Cisco DevNet Associate 200-901 (200-901) — Questions 976992

992 questions total · 14pages · All types, answers revealed

Page 13

Page 14 of 14

976
MCQhard

An EEM applet is triggered when a specific syslog message pattern appears. Which action should be used to send a custom syslog message?

A.action 1.0 cli command "show logging"
B.action 1.0 syslog msg "Custom event occurred"
C.action 1.0 info type routername
D.action 1.0 set 1.0 _syslog_msg "Custom event"
AnswerB

Correct. This generates a syslog message with the specified text.

Why this answer

EEM applets use 'action <label> syslog msg <message>' to generate a syslog message.

977
MCQeasy

A company wants to implement a zero-trust model for API access between microservices. What is the most effective way to authenticate service-to-service communication?

A.Rely on network segmentation with firewalls.
B.Use a shared secret that all services know.
C.Issue short-lived TLS certificates for each service.
D.Use long-lived API keys.
AnswerC

Provides strong identity verification with mTLS.

Why this answer

Option C is correct because mutual TLS (mTLS) with short-lived certificates validates identity and limits exposure. Options A and D are incorrect because shared secrets and long-lived API keys are less secure. Option B is incorrect because network segmentation is not authentication.

978
MCQmedium

A network automation engineer needs to retrieve the Layer 2 topology for a specific VLAN from Cisco DNA Center. Which API endpoint should be used?

A.GET /dna/intent/api/v1/issues
B.GET /dna/intent/api/v1/site
C.GET /dna/intent/api/v1/network-device
D.GET /dna/intent/api/v1/topology/l2/{vlanID}
AnswerD

This is the correct endpoint for Layer 2 topology.

Why this answer

The endpoint GET /dna/intent/api/v1/topology/l2/{vlanID} is used to retrieve Layer 2 topology for a VLAN.

979
MCQmedium

A network automation team uses a CI/CD pipeline. Which practice best ensures that configuration changes are validated before deployment to production?

A.Automated unit tests that verify syntax of configuration files
B.Peer review of code only
C.Manual testing by the network engineer after deployment
D.Deploying to a staging environment that mirrors production
AnswerD

A staging environment allows safe validation of changes under realistic conditions before production deployment.

Why this answer

Deploying to a staging environment that mirrors production allows comprehensive testing without risk. This is a key DevOps best practice.

980
MCQmedium

Refer to the exhibit. A developer from subnet 10.10.10.0/24 cannot reach the RESTCONF API on the IOS-XE device. What is the most likely cause?

A.HTTPS is not enabled on the device.
B.The HTTP server is not enabled.
C.Authentication is not configured as local.
D.The 10.10.10.0/24 subnet is not permitted by the access-class.
AnswerD

Access-list 23 permits only 192.168.1.0/24, blocking all other subnets.

Why this answer

The access-class configured under the RESTCONF API restricts incoming connections to specific subnets. Since the developer is on subnet 10.10.10.0/24, which is not listed in the permit statement, all HTTPS requests from that subnet are dropped before reaching the API. This is the most direct cause of the connectivity failure.

Exam trap

Cisco often tests the distinction between HTTP/HTTPS server enablement and access-class filtering, trapping candidates who assume RESTCONF requires the HTTP server or that authentication is the root cause when a subnet is blocked.

How to eliminate wrong answers

Option A is wrong because HTTPS is enabled by default on IOS-XE devices that support RESTCONF, and the exhibit does not indicate it is disabled. Option B is wrong because RESTCONF uses HTTPS (port 443), not the HTTP server (port 80), so the HTTP server being disabled does not affect RESTCONF access. Option C is wrong because authentication can be configured via local, RADIUS, or TACACS+; the error is not about authentication method but about network-layer access control.

981
MCQeasy

A network engineer is troubleshooting a connectivity issue between two hosts in different VLANs on the same switch. The hosts are in VLAN 10 and VLAN 20, respectively. The switch has an SVI for each VLAN and IP routing is enabled. Which command should be used to verify that the switch is forwarding traffic between the VLANs?

A.show interfaces trunk
B.show vlan
C.show ip route
D.show mac address-table
AnswerC

Displays the routing table, confirming inter-VLAN routing.

Why this answer

Option C is correct because 'show ip route' displays the switch's routing table, which contains the directly connected subnets for VLAN 10 and VLAN 20 (via their SVIs) and any learned routes. Since IP routing is enabled, the switch uses this table to make forwarding decisions between VLANs. Verifying that both VLAN subnets appear in the routing table confirms that the switch can route traffic between them.

Exam trap

Cisco often tests the misconception that 'show vlan' or 'show interfaces trunk' can verify inter-VLAN routing, when in fact those commands only confirm Layer 2 connectivity and VLAN membership, not the Layer 3 routing table.

How to eliminate wrong answers

Option A is wrong because 'show interfaces trunk' only displays trunk link status and allowed VLANs on trunk ports, not the routing table or inter-VLAN forwarding capability. Option B is wrong because 'show vlan' lists VLAN membership and ports assigned to each VLAN, but does not show Layer 3 routing information or whether the switch is actually routing between VLANs. Option D is wrong because 'show mac address-table' shows Layer 2 MAC address forwarding entries, which are irrelevant for verifying Layer 3 inter-VLAN routing.

982
Multi-Selecthard

Which THREE factors influence the convergence time of OSPF in a large enterprise network? (Choose three.)

Select 3 answers
A.CPU processing power for SPF calculations
B.Hello and dead interval timers
C.Bidirectional Forwarding Detection (BFD) implementation
D.DUAL algorithm processing time
E.LSA propagation delay across the network
AnswersA, B, E

SPF computation time affects convergence.

Why this answer

CPU processing power for SPF calculations directly affects convergence time because OSPF must run the Dijkstra algorithm to compute the shortest path tree after a topology change. In large networks with many routers and LSAs, a slower CPU increases the time to complete SPF, delaying route convergence.

Exam trap

Cisco often tests the distinction between failure detection mechanisms (like BFD or Hello timers) and actual convergence processes (SPF calculation and LSA propagation), so candidates may mistakenly think BFD directly reduces convergence time rather than just detection time.

983
MCQmedium

A Cisco Catalyst Center application needs to retrieve a list of network device issues. Which API endpoint should be used?

A.GET /dna/intent/api/v1/site-health
B.GET /dna/intent/api/v1/topology
C.GET /dna/intent/api/v1/network-device
D.GET /dna/intent/api/v1/issues
AnswerD

This endpoint retrieves issues for network devices.

Why this answer

The Cisco Catalyst Center (DNA Center) uses /dna/intent/api/v1/network-device for device list, but for issues, specific issue endpoints exist. The correct endpoint is /dna/intent/api/v1/network-device-issue?issueType=... or similar, but the question likely expects the issues endpoint. However, based on common DevNet materials, the issue endpoint is /dna/intent/api/v1/issues.

The correct answer is the endpoint for issues.

984
MCQhard

A CI/CD pipeline for network automation includes a stage that runs Ansible playbooks against a staging environment. The pipeline is triggered by Git commits. After a commit, the pipeline fails because the Ansible inventory file is missing. What is the most likely reason?

A.The inventory file is listed in .gitignore
B.The pipeline script has a typo in the inventory path
C.The Ansible version in the pipeline is incompatible
D.The staging environment is not reachable
AnswerA

If the inventory file is ignored by Git, it won't be in the repository, so the pipeline cannot find it.

Why this answer

The most likely reason the Ansible inventory file is missing is that it is listed in .gitignore, which prevents it from being tracked by Git and thus not present in the repository when the pipeline clones it. Since the pipeline is triggered by Git commits, it only has access to files that are committed and pushed. If the inventory file is ignored, it will not be available for the Ansible playbook execution, causing the pipeline to fail.

Exam trap

Cisco often tests the concept that CI/CD pipelines operate on the exact state of the repository at the commit, so any file not tracked by Git (e.g., due to .gitignore) will be missing, even if it exists locally on the developer's machine.

How to eliminate wrong answers

Option B is wrong because a typo in the inventory path would cause a different error (e.g., 'file not found' or 'no such file'), but the question explicitly states the file is missing, not that the path is incorrect. Option C is wrong because an incompatible Ansible version would typically cause syntax or module errors, not a missing inventory file. Option D is wrong because the staging environment being unreachable would result in connection or timeout errors during playbook execution, not a missing inventory file.

985
Multi-Selectmedium

A developer is building an application that interacts with the Webex API to create rooms and send messages. The application needs to receive real-time notifications when a new message is posted in any room. Which TWO actions should the developer take? (Choose two.)

Select 2 answers
A.Poll the GET /v1/messages endpoint every second
B.Provide a target URL where the webhook sends the notification
C.Use the 'roomId' parameter to filter messages
D.Register a webhook for the 'message.created' event
E.Send a POST request to /v1/webhooks with 'resource: messages' and 'event: seen'
AnswersB, D

The webhook needs a URL to send the POST request to.

Why this answer

To receive real-time notifications, a webhook must be registered for the 'message.created' event. The webhook will POST to a specified URL when a message is created.

986
MCQmedium

Refer to the exhibit. Based on the output, which interface is experiencing a Layer 2 issue?

A.Loopback0
B.GigabitEthernet1
C.Serial0/0/0
D.GigabitEthernet2
AnswerC

Protocol is down while Status is up, indicating a Layer 2 issue.

Why this answer

The output shows that Serial0/0/0 is in the 'down/down' state, which indicates a Layer 1 or Layer 2 issue. Since the serial interface is administratively up (not 'administratively down'), the 'down/down' status points to a Layer 2 problem, such as a missing keepalive, encapsulation mismatch, or loss of carrier detect (CD) signal, rather than a Layer 3 addressing or routing issue.

Exam trap

Cisco often tests the distinction between 'up/down' (Layer 1 issue) and 'down/down' (Layer 2 issue), and candidates mistakenly assume any 'down' status is a Layer 1 problem without checking the line protocol state.

How to eliminate wrong answers

Option A is wrong because Loopback0 is a virtual interface that is always up/up unless administratively shut down; it does not experience Layer 2 issues as it has no physical or data-link layer. Option B is wrong because GigabitEthernet1 is shown as up/up, indicating both Layer 1 and Layer 2 are functioning correctly. Option D is wrong because GigabitEthernet2 is also up/up, confirming no Layer 2 problem exists on that interface.

987
Multi-Selecteasy

Which TWO are common authentication methods used when interacting with Cisco APIs?

Select 2 answers
A.Client certificate exchange
B.HTTP Basic Authentication
C.API key in HTTP header
D.LDAP bind credentials
E.SNMPv3 authentication
AnswersB, C

Used with RESTCONF over HTTPS.

Why this answer

HTTP Basic Authentication (option B) is a common method for authenticating to Cisco APIs, where the client sends a base64-encoded username:password string in the Authorization header. API keys in HTTP headers (option C) are also widely used, especially with REST APIs like Cisco DNA Center or Meraki, where the key is passed in a custom header (e.g., 'X-Cisco-Meraki-API-Key'). Both are simple, stateless mechanisms supported by many Cisco platforms.

Exam trap

Cisco often tests the distinction between authentication methods used for API access versus those used for network device management (like SNMPv3 or LDAP), leading candidates to confuse management-plane authentication with API-level authentication.

988
Multi-Selecthard

Which THREE are valid reasons to use Cisco DNA Center's Assurance APIs in an enterprise network?

Select 3 answers
A.Automatically enforce QoS policies on switches.
B.Proactively detect client connectivity issues.
C.Collect NetFlow data from all network devices.
D.Identify application performance bottlenecks.
E.Analyze historical network trends for capacity planning.
AnswersB, D, E

Assurance provides client health scores and alerts.

Why this answer

Option B is correct because Cisco DNA Center's Assurance APIs provide proactive monitoring and analytics that can detect client connectivity issues before they impact users, leveraging telemetry data from network devices to identify problems like authentication failures, DHCP timeouts, or signal degradation.

Exam trap

Cisco often tests the distinction between Assurance (monitoring/analytics) and Automation (configuration/policy enforcement) APIs, leading candidates to mistakenly associate QoS enforcement or NetFlow collection with Assurance when those belong to separate functional domains.

989
Multi-Selectmedium

A Python script needs to iterate over a dictionary of network interfaces and print each interface name and its IP address. The dictionary is structured as: {'GigabitEthernet1/0/1': '10.1.1.1', 'GigabitEthernet1/0/2': None}. Which THREE code snippets correctly iterate and print the key-value pairs, skipping entries with None? (Choose three.)

Select 4 answers
A.for iface, ip in interfaces.items(): if ip != None: print(f'{iface}: {ip}')
B.for iface, ip in interfaces.items(): if ip: print(f'{iface}: {ip}')
C.for iface in interfaces.keys(): print(iface + ': ' + interfaces.get(iface))
D.for iface in interfaces: ip = interfaces[iface] if ip is not None: print(iface + ': ' + ip)
E.for iface in interfaces: if interfaces[iface]: print(iface, ':', interfaces[iface])
AnswersA, B, D, E

Explicit None check.

Why this answer

Option A is correct because it uses the `.items()` method to iterate over key-value pairs, explicitly checks `if ip != None` to skip entries with `None`, and uses an f-string for clean output. This directly meets the requirement to skip `None` values while printing each interface name and IP address.

Exam trap

Cisco often tests the distinction between checking for `None` explicitly versus relying on truthiness, and the subtle formatting differences in print statements (comma vs. concatenation vs. f-strings) to catch candidates who overlook exact output requirements.

990
MCQhard

An organization uses Cisco DNA Center and wants to use its Intent API to retrieve the health score of all wireless clients. Which API endpoint and method should be used?

A.PUT /dna/intent/api/v1/client-health
B.GET /api/v1/health
C.GET /dna/intent/api/v1/client-health
D.POST /dna/intent/api/v1/client-detail
AnswerC

This endpoint returns client health information.

Why this answer

Option C is correct because the Intent API for retrieving client health scores uses the GET HTTP method on the `/dna/intent/api/v1/client-health` endpoint. This endpoint returns the aggregated health data for all wireless clients, aligning with the read-only nature of the operation and the Intent API's resource-oriented design.

Exam trap

Cisco often tests the distinction between Intent API endpoints and the correct HTTP verb for read operations, trapping candidates who confuse the client-health endpoint with the client-detail endpoint or who incorrectly assume that POST or PUT can be used for data retrieval.

How to eliminate wrong answers

Option A is wrong because it uses the PUT method, which is intended for updating or replacing resources, not for retrieving data; the client-health endpoint is read-only and does not support PUT. Option B is wrong because `/api/v1/health` is a generic health-check endpoint for the Cisco DNA Center platform itself, not for querying client health scores. Option D is wrong because it uses the POST method on `/dna/intent/api/v1/client-detail`, which is designed to retrieve detailed information about a specific client (typically by MAC address) rather than the aggregated health score of all wireless clients, and POST is not the correct verb for a read-only query.

991
Multi-Selectmedium

Which TWO of the following are valid OAuth 2.0 grant types? (Select TWO)

Select 2 answers
A.Client credentials
B.Authorization code
C.API key
D.Basic authentication
E.Implicit grant
AnswersA, B

Standard OAuth 2.0 grant for server-to-server.

Why this answer

Authorization code and client credentials are standard grant types. Basic is not OAuth 2.0. API key is a different authentication method.

Implicit is deprecated.

992
MCQhard

Given the Python list comprehension: result = [x*2 for x in range(10) if x > 5] What is the value of result?

A.[12, 14, 16, 18]
B.[0, 2, 4, 6, 8, 10, 12, 14, 16, 18]
C.[10, 12, 14, 16, 18]
D.[6, 7, 8, 9]
AnswerA

Correct: x=6->12, 7->14, 8->16, 9->18.

Why this answer

The list comprehension `[x*2 for x in range(10) if x > 5]` iterates over `x` from 0 to 9, filters to only include `x` values greater than 5 (i.e., 6, 7, 8, 9), and multiplies each by 2, producing `[12, 14, 16, 18]`. This is a standard Python comprehension with a conditional filter.

Exam trap

The trap here is that candidates often forget the filter condition and include all values, or they mistakenly apply the multiplication to the filtered indices rather than the values, leading to options like C or D.

How to eliminate wrong answers

Option B is wrong because it includes all numbers from 0 to 9 multiplied by 2, which would result from omitting the `if x > 5` filter. Option C is wrong because it incorrectly includes 10 (from x=5), but the condition `x > 5` excludes 5, so 5*2=10 should not be present. Option D is wrong because it lists the unfiltered x values (6,7,8,9) instead of the doubled results, confusing the iteration variable with the output expression.

Page 13

Page 14 of 14