior patterns
.AI eliminates the need for baseline performance metrics because it learns in real-time
.ML models always require labeled training data to be effective in network operations

Why this answer

Options A, B, C, and D are correct. AI models can predict bandwidth congestion by analyzing historical traffic data, enabling proactive capacity planning. Natural language processing (NLP) automates helpdesk ticket responses by interpreting user intent, reducing manual effort.

Reinforcement learning can dynamically adjust firewall rules in response to evolving attack patterns, improving threat response without human intervention. Unsupervised learning can cluster behavior patterns to identify unknown device types on the network. Option E ("AI eliminates the need for baseline performance metrics because it learns in real-time") is incorrect because even AI/ML models require baseline metrics to establish normal behavior and detect anomalies; real-time learning does not remove the need for baselines.

Option F ("ML models always require labeled training data to be effective in network operations") is incorrect because many ML techniques, such as unsupervised learning (as shown in option D), operate effectively on unlabeled data by discovering patterns and clusters without predefined labels.

Exam trap

Cisco often tests the breadth of AI/ML applications in network operations, and the trap here is that candidates might dismiss reinforcement learning as too advanced or theoretical, but it is a valid technique for dynamic policy adjustment in modern intent-based networking (IBN) systems.

196
MCQhard

In a controller-based design, which statement best describes a northbound API?

A.An application-facing API used by external software to communicate with the controller
B.A cable type used between controller clusters
C.The link-state protocol the controller uses to reach switches
D.A mechanism that removes the need for authentication
AnswerA

This is correct because northbound APIs are intended for communication from applications and orchestration systems into the controller.

Why this answer

A northbound API is the interface exposed by the controller to external applications, orchestration systems, dashboards, or automation tools. In plain language, it is the way software above the controller communicates with the controller so that it can request data, apply policy, or trigger changes. This is different from the southbound side, where the controller interacts with the underlying infrastructure devices.

This concept appears often in automation topics because it helps define where the controller sits in the larger architecture. A northbound API is not a physical cable, and it does not replace security controls. It is an application-facing software interface, which is exactly what the correct answer should capture.

Exam trap

A frequent exam trap is mistaking the northbound API for a physical cable or a routing protocol. Some candidates incorrectly associate 'northbound' with physical connections between controllers or with link-state protocols, which is incorrect. Northbound APIs are purely logical interfaces used by applications to communicate with the controller, not hardware or routing mechanisms.

Another trap is assuming northbound APIs bypass security controls; in reality, these APIs require proper authentication and authorization. Misunderstanding these points can lead to selecting incorrect answers that describe physical or protocol-related concepts rather than software interfaces.

Why the other options are wrong

B

This option incorrectly describes a northbound API as a cable type, which is a physical concept unrelated to the logical API direction in controller architectures.

C

This option confuses northbound APIs with routing protocols like link-state protocols, which are unrelated to the software interface role of northbound APIs.

D

This option falsely claims that northbound APIs remove the need for authentication, ignoring that security controls remain essential for API access.

197
PBQhard

You are connected to R1, a Cisco IOS-XE router. Configure SNMP v2c with read-only community 'NetOpsRO' and SNMP v3 with user 'AdminUser' using SHA authentication (password: AuthPass1) and AES-128 encryption (password: PrivPass2). Also enable SNMP traps to the NMS at 192.0.2.10 with community 'TrapComm'. Additionally, configure NetFlow export to 192.0.2.20 using version 9, and ensure the flow exporter is applied to GigabitEthernet0/0. Verify your configuration using 'show snmp' and 'show ip cache flow'.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • SNMPv3 requires both a group and a user; the group defines the security level (auth/priv).
  • NetFlow export requires a flow exporter and a flow monitor applied to the interface.
  • Use 'snmp-server enable traps' without specific traps to enable all supported traps.
A.snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! flow monitor FLOW-MONITOR exporter EXPORTER record netflow ipv4 original-input ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input
B.snmp-server community NetOpsRO ro snmp-server user AdminUser v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow export EXPORTER
C.snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 version 2c TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input
D.snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input flow monitor FLOW-MONITOR exporter EXPORTER
AnswerA
solution
! R1
snmp-server group AdminGroup v3 priv
snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2
snmp-server enable traps
flow exporter EXPORTER
 destination 192.0.2.20
 transport udp 9996
 template data timeout 60
 exit
flow monitor FLOW-MONITOR
 exporter EXPORTER
 record netflow ipv4 original-input
 exit
interface GigabitEthernet0/0
 ip flow monitor FLOW-MONITOR input
 exit

Why this answer

Option A is the only complete configuration. It defines the SNMPv3 group and user, enables traps, sets up the flow exporter, and crucially defines a flow monitor globally before applying it to the interface. Without the global `flow monitor` definition, the `ip flow monitor ... input` command on the interface would be rejected.

Option B omits the SNMP group and uses the deprecated `ip flow export` instead of the modern flow monitor method. Option C is missing the flow monitor definition, and its `snmp-server host` version syntax is unnecessary but not harmful; the real flaw is the absent monitor. Option D attempts to add the flow monitor but incorrectly places the global definition commands inside the interface configuration, which would cause a syntax error.

Exam trap

The most common oversight is forgetting to define the flow monitor globally; without it, the `ip flow monitor` command on the interface will fail. Also, learners sometimes mistakenly use the deprecated `ip flow export` command instead of the modern flow monitor approach.

Why the other options are wrong

B

Missing the required SNMPv3 group and relies on the deprecated interface command 'ip flow export' instead of the modern flow monitor method.

C

Lacks the required global flow monitor definition block; the 'ip flow monitor' command on the interface refers to a nonexistent monitor.

D

Places the flow monitor definition commands inside the interface configuration context, where they would be rejected as invalid.

198
PBQhard

You are connected to R1 via console. The NTP server 198.51.100.10 is already configured on R1, but R1 is not synchronizing because the NTP packets are sourced from the wrong interface. Configure R1 to source NTP packets from its loopback0 interface (IP 10.0.0.1/32). Additionally, configure syslog logging to the remote server 203.0.113.5, ensuring that only messages at severity 'notifications' (level 5) and above are sent. The current configuration shows that syslog is sending all messages (including debug-level) to the server, wasting bandwidth. Fix both issues.

Network Topology
G0/0:192.0.2.2/30linkG0/0:192.0.2.2/30R2R1NTP server

Hints

  • NTP packets must have a consistent source IP that the server can reach; check the source interface.
  • The 'logging trap' command controls which severity levels are sent to the syslog server.
  • Use 'show ntp status' and 'show ntp associations' to confirm synchronization; use 'show logging' to verify the trap level.
A.Configure 'ntp source Loopback0' and 'logging trap notifications'.
B.Configure 'ntp server 198.51.100.10 source Loopback0' and 'logging trap warnings'.
C.Configure 'ntp source Loopback0' and 'logging trap debugging'.
D.Configure 'ntp server 198.51.100.10' and 'logging trap notifications'.
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap notifications
end
write memory

Why this answer

The NTP client is not synchronizing because the NTP packets are not sourced from an interface that the server can reach and reply to; the default source is the outgoing interface, but the server sees a different source IP. The `ntp server 198.51.100.10` command is already configured (not shown), so you only need to specify the source interface with `ntp source Loopback0`. Also, the syslog trap level is set to 'debugging', which sends all messages; change it to 'notifications' to filter out lower-severity messages.

After these changes, verify with 'show ntp status' (should show stratum less than 16 and 'synchronized') and 'show ntp associations' (should show a reach count > 0 and a valid ref clock). Check syslog with 'show logging' to confirm trap level is 'notifications'.

Exam trap

Cisco often tests the difference between 'ntp server' and 'ntp source' — remember that 'ntp source' is a global command that sets the source for all NTP packets. Also, syslog severity levels are often confused; know that 'debugging' (7) is the lowest severity and sends everything, while 'notifications' (5) is higher and filters out levels 6 and 7.

Why the other options are wrong

B

The specific factual error: The 'ntp server' command cannot specify a source interface; that is done with 'ntp source'. Additionally, 'warnings' (level 4) is more severe than 'notifications' (level 5), but the requirement is to send only notifications and above, which includes levels 0-5. 'warnings' includes levels 0-4, missing level 5 (notifications).

C

The specific factual error: 'logging trap debugging' sends all syslog messages (levels 0-7), which is the default and does not filter out lower-severity messages. The correct level for notifications and above is 'notifications' (level 5).

D

The specific factual error: The NTP client is not configured to source packets from Loopback0. The 'ntp server' command alone does not set the source interface; an additional 'ntp source' command is required.

199
PBQhard

You are connected to R1. Configure R1 as an NTP client to synchronize with NTP server 203.0.113.10, using its Loopback0 interface (192.168.1.1/32) as the source for NTP packets. Additionally, configure logging to syslog server 192.0.2.100 with a trap level that captures events from level 5 (notice) and above. The current configuration shows that NTP is not synchronized (stratum 16) and only debugging messages are being sent to the syslog server. Correct these issues so that R1 is synchronized and important system messages are logged.

Network Topology
G0/010.0.0.2/30linkG0/010.0.0.2/30R2R1NTP server

Hints

  • Use 'ntp server' command to point to the NTP server IP.
  • Use 'ntp source' to specify the Loopback0 interface as the source.
  • Change the logging trap level from 'debugging' to 'notifications' to filter important messages.
A.ntp server 203.0.113.10 source Loopback0 logging trap notifications
B.ntp server 203.0.113.10 ntp source Loopback0 logging trap notifications
C.ntp server 203.0.113.10 source Loopback0 logging trap debugging
D.ntp server 203.0.113.10 logging host 192.0.2.100 logging trap notifications
AnswerB
solution
! R1
configure terminal
ntp server 203.0.113.10
ntp source Loopback0
logging trap notifications
end

Why this answer

The correct configuration is to add the NTP server with 'ntp server 203.0.113.10' and set the source interface separately with 'ntp source Loopback0'. For syslog, the command 'logging trap notifications' sets the trap level to 5 (notice), ensuring that critical and important messages are logged while excluding debugging output. Option A uses the combined 'ntp server ... source Loopback0' and does not match the separate source configuration required.

Option C keeps logging at debugging level (7), which is too verbose. Option D lacks the NTP source configuration entirely.

Exam trap

Candidates often mistake syslog severity numbers: lower is more severe, so 'logging trap notifications' captures levels 0–5. Also, the NTP source must be configured with a separate 'ntp source Loopback0' command, not just as an inline source on the server command.

Why the other options are wrong

A

Combines the NTP source directly in the server command, but the required configuration uses a separate 'ntp source Loopback0' command.

C

Sets logging trap to debugging (level 7), not the required notifications (level 5).

D

Missing the 'ntp source Loopback0' command, so NTP will not use the Loopback0 interface as source.

200
MCQhard

Why is HTTPS preferred over HTTP when accessing sensitive controller APIs?

A.Because HTTPS encrypts the API traffic in transit.
B.Because HTTPS removes the need for tokens and credentials.
C.Because HTTPS is the only way JSON can be transmitted.
D.Because HTTP cannot carry API requests at all.
AnswerA

This is correct because encrypted transport is the main reason HTTPS is preferred.

Why this answer

HTTPS is preferred because it encrypts the traffic in transit. In practical terms, sensitive controller APIs may carry tokens, credentials, operational details, and configuration data. Sending that information over plain HTTP would expose it to interception on the network. HTTPS reduces that risk by protecting the session.

This does not make HTTPS a replacement for authentication. It is a transport-security choice that works alongside access control, not instead of it.

Exam trap

A frequent exam trap is believing that HTTPS removes the need for tokens or credentials in API access. Some candidates incorrectly assume that because HTTPS encrypts traffic, authentication is unnecessary. However, HTTPS only secures the transport layer and does not provide access control.

Another trap is thinking HTTP cannot carry API requests, which is false since HTTP can transmit API data but without encryption. Also, confusing the data format with the transport protocol leads to the incorrect belief that JSON requires HTTPS, when in fact JSON can be sent over any protocol. Understanding these distinctions is crucial to avoid selecting incorrect answers.

Why the other options are wrong

B

Option B is incorrect because HTTPS does not remove the need for tokens or credentials; it only secures the transport layer. Authentication is still required to control access to APIs.

C

Option C is incorrect since JSON can be transmitted over any protocol, including HTTP and HTTPS. The choice of HTTPS is about securing the transport, not the data format.

D

Option D is incorrect because HTTP can carry API requests; however, it does so without encryption, making it unsuitable for sensitive data transmission.

201
MCQhard

An API response returns a list of interface objects in JSON. Which structure most likely represents that list?

A.An array containing multiple interface objects
B.A single integer with the value 1
C.A native VLAN field
D.An STP root bridge ID
AnswerA

This is correct because JSON arrays are the normal way to hold lists of repeated items.

Why this answer

In JSON, a list is most naturally represented as an array. In plain language, when an API needs to return several interfaces, routes, VLANs, or similar repeated items, it usually places them inside square brackets as an ordered collection. Each item inside that array might itself be an object containing keys such as name, status, or IP address.

CCNA automation questions usually test whether you recognize that square brackets signal a list. If the response contains many similar interface records, the best structure is the one that looks like a JSON array of interface objects rather than a single scalar value.

Exam trap

Remember that arrays in JSON are denoted by square brackets, and each item should be a complete object if details are needed.

Why the other options are wrong

B

Option B is incorrect because an API response that returns a list of interface objects should be structured as an array, not as a single integer. A single integer does not represent a collection of objects.

C

A native VLAN field is not a valid representation of a list of interface objects in JSON; it typically refers to a specific VLAN configuration in networking, not an array structure.

D

Option D is incorrect because an STP root bridge ID is a specific identifier related to Spanning Tree Protocol, not a representation of a list of interface objects in JSON format.

202
MCQmedium

A network engineer needs to automate the configuration of multiple Cisco IOS XE routers in a data center. The team requires a standard, vendor-neutral data modeling language to define the configuration parameters, and they need a protocol that uses XML-based remote procedure calls over SSH for secure, reliable configuration transactions. Which combination of technologies best meets these requirements?

A.Use YANG data models combined with RESTCONF over HTTPS.
B.Use YANG data models combined with NETCONF over SSH.
C.Use CLI commands combined with NETCONF over SSH.
D.Use CLI commands combined with RESTCONF over HTTPS.
AnswerB

YANG is a standard, vendor-neutral data modeling language. NETCONF uses XML-based RPCs over SSH for secure, reliable configuration transactions, making this combination ideal for the requirements.

Why this answer

Option B is correct because YANG is a standard, vendor-neutral data modeling language (RFC 6020) for defining configuration parameters, and NETCONF (RFC 6241) uses XML-based remote procedure calls (RPCs) over SSH for secure, reliable configuration transactions. This combination directly satisfies the requirement for a standard data model and XML-based RPCs over SSH, unlike RESTCONF which uses HTTPS and JSON/XML but not SSH.

Exam trap

Cisco often tests the distinction between NETCONF (XML RPCs over SSH) and RESTCONF (RESTful operations over HTTPS), and candidates mistakenly choose RESTCONF because it is more modern, but the question explicitly requires XML-based RPCs over SSH, which only NETCONF provides.

Why the other options are wrong

A

The scenario specifies a protocol that uses XML-based RPCs over SSH, which is a characteristic of NETCONF, not RESTCONF.

C

The scenario specifically asks for a standard, vendor-neutral data modeling language, which CLI is not.

D

Neither the data modeling language (CLI) nor the protocol (RESTCONF) matches the specified requirements of vendor-neutral data modeling and XML-based RPCs over SSH.

203
Multi-Selectmedium

A script authenticates to a controller API and receives a token that it presents in later requests. Which two statements about that token-based workflow are correct?

Select 2 answers
A.The token is often sent in an HTTP header in subsequent requests
B.The token proves identity for that authenticated session or request set
C.The token changes the API from REST to SNMP
D.The token must be stored in the router startup-config
AnswersA, B

Bearer or session tokens are commonly carried in headers.

Why this answer

After authentication, many APIs issue a token that the client includes in later HTTP requests. That token acts as proof that the client already authenticated successfully.

Exam trap

A common exam trap is assuming that the presence of a token changes the network management protocol from REST to SNMP or another protocol. This is incorrect because token-based authentication is a security mechanism layered on top of the existing API protocol and does not alter it. Another trap is believing that tokens must be stored in the router’s startup-config, which is false since tokens are ephemeral credentials managed by client applications, not static device configurations.

Misunderstanding these points can lead to selecting incorrect answers about token workflows in automation scenarios.

Why the other options are wrong

C

Option C is incorrect because the token does not change the API protocol from REST to SNMP; authentication methods do not alter the underlying management protocol.

D

Option D is incorrect because tokens are managed dynamically by client applications and are not stored in router startup-config files, which hold static device configurations.

204
PBQhard

You are connected to R1. Configure SNMP v2c with a read-only community string 'monitorRO' and a read-write community string 'controlRW', and enable SNMP traps for link status to the management server at 203.0.113.100. Additionally, configure NetFlow to export version 9 flow records to the same server on UDP port 2055, and ensure that only traffic from the 10.10.10.0/24 network is monitored. Finally, verify your configurations with the appropriate show commands.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkG0/110.10.10.1/2410.10.10.0/24linkR1R2Internal Network

Hints

  • Remember to specify the SNMP version when configuring the trap receiver host.
  • NetFlow version 9 must be explicitly configured; otherwise, version 5 is used by default.
  • Apply the flow monitor to the interface that connects to the network you want to monitor (G0/1).
A.Configure SNMP community strings, enable link-status traps, set trap destination, configure NetFlow export version 9, and apply flow monitor to interface(s) carrying 10.10.10.0/24 traffic.
B.Configure SNMP community strings, enable link-status traps, set trap destination, and configure NetFlow export version 5. Apply flow monitor to all interfaces.
C.Configure SNMP community strings, enable all SNMP traps, set trap destination, and configure NetFlow export version 9. Apply flow monitor to interface with IP 10.10.10.0/24.
D.Configure SNMP community strings, enable link-status traps, set trap destination, and configure NetFlow export version 9. Do not apply any flow monitor; NetFlow automatically monitors all traffic.
AnswerA
solution
! R1
snmp-server community monitorRO RO
snmp-server community controlRW RW
snmp-server enable traps snmp linkdown linkup
snmp-server host 203.0.113.100 version 2c monitorRO
ip flow-export version 9
flow record NETFLOW-RECORD
 match ipv4 source address
 match ipv4 destination address
 match ipv4 protocol
 match transport source-port
 match transport destination-port
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime
 exit
flow exporter EXPORTER-TO-SERVER
 destination 203.0.113.100
 transport udp 2055
 source Loopback0
 exit
flow monitor MONITOR-10NET
 record NETFLOW-RECORD
 exporter EXPORTER-TO-SERVER
 cache timeout active 300
 exit
interface GigabitEthernet0/1
 ip flow monitor MONITOR-10NET input
 ip flow monitor MONITOR-10NET output
 exit

Why this answer

The solution correctly configures SNMP v2c with the required read-only and read-write community strings, enables only link-status traps, and sets the trap destination. For NetFlow, it uses Flexible NetFlow by defining a flow record, an exporter, and a monitor. Importantly, the export version (9) must be configured under the flow exporter, not with the legacy global `ip flow-export version 9` command.

The flow monitor is applied to GigabitEthernet0/1, which carries traffic from the 10.10.10.0/24 network. Verification can be done with `show snmp` to confirm communities and trap receivers, and `show flow monitor name MONITOR-10NET cache` or `show ip cache flow` to view exported flow records.

Exam trap

Common mistakes include mixing legacy and Flexible NetFlow commands (e.g., using the global `ip flow-export version` instead of setting it under the flow exporter), forgetting to apply the flow monitor to an interface, and enabling all SNMP traps rather than only link-status traps.

Why the other options are wrong

B

The question explicitly requires NetFlow version 9, and traffic monitoring must be limited to the 10.10.10.0/24 network.

C

Enabling all traps is unnecessary and may cause unwanted overhead; the flow monitor must be applied to the correct interface(s) based on traffic flow, not the network address.

D

NetFlow requires a flow monitor to be applied to an interface to capture traffic; it does not automatically monitor all traffic.

205
MCQhard

Why is a northbound API valuable to orchestration tools in a controller-based network?

A.It gives orchestration tools a defined software interface to interact with the controller.
B.It replaces the need for all physical network devices.
C.It is a cabling standard for data center uplinks.
D.It makes security controls unnecessary.
AnswerA

This is correct because northbound APIs are the application-facing path into the controller.

Why this answer

A northbound API is valuable because it gives orchestration tools a defined way to request data and trigger changes on the controller programmatically. In plain language, the tool can interact with the controller through software rather than relying on manual device-by-device operations. That makes higher-level automation and service coordination possible.

The controller is the platform, and the northbound API is the application-facing interface into it. The correct answer is the one focused on orchestration and software-driven interaction.

Exam trap

A frequent exam trap is mistaking the northbound API for a physical network element or a cabling standard, such as assuming it replaces physical devices or relates to data center uplinks. Another common error is believing that northbound APIs eliminate the need for security controls, ignoring that software interfaces still require authentication and authorization mechanisms. These misconceptions stem from confusing the software abstraction layer with hardware or security concepts.

Understanding that northbound APIs are purely software interfaces designed for orchestration tools to interact programmatically with the controller helps avoid these pitfalls.

Why the other options are wrong

B

Option B is incorrect because northbound APIs do not replace physical network devices; forwarding hardware remains essential for actual data transmission and network operation.

C

Option C is incorrect since northbound APIs are software interfaces, not physical cabling standards, and have no relation to data center uplink cabling specifications.

D

Option D is incorrect because northbound APIs still require security measures such as authentication and authorization; they do not eliminate the need for security controls.

206
PBQhard

You are connected to R1 via the console. R1 should synchronize its clock with the NTP server 192.0.2.10 using its loopback0 interface (IP 10.0.0.1) as the source. Additionally, syslog messages of severity 'notification' (level 5) and above must be sent to the syslog server at 198.51.100.20. Currently, R1 shows NTP stratum 16 (unsynchronized) and syslog messages are not being forwarded. Identify and resolve the issues.

Hints

  • Check if a server is configured under 'ntp server'.
  • The current trap level is 'informational' (level 6). Which level includes notifications (level 5)?
  • Use 'show run | section ntp' to see NTP configuration.
A.Add 'ntp server 192.0.2.10' and change 'logging trap informational' to 'logging trap notifications'.
B.Add 'ntp server 192.0.2.10' and change 'logging trap notifications' to 'logging trap informational'.
C.Add 'ntp server 192.0.2.10' and change 'logging trap notifications' to 'logging trap debugging'.
D.Add 'ntp server 192.0.2.10' and change 'logging trap informational' to 'logging trap emergencies'.
AnswerA
solution
! R1
ntp server 192.0.2.10
logging trap notifications

Why this answer

The NTP is unsynchronized because the 'ntp server' command is missing; only 'ntp source' is configured. Add 'ntp server 192.0.2.10' to point to the NTP server. The syslog trap level is set to 'informational' (level 6), which is too low—messages of level 5 (notification) are not sent because the trap level must be equal to or higher severity than the messages to be forwarded.

Change the trap level to 'notifications' (level 5) to ensure level 0-5 messages are forwarded.

Exam trap

Remember that syslog trap levels use lower numbers for higher severity. To forward messages of a given severity, the trap level must be set to that severity or higher (lower number). Also, NTP requires both 'ntp server' and optionally 'ntp source' to specify the source interface.

Why the other options are wrong

B

The trap level should be set to 'notifications' (level 5) or higher severity to forward level 5 messages; 'informational' is lower severity and would not forward level 5 messages.

C

The trap level is currently 'informational' (6), not 'notifications'. Changing to 'debugging' would forward all messages, but the requirement is to forward level 5 and above, which is achieved by setting trap level to 'notifications' (5).

D

Setting the trap level to 'emergencies' would filter out all messages except level 0, so level 5 messages would not be forwarded.

207
PBQhard

You are connected to R1 (10.0.0.1/30). You need to use RESTCONF to verify the current administrative status of interface GigabitEthernet0/1 on R1, then change it to 'down'. The YANG data model is ietf-interfaces, and the base URI is https://10.0.0.1/restconf. Provide the correct GET and PATCH request URIs with appropriate HTTP headers. Also identify what error would occur if you used 'application/xml' as the Accept header or if you used the path 'Cisco-IOS-XE-native:native/interface/GigabitEthernet' instead of the correct ietf-interfaces path.

Hints

  • The ietf-interfaces module uses 'enabled' leaf (true/false) for admin status.
  • The interface name must be URL-encoded (e.g., GigabitEthernet0%2F1).
  • Using 'Cisco-IOS-XE-native' path for operational state will not return the admin status.
A.GET https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 with Accept: application/yang-data+json; PATCH same URI with Content-Type: application/yang-data+json and body {"ietf-interfaces:interface": {"enabled": false}}; using Accept: application/xml gives 406 Not Acceptable; using Cisco-IOS-XE-native path gives 404 or incorrect data.
B.GET https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 with Accept: application/xml; PATCH same URI with Content-Type: application/xml and body <interface><enabled>false</enabled></interface>; using Accept: application/xml is fine; using Cisco-IOS-XE-native path gives same data.
C.GET https://10.0.0.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet0/1 with Accept: application/yang-data+json; PATCH same URI with Content-Type: application/yang-data+json and body {"Cisco-IOS-XE-native:interface": {"enabled": false}}; using Accept: application/xml gives 406; using ietf-interfaces path gives 404.
D.GET https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 with Accept: application/json; PATCH same URI with Content-Type: application/json and body {"interface": {"enabled": false}}; using Accept: application/xml gives 406; using Cisco-IOS-XE-native path gives 404.
AnswerA
solution
! R1
GET https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1
Accept: application/yang-data+json
PATCH https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1
Content-Type: application/yang-data+json
{
  "ietf-interfaces:interface": {
    "enabled": false
  }
}

Why this answer

The correct GET request URI is: GET https://10.0.0.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 with Accept: application/yang-data+json. The correct PATCH request URI is the same, with Content-Type: application/yang-data+json and a JSON body {"ietf-interfaces:interface": {"enabled": false}}. Using Accept: application/xml would result in a 406 Not Acceptable error because the server only supports yang-data+json.

Using the Cisco-IOS-XE-native path would return a 404 or incorrect data because the operational state of the interface (admin status) is modeled under ietf-interfaces, not under the native YANG model which is used for configuration only.

Exam trap

The trap is that candidates may confuse the YANG models (ietf-interfaces vs. native) and the required media types. Remember that operational state is under ietf-interfaces, and RESTCONF on Cisco IOS XE uses application/yang-data+json, not XML or generic JSON.

Why the other options are wrong

B

The specific factual error is that Cisco IOS XE RESTCONF implementation does not support XML content type; it only supports JSON.

C

The specific factual error is that the admin status is not available under the native YANG model; it is under ietf-interfaces.

D

The specific factual error is that RESTCONF requires the media type application/yang-data+json, not generic application/json. Additionally, the module name prefix is required in the JSON body.

208
MCQeasy

Which data format is most commonly used in REST APIs because it is lightweight and easy for applications to parse?

A.YANG
B.JSON
C.STP
D.TFTP
AnswerB

Correct choice.

Why this answer

JSON is widely used with REST because it is compact, human-readable, and easy for software to parse. It is common in controller APIs and automation workflows.

Exam trap

A common exam trap is selecting YANG as the data format for REST APIs because candidates recognize YANG as related to network automation. However, YANG is a data modeling language that defines the structure of data but does not represent the actual data format used in REST API communication. Confusing YANG with JSON leads to incorrect answers.

Similarly, confusing protocols like STP or TFTP with data formats can mislead candidates. The key is to remember that JSON is the actual data format used in REST APIs due to its lightweight and easy-to-parse nature.

Why the other options are wrong

A

YANG is a data modeling language used to define the structure of network data but is not the actual data format used in REST API communication, making it an incorrect choice.

C

STP (Spanning Tree Protocol) is a Layer 2 protocol for preventing loops in Ethernet networks and has no relation to data formatting in REST APIs, so it is incorrect.

D

TFTP is a simple protocol used for file transfers, such as IOS images, and is not a data format used in REST APIs, making it an invalid choice.

209
PBQmedium

You are connected to R1, a Cisco IOS-XE router that provides connectivity for the 192.168.10.0/24 network. The network operations team uses a Python script with netmiko to push configuration changes. However, the script fails to connect to R1. You need to verify the SSH configuration on R1.

Hints

  • Check if SSH is enabled globally and on the VTY lines.
  • Verify that the transport input includes ssh.
  • Ensure there is a hostname and domain configured.
A.The VTY lines are configured for telnet only; SSH requires 'transport input ssh'.
B.The SSH server is not enabled because the crypto key is missing or 'ip ssh' is not configured.
C.The SSH version is set to version 1, which is not supported by the Python script.
D.The domain name is not configured, which is required for SSH key generation.
AnswerA
solution
! R1
show running-config | include ssh
show ip ssh
show line vty
show ip interface brief

Why this answer

The VTY lines are configured for telnet only. SSH requires 'transport input ssh' (or 'transport input all'). Additionally, the SSH server may not be enabled if the crypto key is missing or the ip ssh command is not present.

The commands show that transport input is telnet, so the script cannot connect via SSH. Changing to 'transport input ssh' resolves the issue.

Exam trap

The exam trap is that candidates often focus on SSH server configuration (crypto keys, domain name, ip ssh) and forget that the VTY lines must also permit SSH. Always check 'transport input' on VTY lines when troubleshooting SSH access.

Why the other options are wrong

B

The specific factual error: The crypto key and 'ip ssh' are necessary for SSH operation, but the VTY transport setting is the immediate cause of connection failure.

C

The specific factual error: There is no indication that SSH version 1 is in use; the issue is the VTY transport setting.

D

The specific factual error: A domain name is required for SSH key generation, but the VTY transport setting is the direct cause of the connection failure.

210
Multi-Selectmedium

A network engineer is implementing AIOps to improve network reliability. Which four of the following are core capabilities that AIOps platforms typically provide? (Choose four.)

Select 4 answers
.Correlation of alerts from multiple network devices to reduce noise
.Self-healing by automatically reverting problematic configuration changes
.Predictive maintenance to identify devices likely to fail
.Baseline learning of normal traffic patterns to detect deviations
.Direct manipulation of physical layer hardware to replace faulty optics
.Guaranteed elimination of all false positive alarms in the network

Why this answer

Correlation of alerts from multiple network devices is a core AIOps capability because it uses machine learning to analyze and group related alerts, reducing noise and helping engineers focus on root causes rather than individual symptoms. Self-healing by automatically reverting problematic configuration changes is a key feature, as AIOps can detect anomalies caused by changes and roll back to a stable state to minimize downtime. Predictive maintenance identifies devices likely to fail by analyzing historical performance data and telemetry, enabling proactive replacement or repair before failures occur.

Baseline learning of normal traffic patterns allows AIOps to detect deviations that indicate potential issues. The incorrect options are not core AIOps capabilities: Direct manipulation of physical layer hardware is beyond the scope of AIOps, which focuses on software-based analysis and automation; guaranteed elimination of all false positives is unrealistic because no system can achieve 100% accuracy in alarm filtering.

Exam trap

Candidates often mistakenly assume that AIOps includes direct hardware control or promises zero false alarms, but these are not realistic or core capabilities; AIOps focuses on data-driven analysis and automated responses within the software layer.

Why the other options are wrong

E

Direct manipulation of physical layer hardware is not a core AIOps capability; AIOps operates on data and software-based automation, not direct hardware control.

F

Guaranteed elimination of all false positive alarms is impossible because no AI system can achieve perfect accuracy; AIOps reduces but does not eliminate false positives.

211
PBQhard

You are connected to R1 via the console. SNMP v2c community strings (public RO, private RW) are already configured. The network has a management server at 10.1.1.100 and a NetFlow collector at 10.1.1.200. Configure SNMP traps to the management server for link status changes. Also configure NetFlow on interface GigabitEthernet0/0 to export version 9 to the collector, with a source interface of Loopback0 (10.255.255.1/32).

Network Topology
G0/0G0/010.1.1.10010.1.1.200R210.0.0.1/30R1MGMT_ServerNMS_Collector

Hints

  • SNMP traps require both a host command and enabling specific trap types.
  • NetFlow export needs destination, version, and source interface, plus flow ingress on the interface.
  • Use 'show running-config | section snmp|flow' to verify your changes.
A.snmp-server host 10.1.1.100 version 2c public snmp-server enable traps snmp linkdown linkup ip flow-export destination 10.1.1.200 2055 ip flow-export version 9 ip flow-export source Loopback0 interface GigabitEthernet0/0 ip flow ingress
B.snmp-server host 10.1.1.200 version 2c private snmp-server enable traps ip flow-export destination 10.1.1.100 2055 version 9 ip flow-export source Loopback0 interface GigabitEthernet0/0 ip flow egress
C.snmp-server host 10.1.1.100 version 2c private snmp-server enable traps ip flow-export destination 10.1.1.200 2055 version 9 ip flow-export source Loopback0 interface GigabitEthernet0/0 ip flow ingress
D.snmp-server host 10.1.1.100 version 2c public snmp-server enable traps snmp linkdown linkup ip flow-export destination 10.1.1.200 2055 version 5 ip flow-export source Loopback0 interface GigabitEthernet0/0 ip flow ingress
AnswerA
solution
! R1
snmp-server host 10.1.1.100 version 2c public
snmp-server enable traps snmp linkdown linkup
ip flow-export destination 10.1.1.200 2055
ip flow-export version 9
ip flow-export source Loopback0
interface GigabitEthernet0/0
ip flow ingress

Why this answer

The current configuration has SNMP community strings but lacks trap destinations and NetFlow export. To fix, you must configure snmp-server host 10.1.1.100 version 2c public to send traps, and snmp-server enable traps snmp linkdown linkup is required to send link status changes. For NetFlow, you need ip flow-export destination 10.1.1.200 2055 and then ip flow-export version 9 to set the export version.

Also configure ip flow-export source Loopback0 and apply ip flow ingress on GigabitEthernet0/0. Verification commands confirm the settings.

Exam trap

Pay close attention to the IP addresses: the management server (10.1.1.100) is for SNMP traps, and the collector (10.1.1.200) is for NetFlow. Also, remember that SNMP traps use the read-only community, and NetFlow version must match the requirement (version 9).

Why the other options are wrong

B

The specific factual error: The SNMP trap destination and NetFlow export destination are swapped, and the flow direction is egress instead of ingress.

C

The specific factual error: SNMP traps should use the read-only community string 'public', not the read-write 'private'.

D

The specific factual error: NetFlow export version is set to 5, but the requirement is version 9.

212
Matchingmedium

Match each term to the most appropriate description in an API context.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Structured payload format

Secure transport for the interaction

Credential-like access value

Specific API target or path

Why these pairings

These pairings define key API terms with their descriptions.

Exam trap

Be careful not to confuse the terms: JSON is a data format, HTTPS is a secure protocol, a token is an access credential, and an endpoint is a specific URL path; focus on matching each term to its correct role in API communication.

213
PBQhard

You are connected to R1. Use RESTCONF to retrieve all operational interface statistics from the ietf-interfaces YANG module, then modify the description of GigabitEthernet0/1 to 'Link to R2 via RESTCONF' using a PATCH request. The device is reachable at 203.0.113.1 with port 443, username 'admin', password 'cisco123'. Identify the error that would occur if you used a PATCH with Content-Type: application/json instead of application/yang-data+json.

Network Topology
G0/0203.0.113.1/24InternetR1RESTCONF client

Hints

  • RESTCONF base URI is always /restconf.
  • Use the YANG module 'ietf-interfaces' for operational state and configuration.
  • The correct media type for RESTCONF is application/yang-data+json, not generic application/json.
A.The server returns a 415 Unsupported Media Type error because RESTCONF requires the Content-Type header to be application/yang-data+json.
B.The server returns a 400 Bad Request error because the JSON payload is malformed when using application/json.
C.The server returns a 404 Not Found error because the URI is incorrect when using application/json.
D.The server returns a 204 No Content response but ignores the description change because application/json is not supported.
AnswerA
solution
! R1
GET https://203.0.113.1/restconf/data/ietf-interfaces:interfaces-state/interface
Accept: application/yang-data+json
PATCH https://203.0.113.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1
Content-Type: application/yang-data+json
{"ietf-interfaces:interface": [{"name": "GigabitEthernet0/1", "description": "Link to R2 via RESTCONF"}]}

Why this answer

The correct base URI for RESTCONF is https://203.0.113.1/restconf. To retrieve operational interface statistics, use GET with the path /data/ietf-interfaces:interfaces-state/interface. For the PATCH to modify the description, the URI must target /data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 with a JSON payload containing the 'description' leaf.

The required Content-Type and Accept headers must be 'application/yang-data+json'. Using 'application/json' will result in a 415 Unsupported Media Type error because RESTCONF requires the specific YANG media type.

Exam trap

The exam tests your knowledge of RESTCONF's strict media type requirements. Many candidates assume that application/json is acceptable because it is common in REST APIs, but RESTCONF specifically requires 'application/yang-data+json'. Remember that using any other media type results in a 415 error.

Why the other options are wrong

B

The specific factual error is that a 400 Bad Request is not triggered by an incorrect Content-Type; it is triggered by malformed syntax or invalid data.

C

The specific factual error is that the Content-Type header does not affect resource discovery; it only affects how the server interprets the payload.

D

The specific factual error is that an unsupported media type results in a client error (4xx), not a success response (2xx).

214
MCQmedium

Which pairing is correct?

A.JSON — data modeling language used to define network schemas such as YANG modules
B.YANG — lightweight interchange format built from curly braces and arrays
C.RESTCONF — protocol that can use YANG-defined data models over HTTP-based access
D.NETCONF — spanning-tree enhancement for rapid convergence
AnswerC

Correct. RESTCONF commonly exposes YANG-modeled data over HTTP methods.

Why this answer

RESTCONF is an HTTP-based API approach that commonly uses YANG-defined data models. JSON is a data-interchange format, YANG is the data modeling language, and NETCONF is a network management protocol rather than an STP feature.

Exam trap

A frequent exam trap is confusing JSON with YANG or NETCONF with spanning-tree enhancements. JSON is a data format, not a modeling language, so pairing it with YANG modules is incorrect. Similarly, NETCONF is often mistakenly thought to be related to spanning-tree protocols, but it is actually a network configuration protocol.

Candidates might also confuse YANG’s role with JSON’s syntax or RESTCONF’s protocol function. This confusion arises because these technologies often work together but serve distinct purposes. Understanding each technology’s specific role prevents selecting incorrect answers based on superficial similarities.

Why the other options are wrong

A

Option A incorrectly pairs JSON with YANG modules as a data modeling language. JSON is a data interchange format used to represent data but does not define schemas or models. YANG is the actual modeling language used to define network data structures, so this pairing is false.

B

Option B wrongly describes YANG as a lightweight interchange format built from curly braces and arrays, which actually describes JSON syntax. YANG is a modeling language that defines network data hierarchies and constraints, not a data format with JSON-like syntax.

D

Option D falsely claims NETCONF is a spanning-tree enhancement for rapid convergence. NETCONF is a network configuration protocol using XML over SSH and has no relation to spanning-tree protocols or their convergence mechanisms, making this option incorrect.

215
MCQmedium

Why is HTTPS usually preferred over HTTP when accessing a controller API?

A.Because HTTPS provides encrypted transport for API traffic.
B.Because HTTPS automatically replaces authentication.
C.Because HTTPS is the only format that can carry JSON.
D.Because HTTP cannot carry controller data at all.
AnswerA

This is correct because encryption in transit is the main reason HTTPS is preferred.

Why this answer

HTTPS is preferred because it protects the communication with encryption while it crosses the network. In practical terms, controller APIs often carry tokens, credentials, device state, or configuration information that should not be exposed in clear text. HTTPS helps protect those requests and responses in transit.

This does not make HTTPS the same thing as JSON, nor does it remove the need for authentication. It is simply the more secure transport choice for sensitive API communication.

Exam trap

Avoid assuming that HTTPS improves speed or handles authentication. Focus on its role in securing data in transit.

Why the other options are wrong

B

This option is incorrect because HTTPS does not replace authentication; it enhances security by encrypting the transport layer, but authentication mechanisms still need to be implemented separately.

C

This option is incorrect because both HTTPS and HTTP can carry JSON data; JSON is a data format independent of the transport protocol used. Thus, HTTPS is not the only format capable of transmitting JSON.

D

This option is wrong because HTTP can indeed carry controller data; it is a fundamental protocol for transmitting data over the web. Both HTTP and HTTPS can be used to send and receive data, including JSON payloads, between clients and APIs.

← PreviousPage 3 of 3 · 215 questions total

Ready to test yourself?

Try a timed practice session using only AI and Network Operations questions.