CCNA Ai Network Operations Questions

75 of 215 questions · Page 1/3 · Ai Network Operations topic · Answers revealed

1
Multi-Selecteasy

A network engineer is reviewing REST API behavior. Which two statements are true?

Select 2 answers
A.GET is commonly used to retrieve information from an API
B.POST is commonly used to create a new resource
C.DELETE is used to encrypt a payload before transport
D.PUT always retrieves a list of resources
E.GET requires a token in every API design
AnswersA, B

GET is the standard read operation.

Why this answer

GET is used to retrieve data without changing server state, while POST commonly creates a new resource or submits data for processing. PUT is usually for full replacement, and DELETE removes a resource.

Exam trap

A common exam trap is misinterpreting the function of HTTP methods in REST APIs, such as believing DELETE encrypts data or PUT retrieves resource lists. DELETE actually removes resources, and PUT replaces or updates existing resources. Confusing POST and PUT is also frequent, where POST creates new resources while PUT replaces them.

These misunderstandings can lead to incorrect answers or automation scripts that cause unintended network changes. The exam expects precise knowledge of REST API method purposes, especially in Cisco automation contexts.

Why the other options are wrong

C

Incorrect because DELETE does not encrypt payloads; it removes resources from the server. Encryption is handled separately and not by HTTP methods themselves.

D

Incorrect because PUT does not retrieve lists of resources; it replaces or updates an existing resource. Retrieval is typically done by GET.

E

Incorrect because while many APIs require tokens for authentication, GET itself does not inherently require a token; authentication depends on API security design, not the HTTP method.

2
MCQmedium

An API client sends a valid GET request and receives an HTTP 200 response. What does that indicate?

A.The resource was deleted successfully
B.The request was successful
C.Authentication permanently failed
D.The server requires a reboot
AnswerB

Correct. HTTP 200 means the request succeeded.

Why this answer

HTTP 200 indicates a successful request. For a GET operation, it generally means the server successfully returned the requested resource representation.

Exam trap

A frequent exam trap is mistaking the HTTP 200 status code for indicating actions other than a successful GET request, such as resource deletion or authentication failure. Candidates might incorrectly associate 200 with deletion success, which is more accurately represented by 204 No Content. Others may confuse 200 with authentication errors, which are actually indicated by 401 Unauthorized or 403 Forbidden codes.

This confusion arises because candidates sometimes focus on the number 200 as a generic success without linking it specifically to the GET method’s successful retrieval. Understanding the precise meaning of HTTP codes in the context of REST API methods is essential to avoid this trap.

Why the other options are wrong

A

Option A is incorrect because HTTP 200 does not indicate resource deletion. Deletion success is usually represented by 204 No Content or 202 Accepted, not 200.

C

Option C is incorrect since authentication failures return 401 Unauthorized or 403 Forbidden, not 200. A 200 response confirms successful authentication and request processing.

D

Option D is incorrect because HTTP 200 does not signal any server reboot requirement. Server maintenance or reboot notifications are not conveyed via standard HTTP success codes.

3
Matchingmedium

Match each API or programmability term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized management or policy platform

Application-facing interface to the controller

Structured data format commonly used in API payloads

Credential-like value used to help control API access

Why these pairings

The 'Controller' is a centralized platform that manages network devices and enforces policies. The 'Northbound API' provides an interface for applications and users to interact with the controller. 'JSON' is a lightweight, structured data format commonly used to exchange data in API payloads. A 'Token' is a credential-like value used to authenticate and authorize API requests, ensuring secure access to the controller.

Exam trap

Learners often confuse 'Northbound API' with 'Southbound API' (controller-to-device interface). Focus on direction: Northbound faces applications, Southbound faces network devices.

4
Matchingmedium

Drag and drop the AI/ML concepts on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Identifies deviations from normal network behavior, such as unusual traffic spikes or security threats.

Uses historical data and ML models to forecast future network events, like congestion or device failures.

Translates business intents into network policies and continuously verifies that the network meets those intents.

Trains a model using labeled data to classify or predict outcomes, such as identifying specific types of traffic.

Discovers hidden patterns or clusters in unlabeled data, often used for anomaly detection or traffic profiling.

Optimizes network decisions through trial and error, using rewards to learn optimal actions over time.

Why these pairings

Supervised learning uses labeled data, unsupervised finds hidden patterns, reinforcement learning uses rewards, neural networks mimic brain structure, training data is for learning, and inference is applying the model to new data.

Exam trap

The trap is that candidates may confuse the definitions of supervised learning, unsupervised learning, reinforcement learning, and neural networks. Remember: supervised = labeled data, unsupervised = unlabeled patterns, reinforcement = rewards, neural networks = brain-inspired architecture. Focus on the key differentiator: the presence or absence of labels.

5
Matchingeasy

Match each common API or data term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defined software interface used for communication

Structured data format

Secure transport for the communication

Credential-like value used to help control access

Why these pairings

API (Application Programming Interface) is a defined set of rules that allows software components to communicate, matching 'Defined software interface used for communication.' JSON (JavaScript Object Notation) is a lightweight data-interchange format with key-value pairs, matching 'Structured data format.' HTTPS (Hypertext Transfer Protocol Secure) encrypts HTTP traffic using TLS/SSL, providing secure transport, matching 'Secure transport for the communication.' Token is a unique string used for authentication and authorization, matching 'Credential-like value used to help control access.'

Exam trap

The trap is that candidates often confuse specific API styles (REST, SOAP) or data formats (XML, YAML) with the general concept of an API. Remember that an API is the overarching interface; REST, SOAP, gRPC are specific types, and XML/YAML are data representation formats.

6
Matchingmedium

Match each structured-data term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Named piece of structured data

Content assigned to a field

Group of related key-value pairs

Ordered list of items

Why these pairings

The terms are matched with their accurate descriptions in the context of structured data formats.

Exam trap

A common mistake is confusing an object (a collection of named fields) with an array (an ordered list of values), as both hold multiple items but structure them differently.

7
Matchingeasy

Match each automation or programmability term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Central platform used to coordinate policy and management

Defined software interface for interaction between systems

Lightweight structured data format

Data modeling language for network information

Why these pairings

These terms are fundamental to network automation and programmability. API enables software interaction, REST is a common API style, JSON and YAML are data formats, Ansible is a popular automation tool, and Python is a scripting language for automation.

Exam trap

Be careful not to confuse tools with data formats or languages. For example, Ansible is a tool, not a data format; YAML is the format it uses. Similarly, REST is an architectural style, not a scripting language.

8
Matchingmedium

Match each data-structure term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Field name

Content associated with a field

Group of key-value pairs

Ordered list of items

Why these pairings

These pairs correctly match data-structure terms to their definitions. Array uses indices, hash table uses key-value mapping, stack is LIFO, queue is FIFO, linked list uses nodes with references, and tree is hierarchical.

Exam trap

Do not confuse the properties of different data structures. Arrays are defined by indexed access, not by access patterns like LIFO or FIFO, which belong to stacks and queues respectively.

9
MCQmedium

Why is version control valuable for network automation files?

A.It increases interface bandwidth
B.It tracks changes and allows rollback to earlier versions
C.It replaces the need for device backups
D.It guarantees that configuration changes are error free
AnswerB

Correct. Change tracking and rollback are major benefits.

Why this answer

Version control systems help teams track who changed what, compare revisions, and restore earlier states when needed. That improves operational discipline but does not guarantee correctness by itself.

Exam trap

A common exam trap is selecting the option that version control replaces device backups or guarantees error-free configurations. While version control tracks changes and allows rollback, it does not protect against hardware failures or accidental deletions like backups do. Additionally, version control cannot automatically detect or prevent configuration errors; it only records changes.

Candidates may confuse version control’s change tracking benefits with complete operational safety, but understanding that backups and validation processes remain essential is critical to avoid this mistake.

Why the other options are wrong

A

This option incorrectly claims version control increases interface bandwidth, which is unrelated to version control functionality. Bandwidth is a physical and configuration attribute unaffected by file management systems.

C

This option is incorrect because version control does not replace device backups. Backups protect device states and data beyond just file changes, which version control alone cannot ensure.

D

This option falsely asserts that version control guarantees error-free configuration changes. While it improves process discipline, it cannot prevent human errors or validate correctness automatically.

10
MCQhard

Why would an orchestration platform prefer a northbound API over screen-scraping CLI output?

A.Because the northbound API provides a defined and structured interface intended for software interaction.
B.Because APIs use encryption by default while CLI sessions are unencrypted.
C.Because northbound APIs are designed for network-wide automation whereas screen-scraping only works on a single device.
D.Because CLI commands are more error-prone due to human typing mistakes.
AnswerA

This is correct because APIs are built for reliable programmatic use.

Why this answer

A northbound API is preferred because it is designed for software consumption. In practical terms, it provides a defined, structured, predictable interface that tools can interact with directly. Screen-scraping CLI output is much more fragile because CLI displays are primarily intended for human reading, not consistent machine parsing.

This is a practical architecture question. The API is the clean software interface. The CLI is useful for humans, but not usually the best primary interface for orchestration.

Exam trap

Avoid assuming that CLI output is suitable for automation just because it is human-readable.

Why the other options are wrong

B

Encryption is not the primary reason; CLI can use SSH and APIs are about structured interaction.

C

Screen-scraping can be automated network-wide; the key differentiator is the interface structure.

D

Human error is mitigated by automation itself, not a unique advantage of APIs.

11
Multi-Selectmedium

Which two statements accurately describe JSON in network automation contexts?

Select 2 answers
A.It is a structured data format that software can parse reliably.
B.It is commonly used in API payloads exchanged by automation tools and controllers.
C.It is the encryption protocol that protects the API session.
D.It replaces the need for authentication.
E.It is the same thing as a southbound API.
AnswersA, B

This is correct because structured machine readability is one of JSON's main strengths.

Why this answer

JSON is widely used in network automation because it provides structured, machine-readable data. In practical terms, software can reliably identify keys, values, objects, and arrays without having to guess meaning from free-form text. That makes it a common format in modern APIs.

The important point is that JSON is a data format. It is not the API itself and it is not the secure transport that carries the data.

Exam trap

A frequent exam trap is mistaking JSON for a security or API protocol. Some candidates incorrectly believe JSON encrypts API sessions or replaces authentication, which is false. JSON is purely a data format used to structure information exchanged between automation tools and devices.

Confusing JSON with encryption protocols like TLS or authentication mechanisms can lead to selecting incorrect answers. Another trap is equating JSON with the API itself or the concept of a southbound API, which refers to the direction of communication, not the data format. Understanding JSON’s role as a structured data format prevents these mistakes.

Why the other options are wrong

C

Option C is incorrect because JSON is not an encryption protocol; it does not provide any security or protection for API sessions, which are handled by other protocols like TLS.

D

Option D is incorrect because JSON does not replace authentication; authentication is a separate process that controls access to APIs and network devices.

E

Option E is incorrect because JSON is a data format, not an API or directional interface like a southbound API, which refers to communication from controllers to devices.

12
MCQmedium

A network engineer sends an HTTP GET request to a controller API and receives status code 401. What does that response indicate?

A.The API endpoint does not exist
B.The request was successful but returned an empty body
C.Authentication is required or the token is invalid
D.The server is overloaded and cannot process the request
AnswerC

Correct choice.

Why this answer

HTTP 401 means the request is not authorized because valid authentication credentials were not supplied or were rejected. In practice, this usually means the token is missing, expired, malformed, or otherwise invalid.

Exam trap

Be careful not to confuse HTTP 401 with other common status codes like 200, 404, or 500. Each code has a specific meaning and context.

Why the other options are wrong

A

A 401 status code specifically indicates authentication failure, not a missing endpoint. A non-existent endpoint would return a 404 Not Found status code, which is a different HTTP error.

B

A successful request with an empty body would return a 204 No Content status code, not 401. The 401 code explicitly means the request was not processed due to missing or invalid authentication.

D

A server overload is indicated by a 503 Service Unavailable status code, not 401. The 401 code is solely related to authentication issues, not server capacity.

13
Multi-Selectmedium

Which two statements accurately describe API authentication tokens? (Choose two.)

Select 2 answers
A.Tokens are often sent in an HTTP header such as Authorization
B.Tokens are always permanent and never expire
C.Tokens can be used instead of resending credentials on every request
D.Tokens require Telnet to be enabled on the device
E.A token changes JSON into XML automatically
AnswersA, C

That is a common REST API pattern.

Why this answer

APIs often use tokens so clients can authenticate without sending usernames and passwords in every call. Tokens are commonly time-limited and are usually placed where the API expects them, such as an HTTP header.

Exam trap

A frequent exam trap is selecting that tokens are permanent or require Telnet to function. Many candidates mistakenly believe tokens never expire, but in reality, tokens are often time-limited to improve security. Another trap is associating tokens with Telnet, which is unrelated to API authentication.

Additionally, some may incorrectly think tokens convert data formats like JSON to XML, which is false since tokens only handle authentication. Misunderstanding these points can lead to choosing incorrect options that seem plausible but do not align with Cisco’s API security practices.

Why the other options are wrong

B

Incorrect because tokens are usually time-limited and expire after a set period to enhance security, so they are not permanent credentials.

D

Incorrect because Telnet is unrelated to API token authentication; tokens do not depend on Telnet or any specific legacy protocol.

E

Incorrect because authentication tokens do not convert data formats; their sole purpose is to authenticate clients, not to transform JSON into XML or any other format.

14
MCQeasy

Which data format uses key-value pairs and is commonly returned by REST APIs?

A.YANG
D.CDP
AnswerB

JSON commonly represents API payloads.

Why this answer

JSON is a lightweight, human-readable data format that uses key-value pairs and is the most common format returned by REST APIs. YANG is a data modeling language used for configuration and state data, not a data format. Syslog is a logging protocol used for system messages.

CDP (Cisco Discovery Protocol) is a Layer 2 discovery protocol for Cisco devices. None of these are key-value pair data formats typically returned by REST APIs.

Exam trap

Be careful not to confuse JSON with XML or YAML, which have different structures and use cases.

Why the other options are wrong

A

YANG is a data modeling language, not a data format; it describes the structure of data but does not use key-value pairs for API responses.

C

Syslog is a protocol for logging system events, not a data format for REST API responses.

D

CDP is a Cisco proprietary discovery protocol for neighbor devices, irrelevant to data formats in REST APIs.

15
PBQhard

You are connected to R1, a branch router that must synchronize time with the NTP server at 198.51.100.1 (reachable via G0/0) and send critical syslog messages (severity 0-4) to the logging server at 203.0.113.10. The current configuration has NTP pointing to a wrong server and syslog set to debug level, flooding the server. Correct the NTP server, set the NTP source interface to Loopback0 (10.10.10.1/32), and adjust the syslog trap level so that only emergencies through warnings are logged.

Hints

  • Remove the incorrect NTP server before adding the correct one.
  • Use the 'ntp source' command to specify the Loopback interface.
  • The logging trap level 'warnings' corresponds to severity 4.
A.ntp server 198.51.100.1 source Loopback0; logging trap warnings
B.ntp server 198.51.100.1 source G0/0; logging trap errors
C.ntp server 192.0.2.1 source Loopback0; logging trap warnings
D.ntp server 198.51.100.1 source Loopback0; logging trap debugging
AnswerA
solution
! R1
no ntp server 192.0.2.1
ntp server 198.51.100.1
ntp source Loopback0
no logging trap debugging
logging trap warnings

Why this answer

The NTP server was misconfigured to 192.0.2.1, which is unreachable, leaving the router at stratum 16. The correct NTP server is 198.51.100.1, so the ntp server command must be updated. The source interface should be Loopback0 for reachability consistency.

The syslog trap level was set to debugging (level 7), which sends all messages; it should be changed to warnings (level 4) to filter only severity 0-4. Verification includes checking NTP synchronization and syslog configuration.

Exam trap

Watch out for two separate configuration items: NTP and syslog. Ensure you update both the NTP server IP and source interface, and set the correct syslog trap level. Common traps include forgetting to change the NTP server IP, using the wrong source interface, or setting the wrong syslog severity level.

Why the other options are wrong

B

The source interface must be Loopback0 for consistency, and the trap level should be warnings (4) to include warnings.

C

The NTP server address must be updated to 198.51.100.1; 192.0.2.1 is the misconfigured server.

D

The trap level should be warnings (4), not debugging (7). Debugging sends all messages, flooding the server.

16
Matchingmedium

Drag and drop the protocol/model on the left to the correct description on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data modeling language used to define configuration and state data structures

Protocol using XML over SSH for configuration management and transactional operations

RESTful API using HTTP methods (GET, PUT, POST, DELETE) over HTTPS

Operation to modify configuration with options like merge, replace, create, delete

HTTP method used for partial updates to a resource

Why these pairings

YANG is a data modeling language used to define configuration and state data. NETCONF is an XML-based protocol over SSH that supports transactional configuration management. RESTCONF is a RESTful API over HTTPS that uses standard HTTP methods like GET, PUT, POST, DELETE.

NETCONF <edit-config> is an operation that modifies configuration with options like merge, replace, create, delete. RESTCONF PATCH is an HTTP method used for partial updates to a resource.

Exam trap

Do not confuse NETCONF and RESTCONF: NETCONF uses XML over SSH with a locked configuration datastore and replace operations, while RESTCONF uses HTTPS and standard HTTP methods, often with JSON encoding. Also remember that YANG is a modeling language, not a protocol.

17
MCQmedium

Why is version control useful for network automation scripts?

A.It automatically fixes coding mistakes
B.It tracks changes and supports rollback and review
C.It removes the need for API authentication
D.It replaces the device operating system
AnswerB

Correct. Tracking and rollback are the key benefits.

Why this answer

Version control provides change history, collaboration, and rollback options for scripts and infrastructure-as-code files.

Exam trap

A frequent exam trap is selecting options that imply version control automatically corrects coding mistakes or replaces device functions. Candidates might incorrectly believe version control fixes errors or removes the need for API authentication, but it only tracks changes and supports collaboration. Misunderstanding this leads to choosing options like 'It automatically fixes coding mistakes' or 'It removes the need for API authentication,' which are false.

Another trap is confusing version control with device software management, mistakenly thinking it replaces the device operating system. Recognizing that version control solely manages script versions and history prevents these errors.

Why the other options are wrong

A

Option A incorrectly claims version control automatically fixes coding mistakes. While version control tracks changes, it does not validate or correct errors in scripts, so this option is false.

C

Option C falsely suggests version control removes the need for API authentication. Authentication is a separate security process and is not affected by version control.

D

Option D incorrectly claims version control replaces the device operating system. Version control manages script versions only and does not interact with device OS software.

18
MCQmedium

A network operations team is implementing an AI-driven automation system that uses an agentic AI agent to handle routine network issues. The agent is configured to detect high CPU utilization on a core router, then automatically execute a series of diagnostic commands and, if a specific pattern is found, trigger a configuration change to reduce load. After the change, the agent re-checks CPU utilization and, if still high, escalates the issue to a human engineer. Which of the following best describes the workflow being used?

A.A static automation script that runs on a schedule without feedback
B.A closed-loop remediation workflow
C.A tool-calling mechanism for executing network commands
D.An AI agent that uses reinforcement learning to optimize network performance
AnswerB

The agent detects an issue, takes corrective action, verifies the outcome, and escalates if needed, which is the definition of a closed-loop workflow.

Why this answer

The scenario describes a closed-loop remediation workflow, where the AI agent detects an issue, takes action, verifies the result, and escalates if the problem persists. Tool-calling refers to the agent's ability to invoke specific functions (e.g., diagnostic commands, configuration changes), but the overall process is a closed loop. AI agents are the autonomous entities, but the workflow is the key concept.

Why the other options are wrong

A

This describes a static automation script that runs on a schedule without feedback, but the scenario involves an agent that detects an issue, takes action, re-checks, and escalates if needed, which is adaptive and not static.

C

Tool-calling is a component of the workflow (executing diagnostic commands and configuration changes), but the overall process includes detection, action, verification, and escalation, which is more than just calling tools.

D

Reinforcement learning involves continuous trial-and-error learning from rewards, but the scenario uses predefined diagnostics and actions, not learning from past outcomes to improve future decisions.

19
MCQmedium

Which tool type is most appropriate for turning a variable set of interface values into a reusable configuration template?

A.A packet sniffer
B.A templating engine
C.A DNS recursive resolver
D.An STP root bridge
AnswerB

Correct. Templates are built for reusable parameterized configurations.

Why this answer

A templating engine allows you to create a reusable configuration pattern and populate it with variable values, making it ideal for turning variable interface values into templates. A packet sniffer captures network traffic and analyzes packets but does not generate configuration templates. A DNS recursive resolver translates domain names to IP addresses, which is unrelated to configuration templating.

An STP root bridge manages loop-free topology in a switched network, not template creation.

Exam trap

Avoid confusing tools that manage or analyze configurations with those that generate them. Focus on the primary function of each tool.

Why the other options are wrong

A

A packet sniffer captures and analyzes network traffic, but it cannot generate or manipulate configuration templates. It is a monitoring tool, not a configuration automation tool.

C

A DNS recursive resolver translates domain names to IP addresses and has no capability to generate or manage configuration templates. It is a name resolution service, not a configuration tool.

D

An STP root bridge is a switch role in Spanning Tree Protocol that prevents loops in a network. It is a functional role, not a tool for creating reusable configuration templates.

20
Multi-Selectmedium

Which three of the following are typical use cases for automation in network security operations? (Choose three.)

Select 3 answers
.Automated identification and blocking of previously unseen malware variants using behavioral analysis
.Correlating authentication logs with network flows to detect lateral movement by an attacker
.Dynamic micro-segmentation policy adjustment based on real-time risk scoring of endpoints
.Replacing all firewall rules with a single AI-generated rule that covers all traffic
.Guaranteeing zero false positives in intrusion detection by using deep learning
.Automatically disabling all network ports when any anomaly is detected

Why this answer

Correct options represent realistic, risk-aware automation in network security. Automated malware detection uses behavioral patterns to stop unknown threats. Log-flow correlation helps uncover attacker lateral movement by spotting unusual access patterns.

Dynamic micro-segmentation leverages automation to isolate risky endpoints instantly. In contrast, blindly deleting logs after 24 hours destroys critical forensic evidence. Applying one security config to all devices ignores differing roles and threats.

Opening all firewall ports for performance trades security for convenience, violating fundamental security principles.

Exam trap

Cisco often tests the candidate's ability to distinguish between AI-driven automation and traditional rule-based automation; the trap here is that all three options are correct, but candidates might second-guess themselves if they think one is too advanced for the exam scope.

Why the other options are wrong

D

Logs must be retained for security investigations; automatic deletion undermines forensics.

E

Network devices have diverse roles; a uniform configuration cannot address specific security needs.

F

Indiscriminately opening ports during peak hours exposes the network to unnecessary risk.

21
Matchingmedium

Match each programmability term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized management or policy platform

Application-facing interface to the controller

Structured data format commonly exchanged

Credential-like value used to help control access

Why these pairings

Controller is the centralized management or policy platform that orchestrates network behavior. Northbound API is the application-facing interface that allows applications to communicate with the controller. JSON is a structured data format commonly used to exchange information between network devices and controllers.

Token is a credential-like value used to authenticate and authorize access to network resources.

Exam trap

Do not confuse northbound and southbound APIs: northbound is toward applications, southbound is toward devices. Also, remember that OpenFlow is for flow control, not configuration; configuration is done via NETCONF/RESTCONF.

22
Drag & Dropmedium

Drag and drop the following steps into the correct order to send a RESTCONF GET request to retrieve interface configuration from a Cisco IOS-XE device and apply a configuration change based on the response.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct workflow is to first retrieve the current configuration with a GET request, then analyze the response to understand what changes are needed, create the updated payload in JSON or XML, and finally apply the change using PUT or PATCH.

Exam trap

Do not confuse the order of operations: you must retrieve the current configuration before analyzing or modifying it. The GET request is always the first step in a read-modify-write workflow.

23
MCQeasy

In a REST-style API, which method is most commonly associated with retrieving information?

A.GET
B.DELETE
C.POST
D.PUT
AnswerA

This is correct because GET is commonly used for reading information from an API.

Why this answer

GET is the method most commonly associated with retrieving information. In practical terms, when a client wants to read state, inventory, or configuration details from an API endpoint without modifying the resource, GET is the expected choice.

This is a core automation vocabulary question and works well as an easier confidence-building item.

Exam trap

Avoid confusing GET with other HTTP methods like POST, PUT, or DELETE, which are used for modifying resources.

Why the other options are wrong

B

The DELETE method is used to remove a resource from the server, not to retrieve information. Using DELETE for retrieval would violate REST principles and could lead to unintended data loss.

C

POST is used to create a new resource or submit data to be processed, not to retrieve information. It is not idempotent and often changes server state, making it unsuitable for simple retrieval.

D

PUT is used to update or replace an existing resource, or create one at a specific URI. It is idempotent but modifies server state, so it is not appropriate for retrieving information.

24
MCQmedium

What is a main operational benefit of a controller-based networking architecture?

A.It removes the need for IP addressing
B.It centralizes policy and can simplify network-wide changes
C.It eliminates the data plane on switches
D.It forces all routes to become static
AnswerB

Correct. Centralized policy is a major benefit.

Why this answer

Controller-based architectures centralize the control plane, enabling network-wide policy management and simplifying changes. This is the correct answer because it accurately describes the primary operational benefit. Option A is wrong because controller-based architectures still require IP addressing for management and communication.

Option C is wrong because the data plane on switches remains operational for local forwarding; only the control plane may be centralized. Option D is wrong because dynamic routing protocols can still be used, and routes are not forced to be static.

Exam trap

A common exam trap is selecting answers that incorrectly claim controller-based architectures remove the need for IP addressing or eliminate the data plane on switches. While controllers centralize control functions, switches still perform local forwarding (data plane) and require IP addresses for management and routing. Another trap is believing that all routes become static under controller control; dynamic routing protocols continue to operate normally.

Misunderstanding these distinctions can lead to choosing incorrect options that overstate the controller's role, so focus on the controller’s role in centralizing policy rather than replacing fundamental network functions.

Why the other options are wrong

A

Option A is incorrect because controller-based architectures do not remove the need for IP addressing. IP addresses remain essential for device identification, management, and routing functions within the network.

C

Option C is incorrect since the data plane on switches is not eliminated. Switches continue to forward traffic locally based on instructions from the controller, maintaining essential forwarding functions.

D

Option D is incorrect because controller-based networks do not force all routes to become static. Dynamic routing protocols such as OSPF and EIGRP still operate under centralized policy control.

25
Multi-Selecthard

Which two statements accurately describe REST-based APIs in a network automation context?

Select 2 answers
A.They commonly use HTTP methods such as GET, POST, PUT, and DELETE.
B.They require Telnet to exchange structured data.
C.They often exchange structured data in formats such as JSON.
D.They can be used only on physical routers and never on controllers.
E.They eliminate the need for authentication or authorization.
AnswersA, C

This is correct because REST APIs typically use familiar HTTP verbs to represent operations.

Why this answer

REST APIs are a modern way for software tools to interact with networking systems. In plain language, they let one application ask another application for information or tell it to make a change using standard web-style requests. That is why methods such as GET, POST, PUT, and DELETE show up so often in automation examples. REST APIs also commonly exchange structured data, and JSON is one of the most common formats because it is compact and easy to process programmatically.

They do not depend on Telnet, and they absolutely do not remove the need for security controls. In real deployments, authentication and authorization are often critical. REST APIs are also not limited to one device category. They can exist on routers, switches, wireless controllers, cloud platforms, and many other systems.

Exam trap

A common exam trap is assuming that REST-based APIs require Telnet or similar legacy protocols for communication. This misconception arises because Telnet was historically used for device management, but REST APIs exclusively use HTTP or HTTPS. Another trap is believing REST APIs remove the need for authentication or authorization; in fact, security controls are mandatory to protect network devices from unauthorized access.

Misunderstanding the device scope is also frequent, as some think REST APIs only apply to physical routers, ignoring their availability on controllers and other network elements. Recognizing these pitfalls is essential to avoid incorrect answers.

Why the other options are wrong

B

Option B is incorrect because REST APIs do not use Telnet; they rely on HTTP or HTTPS protocols for communication, making Telnet irrelevant in this context.

D

Option D is incorrect since REST APIs are not limited to physical routers; they are also implemented on controllers, switches, and other network devices, enabling broad automation capabilities.

E

Option E is incorrect because REST APIs require authentication and authorization to secure access, so they do not eliminate the need for security controls in network automation.

26
Matchingmedium

Match each automation-related term to the description that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Structured data format

Data-modeling language

Access-related value used by a client

Secure transport for API communication

Why these pairings

JSON is a lightweight structured data format commonly used in REST APIs for data interchange, so it matches 'Structured data format'. YANG is a data-modeling language used to define the structure of configuration and state data in NETCONF/YANG models. A token is an access-related value (e.g., API token) used by a client to authenticate and authorize requests.

HTTPS (HTTP over TLS) provides secure, encrypted transport for API communication. The other terms listed in the original explanation (idempotent, declarative, etc.) are unrelated to these specific pairings; they describe different automation concepts.

Exam trap

Do not confuse 'agentless' with 'declarative' or 'automation' in general. Ansible is the only major agentless configuration management tool that uses SSH; other tools may be agentless but not for SSH-based device management.

27
Matchingeasy

Match each data format or model with the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight key-value data representation

Tag-based markup format

Data modeling language for network configuration and state

Uses HTTP methods such as GET and POST to work with resources

Why these pairings

JSON is a lightweight key-value data representation. XML uses tags to define structured data. YANG is a data modeling language for network configuration and state.

REST APIs use HTTP methods such as GET and POST to work with resources.

Exam trap

The trap is confusing data formats (JSON, XML, YAML) with data modeling languages (YANG) and protocols (NETCONF, RESTCONF). Remember that YANG is a modeling language that defines data structures, while formats like JSON and XML are used to serialize that data, and protocols like NETCONF and RESTCONF transport it.

28
Matchingmedium

Drag and drop the items on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Tool employing a pull mechanism for node configuration using a proprietary DSL

Framework that uses Ruby-coded recipes within a client-server deployment model

Solution providing agentless orchestration via SSH and YAML-written playbooks

High-level programming language utilized for scripting network automation tasks

Web-based interface for programmatic device management using HTTP methods

Why these pairings

Puppet is a tool employing a pull mechanism for node configuration using a proprietary DSL. Chef is a framework that uses Ruby-coded recipes within a client-server deployment model. Ansible is a solution providing agentless orchestration via SSH and YAML-written playbooks.

Python is a high-level programming language utilized for scripting network automation tasks. REST API is a web-based interface for programmatic device management using HTTP methods.

29
Matchingmedium

Match each REST or API concept to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

HTTP method commonly used to retrieve data

HTTP method commonly used to submit or create data

Credential-like value used to help control API access

Structured data format often used in API payloads

Why these pairings

GET is an HTTP method designed specifically for retrieving data from a server without side effects, making it idempotent and safe. POST is used to submit data to create or update resources, as it can change server state and is not idempotent. A token is a credential-like value (e.g., API key or JWT) that authenticates and authorizes API requests, controlling access to endpoints.

JSON is a lightweight, human-readable structured data format commonly used in API request/response payloads for data interchange. These concepts are distinct: GET and POST cannot be swapped because they have different HTTP semantics; a token is not a data format like JSON; and JSON is not an access control mechanism. Matching them incorrectly would violate RESTful principles.

Exam trap

The exam may test your understanding of REST as an architectural style, not as a protocol or data format. Be careful not to confuse REST with its common implementations like HTTPS or JSON.

30
Matchingeasy

Match each common automation term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized management or policy platform

Defined software interface for communication

Lightweight structured data format

Secure transport commonly used for API access

Why these pairings

A controller provides centralized management or policy enforcement, abstracting device-level configuration. An API defines a structured software interface for programmatic interaction, not the underlying transport. JSON is a lightweight data-interchange format favored for its readability and ease of parsing by automation tools.

HTTPS is the secure transport layer that carries API calls, ensuring encrypted communication. Together, these terms form the foundation of network automation architectures, where a controller exposes APIs over HTTPS and exchanges JSON-formatted data.

Exam trap

Candidates often confuse the languages and architectures of automation tools. Remember: Ansible = YAML + agentless; Chef = Ruby DSL; Puppet = declarative manifests (custom DSL); SaltStack = master-minion with agents.

31
MCQhard

A JSON response from a controller contains a list of interfaces, each with its own name and status fields. Which JSON structure is most likely used to represent that list?

A.An array of objects
B.A single scalar string only
D.A route metric table
AnswerA

This is correct because a list of interfaces is commonly represented as objects inside an array.

Why this answer

The most likely structure is an array containing objects. In practical terms, an array is the natural way to represent a list of similar items, and each item can then be an object with named fields such as name and status. This is a very common pattern in API payloads.

The question is testing structure recognition, not programming syntax mastery.

Exam trap

A frequent exam trap is mistaking the JSON structure for unrelated networking concepts such as wildcard masks or route metric tables. Candidates might incorrectly select these options because they recognize the terms from routing or ACL topics, but these are not JSON data structures. Another trap is assuming a single scalar string can represent multiple interfaces, which ignores the need for multiple fields per interface.

Recognizing that an array of objects is the natural and standard way to represent a list of interfaces with multiple attributes helps avoid these pitfalls.

Why the other options are wrong

B

Incorrect because a single scalar string cannot represent multiple interfaces with distinct attributes, making it unsuitable for detailed interface lists.

C

Incorrect because wildcard masks are related to ACL configurations and do not represent JSON data structures for interface lists.

D

Incorrect because a route metric table is a routing concept and not a JSON data structure used to represent interface information.

32
Drag & Dropmedium

Drag and drop the following steps into the correct order to select and implement a network automation solution using the appropriate tool based on the use cases and differences between Puppet, Chef, Ansible, and Python.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct order follows a systematic approach: First, define the specific network automation goal to understand the scope and constraints. Next, evaluate whether a persistent, agent-based configuration enforcement approach (Puppet/Chef) or an agentless, orchestration-driven approach (Ansible) is required. Then consider the flexibility of a scripting language like Python for custom or one-off tasks.

After selecting the tool, write the automation logic (playbook, manifest, or script). Test it in a controlled environment to avoid production issues, and finally deploy and verify the automation to ensure it meets the intended outcome.

33
Multi-Selectmedium

Which two statements accurately describe why structured telemetry and APIs improve operational tooling?

Select 2 answers
A.They make it easier for software to process known fields consistently.
B.They support scalable automation, dashboards, and assurance workflows.
C.They eliminate the need for secure transport or access control.
D.They force all devices to stop supporting CLI access.
E.They are used only on wireless LAN controllers.
AnswersA, B

This is correct because structured data supports reliable machine interpretation.

Why this answer

Structured telemetry and APIs improve tooling because they reduce ambiguity and make automation more reliable. In practical terms, software can collect and compare known fields, counters, and states without brittle text parsing. That supports dashboards, reporting, and automated checks much better than relying only on human-oriented command output.

This is a broad operations-and-automation value question rather than a protocol memorization item.

Exam trap

A frequent exam trap is believing that structured telemetry and APIs remove the need for secure transport or access control. Candidates might think that because data is structured and machine-readable, security is inherently handled, which is incorrect. Another trap is assuming that these technologies force the removal of CLI access, but Cisco devices maintain CLI alongside APIs to support diverse operational needs.

Misunderstanding these points can lead to incorrect answers about the scope and impact of automation technologies in Cisco environments.

Why the other options are wrong

C

This option is incorrect because structured telemetry and APIs do not eliminate the need for secure transport or access control; security remains a fundamental requirement in network operations.

D

This option is incorrect since structured telemetry and APIs do not force devices to stop supporting CLI access; Cisco devices commonly support both CLI and programmable interfaces simultaneously.

E

This option is incorrect because structured telemetry and APIs are broadly applicable across many Cisco network devices and are not limited to wireless LAN controllers.

34
MCQhard

A network engineer notices that the system clock on a Cisco IOS-XE router is incorrect, causing syslog timestamps to be unreliable. The router is configured as an NTP client to synchronize with a remote NTP server at 192.168.1.10. However, the show ntp status command indicates the clock is unsynchronized. What is the most likely cause of this issue?

A.The NTP server is using TCP instead of UDP for NTP communication.
B.The router cannot reach the NTP server due to a missing route or firewall blocking UDP port 123.
C.The NTP server has a higher stratum level than the router's local clock, so the router ignores it.
D.NTP authentication is misconfigured on the router.
AnswerB

The reach value of 0 indicates no NTP packets have been received, typically due to connectivity issues or ACL/firewall blocking UDP 123.

Why this answer

NTP operates over UDP port 123. If the router cannot reach the NTP server at 192.168.1.10 due to a missing route or a firewall blocking UDP 123, the NTP client will remain unsynchronized, as indicated by the 'show ntp status' command showing the clock as unsynchronized. This is the most common cause of NTP synchronization failure in a network.

Exam trap

Cisco often tests the misconception that NTP uses TCP or that authentication is the primary cause of synchronization failure, when in fact the most common issue is simple network reachability or firewall blocking of UDP port 123.

Why the other options are wrong

C

The NTP server having a higher stratum level than the local clock does not prevent synchronization outright; the router will still attempt to sync if the server is reachable and authenticates, so this is not the most likely cause.

35
MCQhard

A network administrator notices that the NTP server on Router R1 is not synchronizing with the upstream NTP server at 192.0.2.1. The router is configured as an NTP client, but show ntp status indicates the clock is unsynchronized and the stratum is 16. There is no firewall between R1 and 192.0.2.1. What is the most likely cause of this issue?

A.The NTP server at 192.0.2.1 is not configured as a peer on R1.
B.Router R1 does not have a route to reach 192.0.2.1.
C.The NTP server at 192.0.2.1 is not using NTP version 4.
D.The NTP server at 192.0.2.1 has a firewall blocking NTP traffic.
AnswerB

Without a route to the upstream NTP server, the NTP client cannot send or receive packets, leaving it unsynchronized at stratum 16.

Why this answer

The most likely cause is that Router R1 lacks a route to the upstream NTP server at 192.0.2.1. Without a valid IP route, NTP packets cannot reach the server, so the client remains unsynchronized with stratum 16. The other options are incorrect: A is not required for client operation, C is irrelevant because NTP version negotiation works across versions, and D is ruled out by the absence of a firewall.

Exam trap

Cisco often tests the misconception that NTP configuration alone ensures synchronization, but the trap here is that candidates overlook the prerequisite of IP reachability, assuming the ntp server command handles routing automatically.

Why the other options are wrong

A

Configuring the server as a peer is unnecessary for an NTP client; the client uses the ntp server command.

C

NTP version incompatibility does not prevent synchronization because devices negotiate versions automatically.

D

The problem states there is no firewall, so this cannot be the cause.

36
MCQhard

A REST API call uses the GET method against a device inventory endpoint. What is the most likely intent of the call?

A.To retrieve information from the endpoint.
B.To delete the endpoint from the controller.
C.To replace the endpoint with a new resource.
D.To force the device into PPP mode.
AnswerA

This is correct because GET is commonly used for reading data.

Why this answer

The most likely intent is to retrieve information, not to create or delete it. In practical terms, GET is commonly used when a client wants to read state or inventory data from an API endpoint. This is one of the most basic REST-style concepts in network automation.

The key is to associate method semantics with likely operational intent.

Exam trap

A common exam trap is confusing the GET method with other HTTP methods like DELETE or PUT. Candidates might incorrectly assume GET can modify or delete resources because they associate API calls with configuration changes. However, GET is strictly for retrieving information and does not alter device state.

Misreading this can lead to selecting options that imply deletion or replacement, which are handled by DELETE and PUT respectively. Recognizing the safe, read-only nature of GET prevents this mistake and aligns with REST API best practices in Cisco automation.

Why the other options are wrong

B

Incorrect because DELETE is the HTTP method used to remove resources. GET does not delete or alter the endpoint or its data, so this option misrepresents REST API semantics.

C

Incorrect because replacing or updating a resource is typically done with the PUT method. GET does not modify or replace resources, so this option confuses method purposes.

D

Incorrect because forcing a device into PPP mode is a configuration action unrelated to REST API method semantics. GET calls do not trigger operational mode changes.

37
Matchingmedium

Match each API interaction term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

HTTP method commonly used to retrieve information

HTTP method commonly used to update or replace a resource

Secure transport for the API exchange

Credential-like value used to help control API access

Why these pairings

GET is an HTTP method designed to retrieve data from a server without modifying resources. PUT is an HTTP method used to update or replace an existing resource at a given URI. HTTPS provides encrypted transport for the API exchange, ensuring confidentiality and integrity.

A token serves as a credential-like value, often passed in headers, to authenticate and authorize API access.

Exam trap

A common mistake is confusing the roles of GET and PUT—GET retrieves data while PUT updates it—and overlooking that HTTPS is a secure transport protocol, not an HTTP method or authentication mechanism.

38
MCQmedium

What is version control primarily used for in network automation workflows?

A.To replace authentication for API clients
B.To track changes and maintain history for code and templates
C.To automatically assign switchport VLANs in real time
D.To discover neighboring devices at Layer 2
AnswerB

Correct. That is the core value of version control.

Why this answer

Version control tracks changes to code and configuration artifacts, enabling rollback, collaboration, and auditability.

Exam trap

A common exam trap is mistaking version control for a live network function like VLAN assignment or device discovery. Some candidates incorrectly believe version control directly manages network devices in real time, such as automatically assigning VLANs or discovering neighbors. However, version control only manages the files that define these actions, not the actions themselves.

Confusing these roles leads to selecting incorrect options that describe operational network tasks rather than the management and tracking of automation code and templates.

Why the other options are wrong

A

Option A is incorrect because version control systems do not replace authentication for API clients. Authentication is handled by security protocols and credentials, not by version control.

C

Option C is incorrect because version control does not assign VLANs or perform any real-time network configuration tasks; it only manages the files that define such configurations.

D

Option D is incorrect because discovering neighboring devices at Layer 2 is a network function performed by protocols like CDP or LLDP, not by version control systems.

39
PBQhard

You are connected to R1 (192.168.1.1/24, GigabitEthernet0/0). Using RESTCONF, you need to retrieve the operational status of interface GigabitEthernet0/0 and then change its description to 'Uplink to R2'. The correct base URI is https://192.168.1.1/restconf. Provide the GET and PATCH request URIs, required HTTP headers, and identify the error that occurs if you use Accept: application/json instead of application/yang-data+json.

Hints

  • RESTCONF base URI is always /restconf on Cisco IOS-XE.
  • The ietf-interfaces module is used for standard interface configuration; Cisco-IOS-XE-native is for native CLI-like data.
  • Content-type and Accept headers must match the YANG data format (application/yang-data+json).
A.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0?content=nonconfig, PATCH /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/yang-data+json, error: 406 Not Acceptable
B.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, PATCH /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/json, error: 404 Not Found
C.GET /restconf/data/Cisco-IOS-XE-native:interface/GigabitEthernet0/0?content=nonconfig, PATCH /restconf/data/Cisco-IOS-XE-native:interface/GigabitEthernet0/0, Accept: application/yang-data+json, error: 406 Not Acceptable
D.GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0?content=nonconfig, PATCH /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/json, error: 404 Not Found
AnswerA
solution
! R1
GET URI: /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0?content=nonconfig
PATCH URI: /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
Headers: Accept: application/yang-data+json, Content-Type: application/yang-data+json (for PATCH)
PATCH body: {"ietf-interfaces:interface": [{"name": "GigabitEthernet0/0", "description": "Uplink to R2"}]}
Wrong Accept: application/json causes 406 Not Acceptable
Wrong YANG path (e.g., /restconf/data/Cisco-IOS-XE-native:interface) causes 404 Not Found

Why this answer

The correct GET URI is /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0?content=nonconfig to retrieve operational status. The PATCH URI is /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with a JSON body containing the new description. Both requests require the header Accept: application/yang-data+json.

If Accept: application/json is used, the router returns a 406 Not Acceptable error because IOS-XE RESTCONF only accepts application/yang-data+json. The YANG module path must use the ietf-interfaces module name; using a wrong path like /restconf/data/Cisco-IOS-XE-native:interface/GigabitEthernet0/0 would return a 404 Not Found.

Exam trap

Remember that RESTCONF requires the specific media type application/yang-data+json, not generic application/json. Also, operational data retrieval requires the ?content=nonconfig query parameter. Using the wrong YANG module path leads to a 404 error, while the wrong Accept header leads to 406.

Why the other options are wrong

B

The specific factual error: The GET URI is missing ?content=nonconfig, and the Accept header should be application/yang-data+json. The error for wrong Accept is 406, not 404.

C

The specific factual error: The YANG module path should be ietf-interfaces:interfaces/interface=..., not Cisco-IOS-XE-native:interface/.... The error for wrong path is 404, not 406.

D

The specific factual error: The Accept header must be application/yang-data+json; application/json is not acceptable and returns 406, not 404.

40
PBQhard

You are connected to R1 via the console. The network operations center (NOC) has asked you to configure R1 as an NTP client of the NTP server at 192.0.2.10 (reachable via VLAN 100, SVI 192.168.1.1/24). They also need all system messages of level 'debug' (level 7) and higher forwarded to the syslog server at 203.0.113.50. The current configuration shows that NTP is not working (stratum 16) and syslog is only sending critical and higher messages. Fix both issues.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR2R1switchNTP serverSyslog server

Hints

  • Check the source IP of NTP packets; the server may require a specific source address.
  • NTP synchronization fails if the router does not have a route to the NTP server; verify connectivity.
  • The logging trap level controls which severity messages are sent; 'critical' only sends levels 0-2.
A.Configure 'ntp source Vlan100' and 'logging trap debugging'.
B.Configure 'ntp server 192.0.2.10' and 'logging trap 7'.
C.Configure 'ntp source Vlan100' and 'logging trap warnings'.
D.Configure 'ntp update-calendar' and 'logging trap informational'.
AnswerA
solution
! R1
ntp source Vlan100
logging trap debugging

Why this answer

The NTP client is not synchronizing because there is no source interface specified; the NTP packets may be sourced from an unexpected interface and the server may ignore them. The solution is to configure 'ntp source Vlan100' to ensure NTP packets use the correct source IP. Additionally, the syslog trap level is set to 'critical', which filters out messages with severity lower than critical (like warnings, errors, etc.).

The NOC requires all messages up to debug level; therefore, change the logging trap level to 'debugging' with 'logging trap debugging'.

Exam trap

Do not confuse the NTP server command with the source interface command. The server command specifies the server, but the source interface ensures the correct source IP. For syslog, remember that 'debugging' is the keyword for the lowest severity level; using 'warnings' or 'informational' will exclude debug messages.

Why the other options are wrong

B

The specific factual error: 'logging trap 7' is not a valid Cisco IOS command; the correct command uses the keyword 'debugging'. Also, the NTP server command alone does not fix the source interface issue.

C

The specific factual error: 'logging trap warnings' only sends messages with severity 0-4, missing severity 5-7 (notifications, informational, debug).

D

The specific factual error: 'ntp update-calendar' is not needed for NTP synchronization; the source interface is the key missing piece. 'logging trap informational' does not include debug messages.

41
MCQmedium

What is a northbound API in a controller-based network architecture?

A.An interface used by the controller to program forwarding tables on switches
B.An interface used by applications to communicate with the controller
C.A dedicated out-of-band management port on the controller
D.A wireless uplink between access points and the controller
AnswerB

Correct. Northbound means application-to-controller communication.

Why this answer

Northbound APIs allow external applications, dashboards, and automation tools to interact with the controller. Southbound APIs are used by the controller to communicate with the network devices it manages.

Exam trap

Confusing northbound and southbound APIs is a common pitfall. Northbound APIs enable applications to communicate with the controller, while southbound APIs allow the controller to program network devices like switches and routers. Selecting an option that describes device programming or physical ports misses the architectural directionality of these APIs.

Why the other options are wrong

A

Incorrect because programming forwarding tables on switches is a southbound API function, not northbound.

C

Incorrect because a physical management port does not define API direction and is unrelated to northbound or southbound APIs.

D

Incorrect because wireless uplinks are physical connections and do not represent API communication directions.

42
Multi-Selectmedium

Which three of the following are key benefits of integrating AI into network operations? (Choose three.)

Select 3 answers
.Automated detection and correlation of anomalies across the network
.Real-time traffic classification and policy enforcement using machine learning models
.Predictive maintenance by analyzing historical performance data to forecast failures
.Complete elimination of the need for human network administrators
.Guaranteed 100% network uptime through self-healing algorithms
.Automatic reconfiguration of physical cabling without manual intervention

Why this answer

The three correct answers highlight practical AI benefits: anomaly detection correlates diverse telemetry (NetFlow, SNMP) to identify issues faster; real-time traffic classification uses ML models for dynamic policy enforcement without manual rule updates; predictive maintenance analyzes historical data to forecast failures, enabling proactive intervention. The wrong options are unrealistic: AI cannot eliminate all human administrators (complex troubleshooting still needs humans), cannot guarantee 100% uptime (failures still occur), and cannot automatically reconfigure physical cabling (that requires physical access).

Exam trap

Cisco often tests the distinction between AI as an augmentation tool versus a replacement for human administrators, and the trap here is assuming AI can guarantee 100% uptime or eliminate all manual tasks, which contradicts real-world network reliability principles.

43
MCQmedium

Exhibit: A controller returns an authentication token after a successful API login. Why does the client include that token in later requests?

A.To replace the need for an IP address on the client
B.To prove identity and authorization on later API calls
C.To encrypt every packet at Layer 1
D.To change HTTP from a stateless protocol to a routing protocol
AnswerB

That is the normal purpose of a bearer or session token.

Why this answer

The token proves the client already authenticated and is authorized to use the API. It saves the client from resending credentials on every request and lets the server validate session or access scope.

Exam trap

A frequent exam trap is assuming that the authentication token replaces the client’s IP address or provides encryption at the physical layer. Some candidates mistakenly believe tokens function like network identifiers or encryption keys, but tokens solely serve as proof of identity and authorization within API sessions. This confusion can lead to selecting incorrect answers that describe unrelated network functions such as IP addressing or Layer 1 encryption.

Understanding that tokens are application-layer credentials, not network-layer or physical-layer features, is critical to avoid this trap.

Why the other options are wrong

A

Option A incorrectly suggests that tokens replace the need for an IP address on the client. IP addresses are fundamental for network communication and routing, and tokens do not substitute for them. This misunderstanding confuses network-layer addressing with application-layer authentication.

C

Option C incorrectly claims that tokens encrypt every packet at Layer 1. Tokens are not encryption mechanisms and do not operate at the physical layer. Encryption is handled by separate protocols such as TLS or IPsec.

D

Option D falsely asserts that tokens change HTTP from a stateless protocol to a routing protocol. HTTP remains stateless, and tokens enable session continuity without altering the protocol’s fundamental nature. Routing protocols are unrelated to token use.

44
Matchingmedium

Match each REST-style method to the action it most commonly represents.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve information

Submit or create data

Update or replace a resource

Remove a resource

Why these pairings

REST methods are standardized: GET retrieves, POST creates, PUT replaces, PATCH partially modifies, DELETE removes, and HEAD retrieves only headers.

Exam trap

The exam often tests the distinction between PUT (full replacement) and PATCH (partial modification). Many candidates incorrectly assign PUT to 'update' and PATCH to 'replace'.

45
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IOS-XE device as an NTP client and ensure its syslog messages are sent to a remote server with correct timestamps.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, enter global config, then set the NTP server, configure syslog destination and source interface, and finally verify both services.

Exam trap

A common trap is to configure syslog before NTP, but NTP should be set first so that syslog messages have correct timestamps. Also, candidates may forget that global config mode must be entered before any configuration commands.

46
Matchingeasy

Match each basic JSON element to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Group of key-value pairs

Ordered list of items

Field name

Content associated with a field

Why these pairings

The four terms are fundamental structural elements of JSON, not separate data types. JSON's six data types are object, array, string, number, boolean, and null. The pairings accurately describe each element: an Object is a group of key-value pairs, an Array is an ordered list of items, a Key is a field name (always a string), and a Value is the content associated with a field (any valid JSON type).

Exam trap

Watch out for common misconceptions: null is a separate type, not a boolean; objects use curly braces, not square brackets; and JSON numbers do not support scientific notation or leading zeros.

47
Matchingmedium

Match each programmability term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Structured representation of configuration or state

Common machine-readable data format

Specific API target or path

Credential-like access value

Why these pairings

Each term is correctly matched with its standard definition in software development and API contexts.

Exam trap

Candidates often confuse APIs with programming languages or protocols. Remember that an API is an interface, not a language or a protocol itself. It enables communication between different software systems.

48
Multi-Selectmedium

Which TWO statements accurately describe how AI and ML concepts are applied to network operations?

Select 2 answers
A.Intent-based networking translates business intent into network policies and continuously validates that the network meets those intentions.
B.Anomaly detection uses ML models to identify deviations from normal traffic baselines, which can indicate security threats or performance issues.
C.Predictive analytics uses historical data to forecast future network conditions and automatically reconfigures network devices to prevent issues.
D.ML models in network operations are trained exclusively on labeled datasets to detect known attack signatures.
E.Rule-based systems are preferred over ML for anomaly detection because they can adapt to new, unknown patterns without manual updates.
AnswersA, B

This is a core principle of IBN: it automates policy translation and ongoing validation to ensure the network aligns with business goals.

Why this answer

Option A is correct because intent-based networking (IBN) captures business intent in a declarative model, translates it into network policies (e.g., via Cisco DNA Center), and continuously validates that the network state matches the intended outcome using assurance and closed-loop analytics. Option B is correct because anomaly detection leverages ML models to establish a baseline of normal traffic and then flags deviations, which can indicate security threats or performance issues. Option C is incorrect because predictive analytics forecasts future network conditions but does not automatically reconfigure devices; that requires closed-loop automation.

Option D is false because ML models in network operations are not trained exclusively on labeled data; unsupervised learning can detect unknown patterns without labeled datasets. Option E is false because rule-based systems cannot adapt to new, unknown patterns without manual updates, whereas ML models are better suited for anomaly detection due to their ability to learn and generalize from data.

Exam trap

Cisco often tests the distinction between 'predictive analytics' (which forecasts but does not automatically reconfigure) and 'closed-loop automation' (which does), leading candidates to overstate the capabilities of predictive analytics in option C.

Why the other options are wrong

C

Predictive analytics forecasts future network conditions (e.g., link utilization trends) but does not automatically reconfigure devices; automation requires separate closed-loop systems like Cisco DNA Assurance with RMA (reactive, proactive, predictive) workflows. The statement incorrectly combines prediction with automatic reconfiguration.

D

ML models in network operations can be trained using both supervised learning (labeled data for known attacks) and unsupervised learning (unlabeled data to discover unknown patterns). The statement incorrectly claims exclusive use of labeled datasets, ignoring unsupervised anomaly detection which is critical for identifying novel threats.

E

Rule-based systems are static and cannot adapt to new, unknown patterns without manual rule updates. ML models, especially unsupervised learning, excel at detecting anomalies without predefined rules. The statement reverses the strengths of rule-based and ML approaches.

49
Matchingmedium

Match each HTTP method to the action it most commonly performs in a REST API.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve a resource

Create a new resource

Update or replace a resource

Remove a resource

Why these pairings

These are the standard HTTP methods and their typical CRUD operations in RESTful APIs, as defined by the HTTP specification.

Exam trap

Cisco exams often test the standard RESTful mapping of HTTP methods to CRUD operations. Remember: GET = read, POST = create, PUT = update/replace, DELETE = delete. Do not confuse POST with update or PUT with delete.

50
Matchingmedium

Match each controller or API direction term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Direction used when applications communicate with the controller

Direction used when the controller communicates with infrastructure devices

Central platform used for policy and management coordination

Software interface used for defined communication between systems

Why these pairings

Controller/API directions: Northbound goes to apps; Southbound to devices; East/West between controllers; REST and NETCONF are common protocols.

Exam trap

Do not confuse protocols (REST, NETCONF) with direction terms (northbound, southbound). The question specifically asks for direction terms, not protocols.

51
MCQhard

Why is a northbound API valuable to orchestration systems in a controller-based architecture?

A.It provides a defined software interface through which orchestration tools can interact with the controller.
B.It allows network devices to communicate directly with each other without the controller.
C.It is a physical interface used to connect the controller to the orchestration system.
D.It is a physical cable standard for controller uplinks.
AnswerA

This is correct because northbound APIs exist for application and orchestration access.

Why this answer

A northbound API is valuable because it provides a defined software interface for orchestration systems to interact with the controller programmatically. Option B is incorrect because northbound APIs do not enable direct device-to-device communication; that is a function of the data plane. Option C is incorrect because northbound APIs are logical software interfaces, not physical cables or ports.

Option D is also incorrect as it mischaracterizes the API as a hardware standard.

Exam trap

A common exam trap is mistaking the northbound API for a physical connection or confusing it with southbound APIs that communicate with network devices.

Why the other options are wrong

B

This describes direct device communication or southbound APIs, not the northbound API used by orchestration.

C

Northbound APIs are logical software interfaces, not physical cable standards or hardware.

52
Multi-Selectmedium

Which TWO of the following are core applications of AI and ML in network operations as described in CCNA 200-301 v2.0 objective 5.1?

Select 2 answers
A.Using machine learning to detect unusual traffic patterns that may indicate a security threat or network fault.
B.Using historical data and ML models to forecast future network traffic loads and capacity requirements.
C.Automatically generating network configuration scripts using natural language processing.
D.Translating high-level business intent into network policies and continuously verifying that the network state matches the intended state.
E.Using reinforcement learning to optimize routing protocol metrics in real time.
AnswersA, D

This describes anomaly detection, which is a key AI/ML application in network operations. ML models learn normal traffic baselines and flag deviations for further investigation.

Why this answer

Options A and D are correct as per CCNA 200-301 v2.0 objective 5.1, which specifically lists anomaly detection using machine learning and intent-based networking as core AI/ML applications in network operations. Option A describes anomaly detection, where ML models trained on baseline traffic identify deviations indicating security threats or faults. Option D describes intent-based networking, where high-level business intent is translated into network policies with continuous verification.

Option B (capacity forecasting) and Option C (NLP-based config generation) are not listed in objective 5.1, though they are related AI/ML uses in networking. Option E (reinforcement learning for routing optimization) is also not a core application covered in the CCNA syllabus.

Exam trap

Cisco often tests the specific scope of objective 5.1, which lists only anomaly detection and intent-based networking as core AI/ML applications, causing candidates to mistakenly select capacity forecasting (option B) or NLP-based automation (option C) which are not included in that objective.

Why the other options are wrong

B

Capacity forecasting using ML is not listed as a core application in objective 5.1; it is a more advanced AIOps use case.

C

Automatically generating configs via NLP is not a core application in objective 5.1; it is not covered at CCNA level.

E

Reinforcement learning for routing optimization is not a core AI/ML application described in objective 5.1; it is beyond scope.

53
Matchingmedium

Drag and drop the syslog severity levels on the left to their corresponding names and meanings on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Emergency – system is unusable

Alert – immediate action needed

Critical – critical condition

Error – error condition

Warning – warning condition

Why these pairings

Syslog severity levels: 0 (emergency), 1 (alert), 2 (critical), 3 (error), 4 (warning), 5 (notification). Levels 6 and 7 are informational and debugging.

Exam trap

The exam often tests the order of syslog severity levels. Remember that lower numbers mean higher severity. A common trap is confusing the descriptions for Emergency, Alert, and Critical.

Memorize the top four: 0 Emergency, 1 Alert, 2 Critical, 3 Error.

54
Drag & Dropmedium

Drag and drop the following steps into the correct order to describe the general workflow for AI-assisted network configuration automation: receive intent, decompose into sub-tasks, call tools, validate output, and apply closed-loop remediation.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The general AI workflow in network automation begins with receiving the high-level intent, then breaking it down into executable sub-tasks, calling the appropriate tools (e.g., APIs or scripts), validating the output to ensure correctness, and finally applying closed-loop remediation to correct any deviations. This order reflects a logical progression from planning to action to verification and correction, which aligns with foundational AI/ML concepts covered in the CCNA.

Exam trap

Do not confuse the order: decomposition must precede tool calls, and validation must occur after tool calls but before remediation.

55
Multi-Selectmedium

Which three of the following are key applications of AI in network operations? (Choose three.)

Select 3 answers
.Anomaly detection and proactive threat identification
.Automated root cause analysis of network faults
.Predictive maintenance of network hardware based on telemetry
.Replacing all manual CLI configuration with AI-generated scripts
.Eliminating the need for network monitoring tools entirely
.Automating the physical installation of network cables

Why this answer

AI in network operations enhances efficiency by automating complex analytical tasks. Anomaly detection uses machine learning models to identify deviations from baseline traffic patterns, enabling proactive threat identification before they cause outages. Automated root cause analysis correlates events across the network to pinpoint the origin of a fault, reducing mean time to repair (MTTR).

Predictive maintenance leverages telemetry data (e.g., from SNMP, NetFlow, or gRPC) to forecast hardware failures, allowing preemptive replacement and minimizing downtime.

Exam trap

Cisco often tests the distinction between AI augmenting versus replacing existing tools and processes, so the trap here is assuming AI can fully automate physical tasks or eliminate foundational monitoring infrastructure, when in reality AI works as an overlay to enhance human decision-making and existing systems.

56
Drag & Dropmedium

Drag and drop the following steps into the correct order to implement an AI/ML-based network operations workflow for proactive anomaly detection and automated remediation on a Cisco IOS-XE device.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The workflow starts with data collection, then streaming, model training, deployment, and finally automated remediation based on detection.

Exam trap

Do not confuse the order of steps in an AI/ML workflow. Remember that data must be collected before it can be streamed, and models must be trained before they can be deployed for detection. Automated remediation is always the last step.

57
MCQmedium

A network administrator at a large enterprise notices that the network monitoring system frequently generates false positive alerts for unusual traffic patterns during normal business hours. The administrator wants to reduce these false positives while still detecting genuine security threats. Which AI/ML concept would best address this requirement?

A.Deploy a predictive analytics model to forecast future traffic volumes and adjust thresholds accordingly.
B.Implement an anomaly detection system that uses machine learning to establish baseline behavior and flag deviations.
C.Apply intent-based networking to automatically enforce security policies based on high-level business intent.
D.Use deep packet inspection to examine all traffic and create static rules for known threats.
AnswerB

Anomaly detection with ML learns normal traffic baselines and adapts to changes, which significantly reduces false positives by only alerting on genuine anomalies.

Why this answer

Option B is correct because anomaly detection using machine learning establishes a dynamic baseline of normal network behavior, allowing the system to flag only significant deviations. This reduces false positives during normal business hours while still detecting genuine threats that deviate from the learned baseline, unlike static thresholds that trigger alerts on routine traffic variations.

Exam trap

Cisco often tests the distinction between predictive analytics (forecasting volume) and anomaly detection (learning behavior), trapping candidates who confuse adjusting thresholds with establishing a behavioral baseline.

Why the other options are wrong

A

Predictive analytics forecasts future traffic volumes but does not establish a dynamic baseline for normal behavior; thus, it cannot adapt to daily variations and would not reduce false positives from current traffic patterns.

C

Intent-based networking automates policy deployment and verification based on business intent, but it does not analyze traffic patterns or adapt alert thresholds; therefore, it does not directly reduce false positive alerts from monitoring systems.

D

Deep packet inspection with static rules can detect known threats but cannot adapt to new or evolving traffic patterns; thus, it would not reduce false positives from normal traffic variations and may even increase them due to rigid rules.

58
Multi-Selectmedium

Which TWO statements correctly describe characteristics of SNMPv2c and SNMPv3 for network monitoring?

Select 2 answers
A.SNMPv3 supports authentication and encryption for secure network monitoring.
B.SNMPv2c uses community strings sent in clear text to authenticate requests.
C.SNMPv3 provides the same security level as SNMPv2c but with additional trap support.
D.SNMPv2c supports only GET and SET operations, but not traps.
E.SNMPv3 uses community strings to authenticate agents and managers.
AnswersA, B

SNMPv3 includes security features such as authentication (MD5/SHA) and encryption (DES/AES) to protect data in transit.

Why this answer

SNMPv3 is correct because it introduces authentication (MD5/SHA) and encryption (DES/AES) for secure monitoring. SNMPv2c is correct because it uses community strings transmitted in cleartext, lacking security. Option C is wrong: SNMPv3 is more secure than v2c, not the same.

Option D is wrong: SNMPv2c supports traps in addition to GET and SET. Option E is wrong: SNMPv3 uses usernames and security models, not community strings.

Exam trap

Cisco often tests the misconception that SNMPv3 is merely an extension of SNMPv2c with added trap support, when in fact the key differentiator is the security model (authentication and encryption), and both versions support traps.

Why the other options are wrong

C

SNMPv3 provides significantly higher security than SNMPv2c by adding authentication and encryption, whereas SNMPv2c uses only community strings in clear text. Both versions support traps, so the statement incorrectly claims SNMPv3 has additional trap support, which is not a distinguishing feature.

D

SNMPv2c supports GET, SET, and trap operations, just like SNMPv1 and SNMPv3. The statement is incorrect because it claims SNMPv2c does not support traps, which is false; traps are a key feature for asynchronous notifications in network monitoring.

E

SNMPv3 uses the User-based Security Model (USM) with usernames and authentication keys, not community strings. Community strings are a feature of SNMPv1 and SNMPv2c, which are transmitted in clear text and provide weak security.

59
Matchingmedium

Drag and drop the monitoring protocols and features on the left to their correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses community strings for authentication, transmitted in plaintext

Provides authentication and encryption via AuthPriv security model

Cisco-proprietary flow monitoring that caches flows and exports records

IETF standard based on NetFlow v9 for flexible flow export

Push model that continuously streams operational data to a collector

Why these pairings

These pairs correctly match monitoring protocols and features with their descriptions as covered in network monitoring and management topics.

Exam trap

Watch out for confusing protocols with features: SNMP and NetFlow are protocols, while SPAN is a feature. Also, don't mix up the purposes: Syslog is for logs, not backups; NetFlow is for flow data, not packet inspection.

60
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure gRPC streaming telemetry subscription on a Cisco IOS-XE device, from initial setup to data collection.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct order starts with entering global config, then enabling telemetry, defining subscription details (encoding and filter), specifying the receiver, and finally verifying data collection.

Exam trap

The trap is that candidates may confuse the order of enabling telemetry and defining the subscription, or think that global config is not needed first. Remember that all telemetry commands are configured in global config mode, and the subscription must be defined before the receiver can be added.

61
Multi-Selectmedium

Which THREE statements accurately describe the role of AI agents in closed-loop remediation workflows for network automation?

Select 3 answers
A.AI agents require manual approval before executing any remediation action in a closed-loop workflow.
B.AI agents can autonomously analyze network telemetry and decide on remediation actions.
C.AI agents rely solely on static baseline configurations to detect anomalies.
D.Tool-calling allows AI agents to invoke external automation tools (e.g., Ansible, Python scripts) to execute remediation steps.
E.In a closed-loop remediation workflow, the AI agent monitors the network after action to confirm the issue is resolved and adjusts if needed.
F.AI agents eliminate the need for human oversight in network operations.
AnswersB, D, E

AI agents use machine learning and rule-based logic to analyze real-time telemetry (e.g., interface errors, CPU utilization) and determine the appropriate remediation step, such as adjusting routing or resetting an interface.

Why this answer

B is correct because AI agents in closed-loop remediation workflows autonomously analyze network telemetry (e.g., gRPC, NETCONF) and decide on remediation actions without manual intervention, enabling rapid response. D is correct because tool-calling allows the AI agent to invoke external automation tools like Ansible or Python scripts to execute the chosen remediation steps. E is correct because a key part of the closed-loop is that the AI agent monitors the network after action to confirm the issue is resolved and adjusts if needed, ensuring the loop is closed.

A is wrong because closed-loop automation implies autonomous execution based on predefined policies, not requiring manual approval for every action. C is wrong because AI agents use dynamic telemetry and learned patterns, not just static baseline configurations, to detect anomalies. F is wrong because AI agents augment, not eliminate, human oversight; human intervention remains for policy exceptions and oversight.

Exam trap

Cisco often tests the misconception that AI agents require manual approval for every action in closed-loop workflows, when in fact the 'closed-loop' concept implies autonomous execution based on predefined policies.

Why the other options are wrong

A

Closed-loop remediation is defined by autonomous execution without manual approval for standard actions.

C

AI agents rely on continuous telemetry and machine learning, not solely static baseline configurations, to detect anomalies.

F

AI agents reduce but do not eliminate the need for human oversight, especially for policy exceptions and strategic decisions.

62
Multi-Selectmedium

Which two statements about RESTful APIs are correct? (Choose two.)

Select 2 answers
A.They commonly use HTTP methods such as GET and POST.
B.They require Layer 2 adjacency between client and server.
C.They often exchange structured data such as JSON.
D.They replace the need for routing protocols on the network.
AnswersA, C

Correct. Those verbs are central to REST interactions.

Why this answer

REST commonly uses HTTP verbs and typically exchanges structured data such as JSON.

Exam trap

A frequent exam trap is the misconception that RESTful APIs require Layer 2 adjacency between client and server devices. Some candidates mistakenly believe that because RESTful APIs use HTTP, they must operate only within the same broadcast domain or VLAN. However, RESTful APIs function over routed IP networks just like any other web traffic, so Layer 2 adjacency is not necessary.

Another trap is thinking that RESTful APIs replace routing protocols, which is incorrect since APIs only provide programmable access to device functions and do not handle routing or forwarding.

Why the other options are wrong

B

Option B is incorrect because RESTful APIs do not require Layer 2 adjacency; they operate over routed IP networks, allowing clients and servers to communicate across different subnets.

D

Option D is incorrect because RESTful APIs do not replace routing protocols; they provide programmable access to device functions but do not handle routing or forwarding decisions.

63
MCQmedium

A network engineer is tasked with monitoring a large enterprise network that requires high-frequency, real-time data collection from thousands of routers and switches. The engineer needs a solution that minimizes CPU overhead on the network devices and supports push-based data delivery. Which technology should the engineer choose for this requirement?

A.SNMPv2c with frequent polling intervals
B.Streaming telemetry
C.NetFlow
D.IPFIX
AnswerB

Streaming telemetry uses a push model, reducing CPU overhead by having devices send data on a schedule or event basis. It scales well for large networks and supports real-time visibility.

Why this answer

Streaming telemetry uses a push model where devices continuously send structured data (e.g., via gRPC or UDP) to collectors, reducing the need for polling and lowering CPU impact. SNMPv2c uses pull-based polling (get requests) which increases CPU load with high-frequency queries. NetFlow and IPFIX are flow-based and better suited for traffic analysis, not real-time device metrics like CPU or memory.

Why the other options are wrong

A

SNMPv2c uses a pull model where the manager polls devices for data. Frequent polling intervals increase CPU usage on network devices and can cause scalability issues with thousands of devices, making it unsuitable for high-frequency, real-time data collection with minimal overhead.

C

NetFlow is designed for traffic flow analysis, capturing details like source/destination IPs and ports, not for collecting device health metrics such as CPU or memory. Its export mechanism can be CPU-intensive and does not provide the push-based efficiency needed for real-time monitoring of device status.

D

IPFIX is an extension of NetFlow for flexible flow export and shares the same focus on traffic flows, not device health metrics. Like NetFlow, it does not offer the push-based, low-overhead data delivery required for real-time monitoring of thousands of devices.

64
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IOS-XE device as an NTP client and set up syslog reporting of NTP events to a remote log server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, enter global configuration mode. Then configure the NTP server to define the time source. Next, configure the logging host to specify the remote syslog server.

After that, enable logging of NTP events so that NTP-related syslog messages are generated and sent to the configured host. Finally, verify the configuration. Option B is wrong because configuring the logging host before the NTP server would attempt to send logs before time synchronization is set up, and the NTP server must be configured first to generate NTP events.

Option C is incorrect because enabling NTP event logging before configuring both the NTP server and the logging host means there is no NTP server to generate events and no logging destination to send them to. Option D is wrong because enabling logging of NTP events before configuring the logging host would cause generated messages to be dropped if the logging host is not yet set; the logging host must be configured before enabling NTP event logging.

Exam trap

The trap is that candidates may confuse the order of enabling NTP event logging and configuring the logging host. Remember: configure the logging host before enabling NTP event logging, and always configure the NTP server first.

65
MCQhard

Why is a northbound API generally more useful to orchestration software than a human-readable CLI screen?

A.Because the API provides a structured interface intended for software interaction.
B.Because CLI output cannot be read by humans.
C.Because APIs remove the need for authentication.
D.Because orchestration software cannot use HTTPS.
AnswerA

This is correct because orchestration tools work best with predictable, machine-oriented interfaces.

Why this answer

A northbound API is more useful because it is designed for structured software interaction. In practical terms, orchestration systems need predictable data and predictable request methods. Human-readable CLI output is optimized for people, not for stable machine parsing. APIs provide the cleaner contract between the controller and the automation platform.

This is a core programmability idea. Human-readable output is useful for operators, but structured APIs are better for software systems.

Exam trap

A common exam trap is to confuse the usability of CLI output with its suitability for automation. While CLI screens are indeed human-readable and essential for manual network management, they are not designed for software consumption due to inconsistent formatting and lack of structured data. Another trap is to mistakenly believe that APIs remove security requirements like authentication; in fact, APIs enforce strict authentication and authorization to protect network resources.

Misunderstanding these points can lead to incorrect answers that underestimate the importance of structured, secure interfaces in network automation.

Why the other options are wrong

B

This option is incorrect because CLI output is specifically designed to be human-readable; the problem is not readability but the lack of structured data suitable for software parsing.

C

This option is incorrect because APIs still require authentication and authorization to secure network access; they do not remove the need for security controls.

D

This option is incorrect because orchestration software commonly uses HTTPS-based APIs for secure communication; the inability to use HTTPS is not a valid reason for preferring APIs over CLI.

66
Matchingmedium

Match each HTTP method to the most accurate action it commonly represents in REST-style APIs.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve existing information

Submit or create data

Update or replace an existing resource

Remove a resource

Why these pairings

HTTP methods correspond to CRUD operations in REST: GET for read, POST for create, PUT for full update, PATCH for partial update, DELETE for delete, and HEAD for headers only.

Exam trap

The trap is assuming GET can perform any operation beyond retrieval. Remember that GET must be safe and idempotent; it should never modify or delete resources. Always associate GET with read-only operations.

67
PBQhard

You are connected to the console of R1, a Cisco router that is part of a larger network. The network operations team uses Ansible to manage configurations. You need to write an Ansible playbook that configures an interface description on R1. The playbook should use the ios_config module.

Hints

  • The ios_config module uses 'parents' to specify the configuration context.
  • The playbook should target the correct host group.
  • Remember to include the YAML front matter.
A.--- - name: Configure interface description hosts: R1 gather_facts: no tasks: - name: Add description to Gi0/0 ios_config: lines: - description Link to Core parents: interface GigabitEthernet0/0
B.--- - name: Configure interface description hosts: R1 gather_facts: no tasks: - name: Add description to Gi0/0 ios_config: lines: - interface GigabitEthernet0/0 - description Link to Core
C.--- - name: Configure interface description hosts: R1 gather_facts: no tasks: - name: Add description to Gi0/0 ios_command: commands: - configure terminal - interface GigabitEthernet0/0 - description Link to Core
D.--- - name: Configure interface description hosts: R1 gather_facts: no tasks: - name: Add description to Gi0/0 ios_config: lines: - description Link to Core parents: GigabitEthernet0/0
AnswerA
solution
! R1
---
- hosts: routers
  gather_facts: no
  tasks:
    - name: Configure interface description
      ios_config:
        lines:
          - description WAN Link
        parents: interface GigabitEthernet0/0

Why this answer

The playbook uses the ios_config module to add the description line under the interface configuration. The 'parents' parameter sets the context to 'interface GigabitEthernet0/0'. The playbook must be saved as a .yml file and run with ansible-playbook.

Exam trap

A common trap is confusing ios_config with ios_command, or incorrectly formatting the 'parents' parameter. Remember that ios_config is for configuration changes and requires the 'parents' parameter to specify the exact command that enters the configuration context, such as 'interface GigabitEthernet0/0'.

Why the other options are wrong

B

The specific factual error: The 'lines' parameter should only contain the configuration commands to be applied under the parent context, not the parent command itself.

C

The specific factual error: The ios_command module does not handle configuration mode properly and is not intended for configuration tasks; it sends commands and returns output without state management.

D

The specific factual error: The 'parents' parameter expects the exact command that enters the configuration context, such as 'interface GigabitEthernet0/0', not just the interface name.

68
Matchingmedium

Drag each automation or API concept from the left to its corresponding description on the right. Not all descriptions are used. Concepts: - Northbound API - Southbound API - JSON - HTTPS

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Application-facing interface to the controller

Controller-facing interface toward managed infrastructure

Structured data format

Secure transport for API communication

Why these pairings

Northbound API: the application-facing interface of an SDN controller, allowing apps to request services. Southbound API: the interface that enables the controller to configure managed devices, such as OpenFlow. JSON: a structured data format using key/value pairs and arrays, lightweight and machine‑friendly.

HTTPS: secure, encrypted transport for API communications, protecting data in transit. Distractors: 'Human-readable serialization format' describes YAML, not JSON or APIs. 'Protocol for network device configuration' might refer to NETCONF or CLI, not HTTPS or the APIs listed.

Exam trap

Be careful not to confuse JSON and YAML: JSON uses brackets and is machine-friendly, while YAML uses indentation and is human-friendly. Also, remember that Ansible uses YAML, not XML.

69
PBQhard

You are connected to R1, a Cisco ISR 4331 router running IOS-XE. Your task is to enable SNMP v2c with community string 'public' (read-only) and 'private' (read-write), and configure SNMP v3 with a user 'admin' using SHA authentication (password 'Cisco123') and AES 128 encryption (password 'Cisco456'). Additionally, configure SNMP traps to be sent to a management server at 203.0.113.10 for both v2c and v3. Finally, enable NetFlow export to a collector at 203.0.113.20, using version 9. Verify your configuration using 'show snmp' and 'show ip cache flow'.

Hints

  • Remember to apply NetFlow on an interface for traffic capture.
  • SNMPv3 user requires both auth and priv passwords.
  • Use 'snmp-server enable traps' before configuring trap hosts.
A.snmp-server community public RO snmp-server community private RW snmp-server user admin v3group v3 auth sha Cisco123 priv aes 128 Cisco456 snmp-server enable traps snmp-server host 203.0.113.10 version 2c public snmp-server host 203.0.113.10 version 3 auth admin ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
B.snmp-server community public snmp-server community private snmp-server user admin v3 auth md5 Cisco123 priv des56 Cisco456 snmp-server enable traps snmp-server host 203.0.113.10 version 2c public snmp-server host 203.0.113.10 version 3 auth admin ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
C.snmp-server community public RO snmp-server community private RW snmp-server user admin v3 auth sha Cisco123 priv aes 128 Cisco456 snmp-server enable traps snmp-server host 203.0.113.10 version 2c private snmp-server host 203.0.113.10 version 3 auth admin ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
D.snmp-server community public RO snmp-server community private RW snmp-server user admin v3 auth sha Cisco123 priv aes 128 Cisco456 snmp-server enable traps snmp-server host 203.0.113.10 version 2c public snmp-server host 203.0.113.10 version 3 auth admin ip flow-export destination 203.0.113.20 2055 ip flow-export version 5
AnswerA
solution
! R1
snmp-server community public RO
snmp-server community private RW
snmp-server user admin v3 auth sha Cisco123 priv aes 128 Cisco456
snmp-server enable traps
snmp-server host 203.0.113.10 version 2c public
snmp-server host 203.0.113.10 version 3 auth admin
ip flow-export destination 203.0.113.20 2055
ip flow-export version 9
interface GigabitEthernet0/1
ip flow ingress
exit

Why this answer

The router lacks SNMP and NetFlow configuration. For SNMP v2c, you must define community strings with 'snmp-server community public RO' and 'snmp-server community private RW'. For SNMP v3, you create a user within a group; the command requires a group name, e.g., 'snmp-server user admin v3group v3 auth sha Cisco123 priv aes 128 Cisco456'.

Traps are enabled and sent to 203.0.113.10 via v2c with the public community and v3 with the admin user. NetFlow export uses version 9 to collector 203.0.113.20. Verification commands show SNMP details and flow cache export settings.

Exam trap

Watch out for common mistakes: using MD5/DES instead of SHA/AES for SNMPv3, forgetting RO/RW keywords on community strings, using the wrong community string for traps, and selecting the wrong NetFlow version. Always verify the exact requirements in the question.

Why the other options are wrong

B

The specific factual error: SNMPv3 user is configured with MD5 and DES instead of SHA and AES 128; community strings are missing RO/RW keywords.

C

The specific factual error: The v2c trap host uses 'private' instead of 'public' community string.

D

The specific factual error: NetFlow export version is set to 5 instead of 9.

70
PBQhard

You are connected to R1. Configure SNMPv3 with authentication (SHA) and encryption (AES-128) for user 'monitor' in group 'AdminGroup', and also configure SNMPv2c read-only community string 'cisco123' to send traps to the management server at 192.0.2.100. Additionally, configure NetFlow on interface GigabitEthernet0/0 to export flow data to 198.51.100.50 using version 9. Verify your configuration using the appropriate show commands.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkG0/1203.0.113.1/30G0/1203.0.113.2/30linkR1R2R3

Hints

  • SNMPv3 requires a view before creating the group.
  • Remember to enable NetFlow on the interface in both ingress and egress directions.
  • The SNMPv2c community string must be configured before the trap host can reference it.
A.snmp-server group AdminGroup v3 priv read AdminView; snmp-server user monitor AdminGroup v3 auth sha cisco123 priv aes 128 cisco123; snmp-server community cisco123 ro; snmp-server host 192.0.2.100 traps version 2c cisco123; interface GigabitEthernet0/0; ip flow-export destination 198.51.100.50 9996; ip flow-export version 9; ip flow ingress
B.snmp-server group AdminGroup v3 auth read AdminView; snmp-server user monitor AdminGroup v3 auth sha cisco123 priv aes 128 cisco123; snmp-server community cisco123 ro; snmp-server host 192.0.2.100 traps version 2c cisco123; interface GigabitEthernet0/0; ip flow-export destination 198.51.100.50 9996; ip flow-export version 9; ip flow ingress
C.snmp-server group AdminGroup v3 priv read AdminView; snmp-server user monitor AdminGroup v3 auth sha cisco123 priv des 56 cisco123; snmp-server community cisco123 ro; snmp-server host 192.0.2.100 traps version 2c cisco123; interface GigabitEthernet0/0; ip flow-export destination 198.51.100.50 9996; ip flow-export version 9; ip flow ingress
D.snmp-server group AdminGroup v3 priv read AdminView; snmp-server user monitor AdminGroup v3 auth sha cisco123 priv aes 128 cisco123; snmp-server community cisco123 ro; snmp-server host 192.0.2.100 traps version 2c cisco123; interface GigabitEthernet0/0; ip flow-export destination 198.51.100.50 9996; ip flow-export version 5; ip flow ingress
AnswerA
solution
! R1
snmp-server group AdminGroup v3 priv read AdminView
snmp-server view AdminView iso included
snmp-server user monitor AdminGroup v3 auth sha cisco123 priv aes 128 cisco123
snmp-server community cisco123 RO
snmp-server host 192.0.2.100 version 2c cisco123
snmp-server enable traps
interface GigabitEthernet0/0
ip flow ingress
ip flow egress
exit
ip flow-export destination 198.51.100.50 2055
ip flow-export version 9

Why this answer

The configuration was missing SNMPv3 user, group, and trap settings. We added the SNMPv3 user 'monitor' with SHA authentication and AES-128 encryption, created a view and group 'AdminGroup' with read access, and configured the SNMPv2c community string 'cisco123' for read-only access. We also enabled SNMP traps to the manager at 192.0.2.100 and configured NetFlow on GigabitEthernet0/0 to export to 198.51.100.50 using version 9.

Verification commands show the SNMP configuration and NetFlow flow cache.

Exam trap

Pay close attention to the exact security requirements: 'priv' for encryption, AES-128 specifically, and NetFlow version 9. The exam often tests subtle differences between 'auth' and 'priv' levels, encryption algorithms, and NetFlow versions.

Why the other options are wrong

B

The group level 'auth' does not permit encryption; 'priv' is required for AES-128 encryption.

C

The encryption algorithm specified is DES (56-bit) instead of AES-128.

D

NetFlow export version is 5, not 9 as required.

71
Multi-Selectmedium

Which two statements accurately describe why APIs and human-oriented CLIs are both still useful in network operations?

Select 2 answers
A.APIs are useful for structured, repeatable software-driven interaction.
B.CLIs are still useful for direct human troubleshooting and inspection.
C.APIs make all CLIs obsolete in every situation.
D.CLIs are only useful for configuring initial device settings and cannot be used for monitoring.
E.Neither interface should ever return structured data.
AnswersA, B

This is correct because APIs are well suited to automation workflows.

Why this answer

APIs and CLIs are both useful because they serve different operational strengths. In practical terms, APIs are better for repeatable software interaction and structured automation, while CLIs remain valuable for direct human troubleshooting and ad hoc inspection. Mature environments often use both depending on the task.

This is not an either-or question. It is about fit for purpose.

Exam trap

Don't assume one technology is replacing the other; understand their complementary roles.

Why the other options are wrong

C

This statement is incorrect because CLIs remain essential for tasks that require human judgment, such as debugging complex issues, interactive configuration, and learning device behavior. APIs complement but do not replace CLIs, as many operational scenarios benefit from direct human interaction.

D

This is incorrect because CLIs are widely used for monitoring, troubleshooting, and ad-hoc inspection beyond initial configuration.

E

This statement is incorrect because structured data (e.g., JSON, XML) is commonly returned by both APIs and modern CLIs (e.g., via 'show' commands with formatting options) to facilitate machine parsing and automation. Returning structured data is a best practice for integrating network devices with management systems.

72
Multi-Selectmedium

Which TWO statements about network automation tools are true?

Select 2 answers
A.Ansible uses an agentless architecture and communicates with network devices over SSH by default.
B.Python is a general-purpose programming language often used with libraries like Netmiko and NAPALM to automate network tasks.
C.Puppet and Chef both use a push-based model where the master server initiates configuration changes on managed nodes.
D.Chef playbooks are written in YAML, while Ansible uses a Ruby-based DSL for defining desired state.
E.Ansible requires an agent to be installed on managed network devices, while Puppet does not.
AnswersA, B

Ansible does not require an agent on managed nodes; it relies on standard protocols such as SSH for Linux/network devices, making it agentless.

Why this answer

Ansible is agentless, meaning it does not require any software installed on managed network devices. It connects to devices over SSH by default (or API for some platforms) and pushes configuration modules directly, making it lightweight and easy to deploy in network environments.

Exam trap

Cisco often tests the confusion between push-based and pull-based models, as well as which tools use agents versus agentless architectures, to catch candidates who memorize buzzwords without understanding the underlying communication patterns.

Why the other options are wrong

C

Ansible is the tool known for push-based orchestration; Puppet and Chef rely on agent-initiated pull cycles.

D

Mixing up the DSL/language associations: Ansible = YAML, Chef = Ruby, Puppet = Puppet DSL (declarative).

E

This error stems from confusing the agentless nature of Ansible with the agent-based architecture of Puppet/Chef.

73
PBQhard

You are connected to R1 via the console. R1 is a Cisco ISR 4321 router running IOS-XE. The network team has recently changed the routing protocol from EIGRP to OSPF, but some routes are missing from the routing table. You need to analyze the OSPF neighbor states and LSDB to identify the issue.

Network Topology
G0/010.0.1.1/30G0/010.0.1.2/30linkG0/1192.168.1.1/24linkR1R2SW1

Hints

  • Check if OSPF neighbors are in FULL state.
  • Look for mismatched OSPF network types or hello intervals.
  • Verify that both routers are in area 0.
A.Use 'show ip ospf neighbor' to check neighbor state; if not FULL, examine 'show ip ospf interface' for mismatched hello/dead intervals or network type.
B.Use 'show ip route ospf' to verify OSPF routes; if missing, re-enter the OSPF process and redistribute connected routes.
C.Use 'debug ip ospf events' to monitor OSPF packets; if no packets are seen, reconfigure OSPF router ID and clear the OSPF process.
D.Use 'show ip protocols' to verify OSPF process configuration; if incorrect, delete and recreate the OSPF process with the correct network statements.
AnswerA
solution
! R1
show ip ospf neighbor
show ip ospf interface gigabitethernet0/0
show ip route ospf

! R2
show ip ospf neighbor
show ip ospf interface

Why this answer

OSPF requires consistent hello/dead intervals and network types to form adjacency. If the neighbor is not in FULL state, routes will not be exchanged. Checking 'show ip ospf neighbor' reveals the state; mismatched parameters can be corrected by adjusting interface configuration.

Exam trap

The exam trap is that candidates may jump to reconfiguring the OSPF process or redistribution when routes are missing, but the root cause is often a simple mismatch in OSPF interface parameters. Always check neighbor states first.

Why the other options are wrong

B

The specific factual error is that 'show ip route ospf' shows only existing OSPF routes, not neighbor states. Redistribution is not needed for directly connected interfaces in the same OSPF area.

C

The specific factual error is that debugging is not the initial diagnostic step; it should be used after verifying neighbor states and interface parameters. Changing the router ID is unnecessary unless there is a duplicate router ID issue.

D

The specific factual error is that 'show ip protocols' does not display per-interface OSPF parameters. The problem is likely at the interface level, not the process level.

74
Matchingmedium

Match each HTTP method to the most common API action.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve information

Create a new resource

Replace or update a resource representation

Remove a resource

Why these pairings

These are the standard HTTP methods and their typical CRUD actions in RESTful APIs.

Exam trap

Do not confuse the purpose of HTTP methods. GET is always safe and idempotent; it should never modify server state. Remember that POST creates, PUT/PATCH updates, and DELETE removes.

75
MCQmedium

A REST API query returns this JSON snippet: { "interface": { "name": "GigabitEthernet1", "admin-status": "up", "oper-status": "down" } } What does this indicate?

A.The interface is shut down by configuration.
B.The interface is enabled but the link is not operational.
C.The interface is operating normally.
D.The interface is a loopback.
AnswerB

Correct. Admin up / oper down indicates no working link or similar fault.

Why this answer

The interface is administratively enabled, but it is not operationally passing traffic or achieving link.

Exam trap

Be careful not to confuse 'admin-status' with 'oper-status'. They represent different states of the interface.

Why the other options are wrong

A

The admin-status is 'up', which means the interface is not administratively shut down. A shut down interface would show admin-status as 'down'.

C

An interface operating normally would have oper-status 'up'. The oper-status 'down' indicates the interface is not passing traffic, so it is not functioning normally.

D

A loopback interface is a virtual interface that is always up/up (admin up, oper up) unless administratively shut down. The JSON shows oper-status 'down', which is not typical for a loopback.

Page 1 of 3 · 215 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Ai Network Operations questions.