CCNA Ai Network Operations Questions

75 of 215 questions · Page 2/3 · Ai Network Operations topic · Answers revealed

76
Multi-Selectmedium

Which THREE statements accurately describe the characteristics of NETCONF and RESTCONF for programmatic network configuration?

Select 3 answers
A.NETCONF uses HTTP methods such as GET, POST, PUT, and DELETE to manipulate configuration data.
B.NETCONF uses XML-encoded RPCs over a secure transport such as SSH or TLS.
C.RESTCONF supports both XML and JSON encoding and uses HTTP methods.
D.Both NETCONF and RESTCONF rely on YANG data models to define the structure of configuration and operational data.
E.NETCONF uses a separate commit operation to apply changes, while RESTCONF uses a similar commit mechanism.
AnswersB, C, D

NETCONF encodes operations in XML and sends them as RPCs over a secure connection (SSH or TLS). This is a core characteristic of NETCONF.

Why this answer

NETCONF uses XML-encoded Remote Procedure Calls (RPCs) over a secure transport such as SSH or TLS, making option B correct. RESTCONF supports both XML and JSON encoding and uses standard HTTP methods (GET, POST, PUT, PATCH, DELETE), so option C is correct. Both NETCONF and RESTCONF rely on YANG data models to define the structure of configuration and operational data, confirming option D.

Option A is incorrect because NETCONF does not use HTTP methods; that is a characteristic of RESTCONF. Option E is wrong because RESTCONF does not use a separate commit operation; changes are applied immediately with each HTTP request, unlike NETCONF's candidate config and commit model.

Exam trap

Cisco often tests the misconception that NETCONF uses HTTP methods like RESTCONF, leading candidates to incorrectly select option A as a correct statement about NETCONF.

Why the other options are wrong

A

NETCONF uses XML‑encoded RPCs over SSH or TLS, not HTTP methods; HTTP methods are used by RESTCONF.

E

RESTCONF does not have a separate commit operation; changes are applied immediately with each HTTP request, unlike NETCONF's explicit commit step.

77
MCQeasy

What data format is commonly used in REST API responses because it is lightweight and easy for applications to parse?

AnswerB

Correct. JSON is commonly used in RESTful APIs.

Why this answer

JSON is widely used in REST APIs for structured data exchange.

Exam trap

Avoid assuming older or more traditional formats like XML or CSV are used in modern REST APIs; JSON is the standard.

Why the other options are wrong

A

BGP (Border Gateway Protocol) is a path-vector routing protocol used to exchange routing information between autonomous systems, not a data serialization format. It is unrelated to REST API data formatting.

C

STP (Spanning Tree Protocol) is a Layer 2 protocol that prevents loops in Ethernet networks, not a data format for APIs. It operates at the data link layer and has no role in REST API responses.

D

ARP (Address Resolution Protocol) is used to map IP addresses to MAC addresses in local networks, not a data serialization format. It is a network layer protocol, not an API data format.

78
MCQeasy

Which HTTP method is commonly used to retrieve information from a REST API without modifying the resource?

A.POST
B.GET
C.PUT
D.DELETE
AnswerB

Correct. GET retrieves data.

Why this answer

GET is the standard HTTP method for retrieving a resource representation without changing the resource.

Exam trap

Do not confuse retrieval with modification. GET retrieves data without altering the resource, unlike POST, PUT, or DELETE.

Why the other options are wrong

A

POST is used to create a new resource or submit data to be processed, which often results in a change in server state. It is not idempotent and is not designed for retrieval without modification.

C

PUT is used to update or replace an existing resource, which modifies the resource. It is not a safe or idempotent method for retrieval without side effects.

D

DELETE is used to remove a resource, not retrieve it. Using DELETE would modify the resource by deleting it, which contradicts the requirement of not modifying the resource.

79
PBQhard

You are connected to R1 (198.51.100.1/24). Using RESTCONF, you need to retrieve the current operational status of GigabitEthernet0/0/0 via the ietf-interfaces YANG model, then update its description to 'WAN-Link-to-R2' using a PATCH request with the Cisco-IOS-XE-native YANG model. The candidate must identify the correct base URI, YANG module path, HTTP headers (Accept: application/yang-data+json), interpret the JSON response, and recognize the error that occurs when an incorrect Content-Type header or wrong YANG path is used.

Network Topology
G0/0/0198.51.100.1/24G0/0/0198.51.100.2/24EthernetR1R2

Hints

  • The ietf-interfaces model provides operational data; configuration changes require Cisco-IOS-XE-native.
  • The Content-Type header must be application/yang-data+json for PATCH requests.
  • URL-encode special characters like '/' in interface names as '%2F'.
A.GET request to /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0/0 with Accept: application/yang-data+json; PATCH request to /restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/0/0 with Content-Type: application/yang-data+json and body {"Cisco-IOS-XE-native:description": "WAN-Link-to-R2"}
B.GET request to /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0/0 with Accept: application/json; PATCH request to /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0/0 with Content-Type: application/yang-data+json and body {"description": "WAN-Link-to-R2"}
C.GET request to /restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/0/0 with Accept: application/yang-data+json; PATCH request to /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0/0 with Content-Type: application/json and body {"description": "WAN-Link-to-R2"}
D.GET request to /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0/0 with Accept: application/yang-data+json; PATCH request to /restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/0/0 with Content-Type: application/json and body {"Cisco-IOS-XE-native:description": "WAN-Link-to-R2"}
AnswerA
solution
! R1
Use GET: curl -k -u admin:cisco -H "Accept: application/yang-data+json" https://198.51.100.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0%2F0%2F0
Use PATCH: curl -k -u admin:cisco -X PATCH -H "Content-Type: application/yang-data+json" -d '{"Cisco-IOS-XE-native:description":"WAN-Link-to-R2"}' https://198.51.100.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=GigabitEthernet0%2F0%2F0/description

Why this answer

The GET request correctly uses the ietf-interfaces YANG path and Accept header to retrieve the interface operational data. The PATCH request fails because it attempts to modify 'description' under the ietf-interfaces model, which is read-only for operational data; the writable 'description' is under Cisco-IOS-XE-native:native/interface/GigabitEthernet. The correct PATCH URI targets the Cisco-IOS-XE-native YANG module path, and the Content-Type must be application/yang-data+json.

The 400 error indicates a mismatch between the YANG path in the URI and the data payload.

Exam trap

A common trap is confusing operational (read-only) and configuration (writable) YANG models. Remember that ietf-interfaces provides operational data, while Cisco-IOS-XE-native provides configuration data. Also, ensure the correct Content-Type header is used for write operations.

Why the other options are wrong

B

The specific factual error is that the ietf-interfaces model's operational data cannot be modified via PATCH; the writable description is under Cisco-IOS-XE-native. Also, the Accept header should be application/yang-data+json.

C

The specific factual error is that the GET request should use ietf-interfaces for operational data, and the PATCH request should use the native model with correct Content-Type.

D

The specific factual error is that the Content-Type header must be application/yang-data+json, not application/json, to indicate the payload is YANG-encoded JSON.

80
Multi-Selectmedium

Which three options best describe how machine learning models are trained for network anomaly detection? (Choose three.)

Select 3 answers
.Using historical baseline traffic data to learn normal behavior patterns
.Labeling datasets with known attack signatures for supervised learning
.Applying unsupervised clustering to identify deviations without predefined labels
.Requiring manual threshold configuration for every monitored metric
.Training exclusively on synthetic data generated by simulation tools
.Relying solely on SNMP polling intervals to detect anomalies

Why this answer

Machine learning models for network anomaly detection are effectively trained using historical baseline traffic data to learn normal behavior patterns, which allows the model to identify deviations that may indicate anomalies. Labeled datasets with known attack signatures enable supervised learning, where the model learns to classify traffic as normal or malicious based on examples. Unsupervised clustering techniques, such as k-means or DBSCAN, can identify deviations without predefined labels by grouping similar data points and flagging outliers as potential anomalies.

The three incorrect options—manual threshold configuration, training exclusively on synthetic data, and reliance on SNMP polling—are not characteristic of ML training methods. Manual threshold configuration is a rule‑based approach that does not involve learning from data. Training exclusively on synthetic data is not representative of real‑world traffic patterns and would not generalize well.

Relying solely on SNMP polling intervals is a traditional monitoring method, not a machine learning technique.

Exam trap

Cisco often tests the distinction between traditional rule-based monitoring (e.g., SNMP thresholds) and machine learning approaches, expecting candidates to recognize that ML models learn patterns automatically rather than relying on static thresholds or synthetic-only data.

81
Drag & Dropmedium

Drag and drop the following phases into the correct order to configure gRPC streaming telemetry subscription setup and then the NetFlow data path sequence.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First configure telemetry, then set up NetFlow export, define the flow monitor, and finally apply it to an interface.

Exam trap

Be careful not to apply a flow monitor to an interface before it is defined, and remember that telemetry configuration must precede NetFlow export setup.

82
Multi-Selectmedium

Which two statements about YANG are correct?

Select 2 answers
A.It defines structured models for configuration and state data
B.It is commonly associated with NETCONF and RESTCONF
C.It is a replacement for OSPF adjacency formation
D.It is the same thing as JSON syntax
E.It automatically discovers neighbors on a LAN
AnswersA, B

That is the core purpose of YANG.

Why this answer

YANG is a data modeling language used to describe configuration and operational state. It is commonly used with NETCONF and RESTCONF, but it is not itself the transport protocol.

Exam trap

A common exam trap is mistaking YANG for a routing protocol or a data format. Some candidates incorrectly believe YANG replaces protocols like OSPF for adjacency formation or that it is the same as JSON syntax. This confusion arises because YANG models can be encoded in JSON or XML, but YANG itself is a modeling language, not a transport or routing protocol.

Misunderstanding this can lead to selecting incorrect answers that describe YANG as performing routing or neighbor discovery functions, which it does not. Recognizing YANG’s role as a data modeling language avoids this pitfall.

Why the other options are wrong

C

Option C is incorrect because YANG is not a routing protocol and does not handle OSPF adjacency formation or any routing functions.

D

Option D is incorrect as YANG is a modeling language, not a data format like JSON. Although YANG models can be encoded in JSON, they are not the same thing.

E

Option E is incorrect because YANG does not perform network discovery functions such as automatically discovering neighbors on a LAN; that is outside its scope.

83
PBQhard

You are connected to R1, a Cisco router running IOS-XE. Configure SNMP v2c with a read-only community string 'publicRW' (note: the string is intentionally misnamed for the task), and SNMP v3 with user 'admin' using MD5 authentication (password 'cisco123') and DES encryption (password 'cisco456'). Ensure SNMP traps for linkUp/linkDown are sent to the management server at 192.0.2.100. Additionally, configure NetFlow export to send version 9 flow records to 192.0.2.200 on UDP port 2055, and ensure that only inbound traffic on GigabitEthernet0/0 is monitored. Finally, verify your configuration using 'show snmp' and 'show ip cache flow'.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • Remember to create the SNMP v3 user with both auth and priv parameters.
  • NetFlow requires both a destination and version; also apply flow monitoring on an interface.
  • Use 'snmp-server enable traps' to activate trap generation before specifying the host.
A.snmp-server community publicRW ro snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456 snmp-server enable traps snmp linkdown linkup snmp-server host 192.0.2.100 traps version 2c publicRW ip flow-export destination 192.0.2.200 2055 ip flow-export version 9 interface GigabitEthernet0/0 ip flow ingress
B.snmp-server community publicRW ro snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456 snmp-server enable traps snmp linkdown linkup snmp-server host 192.0.2.100 traps version 2c publicRW ip flow-export destination 192.0.2.200 2055 ip flow-export version 9
C.snmp-server community publicRW ro snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456 snmp-server enable traps snmp linkdown linkup snmp-server host 192.0.2.100 traps version 2c publicRW ip flow-export destination 192.0.2.200 2055 ip flow-export version 9 interface GigabitEthernet0/0 ip flow egress
D.snmp-server community publicRW ro snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456 snmp-server enable traps snmp linkdown linkup snmp-server host 192.0.2.100 traps version 2c publicRW ip flow-export destination 192.0.2.200 2055 ip flow-export version 9 interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input
AnswerA
solution
! R1
snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456
snmp-server enable traps snmp linkdown linkup
snmp-server host 192.0.2.100 traps version 2c publicRW
ip flow-export destination 192.0.2.200 2055
ip flow-export version 9
interface GigabitEthernet0/0
ip flow ingress
end

Why this answer

The initial configuration has an SNMP v2c community string 'publicRW' set as RO, but the task requires it to be the read-only string. The SNMP v3 user 'admin' with MD5/DES is missing entirely, as are trap destinations and NetFlow export. To fix, first add the SNMP v3 user with 'snmp-server user admin admin v3 auth md5 cisco123 priv des cisco456', then enable traps with 'snmp-server enable traps snmp linkdown linkup' and 'snmp-server host 192.0.2.100 traps version 2c publicRW'.

For NetFlow, configure 'ip flow-export destination 192.0.2.200 2055', 'ip flow-export version 9', and apply flow monitoring on an interface (e.g., 'interface GigabitEthernet0/0' with 'ip flow ingress'). The 'show snmp' command will display the community strings and trap receivers, while 'show ip cache flow' will show flow records.

Exam trap

Students often forget to apply NetFlow on an interface with 'ip flow ingress' or confuse it with Flexible NetFlow commands. Also, they may omit the trap enable command or use the wrong SNMP version for trap delivery. Always ensure that NetFlow collection is enabled on an interface and that SNMP traps are both enabled globally and sent to the correct host.

Why the other options are wrong

B

The configuration omits the 'ip flow ingress' (or any) interface command, so NetFlow will not collect any traffic.

C

The 'ip flow egress' command monitors outbound traffic, not the specified inbound traffic on GigabitEthernet0/0.

D

The 'ip flow monitor FLOW-MONITOR input' command references a flexible NetFlow monitor that does not exist; traditional 'ip flow ingress' is required.

84
Drag & Dropmedium

Drag and drop the following steps into the correct order to retrieve the operational status of interface GigabitEthernet0/0 using NETCONF and the ietf-interfaces YANG model.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

First, establish an SSH connection to the device's NETCONF subsystem (TCP port 830). The NETCONF protocol then performs a capability exchange via <hello> messages to ensure both sides support the required YANG models. Next, a <get> RPC with an XPath filter is sent to request the specific interface status.

The server replies with <rpc-reply> containing the XML data. The client parses the XML to extract the desired value. Finally, the NETCONF session is closed by a <close-session> RPC, and the SSH connection is terminated.

This order ensures a proper NETCONF transaction lifecycle.

85
MCQeasy

Which HTTP method is normally used by a REST API client to retrieve data from a resource without changing it?

A.POST
B.PUT
C.GET
D.DELETE
AnswerC

GET retrieves resource information.

Why this answer

GET requests read a resource. They are used to retrieve state or information without modifying the target object.

Exam trap

Confusing HTTP methods can lead to selecting POST or PUT when the question specifically asks for retrieving data without modification. POST is often associated with creating resources, and PUT with updating them. Selecting DELETE is clearly incorrect as it removes resources.

The trap is to overlook that GET is the only method designed to safely retrieve data without side effects, which is critical in REST API operations relevant to network programmability.

Why the other options are wrong

A

POST is incorrect because it is used to create or submit data, not to retrieve data without changes.

B

PUT is incorrect as it replaces or updates a resource, which modifies the data rather than just retrieving it.

D

DELETE is incorrect since it removes a resource, not retrieves data.

86
Matchingmedium

Match each API workflow concept to the description that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Target resource path

Requested action such as retrieve or delete

Access-related value carried by the client

Structured payload format

Why these pairings

In REST API workflows, the endpoint is the URL path that identifies a specific resource (e.g., /users). The HTTP method defines the action to perform on that resource, such as GET (retrieve), POST (create), PUT (update), or DELETE (remove). A token is a credential that the client sends in the request header to authenticate and authorize access, and JSON is the lightweight data‑interchange format used to structure the payload in the request body or response.

Exam trap

Don’t mix up the method (which tells the server what to do) with the endpoint (which identifies where to act)—a common mistake is to confuse actions with resource paths, or to think a token is a data format instead of a security credential.

87
Matchingmedium

Match each API security or access term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Credential-like value used to help control API access

Encrypted transport commonly used for secure API communication

Verification of identity

Determination of allowed actions after identity is verified

Why these pairings

These terms are common in API security and access control. Each pairing matches the term with its standard definition in IT certification contexts.

Exam trap

Be careful not to confuse authentication with authorization. API keys are for authentication, while OAuth is for authorization. Also, distinguish between a token format (JWT) and a security mechanism.

88
MCQmedium

In a controller-based network architecture, what is a southbound API typically used for?

A.To communicate from the controller to network devices
B.To provide dashboards to end users in a browser
C.To translate DNS names into IP addresses
D.To synchronize switch clocks with NTP
AnswerA

Correct. Southbound APIs face the infrastructure layer.

Why this answer

Southbound APIs are used by the controller to communicate with and program network devices or the infrastructure below it.

Exam trap

A frequent exam trap is mistaking southbound APIs for functions unrelated to device management, such as providing user dashboards (option B), translating DNS names (option C), or synchronizing clocks with NTP (option D). These options describe roles outside the scope of southbound APIs. Southbound APIs specifically enable the controller to communicate with and program network devices, not to serve end-user interfaces or perform network services like DNS or time synchronization.

Confusing these roles can lead to selecting incorrect answers, as the exam expects precise understanding of the controller’s interaction layers.

Why the other options are wrong

B

Incorrect. Providing dashboards to end users is a function related to northbound APIs or management applications, not southbound APIs that interface with network devices.

C

Incorrect. DNS name resolution is unrelated to southbound APIs, which focus on device communication and management rather than network services like DNS.

D

Incorrect. Synchronizing switch clocks with NTP is a network service function independent of southbound APIs, which do not handle time synchronization tasks.

89
PBQhard

You are connected to R1, a branch router connected to a central NTP server at 203.0.113.10 and a syslog server at 198.51.100.20. Configure R1 as an NTP client using its Loopback0 interface (192.168.1.1/32) as the source, and ensure syslog messages of severity 'informational' and above are sent to the syslog server. Currently, R1 shows 'Clock is unsynchronized, stratum 16'. Identify and fix the NTP issue, then apply the syslog configuration.

Network Topology
G0/010.0.0.2/30linkR1R2

Hints

  • NTP shows stratum 16 and uses a local pseudo-clock — the server is configured but not used.
  • Check if the NTP source interface is set to a reachable IP.
  • Syslog is only sending warnings and above — change the trap level to allow informational.
A.Configure 'ntp source Loopback0' and 'logging trap informational'.
B.Configure 'ntp server 203.0.113.10 source Loopback0' and 'logging trap warnings'.
C.Configure 'ntp source Loopback0' and 'logging trap debugging'.
D.Configure 'ntp source Loopback0' and 'logging host 198.51.100.20' without changing the trap level.
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap informational
end
write memory

Why this answer

The NTP client was configured but the source interface was not specified, causing the router to use a default source that may not be reachable. Additionally, the syslog trap level was set to 'warnings' (severity 4), which filters out informational (severity 6) messages. To fix: configure 'ntp source Loopback0' to use a consistent source IP, and change 'logging trap informational' to allow all messages severity 6 and above.

Exam trap

Trap: Candidates may confuse the 'ntp server' command syntax with the global 'ntp source' command, or assume the default syslog trap level already includes informational messages. Remember: NTP source is set globally, and syslog trap levels must be explicitly configured to match the required severity.

Why the other options are wrong

B

The specific factual error: The 'ntp server' command does not have a 'source' parameter; source is set globally. Also, 'logging trap warnings' does not meet the requirement to send informational messages.

C

The specific factual error: 'logging trap debugging' sends all messages, including debugging (severity 7), which is unnecessary and can cause excessive log traffic. The requirement is for informational and above, which is severity 6, not 7.

D

The specific factual error: The default trap level may not be 'informational'; it is often 'warnings' or 'debugging' depending on the IOS version. The requirement to send informational messages necessitates explicit configuration of 'logging trap informational'.

90
Drag & Drophard

Drag and drop the following steps into the correct order for an agentic AI system to remediate a network performance issue using Cisco IOS-XE CLI commands.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The agent first enters configuration mode, then diagnoses the interface, applies QoS, enables monitoring, and finally verifies the changes.

Exam trap

The trap is that candidates may confuse the order of diagnosis and action, or think monitoring should be enabled first. Remember: diagnose first, then act, then monitor, then verify.

91
Matchingmedium

Match each automation term to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data modeling language for structured network data

Lightweight text format for structured data exchange

Programmatic interface exposed by a system

Credential presented to authenticate or authorize a request

Why these pairings

YANG is a data modeling language used to define data structures and configuration models for network devices. JSON is a lightweight text format for storing and exchanging structured data. An API is a programmatic interface that allows applications to communicate with a system.

A Token is a credential used for authentication or authorization when making API requests.

Exam trap

Don't confuse YANG with JSON or XML; YANG is a modeling language, not a data format.

92
Multi-Selectmedium

Which THREE of the following best describe how agentic AI is used in network automation, specifically regarding AI agents, tool-calling, and closed-loop remediation workflows?

Select 3 answers
A.AI agents can autonomously decide which network troubleshooting steps to perform and invoke appropriate tools via APIs.
B.AI agents only monitor network traffic and alert humans for any remediation actions.
C.Tool-calling in agentic AI allows the agent to execute network commands or scripts to collect data and implement changes.
D.A closed-loop remediation workflow continuously monitors network state, detects anomalies, triggers an AI agent to diagnose, and applies corrective actions automatically.
E.Closed-loop remediation always requires a human to approve each corrective action before it is executed.
AnswersA, C, D

This is a key feature of agentic AI: agents use reasoning to select and call tools (e.g., show commands, configuration APIs) to gather data or make changes.

Why this answer

Options A, C, and D are correct because agentic AI in network automation involves autonomous decision-making (A), tool-calling to execute network commands or gather data (C), and closed-loop remediation that continuously monitors, diagnoses, and applies fixes automatically (D). Options B and E are incorrect because they contradict the autonomous nature of agentic AI: B describes a passive monitoring system with human-only remediation, and E states that closed-loop remediation always requires human approval, which is not true for full closed-loop automation.

Exam trap

Cisco often tests the distinction between passive monitoring and active autonomous remediation; the trap here is that candidates may confuse agentic AI with simple alerting systems, forgetting that agentic AI must include decision-making and tool execution, not just notification.

Why the other options are wrong

B

This option describes traditional monitoring systems that only alert humans, not agentic AI which takes autonomous actions. Agentic AI agents do not just alert; they actively diagnose and remediate issues.

E

Closed-loop remediation implies full automation without manual approval; requiring human approval breaks the loop and defeats the purpose of autonomous remediation. The workflow is designed to act automatically.

93
Matchingmedium

Drag and drop the network monitoring technologies on the left to their correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses community strings for authentication and supports Get/Set operations

Provides authentication and encryption via User-based Security Model (USM)

Cisco-proprietary flow monitoring that exports packet-level flow records

Standardized version of NetFlow defined in RFC 7011

Push-based model that continuously streams device operational data to a collector

Why these pairings

These pairings match network monitoring technologies to their correct descriptions.

Exam trap

Be careful not to confuse SNMP with other monitoring protocols. SNMP is for device management information (MIBs), while NetFlow is for traffic analysis, Syslog for logging, and IP SLA for performance measurement.

94
Multi-Selectmedium

Which two statements accurately describe JSON arrays?

Select 2 answers
A.A JSON array is an ordered list of items.
B.A JSON array is typically enclosed in square brackets.
C.A JSON array is the same thing as an OSPF area.
D.A JSON array must always contain exactly one item.
E.A JSON array replaces the need for all keys in structured data.
AnswersA, B

This is correct because arrays are used to represent ordered collections.

Why this answer

JSON arrays are ordered lists enclosed in square brackets. In plain language, they are commonly used when an API needs to return multiple similar items such as interfaces, VLANs, or routes. Each element in the array might be a simple value or a more complex object. Arrays are therefore a normal structure for lists in automation and API payloads.

The wrong answers usually confuse arrays with objects or claim properties they do not have. The two correct answers are the ones that preserve the ideas of list structure and square-bracket notation.

Exam trap

A frequent exam trap is mistaking JSON arrays for networking concepts like OSPF areas or assuming they must contain exactly one item. Candidates might confuse arrays with objects or routing constructs, leading to incorrect answers. Another pitfall is thinking arrays replace keys in structured data, which is false because arrays and keys serve different purposes.

This confusion arises from mixing data structure syntax with network protocol terminology. Understanding that JSON arrays are simply ordered lists enclosed in square brackets helps avoid these traps and ensures clarity when working with automation payloads in Cisco environments.

Why the other options are wrong

C

Option C is incorrect because JSON arrays are data structures for organizing information, whereas OSPF areas are routing domains; they are unrelated concepts in networking and automation.

D

Option D is incorrect because JSON arrays can contain any number of items, including zero or many, not just exactly one item; this flexibility is important in API responses and configurations.

E

Option E is incorrect because arrays do not replace keys; keys are used in JSON objects to define named values, while arrays represent ordered collections without keys.

95
Multi-Selecthard

Which two practices most improve safety when automating network changes? (Choose two.)

Select 2 answers
A.Testing changes in a lab or staging environment first
B.Running scripts directly in production without validation
C.Using version control and peer review for automation code
D.Disabling backups so changes apply faster
AnswersA, C

Correct. Predeployment testing reduces production risk.

Why this answer

Testing and validation reduce risk before wide deployment, and version control with review/rollback supports controlled operations.

Exam trap

Avoid assuming that immediate deployment without testing is safe. Always prioritize testing and controlled deployments.

Why the other options are wrong

B

Running scripts directly in production without validation bypasses all safety checks, increasing the likelihood of misconfigurations that can cause outages or security breaches. This practice directly contradicts the principle of minimizing risk during network changes.

D

Disabling backups removes the ability to restore the network to a known good state after a failed change, significantly increasing risk. Backups are a fundamental safety net, and disabling them for speed is never justified.

96
Matchingmedium

Drag and drop the YANG, NETCONF, and RESTCONF terms on the left to their correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A data modeling language used to define the structure of configuration and state data for network devices

A protocol that uses XML and SSH to transport configuration and state data between a client and a network device

A protocol that uses HTTP methods (GET, PUT, POST, DELETE) to access YANG-defined data on a network device

A file that defines the schema, including data types, groupings, and constraints for network configuration

A node in a YANG data model that groups related leaf nodes and other containers together

A NETCONF operation used to modify the configuration of a network device

Why these pairings

YANG is the modeling language, NETCONF uses XML RPCs over SSH, RESTCONF uses HTTP and YANG models. The pairs match each term to its core function.

Exam trap

Be careful not to confuse the roles of YANG, NETCONF, and RESTCONF. YANG is a modeling language, not a protocol. NETCONF uses SSH and XML, while RESTCONF uses HTTP and supports JSON/XML.

Many candidates mistakenly attribute HTTP/JSON to NETCONF or SSH to RESTCONF.

97
Matchingmedium

Match each term to the role it most directly plays in an API workflow.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Describes the intended action such as retrieve or delete

Identifies the target resource path

Supports access control for the request

Provides the structured payload format

Why these pairings

Each term is correctly paired with its role in an API workflow.

Exam trap

Be careful not to confuse the role of the URI with the HTTP method or other components. The URI's primary function is identification, not action or data carriage.

98
Matchingmedium

Match each automation concept to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized management and policy platform

Defined software interface for communication between systems

Architectural style commonly using HTTP methods

Lightweight structured data format

Why these pairings

Controller provides centralized management and policy enforcement across network devices. API (Application Programming Interface) defines a standardized software interface for communication between systems. REST (Representational State Transfer) is an architectural style that commonly uses HTTP methods like GET, POST, PUT, DELETE.

JSON (JavaScript Object Notation) is a lightweight, human-readable data format used for data interchange. Each pairing correctly matches the concept to its core characteristic.

Exam trap

Be careful not to confuse declarative and imperative models: declarative says 'what' (desired state), imperative says 'how' (steps). Also, configuration drift is always unintentional, not a planned change.

99
PBQhard

You are connected to R1, a Cisco ISR 4321 running IOS-XE. Configure SNMPv2c with a read-only community string 'public' and SNMPv3 with user 'admin' using SHA authentication and AES encryption. Ensure SNMP traps are sent to the management server at 203.0.113.10. Additionally, configure NetFlow export to destination 203.0.113.20 on UDP port 2055 using version 9. Verify your configuration with appropriate show commands. The current running-config is incomplete; you must add the missing commands.

Network Topology
G0/0192.168.1.1/24Management NetworkR1Server

Hints

  • SNMPv3 user configuration requires both auth and priv algorithms and passwords.
  • For SNMP traps, specify the trap receiver IP and community string.
  • NetFlow export configuration uses global commands; no interface-level configuration is needed for basic export setup.
A.snmp-server community public ro snmp-server user admin snmp-group v3 auth sha cisco priv aes 128 cisco snmp-server host 203.0.113.10 traps version 2c public ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
B.snmp-server community public ro snmp-server user admin snmp-group v3 auth sha cisco priv aes 128 cisco snmp-server host 203.0.113.10 traps version 3 auth public ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
C.snmp-server community public ro snmp-server user admin snmp-group v3 auth md5 cisco priv des56 cisco snmp-server host 203.0.113.10 traps version 2c public ip flow-export destination 203.0.113.20 2055 ip flow-export version 9
D.snmp-server community public ro snmp-server user admin snmp-group v3 auth sha cisco priv aes 128 cisco snmp-server host 203.0.113.10 traps version 2c public ip flow-export destination 203.0.113.20 2055 ip flow-export version 5
AnswerA
solution
! R1
snmp-server user admin auth sha cisco priv aes 128 cisco
snmp-server host 203.0.113.10 traps version 2c public
ip flow-export destination 203.0.113.20 2055
ip flow-export version 9

Why this answer

The initial config has only a basic SNMPv2c community string. To meet requirements: enable SNMPv3 with a user 'admin' using SHA authentication and AES 128-bit encryption. The correct command requires a group name and the 'v3' keyword, e.g., 'snmp-server user admin snmp-group v3 auth sha cisco priv aes 128 cisco'.

Configure SNMP trap destination with 'snmp-server host 203.0.113.10 traps version 2c public'. For NetFlow, use 'ip flow-export destination 203.0.113.20 2055' and 'ip flow-export version 9'. Verify with 'show snmp' and 'show ip cache flow'.

Option B incorrectly uses version 3 traps with a community string; version 3 requires a security name. Option C uses insecure MD5/DES56 instead of SHA/AES. Option D uses NetFlow version 5 instead of version 9.

Exam trap

Forgetting to include a group name and the 'v3' keyword in the 'snmp-server user' command is a common syntax error that will cause the configuration to be rejected on real devices.

Why the other options are wrong

B

The trap host line uses 'version 3' and a community string ('public'), but SNMPv3 traps require a security name (the user) and an authentication level, not a community.

C

The SNMPv3 user is configured with MD5 and DES56, while the requirement is SHA authentication and AES 128‑bit encryption.

D

The NetFlow export version is set to 5 instead of the required version 9.

100
Multi-Selectmedium

Which four of the following are common use cases or features of AI and Machine Learning in network operations? (Choose all that apply.)

Select 4 answers
.Anomaly detection for security threats
.Automated root cause analysis of network faults
.Predictive maintenance of network hardware
.Dynamic optimization of traffic routing based on real-time patterns
.Manual configuration of static VLANs on access switches
.Replacing all network engineers with fully autonomous AI

Why this answer

Anomaly detection for security threats uses ML to identify deviations from normal traffic patterns, enabling proactive threat identification. Automated root cause analysis leverages AI to correlate events and faults across the network to quickly pinpoint the source of issues. Predictive maintenance applies ML models to historical hardware data (e.g., error logs, temperature) to forecast failures before they occur.

Dynamic traffic routing uses reinforcement learning or other AI techniques to adapt routing decisions in real time based on changing network conditions. The two incorrect options are not AI/ML use cases: manual VLAN configuration is a static, rule-based task that does not involve learning or adaptation, and replacing all network engineers with fully autonomous AI is an unrealistic, futuristic concept not representative of current AI/ML applications in network operations.

Exam trap

Cisco often tests the distinction between tasks that are deterministic and manually configured (like static VLANs) versus those that benefit from adaptive, pattern-based automation (like anomaly detection), so candidates mistakenly think any automation feature qualifies as AI/ML, but manual configuration is not an AI/ML use case.

101
Drag & Dropmedium

Drag and drop the following steps into the correct order to retrieve a specific interface's configuration via RESTCONF and apply a change to the interface description.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First retrieve the config, parse it, modify the description, apply the change, then verify.

Exam trap

The key trap is confusing the order of operations: you must retrieve before modifying, and apply before verifying. Candidates often mix up the sequence, especially placing verification too early or modification before retrieval.

102
Matchingmedium

Drag and drop the syslog severity levels and NTP concepts on the left to their correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Emergency: system is unusable

Debugging: detailed debug messages

Reference clock (e.g., atomic clock or GPS)

Unsynchronized or maximum usable stratum

Configures an IOS-XE device as an NTP client

Displays NTP synchronization state and stratum

Why these pairings

Syslog severity levels range from 0 (Emergency) to 7 (Debug), with 0 being the most critical. NTP stratum indicates clock accuracy: stratum 0 is the reference clock, stratum 1 is directly connected to a reference, and so on up to stratum 15, which is the maximum usable synchronized stratum. Stratum 16 means the device is unsynchronized.

The ntp server command configures a device as a client, and show ntp status displays synchronization state and current stratum.

Exam trap

Be careful not to confuse the severity order of syslog levels: lower numbers (0) are more severe, higher numbers (7) are less severe. Also, remember that NTP stratum numbers work inversely to accuracy: lower stratum numbers indicate higher accuracy, with Stratum 0 being the most accurate reference clock.

103
Matchingmedium

Drag and drop the AI/automation concepts on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Autonomous entity that perceives its environment and takes actions to achieve goals

Mechanism that allows an AI agent to invoke external functions or APIs

Workflow that automatically detects, diagnoses, and corrects network issues without human intervention

Technique that combines LLMs with external knowledge retrieval for accurate responses

Approach that translates high-level business intent into network configuration and assurance

Training method where an agent learns optimal actions through rewards and penalties

Why these pairings

AI Agent is correctly matched because it is defined as an autonomous entity that perceives its environment and takes actions to achieve goals. Tool-calling enables AI agents to invoke external functions or APIs, which aligns with the given description. Closed-loop remediation is accurately paired with the workflow that automatically detects, diagnoses, and corrects network issues without human intervention.

Retrieval-Augmented Generation (RAG) is the technique that combines large language models with external knowledge retrieval to produce more accurate responses. Intent-based Networking (IBN) translates high-level business intent into network configuration and assurance, matching the description. Finally, Reinforcement Learning (RL) is the training method where an agent learns optimal actions through rewards and penalties, which perfectly fits its definition.

Exam trap

Cisco exams often test the precise definitions of AI subsets and their applications. Avoid confusing the hierarchy (ML is broader than deep learning) and the specific tasks of NLP vs. computer vision. Also, remember that reinforcement learning uses rewards, not labeled data.

104
MCQmedium

Exhibit: A script sends an HTTP GET request to a controller API endpoint. What is the usual purpose of the GET method?

A.Retrieve information from the resource
B.Create a brand-new resource
C.Replace the entire resource configuration
D.Delete the resource
AnswerA

GET is used to read data.

Why this answer

In REST-style APIs, GET is normally used to retrieve data from a resource. It is not the standard method for creating or replacing resources.

Exam trap

Be careful not to confuse GET with other HTTP methods like POST, PUT, or DELETE, which have different purposes.

Why the other options are wrong

B

Creating a new resource is typically done using the POST method, not GET. GET is designed for safe and idempotent retrieval of data, not for creating resources.

C

Replacing the entire resource configuration is the purpose of the PUT method, which is idempotent and used for updates. GET is not intended for modifying resources.

D

Deleting a resource is performed using the DELETE method. GET is a safe method that should not have side effects like deletion.

105
Multi-Selectmedium

Which two statements accurately describe software-defined networking and network virtualization concepts at a basic CCNA level?

Select 2 answers
A.SDN is associated with more centralized or programmable control of network behavior.
B.NFV is associated with delivering network functions in software or virtualized form.
C.Both terms are just new names for subnet masks.
D.Both terms replace the need for routing protocols completely.
E.Both terms refer only to wireless client roaming.
AnswersA, B

This is correct because that is the core SDN idea at this level.

Why this answer

At a basic level, these concepts point toward more abstracted, software-driven ways of controlling or delivering networking capabilities. SDN is associated with more centralized or programmable control behavior. NFV is associated with delivering network functions in virtualized software form instead of relying only on fixed-purpose hardware.

The goal here is conceptual recognition, not deep architectural implementation detail.

Exam trap

A frequent exam trap is mistaking SDN and NFV for basic network addressing concepts like subnet masks or for wireless client roaming features. Candidates might also incorrectly believe these technologies replace routing protocols entirely. However, SDN and NFV focus on centralized control and virtualized network functions, respectively, and do not eliminate the need for routing logic or relate directly to subnetting or wireless roaming.

Misunderstanding these distinctions can lead to selecting incorrect options that describe unrelated networking concepts.

Why the other options are wrong

C

Option C is incorrect because subnet masks are related to IP addressing and have no connection to SDN or NFV concepts, which focus on network control and virtualization.

D

Option D is wrong since SDN and NFV do not eliminate routing protocols; routing remains necessary for path determination and packet forwarding in networks.

E

Option E is incorrect because SDN and NFV are broad network architecture concepts and do not exclusively refer to wireless client roaming or mobility management.

106
Matchingmedium

Match each HTTP method to the action it most commonly represents in a REST-style API.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve existing information

Submit or create data

Update or replace an existing resource

Remove a resource

Why these pairings

These HTTP methods correspond to standard CRUD operations in RESTful APIs. Each pairing matches the method with its typical action as defined in HTTP specifications.

Exam trap

Watch out for confusing POST with update; remember POST is primarily for creation, while PUT and PATCH handle updates.

107
Matchingmedium

Match each automation or API term to its most accurate role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized management or policy platform

Defined software interface used for communication

Secure transport commonly used for the interaction

Structured data format carried in API messages

Why these pairings

These pairings correctly associate each automation/API term with its primary role.

Exam trap

Do not confuse the configuration languages of Puppet (manifests) and Chef (recipes). Also, remember that YAML is a data format, not an automation tool. Webhooks are for notifications, not traffic management.

108
MCQmedium

A network engineer queries a REST API and receives data in JSON format. Which statement about JSON is correct?

A.JSON is a transport protocol that replaces HTTPS
B.JSON stores data as key-value pairs and arrays
C.JSON can be used only with Cisco DNA Center
D.JSON requires XML tags around each object
AnswerB

That is the core structure used in JSON.

Why this answer

JSON is a lightweight data-interchange format that represents data as key-value pairs and arrays. Option A is incorrect because JSON is not a transport protocol; it is a data format exchanged over HTTPS. Option C is incorrect because JSON is platform-agnostic and used by many APIs, not limited to Cisco DNA Center.

Option D is incorrect because JSON uses a flexible syntax with colons and brackets, not XML tags.

Exam trap

Avoid confusing JSON with binary formats or assuming it requires a schema like XML.

Why the other options are wrong

A

JSON is a lightweight data-interchange format, not a transport protocol. HTTPS is a secure version of HTTP used for communication, and JSON does not replace it; instead, JSON data is often transmitted over HTTPS.

C

JSON is a platform-independent data format used by many APIs and services, not just Cisco DNA Center. It is supported by virtually all programming languages and is a standard for web APIs across different vendors.

D

JSON does not use XML tags; it uses a syntax of curly braces, colons, and commas to define objects and arrays. XML uses angle brackets for tags, which is a different markup language.

109
Matchingmedium

Match each REST-style method to the most common intent.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve information

Create or submit data

Update or replace a resource

Remove a resource

Why these pairings

RESTful methods map to CRUD operations: GET retrieves, POST creates, PUT replaces, PATCH partially updates, DELETE removes, and OPTIONS returns allowed methods.

Exam trap

The exam tests your understanding of the specific intent of each HTTP method. Common traps include confusing GET with POST for creation, or PUT with PATCH for updates. Remember: GET is read-only, POST creates, PUT replaces, PATCH modifies partially.

110
PBQhard

You are connected to R1. Configure NTP client so that R1 synchronizes with the NTP server at 198.51.100.10, using its Loopback0 (10.0.0.1/32) as the source interface. Also configure syslog to send messages of severity 5 (notifications) and above to 192.0.2.20. The current configuration shows a misconfigured NTP server address and an incorrect logging trap level. Verify with 'show ntp status' (stratum should not be 16) and 'show logging'.

Hints

  • Check the NTP server address in running-config — it might point to a wrong IP.
  • Verify that the source interface for NTP is configured; otherwise R1 may use an unreachable interface.
  • The logging trap level is set too high (debugging) — change it to notifications (level 5) to filter out lower severity messages.
A.ntp server 198.51.100.10 source Loopback0 logging trap notifications
B.ntp server 198.51.100.10 source Loopback0 logging trap 4
C.ntp server 198.51.100.10 logging trap notifications
D.ntp server 203.0.113.5 source Loopback0 logging trap 7
AnswerA
solution
! R1
configure terminal
no ntp server 203.0.113.5
ntp server 198.51.100.10
ntp source Loopback0
no logging trap debugging
logging trap notifications
end
write memory

Why this answer

The misconfigured NTP server address (203.0.113.5) and the debug-level logging trap (7) must be corrected to meet requirements. The correct commands are 'ntp server 198.51.100.10 source Loopback0' to use the specified server and Loopback0 as source, and 'logging trap notifications' (severity 5) to send only notifications and more severe messages. Option B is wrong because 'logging trap 4' sets the trap level to warning, which would not forward notifications.

Option C misses the source interface, and Option D uses the wrong NTP server and an overly verbose trap level.

Exam trap

Candidates often confuse the numeric severity levels with the keyword equivalents for logging trap. Also, they may forget to specify the source interface for NTP, assuming the router will use the loopback automatically. Always verify that the NTP source interface is explicitly configured when required.

Why the other options are wrong

B

logging trap 4 sets the severity to warning (4), so it does not include notifications (5).

C

The missing source interface causes NTP to use an incorrect source address, likely resulting in unsynchronized status.

D

The NTP server address is incorrect and 'logging trap 7' sends all debug messages instead of limiting to notifications and above.

111
Multi-Selectmedium

Which two tasks are strong candidates for network automation? (Choose two.)

Select 2 answers
A.Polling many devices for interface status on a schedule
B.Replacing a failed power supply in a branch switch
C.Pushing a standard NTP configuration to many routers
D.Tracing one cable through a crowded rack by hand
E.Listening for fan noise in a wiring closet
AnswersA, C

Correct. Scheduled state collection is a strong automation use case.

Why this answer

Automation works best for repetitive, rule-based tasks such as gathering state information or pushing standard configuration changes across many devices.

Exam trap

Avoid assuming that all network tasks can be automated. Focus on repetitive and rule-based tasks.

Why the other options are wrong

B

Replacing a failed power supply is a physical hardware task that requires hands-on intervention, not a software-based or configuration task that network automation tools can perform.

D

Tracing a cable by hand is a physical, manual task that cannot be automated with network automation tools, which focus on software-based configuration and monitoring.

E

Listening for fan noise is a physical inspection task that relies on human senses and cannot be performed by network automation software, which deals with digital data and configurations.

112
Multi-Selectmedium

Which two statements accurately describe APIs in controller-based networking?

Select 2 answers
A.They provide a defined interface through which software can communicate with the controller.
B.They can be used by automation tools to retrieve data or request changes.
C.They replace all need for forwarding devices.
D.They remove the need for authentication and authorization.
E.They are Ethernet cabling standards.
AnswersA, B

This is correct because APIs are the software interface for controlled interaction.

Why this answer

APIs are important in controller-based networking because they give external software a defined way to request data or trigger changes on the controller. In plain language, they make the controller accessible to automation tools, dashboards, orchestration systems, and custom scripts. This helps integrate the controller into broader workflows. APIs do not eliminate the need for security controls, but they do make software-driven operations possible.

The wrong answers usually confuse APIs with physical interfaces or claim that they remove the need for authentication. The two correct answers are the ones focused on programmatic access and software integration.

Exam trap

Avoid confusing APIs with physical interfaces or assuming they bypass security protocols.

Why the other options are wrong

C

APIs are software interfaces that enable communication with the controller, but they do not replace forwarding devices like switches and routers. These devices still handle packet forwarding based on policies set via the controller; the controller does not eliminate the need for physical or virtual forwarding hardware.

D

APIs do not remove the need for authentication and authorization. In fact, secure API access typically requires credentials, tokens, or certificates to ensure only authorized users or systems can interact with the controller. Removing these controls would create severe security vulnerabilities.

E

APIs are software interfaces, not physical cabling standards. Ethernet cabling standards like Cat5e, Cat6, or fiber optics define physical layer specifications for wired network connections. Confusing APIs with cabling is a fundamental category error.

113
MCQhard

Why are data models such as YANG important in network automation?

A.They define a structured way to represent configuration and state data
B.They replace IPv4 and IPv6 addressing
C.They remove the need for routing protocols
D.They are used only for naming wireless SSIDs
AnswerA

Correct. Structured data models are foundational to automation workflows.

Why this answer

Data models such as YANG standardize how configuration and operational data are described, which improves consistency for automation systems and APIs.

Exam trap

A common exam trap is to mistakenly believe that YANG data models replace fundamental network functions such as IPv4/IPv6 addressing or routing protocols. Some candidates incorrectly assume that because YANG structures configuration data, it eliminates the need for routing protocols like OSPF or EIGRP, or that it changes how IP addresses function. However, YANG is strictly a modeling language that describes how configuration and state data are represented for automation purposes.

It does not alter core networking protocols or addressing schemes. Confusing these roles can lead to selecting incorrect answers that misattribute YANG’s purpose.

Why the other options are wrong

B

Option B is incorrect because YANG does not replace IPv4 or IPv6 addressing schemes. IP addressing remains a core network function independent of data modeling languages.

C

Option C is wrong since YANG does not remove the need for routing protocols. Routing protocols like OSPF and EIGRP continue to operate and are configured using data models but are not replaced by them.

D

Option D is false because YANG’s scope is much broader than naming wireless SSIDs. It models a wide range of network configurations and operational data beyond wireless settings.

114
MCQmedium

A network engineer at a large enterprise observes repeated spikes in latency on the core network every weekday at 10:00 AM, but no corresponding increase in overall bandwidth utilization. The engineer wants to use AI/ML to automatically identify the root cause and take corrective action without manual intervention. Which concept best describes this approach?

A.Anomaly detection
B.Intent-based networking
C.Predictive analytics
D.Machine learning classification
AnswerB

Intent-based networking (IBN) uses closed-loop automation to continuously monitor the network, detect when the actual state deviates from the intended state (e.g., latency spikes), and automatically reconfigure the network to restore the intent. This matches the scenario of automatic identification and correction.

Why this answer

Intent-based networking (IBN) is correct because it describes a closed-loop system where the network continuously validates that its operational state matches the desired business intent. In this scenario, the engineer wants the network to automatically detect the latency anomaly, correlate it with other telemetry (e.g., routing changes, queue drops), and take corrective action (e.g., reroute traffic, adjust QoS) without human intervention — which is the core promise of IBN, often implemented via Cisco's DNA Center with Assurance and AI/ML capabilities.

Exam trap

Cisco often tests the distinction between a single AI/ML technique (like anomaly detection) and the full closed-loop automation framework (IBN), leading candidates to pick the narrower answer when the question explicitly requires both detection and automated corrective action.

Why the other options are wrong

A

Anomaly detection identifies unusual patterns like latency spikes, but it does not include automatic corrective action. The scenario requires both detection and automated response, which anomaly detection alone cannot provide.

C

Predictive analytics forecasts future events (e.g., predicting when a link will fail), but it does not automatically take corrective action. The scenario involves detecting and correcting an existing anomaly, not predicting a future one.

D

Machine learning classification categorizes data (e.g., classifying traffic as normal or anomalous), but it does not inherently include automated corrective actions. The scenario requires a system that both detects and corrects.

115
PBQmedium

You are connected to R1 via the console. R1 is a Cisco ISR 4321 router running IOS-XE 17.3. The network team has reported intermittent connectivity issues between VLAN 10 hosts and the server at 10.0.0.100. You suspect a routing problem and need to analyze the IP routing table, ARP cache, and interface status to identify the cause. Use the provided outputs to diagnose the issue.

Network Topology
G0/0192.168.10.1/24G0/110.0.0.1/30G0/010.0.0.2/30linkG0/010.0.0.2/3010.0.0.100linkHostsVLAN 10R1R2Server

Hints

  • Check the IP routing table for a default route or specific route to 10.0.0.100.
  • Examine the ARP cache to see if the MAC address of the next hop (10.0.0.2) is present.
  • Verify that both interfaces are up/up and have correct IP addresses.
A.The routing table shows a default route via 192.168.1.1, but the ARP cache has an incomplete entry for that next-hop IP, indicating a Layer 2 connectivity issue.
B.The routing table has a static route to 10.0.0.0/24 via 192.168.1.2, but the interface GigabitEthernet0/0/0 is administratively down.
C.The routing table shows a route to 10.0.0.0/16 via 192.168.1.1, but the ARP cache has a complete entry for 192.168.1.1, indicating the issue is at Layer 3.
D.The routing table has no route to 10.0.0.100, and the ARP cache is empty for all entries, indicating a complete routing failure.
AnswerA
solution
! R1
show ip route
show ip arp
show interfaces GigabitEthernet0/0
show interfaces GigabitEthernet0/1

Why this answer

The issue is likely a missing or incorrect route, an incomplete ARP entry, or an interface problem. By checking the routing table, you can confirm if a route to 10.0.0.100 exists. The ARP cache shows whether the next-hop MAC is learned.

Interface status indicates if the link is operational. The solution commands reveal these details, allowing you to pinpoint the cause (e.g., default route missing, ARP timeout, or interface down).

Exam trap

The exam trap is that candidates often jump to routing table issues first, but the question emphasizes 'intermittent' connectivity, which typically indicates Layer 2 problems like ARP failures or flapping interfaces. Always correlate routing table, ARP cache, and interface status together.

Why the other options are wrong

B

The specific factual error is that an administratively down interface results in a hard failure, not intermittent connectivity.

C

The specific factual error is that a complete ARP entry indicates no Layer 2 problem, contradicting the symptom of intermittent connectivity.

D

The specific factual error is that a missing route results in consistent unreachability, not intermittent problems.

116
PBQhard

You are connected to R1. Using RESTCONF, you need to retrieve the current IP address of interface GigabitEthernet0/0 using the ietf-interfaces YANG model, then change it to 192.0.2.1/24 using a PATCH request. The device is reachable at 10.1.1.1 with port 443 and credentials admin/cisco. Identify the correct URIs and required HTTP headers, and explain why a GET with Accept: application/json would fail.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • RESTCONF requires the media type application/yang-data+json in Accept and Content-Type headers.
  • The ietf-interfaces YANG module path for an interface is /ietf-interfaces:interfaces/interface=<name>.
  • The Cisco-IOS-XE-native module uses a different hierarchy; using it for ietf-interfaces data will result in a 404 error.
A.GET https://10.1.1.1:443/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/yang-data+json; PATCH same URI with Content-Type: application/yang-data+json and body {"ietf-interfaces:interface":{"name":"GigabitEthernet0/0","ipv4":{"address":[{"ip":"192.0.2.1","netmask":"255.255.255.0"}]}}}
B.GET https://10.1.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/json; PATCH same URI with Content-Type: application/json and body {"interface":{"ip":"192.0.2.1","mask":"255.255.255.0"}}
C.GET https://10.1.1.1:443/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/0/ip/address with Accept: application/yang-data+json; PATCH same URI with Content-Type: application/yang-data+json and body {"address":{"primary":{"address":"192.0.2.1","mask":"255.255.255.0"}}}
D.GET https://10.1.1.1:443/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0 with Accept: application/xml; PATCH same URI with Content-Type: application/xml and body <interface><ipv4><address><ip>192.0.2.1</ip><netmask>255.255.255.0</netmask></address></ipv4></interface>
AnswerA
solution
! R1
GET URI: https://10.1.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
Request headers: Accept: application/yang-data+json
PATCH URI: https://10.1.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
PATCH headers: Content-Type: application/yang-data+json, Accept: application/yang-data+json
PATCH body: { "ietf-interfaces:interface": { "name": "GigabitEthernet0/0", "ipv4": { "address": [ { "ip": "192.0.2.1", "netmask": "255.255.255.0" } ] } } }

Why this answer

The correct base URI for RESTCONF is /restconf/data. The YANG path uses /ietf-interfaces:interfaces/interface=GigabitEthernet0/0. The Accept header must specify application/yang-data+json; generic application/json causes a 406 error.

For PATCH, the same URI is used with Content-Type: application/yang-data+json. Crucially, the PATCH body must contain the key leaf 'name' ('GigabitEthernet0/0') inside the container to identify the list instance per RFC 8040; omitting it can cause failure. A wrong YANG path like Cisco-IOS-XE-native would yield 404.

Exam trap

The key trap is that RESTCONF does not accept generic application/json; it requires application/yang-data+json. Many candidates mistakenly use application/json and expect it to work. Also, ensure the YANG path matches the specified model (ietf-interfaces) and that the JSON body follows the YANG data hierarchy.

Why the other options are wrong

B

The specific factual error: RESTCONF mandates the use of application/yang-data+json for Accept and Content-Type headers; application/json is not supported. Also, the JSON body must follow the YANG data structure.

C

The specific factual error: The question explicitly requires the ietf-interfaces YANG model, not the Cisco-native model. Using the wrong model will not retrieve or modify the intended data.

D

The specific factual error: The question context indicates JSON is the target format (since it mentions Accept: application/json would fail). Using XML is a different format and would require different media types.

117
PBQmedium

You are connected to R1 via the console. R1 is a Cisco IOS-XE router. The network manager wants to use an Ansible playbook to configure a loopback interface with IP address 10.0.0.1/24 on R1. You need to write the Ansible YAML playbook that connects to R1 and configures this interface. The playbook must not use the 'parents' argument in the ios_config module.

Hints

  • Ansible uses the 'cisco.ios.ios_config' module for configuration.
  • Specify the lines parameter with a list of CLI commands.
  • Set provider or vars for connection details.
A.- name: Configure Loopback hosts: R1 gather_facts: no connection: network_cli tasks: - name: Configure interface ios_config: lines: - interface Loopback0 - ip address 10.0.0.1 255.255.255.0 - no shutdown
B.- name: Configure Loopback hosts: R1 gather_facts: no connection: ssh tasks: - name: Configure interface ios_config: lines: - interface Loopback0 - ip address 10.0.0.1/24 - no shutdown
C.- name: Configure Loopback hosts: R1 gather_facts: no connection: network_cli tasks: - name: Configure interface ios_config: lines: - interface Loopback0 - ip address 10.0.0.1 255.255.255.0 - shutdown
D.- name: Configure Loopback hosts: R1 gather_facts: no connection: network_cli tasks: - name: Configure interface ios_config: lines: - interface Loopback0 - ip address 10.0.0.1 255.255.255.0 - no shutdown parents: interface Loopback0
AnswerA
solution
! R1
interface Loopback0
ip address 10.0.0.1 255.255.255.0
no shutdown

Why this answer

Option A is correct because it uses the network_cli connection type, applies the correct subnet mask (255.255.255.0), includes 'no shutdown' to enable the interface, and does not use the 'parents' argument, meeting the requirement. Option B is wrong because it uses an 'ssh' connection (not network_cli) and writes the IP address in CIDR notation (/24) instead of the required dotted-decimal mask. Option C is wrong because it uses 'shutdown' instead of 'no shutdown', which disables the interface.

Option D is wrong because it uses the 'parents' argument, which the stem explicitly forbids, even though the configuration would otherwise be valid.

Exam trap

Be careful with the connection type for network devices: use 'network_cli', not 'ssh'. Also, remember that Cisco IOS uses subnet masks (e.g., 255.255.255.0) in the 'ip address' command, not CIDR notation. Finally, ensure you use 'no shutdown' to enable an interface, not 'shutdown'.

Why the other options are wrong

B

Incorrect connection type 'ssh' and uses CIDR notation /24 instead of subnet mask.

C

Uses 'shutdown' command, which disables the interface instead of enabling it.

D

Uses the 'parents' argument, which is explicitly prohibited by the requirement.

118
MCQhard

Why is HTTPS usually preferred over HTTP when accessing controller APIs?

A.Because HTTPS provides encrypted transport for sensitive API communication.
B.Because HTTPS provides better throughput for API responses
C.Because HTTPS replaces the need for authentication.
D.Because HTTPS is the only protocol that can carry JSON.
AnswerA

This is correct because encryption in transit is the main reason HTTPS is preferred.

Why this answer

HTTPS is preferred because it protects the API traffic in transit with encryption. In plain language, controller APIs may carry credentials, tokens, device state, or configuration data, and sending that information in clear text over plain HTTP would expose it to interception. HTTPS helps protect that communication channel.

This does not make HTTPS a data format or an access policy by itself, but it is a major transport-security improvement. The correct answer is the one focused on secure transport for sensitive API traffic.

Exam trap

Don't confuse HTTPS with data formats or access policies; it's about securing data in transit.

Why the other options are wrong

B

HTTPS adds encryption overhead, which can reduce throughput compared to HTTP, not improve it.

C

HTTPS provides transport-layer encryption but does not replace authentication. API access still requires authentication mechanisms such as API keys, OAuth tokens, or certificates to verify the identity of the client.

D

JSON is a data format that can be carried over any transport protocol, including HTTP, HTTPS, or even raw TCP. HTTPS is not required for JSON; it is used to secure the transport, not to enable a specific data format.

119
Multi-Selectmedium

Which two statements accurately describe JSON?

Select 2 answers
A.JSON is a structured data format commonly used by APIs.
B.JSON uses square brackets for arrays.
C.JSON is the same thing as HTTPS.
D.JSON is required only for IPv6 networks.
E.JSON is a spanning-tree mode.
AnswersA, B

This is correct because JSON is widely used to represent structured information in API payloads.

Why this answer

JSON is a lightweight structured data format commonly used in APIs and automation workflows. In plain language, it provides a readable way to represent data as key-value pairs, objects, and arrays so software can exchange information consistently. It is popular in network automation because it is compact and widely supported by tools, controllers, and web-based interfaces.

CCNA questions on JSON usually test recognition, not coding expertise. You should be able to identify that JSON is a data format, not a transport protocol, and that arrays are shown with square brackets. The correct answers in this question focus on those recognition skills rather than on advanced programming details.

Exam trap

A frequent exam trap is confusing JSON with network protocols or features, such as HTTPS or spanning-tree modes. Candidates might incorrectly assume JSON is a transport protocol or a network technology because it is often mentioned alongside APIs and automation. This misunderstanding leads to selecting incorrect answers that describe JSON as a protocol or network mode.

The key is to remember that JSON is strictly a data format used to represent structured information, not a protocol or network operation. Misreading JSON’s role can cause errors in questions testing automation and programmability concepts.

Why the other options are wrong

C

Option C is incorrect because JSON is not a protocol like HTTPS. HTTPS is a secure transport protocol, whereas JSON is a data format used within protocols or APIs for data representation, not for transport or security.

D

Option D is wrong since JSON is not tied to IPv6 networks or any specific IP version. JSON is a general-purpose data format used across various network environments and protocols, independent of IP addressing schemes.

E

Option E is incorrect because JSON has no relation to spanning-tree modes or any Layer 2 network protocol functions. JSON is purely a data format and does not influence or configure network protocols like STP.

120
Matchingeasy

Match each basic controller or API term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Management or policy platform

Software interface for communication

Structured data format

Secure transport for the communication

Why these pairings

These pairs match controller or API terms correctly. REST API uses HTTP, controller centralizes management, northbound/southbound interfaces define directions, JSON is common data format, and YANG models network data.

Exam trap

Do not confuse the tool (REST API) with its common data format (JSON) or the architectural components (controller, northbound interface). Focus on the core definition of each term.

121
Multi-Selectmedium

Which two statements accurately describe controller-based networking?

Select 2 answers
A.It can centralize management and policy decisions.
B.It commonly exposes APIs for software and automation tools to interact with the controller.
C.It eliminates the need for network devices such as switches and routers.
D.It removes the need for authentication and authorization.
E.It works only on wireless networks.
AnswersA, B

This is correct because centralization is one of the main features of controller-based networking.

Why this answer

Controller-based networking centralizes certain management and policy functions and commonly exposes APIs for software interaction. In practical terms, the controller becomes the coordination point while outside applications or automation tools can talk to it through structured interfaces. This does not eliminate the need for actual forwarding devices, but it changes how the network is managed.

The wrong answers usually go too far and pretend the controller replaces everything. The two correct answers are the ones that keep centralization and programmability as the core ideas.

Exam trap

A common exam trap is to incorrectly believe that controller-based networking eliminates the need for physical network devices like switches and routers. Some candidates assume the controller replaces all hardware, which is false because forwarding devices remain essential for data traffic. Another trap is thinking that controller-based networking removes the need for authentication and authorization; however, secure access controls to the controller are still mandatory.

These misconceptions can lead to selecting incorrect answers that overstate the controller’s role or ignore security requirements.

Why the other options are wrong

C

This option is incorrect because controller-based networking does not eliminate the need for physical network devices like switches and routers; these devices still forward traffic.

D

This option is incorrect since authentication and authorization remain necessary to secure access to the controller and protect network integrity.

E

This option is incorrect because controller-based networking applies to both wired and wireless networks and is not limited to wireless environments.

122
Matchingmedium

Drag and drop the protocols/technologies on the left to the descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses XML-encoded RPCs over SSH for network device configuration

Uses HTTP/HTTPS methods (GET, POST, PUT, DELETE) with JSON or XML

Data modeling language that defines the structure of configuration and state data

High-performance RPC framework using Protocol Buffers and HTTP/2

Vendor-neutral YANG data models for network configuration and monitoring

Why these pairings

NETCONF uses XML-encoded RPCs over SSH (port 830) for device configuration. RESTCONF uses HTTP/HTTPS methods with JSON or XML. YANG is a data modeling language defining structure of configuration/state data. gRPC is a high-performance RPC framework using Protocol Buffers over HTTP/2.

OpenConfig provides vendor-neutral YANG models. These pairings reflect their primary characteristics as tested on the CCNA.

Exam trap

Candidates often confuse NETCONF with RESTCONF: both use structured data, but NETCONF uses SSH and XML-RPC, while RESTCONF uses HTTP/HTTPS and supports both JSON and XML.

123
MCQmedium

Why is JSON often preferred over completely unstructured text in API responses?

A.Because JSON provides structured, machine-readable data that software can parse consistently.
B.Because JSON automatically encrypts the payload.
C.Because JSON replaces the need for authentication.
D.Because JSON is the same thing as HTTPS.
AnswerA

This is correct because structure is JSON’s main advantage in automation workflows.

Why this answer

JSON is preferred because it gives software a predictable structure to parse. In practical terms, an application can look for keys, values, arrays, and objects instead of trying to interpret a free-form text paragraph meant mainly for human readers. That makes programmatic processing far more reliable.

This is one of the main reasons JSON is so common in controller APIs and automation tools. It is about structure and machine readability, not encryption, authentication, or HTTPS.

Exam trap

A frequent exam trap is assuming JSON automatically provides encryption or replaces authentication mechanisms. Candidates might incorrectly believe JSON secures data or manages access control, which is false. JSON is solely a structured data format and does not handle security functions.

Confusing JSON with HTTPS or other security protocols leads to misunderstandings about network automation and API behavior. This mistake can cause incorrect answers about how data is protected or transmitted in Cisco automation environments.

Why the other options are wrong

B

Option B is incorrect because JSON is a data format and does not provide encryption. Encryption is handled by protocols like TLS or HTTPS, not by JSON itself, so this option confuses data formatting with security.

C

Option C is wrong since JSON does not replace authentication. Authentication and access control are separate concerns managed by security protocols or API gateways, not by the data format used in responses.

D

Option D is false because JSON is a data format, whereas HTTPS is a transport and security protocol. They serve different purposes and are not interchangeable concepts.

124
MCQmedium

Why are tokens commonly used in API workflows instead of sending raw credentials with every request?

A.They allow controlled repeated API access without resending raw credentials on every request.
B.They replace the need for HTTPS.
C.They automatically assign IP addresses to controllers.
D.They convert API data into VLAN tags.
AnswerA

This is correct because token-based access is practical for automation workflows.

Why this answer

Tokens are commonly used because they provide a more controlled and practical way to manage repeated API access. In practical terms, a client can authenticate, receive a token, and then present that token on later requests instead of resending a username and password every time. That makes automation workflows easier to operate while still fitting into an access-control model.

This does not eliminate the need for transport security or authorization. It simply provides a common mechanism for controlled repeated API access.

Exam trap

A common exam trap is selecting an answer that claims tokens replace HTTPS or perform network functions like IP address assignment or VLAN tagging. Candidates may incorrectly believe tokens provide transport security or network infrastructure services. However, tokens only manage authentication and authorization at the application layer and do not replace encryption or secure transport protocols.

Misunderstanding this distinction leads to choosing incorrect options that confuse token functionality with unrelated network operations.

Why the other options are wrong

B

Incorrect because tokens do not replace HTTPS; transport security remains necessary to protect data and tokens during transmission.

C

Incorrect as token usage is unrelated to IP address assignment, which is managed by protocols like DHCP or static configuration, not authentication tokens.

D

Incorrect because tokens do not convert API data into VLAN tags; VLAN tagging is a Layer 2 network function unrelated to API authentication mechanisms.

125
MCQmedium

A network engineer is evaluating monitoring technologies for a large enterprise network that requires high-frequency, low-latency traffic data collection with support for custom fields. The solution must also support encryption and authentication to prevent tampering. Which technology best meets these requirements?

A.Configure SNMPv2c with community strings and polling every 30 seconds.
B.Implement streaming telemetry using gRPC with TLS and YANG data models.
C.Deploy NetFlow v9 with custom flow records and SNMPv3 for encryption.
D.Use IPFIX with UDP export and add authentication via MD5 hashing.
AnswerB

Streaming telemetry pushes data at high frequency with low latency, supports custom fields via YANG models, and can be secured with TLS encryption and authentication.

Why this answer

Streaming telemetry using gRPC with TLS and YANG data models is correct because it provides high-frequency, low-latency push-based data collection, supports custom fields via YANG models, and ensures encryption and authentication through TLS. This meets all the requirements, unlike polling-based or unencrypted alternatives.

Exam trap

Cisco often tests the misconception that SNMPv3 or NetFlow with custom records can provide both high-frequency push data and encryption, when in fact streaming telemetry with gRPC and TLS is the only solution that natively combines push-based collection, custom fields, and transport-layer security.

Why the other options are wrong

A

SNMPv2c uses community strings transmitted in plain text, lacking encryption and authentication. Polling every 30 seconds is low-frequency and cannot provide high-frequency, low-latency data collection required for real-time monitoring.

C

NetFlow v9 is export-based and not a real-time push mechanism; it typically sends data in batches, introducing latency. SNMPv3 encryption does not apply to NetFlow data, so the combination does not provide secure, high-frequency streaming.

D

IPFIX over UDP lacks built-in encryption, making data vulnerable to interception. MD5 hashing provides integrity but not encryption or authentication for the entire data stream, failing to meet the security requirements.

126
PBQhard

You are connected to R1 (192.168.1.1). Using RESTCONF, you need to retrieve the current operational status of GigabitEthernet0/0 using the ietf-interfaces YANG module, then change its description to 'WAN Link to R2' via a PATCH request. The device is reachable via HTTPS on port 443, with credentials admin/admin. Identify the correct base URI, YANG path, HTTP headers, and interpret the JSON response. Also, diagnose the error when an incorrect Content-Type or YANG path is used.

Network Topology
G0/0192.168.1.1/30G0/0192.168.1.2/30linkR1R2

Hints

  • RESTCONF base URI always starts with /restconf
  • The ietf-interfaces module uses 'interface' as list node, not 'interfaces-state'
  • The correct media type for YANG data in JSON is application/yang-data+json
A.Base URI: https://192.168.1.1/restconf, YANG path: /data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/yang-data+json, PATCH body: {"ietf-interfaces:description": "WAN Link to R2"}
B.Base URI: https://192.168.1.1/restconf, YANG path: /data/ietf-interfaces:interfaces-state/interface=GigabitEthernet0/0, Accept: application/yang-data+json, PATCH body: {"description": "WAN Link to R2"}
C.Base URI: https://192.168.1.1/restconf, YANG path: /data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/json, PATCH body: {"description": "WAN Link to R2"}
D.Base URI: https://192.168.1.1/restconf, YANG path: /data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0, Accept: application/yang-data+json, PATCH body: {"description": "WAN Link to R2"}
AnswerA
solution
! R1
GET URI: https://192.168.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
GET Headers: Accept: application/yang-data+json
PATCH URI: https://192.168.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0
PATCH Headers: Content-Type: application/yang-data+json, Accept: application/yang-data+json
PATCH Body: {"ietf-interfaces:interface": [{"name": "GigabitEthernet0/0", "description": "WAN Link to R2"}]}
Error 1: Using Accept: application/json returns 406 Not Acceptable
Error 2: Using Content-Type: application/json returns 415 Unsupported Media Type
Error 3: Using YANG path /data/ietf-interfaces:interfaces-state returns 404 Not Found (operational state, not config)

Why this answer

The correct RESTCONF base URI is https://192.168.1.1/restconf. For the ietf-interfaces module, the YANG path for an interface is /data/ietf-interfaces:interfaces/interface=GigabitEthernet0/0. The required Accept header is application/yang-data+json.

A PATCH request to change just the description must include the module prefix in the JSON key: {"ietf-interfaces:description": "WAN Link to R2"}. Using application/json for Content-Type returns a 415 Unsupported Media Type error. Using the wrong YANG path (e.g., /data/ietf-interfaces:interfaces-state) returns a 404 Not Found because that path is for operational state, not configurable data.

Exam trap

Watch out for the need to include the YANG module prefix (ietf-interfaces:) in JSON keys for RESTCONF PATCH requests, even for individual leaves. Also, differentiate between configuration data (/data) and operational state (/data/...-state) paths.

Why the other options are wrong

B

The specific factual error is that interfaces-state is an operational data node, not configurable. RESTCONF requires the /data path for configuration and /operations for RPCs.

C

The specific factual error is that RESTCONF requires the media type application/yang-data+json for JSON encoding of YANG data, not generic application/json.

D

The specific factual error is that in RESTCONF, when modifying data from a specific YANG module, the JSON key must include the module prefix to avoid ambiguity.

127
Matchingmedium

Match each controller or automation term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Central platform used to coordinate policy and management

Application-facing interface used to communicate with the controller

Lightweight structured data format used in API payloads

Secure transport commonly used for API communication

Why these pairings

The Controller is the central platform that coordinates policy and management, typically in software-defined networking (SDN). The Northbound API is the application-facing interface that lets external applications communicate with the controller to request services. JSON (JavaScript Object Notation) is a lightweight, structured data format commonly used in API payloads for its human-readable and machine-parseable syntax.

HTTPS is the secure transport protocol that encrypts API communication to protect data in transit.

Exam trap

Cisco exams often test the specific language or syntax each automation tool uses. Do not confuse Puppet's declarative DSL with Chef's Ruby-based recipes, and remember that Ansible uses YAML playbooks.

128
PBQmedium

You are connected to SW1, a Cisco switch that is experiencing intermittent connectivity issues. The network administrator suspects a duplex mismatch between SW1 and the connected router R1. Use CDP to verify the status and check interface statistics.

Network Topology
G0/0G0/1linkR1SW1

Hints

  • CDP shows the remote device's capabilities and interface details.
  • Look at the duplex settings on both sides; a mismatch often causes CRC errors.
  • The interface counters show late collisions if duplex mismatch exists.
A.The switch port is set to half duplex, and the router is set to full duplex, causing CRC errors and late collisions.
B.The switch port is set to full duplex, and the router is set to half duplex, causing runts and FCS errors.
C.The switch port and router are both set to half duplex, but the cable is faulty, causing CRC errors.
D.The switch port is set to auto-negotiation, and the router is set to half duplex, causing late collisions.
AnswerA
solution
! SW1
show cdp neighbors GigabitEthernet0/1 detail
show interfaces GigabitEthernet0/1
show interfaces GigabitEthernet0/1 counters errors

Why this answer

The switch port is manually set to half duplex while the router likely negotiates to full duplex, causing a mismatch. CDP output from the switch will show the router's duplex as full. Interface statistics will show increasing CRC errors and late collisions.

The solution is to set the switch port to auto-negotiation or match the duplex setting with the router.

Exam trap

The exam trap is that candidates may confuse the symptoms of duplex mismatch (CRC errors and late collisions) with other issues like cable faults or speed mismatches. Also, they might forget that CDP can be used to verify the duplex setting of a neighbor. Always check CDP output and interface error counters when troubleshooting connectivity issues.

Why the other options are wrong

B

The specific factual error is that the switch port is manually set to half duplex, not full duplex. Also, runts and FCS errors are not the primary indicators of a duplex mismatch.

C

The specific factual error is that a duplex mismatch requires different duplex settings; both half duplex would not cause a mismatch. Faulty cables are a different issue.

D

The specific factual error is that auto-negotiation would likely result in half duplex on both sides, avoiding a mismatch. The scenario states the switch port is manually set to half duplex, not auto.

129
PBQhard

You are connected to R1. Configure NTP client to synchronize with the NTP server at 203.0.113.10, using the loopback0 interface (192.168.1.1/32) as the source. Also configure syslog to send messages of severity level 5 (notifications) and below to the syslog server at 198.51.100.20. Currently, NTP shows stratum 16 (unsynchronized) and important syslog messages are being missed.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2Syslog server 198.51.100.20 via R2

Hints

  • NTP uses the source IP address of outgoing packets; ensure the NTP server can reach your source IP.
  • Syslog trap levels are hierarchical; 'informational' includes all messages. 'notifications' excludes debug and informational.
  • Use 'show ntp associations' to see if the server is reachable and its stratum.
A.ntp server 203.0.113.10 source Loopback0 logging trap notifications
B.ntp server 203.0.113.10 source Loopback0 logging trap informational
C.ntp server 203.0.113.10 logging trap notifications
D.ntp server 203.0.113.10 source Loopback0 logging trap debugging
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap notifications
end
copy running-config startup-config

Why this answer

The NTP client is not synchronizing because the source interface is not specified; by default, the router uses the outgoing interface IP which may not be reachable by the NTP server for replies. Adding 'ntp source Loopback0' ensures NTP packets have a consistent source IP. The syslog trap level was set to 'informational' (level 6), which includes too many messages; to capture only notifications (level 5) and below (i.e., severity 0–5), change the trap level to 'notifications' using 'logging trap notifications'.

This filters out lower-severity messages while retaining those that are notifications or more critical.

Exam trap

Watch out for two common traps: 1) Forgetting to specify the NTP source interface when the router has multiple interfaces, leading to synchronization failure. 2) Confusing syslog severity levels: 'informational' (level 6) does NOT include 'notifications' (level 5); you need 'notifications' to capture level 5 and above. Always remember that lower severity numbers mean higher importance.

Why the other options are wrong

B

The trap level 'informational' captures messages of severity 6 and lower, but notifications are severity 5, which is higher and thus not included.

C

The NTP source interface must be explicitly set to ensure the server can reply to the correct IP; omitting it can lead to unsynchronized state.

D

The debugging level includes all severities, which is too broad; the requirement is to capture only notifications (level 5) and above, which requires 'notifications' level.

130
Matchingmedium

Drag and drop the syslog and NTP items on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Alert: immediate action needed

Notification: normal but significant condition

Reference clock (e.g., atomic clock or GPS)

NTP client synchronized to a stratum 1 server

Configures the device as an NTP client

Displays syslog messages in the buffer

Why these pairings

These pairings match syslog and NTP items to their correct descriptions.

Exam trap

Watch out for mixing up syslog severity levels (0-7) and their descriptions. Also, ensure you are matching the correct category (syslog vs NTP) to the description provided.

131
Multi-Selectmedium

Which three options describe how AI contributes to network automation and orchestration? (Choose three.)

Select 3 answers
.AI can optimize routing paths dynamically based on real-time traffic analysis
.AI can automatically adjust QoS policies to prioritize critical application traffic
.AI can predict link failures and trigger preemptive rerouting
.AI eliminates the need for any intent-based networking (IBN) frameworks
.AI can replace all configuration templates with entirely self-generated configs
.AI ensures that every network change is 100% error-free without testing

Why this answer

AI contributes to network automation and orchestration by enabling dynamic optimization of routing paths based on real-time traffic analysis, automatically adjusting QoS policies to prioritize critical application traffic, and predicting link failures to trigger preemptive rerouting. These capabilities leverage machine learning models to analyze network telemetry data, such as NetFlow or SNMP, and make automated decisions that improve performance, reliability, and efficiency without manual intervention.

Exam trap

Cisco often tests the misconception that AI completely replaces existing frameworks or guarantees perfection, when in reality AI augments and enhances traditional automation tools but still requires human oversight, validation, and structured baselines like templates and IBN.

132
Multi-Selectmedium

Which three of the following are common challenges when deploying AI in network operations? (Choose three.)

Select 3 answers
.Ensuring high-quality, clean training data for machine learning models
.Integrating AI tools with existing legacy network management systems
.Avoiding false positives that can lead to unnecessary operational alarms
.AI models always requiring cloud connectivity to function
.AI completely replacing the need for network engineers
.AI automatically resolving all network congestion issues without human input

Why this answer

Ensuring high-quality, clean training data is a fundamental challenge because AI/ML models depend on accurate, labeled data to learn patterns; poor data leads to unreliable predictions. Integrating AI tools with legacy systems is difficult due to proprietary APIs and outdated protocols, often requiring custom middleware. Avoiding false positives is critical because excessive alarms desensitize operators and waste resources.

The three incorrect options are not real deployment challenges: 'AI models always requiring cloud connectivity' is false because on-premise and edge AI can function offline; 'AI completely replacing network engineers' is a misconception—AI augments, not replaces, engineers; and 'AI automatically resolving all congestion without human input' is an unrealistic expectation, not a common challenge in practice.

Exam trap

Cisco often tests the misconception that AI is a fully autonomous replacement for human engineers, when in reality AI is a tool for augmentation and automation that still requires human oversight and intervention.

133
Matchingmedium

Match each automation transport or interaction term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Encrypted transport commonly used for API communication

Architectural style often using HTTP methods

Structured data format commonly used in API payloads

Credential-like value often used to control API access

Why these pairings

These are common automation transport or interaction patterns. Each pairing correctly describes the term as used in system integration and API design.

Exam trap

Be careful not to confuse RESTCONF (stateless) with NETCONF (stateful). Also, remember that gRPC and SSH are stateful protocols.

134
MCQmedium

Given the JSON snippet below, what is the value of hostname? { "device": { "hostname": "R1", "mgmt_ip": "192.0.2.10" } }

A.device
B.hostname
C.R1
D.192.0.2.10
AnswerC

Correct. R1 is the value assigned to hostname.

Why this answer

The key hostname inside the device object has the value R1.

Exam trap

Be careful not to confuse keys with their values in JSON objects. Ensure you are extracting the correct value by identifying the correct key.

Why the other options are wrong

A

The option 'device' is incorrect because it refers to the key in the JSON structure, not the value associated with the 'hostname' key. The question specifically asks for the value of 'hostname'.

B

Option B is incorrect because it simply repeats the key 'hostname' from the JSON structure without providing the actual value associated with it, which is what the question asks for.

D

This option is wrong because the question specifically asks for the value of 'hostname', which is defined as 'R1' in the JSON snippet. '192.0.2.10' is the value of 'mgmt_ip', not 'hostname'.

135
Multi-Selectmedium

Which three of the following are key applications of AI and machine learning in modern network operations? (Choose three.)

Select 4 answers
.Automated anomaly detection and root cause analysis
.Predictive capacity planning based on traffic trends
.Dynamic routing protocol configuration using reinforcement learning
.Real-time security threat identification via behavioral analysis
.Replacing all manual network configuration with fully autonomous AI
.Static threshold-based alerting for interface errors

Why this answer

Automated anomaly detection and root cause analysis are key AI/ML applications because they continuously analyze telemetry data to spot deviations and pinpoint failures without manual intervention, a core AIOps capability. Predictive capacity planning uses ML on traffic trends to forecast bandwidth needs and avoid congestion before it occurs. Real-time security threat identification via behavioral analysis applies machine learning to baseline normal traffic and flag unusual patterns indicative of attacks.

In contrast, fully autonomous AI replacing all manual configuration is not an operational reality—human oversight remains essential. Static threshold-based alerting is a simple rule-based method that does not involve ML. Dynamic routing protocol configuration using reinforcement learning remains experimental and is not a standard or production‑ready AI/ML application in modern networks.

Exam trap

Candidates often confuse experimental AI research (like reinforcement learning for routing) with the operational AI/ML tools already deployed in platforms such as Cisco DNA Center, leading them to select options that are not practical CCNA‑level applications.

Why the other options are wrong

C

While reinforcement learning has been studied for routing optimization, it is not a mainstream, production‑grade AI/ML application in today's enterprise networks and is considered experimental.

E

Fully autonomous AI that replaces all manual configuration is aspirational, not a current operational reality; network engineers still design, validate, and override AI suggestions.

F

Static threshold-based alerting uses fixed numerical triggers and does not employ machine learning algorithms, making it a legacy monitoring approach, not an AI/ML application.

136
Matchingeasy

Match each automation-related term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight structured data format often used in API payloads

Architectural style commonly using HTTP methods for software interaction

Defined interface that allows software systems to communicate

Data modeling language used to describe network information

Why these pairings

JSON is a lightweight data-interchange format commonly used to structure API request and response payloads. REST is an architectural style that uses HTTP methods to enable stateless interactions between software systems. An API is a defined set of rules and protocols that allows different software applications to communicate with each other.

YANG is a data modeling language specifically designed to model configuration and state data for network devices, often used with NETCONF and RESTCONF.

Exam trap

The most common mistake is confusing YANG with data serialization formats like JSON or XML; candidates misidentify YANG as a data format rather than a modeling language used to describe network information structures.

137
PBQhard

You are connected to R1 via the console. R1 is a Cisco ISR 4331 router. Your task is to configure SNMPv2c and SNMPv3 traps, and NetFlow export, so that SNMP traps are sent to the NMS at 192.0.2.100 using SNMPv2c with community string 'PublicTrap', and also using SNMPv3 with user 'Admin' (authentication SHA, encryption AES) to the same NMS. Additionally, configure NetFlow to export version 9 flow records to 192.0.2.200 on UDP port 2055. Finally, verify your configurations.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkG0/010.0.0.2/30192.0.2.100/24linkR2R1NMS

Hints

  • SNMPv3 requires a group with 'priv' keyword for encryption.
  • NetFlow export is not active unless applied to an interface with 'ip flow ingress'.
  • Use 'show running-config | section snmp' to verify SNMP commands.
A.Configure SNMPv2c trap community 'PublicTrap' and destination 192.0.2.100, create SNMPv3 user 'Admin' with auth SHA priv AES, set SNMPv3 trap destination 192.0.2.100 user 'Admin', configure NetFlow exporter to 192.0.2.200 port 2055 version 9, apply exporter to an interface, and verify with 'show snmp' and 'show ip cache flow'.
B.Configure SNMPv2c trap community 'PublicTrap' and destination 192.0.2.100, create SNMPv3 user 'Admin' with auth MD5 priv DES, set SNMPv3 trap destination 192.0.2.100 user 'Admin', configure NetFlow exporter to 192.0.2.200 port 2055 version 5, apply exporter to an interface, and verify with 'show snmp' and 'show ip cache flow'.
C.Configure SNMPv2c trap community 'PublicTrap' and destination 192.0.2.100, create SNMPv3 user 'Admin' with auth SHA priv AES, set SNMPv3 trap destination 192.0.2.100 user 'Admin', configure NetFlow exporter to 192.0.2.200 port 2055 version 9, and verify with 'show snmp' and 'show ip flow export'.
D.Configure SNMPv2c trap community 'PublicTrap' and destination 192.0.2.100, create SNMPv3 user 'Admin' with auth SHA priv AES, set SNMPv3 trap destination 192.0.2.100 user 'Admin', configure NetFlow exporter to 192.0.2.200 port 2055 version 9, apply exporter to an interface, and verify with 'show snmp' and 'show ip flow export'.
AnswerA
solution
! R1
snmp-server community PublicTrap RO
snmp-server host 192.0.2.100 version 2c PublicTrap
snmp-server group AdminGroup v3 priv
snmp-server user Admin AdminGroup v3 auth sha Cisco123 priv aes 128 Cisco123
snmp-server host 192.0.2.100 version 3 priv Admin
ip flow-export destination 192.0.2.200 2055
ip flow-export version 9
interface GigabitEthernet0/0
ip flow ingress
exit
interface GigabitEthernet0/1
ip flow ingress

Why this answer

The router had only a basic SNMP read-only community configured. To send SNMPv2c traps, you need to configure the trap community and destination. For SNMPv3, you must create the user with authentication and privacy parameters, then configure the trap destination with that user.

NetFlow export requires defining the destination IP and UDP port, enabling version 9, and optionally applying the flow exporter to an interface. The 'show snmp' command confirms SNMP configuration, and 'show ip cache flow' shows NetFlow statistics.

Exam trap

Watch out for incorrect SNMPv3 authentication/privacy algorithms (e.g., MD5/DES instead of SHA/AES) and NetFlow version (version 5 vs 9). Also, remember that NetFlow exporter must be applied to an interface, and verification commands must be exact.

Why the other options are wrong

B

Uses outdated security algorithms MD5/DES for SNMPv3 and sets NetFlow version 5 instead of 9.

C

Omits the critical step of applying the NetFlow exporter to an interface, so flows are not captured.

D

Incorrectly uses 'show ip flow export' for verification; the correct command to view NetFlow cache is 'show ip cache flow'.

138
PBQhard

You are connected to R1 (192.0.2.1/24, management IP). The network team needs to automate interface configuration using RESTCONF. Construct a valid RESTCONF GET request to retrieve the operational status of GigabitEthernet0/1 using the ietf-interfaces YANG module, and a PATCH request to set the description of that interface to 'Link to R2' using the Cisco-IOS-XE-native YANG module. Identify the error that occurs if the Accept header is set to application/json instead of application/yang-data+json.

Network Topology
G0/0192.0.2.1/24G0/010.0.0.2/30G0/1 (10.0.0.1/30)R1R2

Hints

  • RESTCONF uses a specific media type for YANG data; check the Accept header.
  • The YANG module paths differ between ietf-interfaces and Cisco-IOS-XE-native.
  • The interface name must be URL-encoded if it contains special characters; GigabitEthernet0/1 is safe.
A.The server returns a 406 Not Acceptable error because RESTCONF requires the Accept header to be 'application/yang-data+json'.
B.The server returns a 400 Bad Request error because the Accept header must be 'application/json' for RESTCONF.
C.The server returns a 415 Unsupported Media Type error because the Accept header is set incorrectly.
D.The server returns a 200 OK response but ignores the Accept header and returns data in XML format.
AnswerA
solution
! R1
GET request: GET https://192.0.2.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1 HTTP/1.1
Headers: Host: 192.0.2.1, Accept: application/yang-data+json
PATCH request: PATCH https://192.0.2.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=0/1/description HTTP/1.1
Headers: Host: 192.0.2.1, Content-Type: application/yang-data+json, Accept: application/yang-data+json
Body: {"description": "Link to R2"}

Why this answer

The correct base URI for RESTCONF on Cisco IOS-XE is https://<device-ip>/restconf/data. For the ietf-interfaces module, the YANG path is /ietf-interfaces:interfaces/interface=GigabitEthernet0%2F1 (note the percent-encoded slash in the key). For the Cisco-IOS-XE-native module, the path is /Cisco-IOS-XE-native:native/interface/GigabitEthernet=0%2F1/description.

The Accept header must be 'application/yang-data+json'; using 'application/json' returns a 406 Not Acceptable error. The PATCH request body must contain the new description in JSON format. Failing to percent-encode the interface name will result in an invalid URI.

Exam trap

The exam tests your knowledge of RESTCONF media types and URL encoding: remember to percent-encode the slash in interface names (e.g., GigabitEthernet0%2F1) and distinguish between 406 (Accept error) and 415 (Content-Type error).

Why the other options are wrong

B

The specific factual error: RESTCONF requires 'application/yang-data+json', not 'application/json'.

C

The specific factual error: 415 relates to Content-Type, not Accept. Accept errors yield 406.

D

The specific factual error: RESTCONF does not silently fall back; it returns a 406 error.

139
Drag & Dropmedium

Drag and drop the following steps into the correct order to retrieve network device information using a REST API call that requires authentication and returns JSON data.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct sequence follows the standard REST API client workflow. First, you must identify the API endpoint and the HTTP method corresponding to the desired CRUD operation (READ → GET). Then, you must provide valid authentication credentials to gain access.

Next, setting the Accept header ensures the response is in the required data format (JSON). Only after preparing the request can you send it. Once the response is received, you verify the status code to confirm success before parsing the data.

Skipping any step or reordering them would break the logic (e.g., you cannot parse data before verifying the response was successful).

140
Multi-Selectmedium

Which two statements accurately describe APIs in network automation?

Select 2 answers
A.APIs provide a defined way for software systems to interact.
B.APIs can be used by automation tools to retrieve data or request changes.
C.APIs eliminate all need for authentication.
D.APIs are a form of Ethernet duplex setting.
E.APIs are only valid on devices running Telnet.
AnswersA, B

This is correct because an API is an interface that enables controlled software communication.

Why this answer

APIs (Application Programming Interfaces) define a standardized, structured method for software systems to communicate, enabling network automation tools to programmatically retrieve operational data or push configuration changes. This eliminates the need for manual CLI or SNMP interactions, allowing scalable and repeatable automation workflows. Options A and B correctly describe this.

Option C is false because APIs require authentication; they do not bypass security. Option D is false because APIs are software interfaces, not Ethernet duplex settings. Option E is false because APIs work over various protocols (e.g., HTTP/HTTPS), not just Telnet.

Exam trap

Cisco often tests the misconception that APIs bypass security, but in reality, APIs enforce authentication and authorization just as strictly as CLI or SNMP.

Why the other options are wrong

C

This option is incorrect because APIs typically require authentication to ensure secure access and prevent unauthorized use, which is a fundamental aspect of API design.

D

APIs are not related to Ethernet duplex settings; they are software interfaces that enable communication between different applications or systems. This option misrepresents the fundamental purpose of APIs in network automation.

E

APIs are not limited to devices running Telnet; they can be implemented on various platforms and protocols, including HTTP and REST, which are widely used in modern network automation.

141
MCQeasy

An engineer receives API output that starts with curly braces and contains name-value pairs. Which data format is being used?

A.YANG
AnswerB

The structure described is JSON.

Why this answer

JSON represents data as objects and arrays using braces, brackets, and name-value pairs. It is the most common format you will see in modern network APIs.

Exam trap

A frequent exam trap is mistaking YANG for the data format when seeing curly braces and name-value pairs. YANG is a modeling language that defines the structure and constraints of network data but does not represent the actual data payload. Candidates might also confuse Syslog or SMTP with JSON due to their familiarity with network protocols, but these protocols do not use JSON’s syntax.

This confusion leads to selecting incorrect answers, especially under time pressure. Recognizing that JSON is the payload format commonly used in Cisco APIs helps avoid this mistake and correctly interpret automation output.

Why the other options are wrong

A

YANG is a modeling language used to define the structure and constraints of network data but does not represent the actual data payload format. The question describes data output starting with curly braces and name-value pairs, which is a data format, not a model, so YANG is incorrect.

C

Syslog is a protocol used for sending event messages and logs from network devices. Its message format does not use curly braces or name-value pairs as JSON does, so it does not match the described API output format.

D

SMTP is a protocol for sending email messages and does not relate to network device data formats or API outputs. It does not use curly braces or name-value pairs in its message structure, making it irrelevant to the question.

142
Multi-Selecthard

A controller exposes a YANG-modeled interface configuration through an API. Which two statements correctly describe the purpose of YANG in that workflow?

Select 2 answers
A.It provides a structured data model for configuration and operational data
B.It helps standardize how network elements represent managed data
C.It replaces IP addressing on routed interfaces
D.It is a spanning-tree optimization mechanism
AnswersA, B

YANG defines how data is organized and described.

Why this answer

YANG is a modeling language. It defines the structure of network data so controllers and devices can exchange information consistently through APIs such as RESTCONF or NETCONF.

Exam trap

A frequent exam trap is mistaking YANG for a network protocol or function rather than a data modeling language. For example, options suggesting YANG replaces IP addressing or optimizes spanning-tree protocols are incorrect because YANG does not perform routing or Layer 2 operations. Candidates might confuse YANG’s role with actual network services instead of recognizing it as a schema that defines how configuration and state data are structured and exchanged.

This misunderstanding can lead to selecting incorrect answers that describe network functions rather than data modeling purposes.

Why the other options are wrong

C

Option C is incorrect because YANG does not replace IP addressing on routed interfaces. IP addressing is a network-layer function, while YANG models the data representing such configurations but does not perform addressing itself.

D

Option D is wrong as YANG has no role in spanning-tree optimization or Layer 2 loop prevention. YANG is a data modeling language and does not influence protocol operations like STP.

143
Multi-Selectmedium

Which three of the following are benefits of integrating AI into network operations? (Choose three.)

Select 3 answers
.Reduced mean time to repair (MTTR) through faster incident diagnosis
.Improved accuracy in capacity planning by predicting traffic trends
.Automated enforcement of security policies based on real-time risk analysis
.Complete elimination of network downtime
.Zero configuration required for new network devices
.Total removal of human network engineers from operations

Why this answer

AI reduces mean time to repair (MTTR) by rapidly diagnosing incidents through automated correlation of telemetry and logs. It improves capacity planning by analyzing traffic patterns and predicting future demands, enabling proactive scaling. Automated security policy enforcement uses real-time risk analysis to adjust rules dynamically.

The three distractors are wrong because AI cannot guarantee complete elimination of network downtime (unexpected hardware failures still occur), zero configuration for new devices (initial setup and integration still require human input), or total removal of human engineers (AI augments but does not replace strategic oversight and complex problem-solving).

Exam trap

Candidates often mistake AI's ability to automate specific tasks for a complete replacement of human roles or an unrealistic promise of absolute network reliability—AI enhances operations, it does not make them foolproof.

Why the other options are wrong

D

AI-driven operations can minimize downtime but cannot eliminate it entirely due to unpredictable hardware failures and external factors.

E

New network devices still require initial configuration and policy assignment; AI may assist but cannot achieve zero configuration.

F

Human engineers remain essential for strategic planning, complex troubleshooting, and overseeing AI-driven processes.

144
MCQhard

Why is a northbound API especially useful in a controller-based network architecture?

A.It allows external software to interact programmatically with the controller.
B.It is the cable standard used to connect access points.
C.It replaces all need for authentication and authorization.
D.It makes VLAN tagging unnecessary.
AnswerA

This is correct because northbound APIs provide the application-facing interface into the controller.

Why this answer

A northbound API is especially useful because it gives external applications and automation tools a defined way to communicate with the controller. In plain language, it allows software above the controller to request information, apply policies, or trigger changes without manual per-device interaction. That is one of the main reasons controller-based networking fits well with orchestration and automation.

Option C is incorrect because a northbound API does not replace authentication and authorization; it is an interface that uses existing security mechanisms. Option D is incorrect because VLAN tagging is a data‑plane function unaffected by the northbound API; the API does not eliminate the need for VLANs. The controller is the centralized system, and the northbound API is the software-facing interface that exposes it.

The correct answer is the one centered on application integration rather than on physical connectivity or device forwarding.

Exam trap

Avoid confusing northbound APIs with hardware configuration or physical connectivity functions.

Why the other options are wrong

C

A northbound API does not replace authentication or authorization; it relies on those mechanisms to secure API access.

D

VLAN tagging is a data‑plane feature independent of the northbound API; the API does not make VLAN tagging unnecessary.

145
Drag & Dropmedium

Drag and drop the following steps into the correct order for an agentic AI system that receives a network intent, decomposes it into sub-tasks, calls tools, validates output, and applies closed-loop remediation.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The agentic AI system starts by understanding the intent, then splits it into manageable tasks, invokes tools, checks the outcome, and corrects any issues automatically.

Exam trap

Do not confuse the order of operations: the system must first understand the intent before breaking it down, and validation always comes after execution. Look for the logical flow from input to output.

146
MCQhard

Exhibit: A script sends an API request and receives HTTP status code 401. What does that code indicate?

A.The requested resource was not found
B.The client is not authenticated successfully
C.The server completed the request successfully
D.The server rejected the request because the JSON body was too large
AnswerB

401 Unauthorized points to an authentication problem.

Why this answer

HTTP 401 means the request was not accepted because authentication is required or the provided credentials or token were invalid. In practice, the first thing to check is the token, username, password, or auth header format.

Exam trap

Don't confuse authentication errors with server errors or resource availability issues. Focus on the specific meaning of each HTTP status code.

Why the other options are wrong

A

HTTP status code 401 specifically indicates unauthorized access due to missing or invalid authentication. A 'resource not found' is indicated by 404, not 401.

C

HTTP 401 indicates authentication failure, not successful completion. A 200-level code would indicate success.

D

HTTP 401 indicates authentication failure, not a request entity too large. The '413 Payload Too Large' status code is used when the request body exceeds the server's limit.

147
Drag & Dropmedium

Drag and drop the following steps into the correct order to sequence NTP stratum hierarchy and configure an IOS-XE NTP client with syslog message processing from event to log server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

NTP time flows from lower stratum numbers (most accurate) to higher stratum numbers. The correct order is Stratum 0 (atomic clock) → Stratum 1 (primary server) → Stratum 2 (secondary server). After configuring the NTP client and enabling logging, syslog messages are accurately timestamped with the synchronized time.

Exam trap

Do not confuse the direction of stratum numbers: lower stratum number means higher accuracy. Also, remember that NTP configuration must precede logging to ensure accurate timestamps.

148
Multi-Selectmedium

Which TWO of the following statements correctly describe REST API operations?

Select 2 answers
A.The HTTP PUT method is used to retrieve a resource representation.
B.JSON is the only data format supported by REST APIs.
C.API keys and OAuth tokens are common methods for authenticating REST API requests.
D.The HTTP DELETE method corresponds to the Update operation in CRUD.
E.REST APIs commonly use HTTP status codes to indicate the result of a request.
AnswersC, E

Authentication in REST APIs frequently uses API keys (sent in headers or query parameters) or token-based schemes like OAuth2 to verify client identity.

Why this answer

Option C is correct because REST APIs commonly use API keys and OAuth tokens for authentication. API keys are simple, static tokens passed in headers or query strings, while OAuth 2.0 provides token-based authorization with scoped access, both widely supported in RESTful services for securing endpoints.

Exam trap

Cisco often tests the mapping of HTTP methods to CRUD operations, where candidates confuse PUT (Update) with GET (Read) or DELETE (Delete) with Update, and assume JSON exclusivity despite REST's format-agnostic design.

Why the other options are wrong

A

Retrieval is performed by the GET method, not PUT.

B

JSON is popular but not exclusive; XML is widely used, and many REST implementations support both.

D

DELETE is used to remove a resource, which maps to the Delete operation, not Update.

149
MCQeasy

Which term describes a string or credential passed to an API to prove the client is allowed to access a resource?

B.Token
C.Lease
D.Tuple
AnswerB

That is the authorization credential described.

Why this answer

A token is commonly used for API authorization. It is often included in an HTTP header and lets the server verify the caller has permission.

Exam trap

A common exam trap is mistaking the term 'token' for other networking terms such as 'metric,' 'lease,' or 'tuple.' Candidates might confuse 'metric' as a general value related to network performance or 'lease' as a temporary credential, but these terms do not relate to API authorization. Another trap is assuming that any credential passed to an API is called a 'lease' or 'tuple,' which are unrelated concepts. Recognizing that a token specifically serves as an authorization credential passed to prove client access rights is critical to avoid this confusion.

Why the other options are wrong

A

Metric is a routing concept representing route cost and does not relate to API access or authorization credentials, so it is incorrect.

C

Lease refers to DHCP IP address assignment duration and is unrelated to API credentials or authorization, making it incorrect.

D

Tuple is a data structure term and does not describe any form of authorization credential for API access, so it is incorrect.

150
Matchingmedium

Drag and drop the monitoring technologies on the left to the correct data model and transport descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manager-agent model; UDP transport; MIB-based data

Flow-based model; UDP transport; template-based data

Subscription-based model; gRPC/TCP transport; structured data (YANG/JSON)

Event-based model; UDP transport; text-based messages

Probe-based model; UDP/TCP transport; latency/jitter metrics

Why these pairings

These pairings correctly match monitoring technologies with their typical data model and transport.

Exam trap

Be careful not to confuse the data models (MIB vs. YANG) and transports (UDP vs. TCP) between SNMP and NETCONF/RESTCONF.

Also, remember that gRPC uses protobufs, not XML or JSON. Flow-based technologies like NetFlow and IPFIX are not poll-based; they export flow data.

← PreviousPage 2 of 3 · 215 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Ai Network Operations questions.