CCNA Software Development and Design Questions

75 of 85 questions · Page 1/2 · Software Development and Design · Answers revealed

1
MCQmedium

A development team is implementing a microservices architecture. They need to ensure that services can discover each other dynamically without hardcoding IP addresses. Which technology should they use?

A.A centralized load balancer
B.A service registry like Consul
C.An API gateway
D.DNS-based service discovery
AnswerB

Correct: Service registries enable dynamic discovery and health checks.

Why this answer

A service registry like Consul provides a centralized directory where microservices register their network locations (IP and port) and health status. Other services query the registry to discover available instances dynamically, eliminating the need for hardcoded addresses. Consul supports health checks, multi-datacenter replication, and integrates with tools like Envoy for service mesh functionality.

Exam trap

Cisco often tests the distinction between an API gateway (which handles external traffic) and a service registry (which handles internal service discovery), leading candidates to incorrectly choose the API gateway when the question focuses on inter-service communication.

How to eliminate wrong answers

Option A is wrong because a centralized load balancer distributes traffic but does not inherently provide dynamic service discovery; it typically requires manual configuration or integration with a registry to know backend endpoints. Option C is wrong because an API gateway handles routing, authentication, and rate limiting for external requests, but it is not designed for internal service-to-service discovery and often relies on a registry or DNS for backend resolution. Option D is wrong because DNS-based service discovery (e.g., using SRV records) can resolve service names to IPs but lacks real-time health checking, TTL-based caching can cause stale entries, and it does not support advanced features like weighted routing or metadata-based filtering that a dedicated registry provides.

2
MCQeasy

A network automation engineer is writing a Python script to interact with the Cisco Meraki Dashboard API. The script currently makes GET requests to retrieve a list of networks and then makes subsequent requests for each network to get device details. However, the script is slow due to network latency. The engineer wants to improve performance without changing the API's functionality. Which approach best addresses the performance issue?

A.Wrap all API calls in a single transaction.
B.Increase the timeout value in each request.
C.Use parallel requests with asyncio for concurrent API calls.
D.Use a POST request instead of GET to combine both operations.
AnswerC

A is correct because concurrency allows multiple requests to run simultaneously, significantly reducing wait time for I/O-bound tasks.

Why this answer

The correct answer is A: Use parallel requests with asyncio for concurrent API calls. This reduces total time by overlapping I/O operations. B (increasing timeout) doesn't speed up the requests; it only prevents early failures.

C (wrapping in a single transaction) is not applicable to REST APIs. D (using POST instead of GET) doesn't improve performance and may violate API design principles.

3
MCQeasy

A developer is writing a Python script that uses the Cisco Catalyst Center (formerly DNA Center) API to get the list of sites. The API returns a response with a 'response' key containing a list of sites. The developer wants to access the 'response' field from the JSON response. Which code snippet correctly extracts the list?

A.sites = list(response)
B.sites = response['response']
C.sites = response[0]
D.sites = response.get('response')
AnswerB

Correct: Accessing the key 'response' returns the list.

Why this answer

Option B is correct because the Cisco Catalyst Center API returns a JSON response where the list of sites is nested under the 'response' key. Using dictionary-style indexing with `response['response']` directly retrieves that list, which is the standard way to access a known key in a Python dictionary parsed from JSON.

Exam trap

Cisco often tests whether candidates understand that API responses are parsed into dictionaries, not lists, and that the 'response' key is a nested structure; the trap here is confusing the outer dictionary with the inner list, leading candidates to pick `response[0]` or `list(response)`.

How to eliminate wrong answers

Option A is wrong because `list(response)` would convert the entire dictionary keys into a list, not extract the 'response' field. Option C is wrong because `response[0]` attempts to index the dictionary as if it were a list, which raises a KeyError or TypeError since dictionaries are not sequence types. Option D is wrong because `response.get('response')` would return the value for the 'response' key, but the question specifically asks for the list; while this could work, it is not the correct snippet among the given options because the answer expects the direct indexing approach, and `get()` is a safer alternative but not the one marked correct in the exam context.

4
MCQeasy

A developer is writing a Python script to interact with the Cisco DNA Center REST API. Which HTTP method should be used to retrieve a list of network devices?

A.GET
B.PUT
C.POST
D.DELETE
AnswerA

GET is the standard method for retrieving data from a REST API.

Why this answer

GET is the correct HTTP method for retrieving resources. POST is used for creating, PUT for updating, DELETE for deleting.

5
Matchingmedium

Match each HTTP status code to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

OK

Created

Unauthorized

Forbidden

Not Found

Why these pairings

Common HTTP status codes for REST APIs.

6
MCQmedium

A developer is working on a Python application that automates the configuration of multiple Cisco IOS-XE devices using RESTCONF. The application uses the requests library. The developer notices that sometimes the PUT request to update the interface description returns a 409 Conflict error. Upon investigation, the developer finds that the issue occurs when two instances of the application are running concurrently and attempt to update the same interface. The developer wants to implement a strategy to avoid conflicts. Which approach is most effective?

A.Implement a retry mechanism with exponential backoff and random jitter
B.Use a distributed lock mechanism to ensure exclusive access
C.Change the PUT to PATCH and hope for partial updates
D.Use a timestamp in the request to force overwrite
AnswerB

A lock guarantees that only one instance modifies the resource at a time, eliminating conflicts.

Why this answer

A 409 Conflict indicates that the resource was modified by another request. A distributed lock ensures exclusive access, preventing concurrent updates. Option A (retry with backoff) might eventually succeed but does not prevent conflicts and could increase server load.

Option C (PATCH) does not solve the underlying concurrency issue. Option D (timestamp force overwrite) is not standard with RESTCONF and could lead to data loss.

7
Multi-Selectmedium

Which TWO statements about REST API design best practices are true? (Choose two.)

Select 2 answers
A.Avoid API versioning to keep the API simple
B.Include the HTTP method in the URI path, e.g., /getDevices
C.Always use file-based transfer for large payloads
D.Use nouns for resource endpoints, e.g., /devices instead of /getDevices
E.Use HTTP methods appropriately: GET for retrieval, POST for creation, etc.
AnswersD, E

Correct: Nouns represent resources.

Why this answer

Option D is correct because RESTful APIs use nouns to represent resources (e.g., /devices) rather than verbs (e.g., /getDevices). This aligns with the uniform interface constraint of REST, where the HTTP method (GET, POST, etc.) defines the action, and the URI identifies the resource. Using nouns keeps the API intuitive, consistent, and scalable.

Exam trap

Cisco often tests the misconception that verbs in URIs (like /getDevices) are acceptable, when in fact REST mandates nouns for resources and HTTP methods for actions, and that avoiding versioning is a shortcut that breaks backward compatibility.

8
Multi-Selectmedium

Which THREE of the following are common tools used in a CI/CD pipeline for network automation? (Choose three.)

Select 3 answers
A.Jenkins
B.Git
C.Ansible
D.VMware vSphere
E.Docker
AnswersA, B, C

Jenkins is a popular CI/CD automation server.

Why this answer

Jenkins automates CI/CD, Git provides version control, and Ansible automates network configuration. Docker and VMware are more about containers and virtualization, not core pipeline tools.

9
Multi-Selecthard

Which TWO of the following are valid ways to handle errors in a Python program that uses the Cisco Meraki API?

Select 2 answers
A.Checking the response body for an 'errors' key and handling accordingly
B.Checking the HTTP status code and raising an exception for 4xx and 5xx
C.Assuming the API always returns 200 and logging success
D.Retrying the request indefinitely until success
E.Using a try-except block around the API call and catching generic Exception
AnswersA, B

Many APIs, including Meraki, provide error details in the response body.

Why this answer

Options A and D are appropriate error-handling techniques. Option B (catching generic Exception) is too broad and considered bad practice. Option C (assuming 200) ignores errors.

Option E (indefinite retry) can cause infinite loops and overload the API.

10
MCQhard

A Python script using ncclient to configure a Cisco IOS XE device fails with an error that the capability 'urn:ietf:params:xml:ns:netconf:base:1.0' is missing. What is the most likely cause?

A.The device does not have NETCONF enabled
B.The username or password is incorrect
C.The edit-config operation should be on candidate instead of running
D.The host key verification is disabled incorrectly
AnswerA

If NETCONF is not enabled on the device, it will not advertise the required capabilities.

Why this answer

The 'hostkey_verify=False' parameter bypasses SSH host key checking, but the error indicates NETCONF capability not supported. The device likely does not have NETCONF enabled, or SSH connectivity fails.

11
MCQhard

Refer to the exhibit. This JSON response was received from the Cisco DNA Center API. A developer wants to extract the software version of the first device. Which Python expression correctly retrieves '16.12.5' from the variable `data`?

A.data[0]['softwareVersion']
B.data['response'][0]['version']
C.data['response']['softwareVersion']
D.data['response'][0]['softwareVersion']
AnswerD

Correctly navigates the JSON hierarchy.

Why this answer

The JSON structure has a 'response' array containing device objects. The first element is index 0, and the software version is under the key 'softwareVersion'. So data['response'][0]['softwareVersion'] is correct.

12
MCQhard

A DevOps team is developing a CI/CD pipeline for a microservices application that uses Cisco NSO (Network Services Orchestrator) for network configuration. The application code is stored in a Git repository. The pipeline must automatically trigger a test suite when a pull request is merged to the main branch, but only if the tests pass, then deploy to a staging environment. The team is using Jenkins. A junior engineer suggests using a single Jenkinsfile with a declarative pipeline that includes all stages. However, a senior engineer notes that the pipeline should be designed for reusability and maintainability, especially as the number of microservices grows. Which approach best meets these requirements?

A.Use shared libraries to define common stages like testing and deployment, and reference them in each microservice's Jenkinsfile.
B.Create separate Jenkinsfiles for each microservice and call them from a main pipeline using the "build" step.
C.Use a single scripted pipeline that uses "parallel" for microservices and "stage" for testing and deployment.
D.Use a single declarative pipeline with all stages defined in the Jenkinsfile and use "when" conditions to control execution.
AnswerA

C is correct because shared libraries encapsulate reusable pipeline code, minimising duplication and simplifying updates across all microservices.

Why this answer

The correct answer is C: Use shared libraries to define common stages like testing and deployment, and reference them in each microservice's Jenkinsfile. Shared libraries reduce duplication and centralise logic, making it easy to update common steps across all services. A (single pipeline with conditions) leads to code duplication as new services are added.

B (separate Jenkinsfiles called from a main pipeline) is better than A but still duplicates common logic across files unless shared libraries are used. D (scripted pipeline with parallel) does not inherently promote reuse; it may combine steps but still duplicates if not abstracted.

13
MCQeasy

The exhibit shows a JSON response from a Cisco NX-OS API query for interface status. What is the operational state of interface Ethernet1/1?

A.unknown
B.down
C.admin-down
D.up
AnswerB

The 'oper-state' field is 'down'.

Why this answer

The JSON shows "oper-state": "down", so the operational state is down.

14
MCQmedium

Which of the following is a best practice for version controlling large binary files (e.g., network device firmware images) in a Git repository?

A.Avoid storing binary files; use a separate artifact repository and reference the version in metadata
B.Use Git submodules to reference external storage
C.Compress them and commit as usual
D.Store them directly in the repository with LFS (Large File Storage)
AnswerA

This keeps the Git repository lean and uses appropriate tools for binary storage.

Why this answer

Best practice is to avoid storing binary files in Git; use a separate artifact repository and reference the version in metadata (e.g., a text file). LFS (option A) is a possibility but adds overhead and not always ideal. Compressing and committing (B) bloats the repository.

Git submodules (C) are not designed for this.

15
MCQhard

In the context of microservices for network automation, which pattern ensures that each service has a separate database to avoid tight coupling?

A.Circuit breaker
B.Database per service
C.API gateway
D.Shared database
AnswerB

This pattern gives each microservice its own database, promoting loose coupling.

Why this answer

Database per service pattern ensures each microservice has its own database, preventing tight coupling. Shared database couples services, API gateway is for routing, circuit breaker for fault tolerance.

16
MCQmedium

A developer is writing a Python script to interact with a Cisco device using NETCONF. Which library is most appropriate?

A.netmiko
B.requests
C.paramiko
D.ncclient
AnswerD

ncclient is a Python library that provides an API for NETCONF operations on network devices.

Why this answer

Option B is correct because ncclient is the standard Python library for NETCONF operations. Option A (requests) is for HTTP, not NETCONF. Option C (paramiko) is for SSH, not NETCONF.

Option D (netmiko) is for SSH and Telnet to network devices, but it does not natively support NETCONF. Therefore, ncclient is the correct choice.

17
Multi-Selectmedium

Which TWO of the following are commonly used HTTP methods for a RESTful API to retrieve and update a resource? (Select TWO)

Select 2 answers
A.GET
B.POST
C.PUT
D.DELETE
E.HEAD
AnswersA, C

GET retrieves the current state of a resource.

Why this answer

GET is used to retrieve, PUT is used to update. POST is for create, DELETE for delete, HEAD for headers.

18
MCQhard

In a microservices architecture, a REST API must support idempotent updates. Which HTTP method and design practice should be used?

A.PUT with the full resource representation
B.POST with a unique transaction ID
C.DELETE with a resource version
D.PATCH with a conditional header
AnswerA

PUT is idempotent by definition; replacing the entire resource ensures the same result regardless of request count.

Why this answer

Option B is correct because PUT is inherently idempotent—making the same request multiple times results in the same resource state. Option A (POST) is not idempotent unless combined with a unique transaction ID, but this is not standard and can lead to complexity. Option C (PATCH) may be idempotent if using a conditional header like If-Match, but the method itself is not guaranteed idempotent.

Option D (DELETE) is idempotent but not for updates. Therefore, PUT with the full resource representation is the best practice for idempotent updates.

19
Multi-Selectmedium

Which THREE of the following are common steps in a CI/CD pipeline for a Python application that manages Cisco devices?

Select 3 answers
A.Build a Docker container
B.Manually review code before merge
C.Perform static code analysis (linting)
D.Run unit tests on each commit
E.Deploy to production on every commit
AnswersA, C, D

Containerization is common for packaging the application.

Why this answer

Options A, C, and D are typical CI/CD steps. Option B (deploy to production on every commit) is risky and not a common CI/CD practice; usually deployment to production is triggered after passing all stages. Option E (manual review) is important but is not typically automated within the pipeline; it is a gate before merging.

20
MCQeasy

A developer is working with a REST API that uses HTTP Basic Authentication. The developer needs to send a request with the username 'admin' and password 'secret'. Which HTTP header should be set?

A.Authorization: Basic admin:secret
B.Authorization: YWRtaW46c2VjcmV0
C.Authorization: Basic YWRtaW46c2VjcmV0
D.Authorization: Bearer YWRtaW46c2VjcmV0
AnswerC

Correct: This is the standard format for Basic Auth.

Why this answer

HTTP Basic Authentication requires the credentials to be formatted as 'username:password', then Base64-encoded, and sent in the Authorization header with the 'Basic' scheme. Option C correctly includes the 'Basic' scheme followed by the Base64-encoded string 'YWRtaW46c2VjcmV0' (which decodes to 'admin:secret').

Exam trap

Cisco often tests whether candidates know that the credentials must be Base64-encoded and prefixed with the 'Basic' scheme, not sent in plaintext or with the wrong scheme like 'Bearer'.

How to eliminate wrong answers

Option A is wrong because it sends the credentials in plaintext 'admin:secret' without Base64 encoding and omits the required 'Basic' scheme prefix. Option B is wrong because it sends the Base64-encoded string 'YWRtaW46c2VjcmV0' but lacks the 'Basic' scheme identifier, making the header invalid per RFC 7617. Option D is wrong because it uses the 'Bearer' scheme, which is used for OAuth 2.0 token authentication, not HTTP Basic Authentication.

21
Multi-Selecteasy

Which TWO conditions are valid triggers for a webhook notification in Cisco Meraki?

Select 2 answers
A.Client data usage exceeds configured threshold
B.A client joins a wireless network
C.Firmware upgrade completes
D.Network administrator logs in
E.A new SSID is added
AnswersA, B

Meraki webhooks support 'Data usage alert' events.

Why this answer

Option B (A client joins a wireless network) is a valid trigger ('Client join' event). Option D (Client data usage exceeds configured threshold) is a valid trigger ('Data usage alert'). Option A (A new SSID is added) is not a standard webhook trigger.

Option C (Firmware upgrade completes) is not a standard trigger. Option E (Network administrator logs in) is not a standard trigger.

22
Multi-Selecthard

Which TWO of the following Git commands modify the commit history? (Select TWO)

Select 2 answers
A.git diff
B.git log
C.git commit --amend
D.git rebase -i
E.git status
AnswersC, D

This command modifies the last commit.

Why this answer

`git commit --amend` modifies the most recent commit by replacing it with a new commit that incorporates staged changes or an updated commit message, effectively rewriting the commit history. `git rebase -i` (interactive rebase) allows you to reorder, squash, edit, or drop commits, which also rewrites the commit history by creating new commit objects.

Exam trap

Cisco often tests the distinction between read-only inspection commands (like `git diff`, `git log`, `git status`) and commands that actually rewrite commit history, leading candidates to mistakenly select non-modifying commands.

23
Multi-Selecthard

Which THREE of the following are constraints of the REST architectural style (as defined by Roy Fielding)?

Select 3 answers
A.Client-server architecture
B.Layered system
C.Session management on the server
D.Code-on-demand
E.Statelessness
AnswersA, B, E

Client-server is a fundamental REST constraint separating concerns between user interface and data storage.

Why this answer

Options A, B, and C are correct because the REST architectural style includes client-server, stateless, cacheable, uniform interface, layered system, and optionally code-on-demand. Code-on-demand (E) is optional, and session management (D) is explicitly prohibited by statelessness. Therefore, the correct constraints are client-server, statelessness, and layered system.

24
MCQhard

During a code review, a developer notices that a function has multiple nested if-else statements. Which refactoring technique would improve maintainability?

A.Introduce parameter object
B.Decompose conditional
C.Replace conditional with polymorphism
D.Extract method
AnswerC

Polymorphism allows each subclass to implement its own behavior, eliminating the need for complex conditionals.

Why this answer

Option A is correct because replacing conditionals with polymorphism leverages object-oriented design to eliminate complex conditionals by using subtype-specific behavior. Option B (Extract method) can reduce nesting but still leaves the conditional logic. Option C (Introduce parameter object) reduces parameter lists but not conditionals.

Option D (Decompose conditional) is a valid technique but is less comprehensive than polymorphism for deeply nested conditionals. Therefore, polymorphism is the most effective for improving maintainability in this scenario.

25
Multi-Selecthard

Which TWO statements about REST API design best practices are correct?

Select 2 answers
A.API versioning should be implemented using query parameters only
B.HTTP PUT method should be used for partial updates to a resource
C.Resources should be represented using nouns in the URI
D.Responses should return only HTTP status codes without a body
E.HTTP verbs should describe the action performed on the resource
AnswersC, E

Using nouns for resources (e.g., /devices) is a REST best practice.

Why this answer

Option C is correct because REST API best practices dictate that URIs should represent resources (nouns), not actions. For example, '/users' or '/orders' clearly identifies the resource being manipulated, while verbs like '/getUsers' or '/createOrder' are discouraged as they conflate the resource with the operation.

Exam trap

Cisco often tests the distinction between PUT (full replacement) and PATCH (partial update), and the trap here is that candidates mistakenly think PUT can be used for partial updates because they overlook the idempotent, full-replacement semantics defined in RFC 7231.

26
Multi-Selectmedium

Which THREE of the following are key characteristics of a RESTful API? (Choose three.)

Select 3 answers
A.Resource-based URLs
B.Stateless communication
C.Uses SOAP protocol
D.Relies on session cookies for state
E.Uses standard HTTP methods (GET, POST, PUT, DELETE)
AnswersA, B, E

Resources are identified by URIs.

Why this answer

RESTful APIs use resource-based URLs (e.g., /users/123) to uniquely identify resources, which aligns with the uniform interface constraint of REST. This design makes the API intuitive and self-descriptive, allowing clients to interact with resources directly via the URL structure.

Exam trap

Cisco often tests the distinction between REST and SOAP, and the trap here is that candidates may confuse REST's statelessness with the need for session cookies (stateful behavior) or incorrectly associate REST with SOAP due to both being web service technologies.

27
MCQeasy

When designing a RESTful API for a network automation tool, which status code indicates that a resource has been created successfully?

A.204 No Content
B.200 OK
C.201 Created
D.202 Accepted
AnswerA

204 No Content is used for DELETE operations, not creation.

Why this answer

201 Created is the correct status code for a successful creation. 200 OK means request succeeded but not specifically creation; 202 Accepted indicates accepted for processing; 204 No Content indicates successful deletion.

28
MCQeasy

Which HTTP method is considered both safe and idempotent?

A.POST
B.PUT
C.PATCH
D.GET
E.DELETE
AnswerD

Correct: GET is safe and idempotent.

Why this answer

GET is both safe and idempotent according to HTTP semantics (RFC 7231). Safe means it must not cause side effects on the server, and idempotent means multiple identical requests produce the same result as a single request. GET is designed solely for retrieval of a resource, so it satisfies both properties.

Exam trap

Cisco often tests the distinction between 'safe' and 'idempotent' as separate properties, trapping candidates who assume that idempotent methods like PUT or DELETE are also safe, or that PATCH is idempotent because it modifies a resource.

How to eliminate wrong answers

Option A is wrong because POST is neither safe nor idempotent; it creates or modifies resources and repeated submissions can create multiple resources or different side effects. Option B is wrong because PUT is idempotent but not safe; it modifies or replaces a resource at a specific URI, which is a side effect. Option C is wrong because PATCH is neither safe nor idempotent; it applies partial modifications, and repeated requests can have different outcomes depending on the current state of the resource.

Option E is wrong because DELETE is idempotent but not safe; it removes a resource, which is a side effect.

29
MCQhard

A developer is troubleshooting a CI/CD pipeline that automatically deploys configuration changes to network devices. The pipeline includes a stage that runs Python unit tests. Which of the following would be a valid test to include in that stage to validate the configuration before deployment?

A.Test that the configuration can be applied to the device by sending it via NETCONF
B.Test that the configuration file is valid JSON
C.Test that the configuration changes do not break connectivity by pinging the device after deployment
D.Test that the configuration adheres to company naming conventions using a regular expression
AnswerB

A unit test can verify syntax without needing network access.

Why this answer

Validating that the configuration is valid JSON is a simple unit test that can catch syntax errors early. The other options either require network access (which unit tests should avoid) or are not unit-level.

30
MCQeasy

Refer to the exhibit. A developer is parsing the output of 'show ip route' using Python. Which regular expression would extract the prefix '10.0.1.0/24'?

A.r'^S\s+(\d+\/\d+)'
B.r'^S.*(\d+\.\d+\.\d+\.\d+)'
C.r'S\s+(\S+)'
D.r'^S\s+(\d+\.\d+\.\d+\.\d+/\d+)'
AnswerD

Correctly anchors at line start and captures prefix.

Why this answer

The pattern r'^S\s+(\d+\.\d+\.\d+\.\d+/\d+)' matches a line starting with 'S' followed by whitespace and then the prefix. Option B lacks the start anchor; Option C is too specific; Option D uses greedy matching and may capture extra.

31
MCQhard

A team uses Git for source control. They want to ensure that all code committed to the main branch passes unit tests and linting. Which Git workflow practice best ensures this?

A.Using pre-commit hooks and CI pipeline to block failing commits
B.Trunk-based development with feature toggles
C.Feature branching with manual merge
D.GitFlow with hotfix branches
AnswerA

Pre-commit hooks run tests locally before commit, and CI blocks merges that fail tests.

Why this answer

Using pre-commit hooks and a CI pipeline that blocks commits if tests fail is the most reliable way. Option A (feature branching with manual merge) does not enforce tests. Option B (GitFlow with hotfix branches) is about branching models, not enforcement.

Option C (trunk-based development with feature toggles) allows incomplete code but does not guarantee passing tests on merge.

32
Multi-Selecthard

Which THREE of the following are common design patterns for microservices? (Choose three.)

Select 3 answers
A.Chain of Responsibility
B.Circuit Breaker
C.Singleton
D.Service Registry
E.API Gateway
AnswersB, D, E

Correct: Circuit Breaker is used for fault tolerance.

Why this answer

The Circuit Breaker pattern (B) is a common microservices design pattern that prevents cascading failures by monitoring for failures and opening a circuit to stop requests to a failing service, allowing it to recover. It is widely implemented in frameworks like Netflix Hystrix or Resilience4j, where states (closed, open, half-open) control request flow and timeout thresholds.

Exam trap

Cisco often tests the distinction between general software design patterns (like Singleton or Chain of Responsibility) and patterns specifically designed for microservices architecture, such as Circuit Breaker, Service Registry, and API Gateway.

33
Multi-Selecteasy

Which TWO of the following are essential steps in a typical Git workflow when collaborating on a feature branch? (Choose two.)

Select 2 answers
A.Rebase onto master
B.Merge the branch into master
C.Delete the remote repository
D.Stash changes before switching branches
E.Create a branch
AnswersB, E

Merging integrates the feature back into the main branch.

Why this answer

Creating a branch isolates work, and merging integrates it back. While rebasing is common, the question asks for essential steps; merge is more fundamental than rebase.

34
MCQeasy

A team uses GitHub for version control and wants Jenkins to automatically run tests when changes are pushed to the main branch. Which trigger should be configured in the Jenkins job?

A.Cron job on the Jenkins server
B.Poll SCM every minute
C.Manual build trigger
D.GitHub webhook
AnswerD

A webhook sends an HTTP POST to Jenkins when changes are pushed, triggering the job immediately.

Why this answer

A webhook allows GitHub to notify Jenkins instantly on push events, enabling immediate triggering of the pipeline.

35
MCQmedium

A developer is designing a Python script that uses the NSO (Network Services Orchestrator) northbound API. Which data format is natively supported by NSO's RESTCONF API?

A.YAML only
B.JSON only
C.XML only
D.JSON and XML
AnswerD

RESTCONF supports both JSON and XML encoding.

Why this answer

RESTCONF supports both JSON and XML as data formats. JSON-only or XML-only is incorrect; YAML is not natively supported by NSO's RESTCONF.

36
MCQmedium

A team is using Git for version control. A developer accidentally committed a sensitive file. Which Git command should be used to remove the file from the repository history while keeping it locally?

A.git rebase -i
B.git reset --soft
C.git rm --cached
D.git filter-branch
AnswerD

This rewrites history to remove the file from all commits, effectively erasing it from the repository.

Why this answer

Option C is correct because git filter-branch rewrites history to remove the file from all commits. Option A (git rm --cached) only removes the file from the index, not from past commits. Option B (git reset --soft) resets the current branch pointer but does not remove the file from history.

Option D (git rebase -i) allows interactive rebase but does not directly remove files from history without additional steps. Therefore, git filter-branch is the appropriate command for this task.

37
MCQmedium

A developer is using Git for source control. They have made changes to a file and want to temporarily save the changes without committing, then work on a different branch. Which Git command should they use?

A.git checkout other-branch
B.git commit -m 'temp'
C.git reset --hard
D.git stash
AnswerD

Correct: Stashing saves changes for later use.

Why this answer

Option D is correct because `git stash` temporarily saves uncommitted changes (both staged and unstaged) to a stack, reverting the working directory to the last commit. This allows the developer to switch branches without losing work, then later reapply the changes with `git stash pop` or `git stash apply`.

Exam trap

Cisco often tests the distinction between temporarily saving work (`git stash`) versus permanently committing or discarding changes, and the trap here is that candidates may think `git checkout` can switch branches regardless of dirty state, ignoring the conflict risk.

How to eliminate wrong answers

Option A is wrong because `git checkout other-branch` will fail if there are uncommitted changes that conflict with the target branch, or it may carry the changes to the other branch unintentionally. Option B is wrong because `git commit -m 'temp'` creates a permanent commit in the commit history, which is not a temporary save and would require later cleanup (e.g., rebase or reset). Option C is wrong because `git reset --hard` discards all uncommitted changes permanently, which is destructive and does not save the work for later use.

38
MCQeasy

Refer to the exhibit. An engineer uses NETCONF to configure an interface. After applying this configuration, the interface is administratively up. However, the interface does not pass traffic. What is the most likely cause?

A.The interface type is misspelled
B.The 'enabled' field should be a string instead of a boolean
C.The IP address configuration uses 'netmask' instead of 'prefix-length'
D.The interface name is invalid
AnswerC

The ietf-ip model requires prefix-length, not netmask.

Why this answer

NETCONF uses YANG models that define IP address configuration with the leaf 'prefix-length' (an integer), not 'netmask'. The 'netmask' field is not a valid leaf in the standard ietf-interfaces or ietf-ip YANG model for IPv4 addresses, so the NETCONF server will either reject the configuration or apply it incorrectly, leaving the interface without a proper IP address and unable to pass traffic.

Exam trap

Cisco often tests the distinction between CLI-style 'netmask' and YANG-model 'prefix-length' in NETCONF/RESTCONF questions, trapping candidates who assume the old CLI syntax works in model-driven APIs.

How to eliminate wrong answers

Option A is wrong because the interface type (e.g., 'iana-if-type:ethernetCsmacd') is a valid YANG identity and a misspelling would cause a validation error, but the question states the configuration was applied and the interface is administratively up, so the type is correct. Option B is wrong because the 'enabled' field in the ietf-interfaces YANG model is defined as a boolean (leaf type 'boolean'), so using a string would cause a schema violation and the configuration would not be accepted; the interface being up indicates the boolean was correctly used. Option D is wrong because the interface name (e.g., 'GigabitEthernet0/0/0') is a standard Cisco interface name and is valid; if it were invalid, the NETCONF server would reject the edit, but the interface is administratively up, confirming the name is correct.

39
MCQeasy

A developer is designing a REST API that will be used by multiple client applications. The API must support versioning to ensure backward compatibility. Which approach should the developer use to implement API versioning?

A.Embed the version in the URI, e.g., /v1/resource
B.Use different HTTP methods for different versions
C.Pass the version as a query parameter, e.g., ?version=1
D.Use a custom HTTP header to specify the version
AnswerA

Correct: URI versioning is straightforward and widely adopted.

Why this answer

Embedding the version in the URI (e.g., /v1/resource) is the most common and straightforward approach for REST API versioning. It makes the version explicit in the URL, allowing clients to directly target a specific version without requiring special header handling or query parameter parsing. This method is widely adopted in industry APIs (e.g., GitHub, Twilio) and ensures backward compatibility by keeping older endpoints accessible under their original URI path.

Exam trap

Cisco often tests the misconception that query parameters or custom headers are more 'RESTful' or flexible, but the exam expects URI-based versioning as the simplest and most compatible approach for backward compatibility.

How to eliminate wrong answers

Option B is wrong because HTTP methods (GET, POST, PUT, DELETE) define the action on a resource, not the version; using different methods for different versions violates REST principles and confuses clients. Option C is wrong because passing the version as a query parameter (e.g., ?version=1) can be cached incorrectly by proxies and CDNs, and it clutters the URL without providing a clean, hierarchical resource structure. Option D is wrong because using a custom HTTP header (e.g., Accept-Version) requires clients to implement additional header logic, reduces discoverability, and is not as transparent or testable as URI-based versioning.

40
MCQmedium

An Ansible playbook fails with the error: "mapping values are not allowed here". The relevant YAML snippet is: --- - name: Configure interface ios_config: lines: - ip address 10.0.0.1 255.255.255.0 parents: interface GigabitEthernet0/1 What is the most likely cause of this error?

A.The indentation of `parents:` is incorrect relative to `lines:`
B.The `ios_config` module requires a provider statement
C.The `lines:` item should be a list of strings
D.The `parents:` value must be enclosed in quotes
AnswerA

In YAML, keys under the same mapping must have the same indentation; `parents:` seems misaligned.

Why this answer

The error "mapping values are not allowed here" in YAML typically indicates an indentation issue. The `parents:` line should be at the same indentation level as `lines:`.

41
MCQmedium

A Python script uses the `requests` library to fetch device details from Cisco DNA Center. The API returns a JSON response with nested objects. To extract the management IP address from the response stored in variable `data`, which code snippet is correct? The JSON structure is: { "response": [ { "managementIpAddress": "192.168.1.1", "hostname": "router1" } ] }

A.data.managementIpAddress
B.data['response']['managementIpAddress']
C.data.get('response')[0].get('managementIpAddress')
D.data['response'][0]['managementIpAddress']
AnswerD

Correctly indexes into the list and retrieves the management IP.

Why this answer

The response contains a list under key 'response'; correct access is via data['response'][0]['managementIpAddress'].

42
MCQhard

A network automation team uses Ansible to manage Cisco ACI fabrics. They have a playbook that creates application profiles using the 'aci_ap' module. Recently, they started using a new Python script that directly uses the Cisco ACI REST API to perform the same tasks. The script often fails with a 403 Forbidden error, although the Ansible playbook works fine. The authentication method is the same: basic authentication over HTTPS. The API user has the same privileges. Which of the following is the most likely cause?

A.The script is not including the APIC cookie in subsequent requests
B.The script is not setting the proper Content-Type header for POST requests
C.The script is using HTTP instead of HTTPS
D.The API user's password was changed between runs
AnswerA

ACI requires a session cookie; missing it results in 403.

Why this answer

The Cisco ACI REST API requires the token returned from the login to be sent as a cookie in subsequent requests. The script likely overlooks this step, while Ansible handles it automatically. Option A is correct.

Option B (HTTP vs HTTPS) would cause a different error. Option C (password change) would affect both. Option D (Content-Type) might cause a 400, not 403.

43
MCQeasy

Which design principle suggests that a module should be responsible for a single part of the functionality?

A.Separation of Concerns
B.YAGNI (You Aren't Gonna Need It)
C.DRY (Don't Repeat Yourself)
D.KISS (Keep It Simple, Stupid)
AnswerA

This principle dictates that each module should handle a distinct aspect of the application's functionality.

Why this answer

Option B is correct because Separation of Concerns (SoC) advocates for dividing a program into distinct sections that each address a separate concern. Option A (DRY) stands for Don't Repeat Yourself, which focuses on reducing repetition. Option C (KISS) stands for Keep It Simple, Stupid, emphasizing simplicity.

Option D (YAGNI) stands for You Aren't Gonna Need It, advising against adding unnecessary features. Therefore, SoC is the principle that matches the description.

44
MCQhard

In a Python application that uses the ncclient library to manage Cisco devices via NETCONF, the developer encounters an error: 'ncclient.transport.errors.SessionCloseError: session closed on error'. Which of the following is the most likely cause?

A.The NETCONF session timed out due to inactivity
B.The device does not support base NETCONF 1.0
C.The device's SSH key has changed
D.The device does not support the candidate datastore
AnswerA

Idle session timeouts are a common cause of SessionCloseError.

Why this answer

SessionCloseError typically occurs when the NETCONF session is closed by the server due to a timeout (e.g., inactivity). Option A (SSH key change) would cause authentication failure, not this error. Option C (candidate datastore unsupported) would cause a capability error.

Option D (base NETCONF 1.0 unsupported) would also cause a capability exchange failure.

45
MCQhard

A network engineer is designing a REST API using Python Flask to allow provisioning of VPN tunnels. The API must support multiple clients and must be secure. Which approach is most appropriate for authenticating and authorizing API requests?

A.Use OAuth 2.0 with client credentials grant
B.Use HTTP Basic Authentication with a dictionary of usernames and passwords
C.Embed a shared secret in each client's source code
D.Issue API tokens to each client and validate them on each request
AnswerD

API tokens are a standard, secure method for API authentication and can include scopes.

Why this answer

API tokens with scopes are a common and secure method for REST APIs, allowing fine-grained access control. Basic auth with dictionary is outdated and insecure. OAuth 2.0 with client credentials is best for machine-to-machine, but given options, API tokens are most appropriate.

46
MCQmedium

A developer is designing a Python script to parse the output of 'show ip interface brief' from a Cisco IOS device. The output is stored in a string variable. The developer wants to extract only the interfaces that are up/up. The current code uses regular expressions but often fails because the interface names contain special characters (e.g., GigabitEthernet1/0/1). Which approach should the developer use to reliably parse the output?

A.Use the 're' module with a more complex pattern that escapes special characters
B.Use split on whitespace and check column values
C.Use a structured data format like JSON or YAML if available from the device
D.Use a CSV parser with a custom delimiter
AnswerC

Structured output is consistent, machine-readable, and immune to formatting changes.

Why this answer

The most reliable approach is to use structured output if the device supports JSON or YAML output (e.g., 'show ip interface brief | json' on IOS-XE). This avoids regex pitfalls. Option A (split on whitespace) may break if interface names contain spaces (they don't, but slashes are fine).

Option B (CSV parser) is not appropriate for this output. Option D (complex regex) is possible but less maintainable and error-prone.

47
MCQmedium

A network automation engineer is using Ansible to manage Cisco IOS devices. The playbook includes a task that executes a 'show version' command and registers the output. The engineer then wants to parse the output to extract the IOS version. Which approach should be used?

A.Use the 'cisco.ios.ios_command' module and parse the output with regex
B.Use the 'cisco.ios.ios_command' module and the 'parse' option
C.Use the 'cisco.ios.ios_config' module to retrieve the version
D.Use the 'cisco.ios.ios_facts' module to get structured facts
AnswerD

Correct: 'ios_facts' returns structured data including the IOS version.

Why this answer

The 'cisco.ios.ios_facts' module retrieves structured data from Cisco IOS devices, including the IOS version as a key-value pair in the Ansible facts dictionary. This eliminates the need for manual parsing, as the module uses the device's CLI or NETCONF to gather structured output, making it the most efficient and reliable approach for extracting specific device attributes.

Exam trap

Cisco often tests the misconception that raw CLI output must be parsed manually, but the correct approach is to use dedicated facts modules that return structured data, avoiding fragile regex or template-based parsing.

How to eliminate wrong answers

Option A is wrong because while 'cisco.ios.ios_command' can execute 'show version' and register raw output, parsing it with regex is error-prone, fragile, and unnecessary when structured facts are available. Option B is wrong because the 'parse' option in 'cisco.ios.ios_command' is used for converting unstructured output to structured data using a 'parser' or 'textfsm' template, but it still requires a template and is not the direct method for obtaining the IOS version as a fact. Option C is wrong because 'cisco.ios.ios_config' is designed for pushing configuration changes, not for retrieving operational data like the IOS version; it does not support 'show' commands or fact gathering.

48
MCQmedium

Refer to the exhibit. What will be the result of running this Ansible playbook against the 'switches' group?

A.VLAN 10 will be deleted
B.VLAN 10 will be modified to have the name 'voice'
C.The playbook will only show the running configuration of VLAN 10
D.VLAN 10 will be created if it does not already exist
AnswerD

The 'state: present' parameter ensures the VLAN is present; Ansible will create it if missing.

Why this answer

Option A is correct because the task uses the 'state: present' parameter to ensure VLAN 10 exists. Option B (deletion) would require 'state: absent'. Option C (modification) would apply only if the VLAN already exists with different attributes, but the task is idempotent.

Option D is incorrect because the playbook does not show configuration. Therefore, the primary outcome is creating VLAN 10 if it does not exist.

49
MCQmedium

A Python script using the requests library to query the Cisco Meraki API returns a 403 Forbidden error. The API key is correctly set in the header. What is the most likely cause?

A.The request URL is incorrect
B.The API endpoint is rate-limiting the request
C.The API key does not have permission for the requested resource
D.The Content-Type header is missing
AnswerC

403 Forbidden means the server understood the request but refuses to authorize it; the API key likely lacks the required scope.

Why this answer

A 403 Forbidden error typically indicates the API key is invalid or lacks permissions. The API key is set correctly, so the issue is likely that the API key does not have the required scope for the endpoint.

50
Drag & Dropmedium

Drag and drop the steps to deploy a Python script to a Cisco device via RESTCONF into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

RESTCONF operations require authentication, correct URL, headers, and payload; verify with response.

51
MCQhard

Refer to the exhibit. A developer executes this Python script against a Cisco device. Assuming valid credentials and network connectivity, what is printed to the console?

A.An exception due to invalid credentials
B.The startup configuration of the device in XML format
C.The running configuration of the device in XML format
D.A JSON representation of the device interfaces
AnswerC

The script calls m.get_config(source='running') which returns the running config as XML, then prints it prettified.

Why this answer

Option A is correct because the script retrieves the running configuration (source='running') using NETCONF, and then prints it in a pretty XML format. Option B is wrong because the source is 'running', not 'startup'. Option C is wrong because no exception is raised with valid inputs.

Option D is wrong because the output is XML, not JSON. Therefore, the correct output is the running configuration in XML.

52
MCQmedium

A network engineer runs the Ansible playbook shown in the exhibit, but it fails. The error indicates the module 'cisco.ios.ios_vlan' does not exist. What is the most likely cause?

A.The collection 'cisco.ios' is not installed
B.The module name is misspelled; it should be 'ios_vlans'
C.The 'state: present' is invalid for this module
D.The playbook lacks 'become: yes'
AnswerB

The correct module for configuring VLANs on Cisco IOS is 'ios_vlans' (with an 's').

Why this answer

The correct module name is 'ios_vlans' (plural) for Cisco IOS VLAN configuration. 'ios_vlan' is not a valid module.

53
Multi-Selecteasy

Which THREE of the following are common stages in a continuous integration pipeline? (Select THREE)

Select 3 answers
A.Monitor
B.Deploy
C.Build
D.Test
E.Lint
AnswersC, D, E

Build compiles code and creates artifacts.

Why this answer

Build, Test, and Lint are typical CI stages. Deploy is usually part of continuous delivery/deployment, and Monitor is after deployment.

54
Multi-Selecteasy

Which TWO HTTP methods are considered safe according to HTTP/1.1 specification?

Select 2 answers
A.PUT
B.GET
C.DELETE
D.HEAD
E.POST
AnswersB, D

GET is a safe method; it only retrieves resources and does not change server state.

Why this answer

Options A and D are correct because GET and HEAD are defined as safe methods that do not modify resources. POST, PUT, and DELETE are not safe as they can change server state. Therefore, only GET and HEAD qualify.

55
MCQmedium

Refer to the exhibit. A developer is writing an Ansible playbook to configure this interface on a Cisco IOS XE device. Which Ansible module should be used to set the IP address?

A.ios_ip_interface
B.ios_command
C.ios_facts
D.ios_config
AnswerD

ios_config allows sending configuration commands like 'ip address'.

Why this answer

The ios_config module sends arbitrary configuration commands, which is appropriate for setting the ip address. ios_command runs show commands, ios_ip_interface does not exist, ios_facts gathers facts.

56
MCQmedium

A developer is designing a REST API for managing network devices. The API should support idempotent operations for updating device configuration. Which HTTP method should be used for the update operation?

A.DELETE
B.PUT
C.PATCH
D.POST
AnswerB

PUT replaces the resource and is idempotent, making it suitable for updates.

Why this answer

PUT is idempotent; making the same PUT request multiple times has the same effect as one request. PATCH is not necessarily idempotent. POST is not idempotent.

DELETE is idempotent but not for updates.

57
MCQhard

A network engineer is automating the deployment of new branch offices using Cisco DNA Center REST API. The script creates a new site under a parent site using the POST /dna/intent/api/v1/site API endpoint. The script runs successfully but when checking the DNA Center UI, the new site appears under the incorrect parent site. The script uses the following JSON payload: { "parentId": "0a1b2c3d-4e5f-6789-0ab1-2c3d4e5f6789", "name": "Branch-Office-42", "type": "area", "latitude": 34.0522, "longitude": -118.2437 } The parentId is obtained from a GET request to /dna/intent/api/v1/site that returns a list of all sites. The engineer verified that the parentId matches the UUID of a site named 'HQ', which the engineer believes is an area. However, 'HQ' is actually a building site. The engineer is not aware that the site type is different because the GET response does not display the type field prominently. What is the most likely cause of the new site being placed under the wrong parent?

A.The type field is set to 'area' but the parent site is of type 'building'
B.The script is using the wrong API endpoint for creating sites
C.The API is ignoring the parentId because the request is missing the 'siteId' header
D.The script is not including the 'address' field which is required for site creation
AnswerA

The site hierarchy does not allow an area directly under a building. The API may fall back to a different parent, causing the site to appear under the incorrect parent.

Why this answer

Option B is correct because the parent site 'HQ' is of type 'building', but the request is trying to create an 'area' under it. In Cisco DNA Center, the site hierarchy requires that an area cannot be directly under a building; areas can only be under Global or another area. The API may silently place the new area under the root or another compatible parent, resulting in the wrong parent.

Option A is incorrect because the endpoint is correct. Option C is incorrect because there is no 'siteId' header requirement for site creation. Option D is incorrect because the 'address' field is not required for creating an area.

58
MCQmedium

A developer is implementing error handling in a script that makes multiple API calls to Cisco ACI. Which approach is best practice for handling transient network failures?

A.Retry with fixed delay
B.Ignore errors and continue
C.Always retry immediately
D.Retry with exponential backoff
AnswerD

Exponential backoff gradually increases wait time, reducing server load and improving success chances.

Why this answer

Retrying with exponential backoff is best practice to handle transient failures without overwhelming the server. Ignoring errors can cause data inconsistency; immediate retry may cause congestion; logging and terminating defeats automation goals.

59
MCQmedium

A company uses a CI/CD pipeline to deploy network configurations. The pipeline includes a stage that runs automated tests against a simulated network environment. Which testing strategy does this represent?

A.Regression testing
B.Unit testing
C.Integration testing
D.Smoke testing
AnswerC

Integration testing validates the interaction between components in a simulated or staging environment.

Why this answer

Option C is correct because running automated tests against a simulated network environment validates how multiple network components (e.g., routers, switches, firewalls) interact as a whole. This is integration testing, which focuses on detecting interface and communication failures between integrated units, not on individual components or end-to-end system behavior. In a CI/CD pipeline for network configurations, this stage ensures that the combined changes work together before deployment to production.

Exam trap

Cisco often tests the distinction between integration testing and unit testing by describing a scenario that involves multiple components interacting, leading candidates to mistakenly choose unit testing because they focus on the word 'automated tests' rather than the environment (simulated network) that implies multi-device interaction.

How to eliminate wrong answers

Option A is wrong because regression testing re-runs previously passed tests to ensure new changes haven't broken existing functionality; it does not specifically target interactions in a simulated environment. Option B is wrong because unit testing validates individual functions or modules in isolation (e.g., a single Ansible playbook or a single CLI command), not the interaction of multiple network devices. Option D is wrong because smoke testing is a shallow, quick check of critical functionality (e.g., 'does the router respond to ping?') to decide whether to proceed with deeper testing, not a comprehensive test of integrated components.

60
MCQeasy

A developer is designing a REST API for a network automation tool. Which HTTP method should be used to retrieve the current configuration of a network device?

A.DELETE
B.GET
C.PUT
D.POST
AnswerB

GET is the correct method for retrieving resource representations; it is safe and idempotent.

Why this answer

Option B is correct because GET is the standard HTTP method for retrieving resources without side effects. Option A (POST) is used for creating resources, not retrieval. Option C (PUT) is used for updating resources.

Option D (DELETE) is used for removing resources. Therefore, only GET is appropriate for safe retrieval.

61
MCQeasy

In Python, which keyword is used to define a function that does not return any value?

A.pass
B.yield
C.return
D.def
AnswerD

def is the keyword to define any function in Python.

Why this answer

The 'def' keyword is used to define any function, regardless of whether it returns a value. Option B (return) is used inside a function to return a value. Option A (yield) is for generators.

Option D (pass) is a placeholder statement.

62
MCQmedium

A junior network developer is tasked with writing a Python script that uses the Cisco NX-API to retrieve the current VLAN configuration from a Nexus switch. The script should output the VLAN IDs in a JSON format. The developer wrote the following code: import requests import json url = "https://192.168.1.1/api/aaaLogin.json" payload = {"aaaUser":{"attributes":{"name":"admin","pwd":"cisco123"}}} r = requests.post(url, json=payload, verify=False) token = r.json()["imdata"][0]["aaaLogin"]["attributes"]["token"] After authentication, the developer attempts to get VLANs using a GET request to "https://192.168.1.1/api/mo/sys/vlan.json" but receives a 401 error. Which of the following should the developer do to fix the issue?

A.Set the 'Authorization' header to 'Bearer ' + token
B.Use a PUT request instead of GET
C.Include the token in the cookie header
D.Use POST to retrieve VLANs
AnswerC

NX-API uses cookie-based authentication; the token must be sent as a cookie.

Why this answer

Cisco NX-API requires the token obtained from the login to be sent as a cookie in subsequent requests. Option B correctly identifies this. Option A (using PUT) is not relevant to authentication.

Option C (set Authorization header) is used for RESTCONF, not NX-API. Option D (use POST) is incorrect for retrieving data.

63
Matchingmedium

Match each Cisco DevNet Associate exam topic to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Covers version control, testing, and CI/CD pipelines

Focuses on REST APIs, authentication, and API consumption

Includes configuration management, infrastructure as code, and network automation

Covers OSI model, TCP/IP, routing, switching, and network topologies

Involves containerization, cloud deployment, and security best practices

Why these pairings

These are the main domains of the Cisco DevNet Associate 200-901 exam.

64
Drag & Dropmedium

Drag and drop the steps to configure a static route on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static routes require global config mode and must specify the destination network, subnet mask, and next-hop address or exit interface.

65
MCQhard

A Python script uses the requests library to authenticate to Cisco DNA Center. The script receives a 401 Unauthorized error even though the credentials are correct. Which of the following is a likely cause?

A.The request is using HTTP instead of HTTPS
B.The Content-Type header is not set to application/json
C.The API endpoint is incorrect
D.The token has expired
AnswerD

Cisco DNA Center uses token-based authentication; an expired token returns 401.

Why this answer

If using a cached token, the token may have expired, causing a 401. Option B (wrong endpoint) gives 404. Option C (Content-Type) causes a 400.

Option D (HTTP) may cause a redirect or error but not necessarily 401 with correct credentials.

66
MCQhard

A developer is writing a Python script that uses the Cisco Meraki API to retrieve a list of networks for an organization. The API returns a JSON array. The developer wants to filter networks where the 'tags' field contains 'production'. Which code snippet correctly filters the results?

A.filtered = [net for net in networks if 'production' in net['tags']]
B.filtered = [net for net in networks if 'production' in str(net['tags'])]
C.filtered = [net for net in networks if 'production' in net['tags'].split(',')]
D.filtered = [net for net in networks if any('production' in t for t in net['tags'])]
AnswerA

Correct: 'tags' is a list, and 'in' works for list membership.

Why this answer

Option A is correct because the Meraki API returns the 'tags' field as a list of strings (e.g., ['production', 'critical']). The Python `in` operator directly checks membership in a list, so `'production' in net['tags']` efficiently filters networks where the exact string 'production' appears as an element in the list.

Exam trap

Cisco often tests the distinction between list membership (`in` on a list) and substring matching (`in` on a string), leading candidates to overcomplicate the filter with `split()` or `any()` when the API already returns a list.

How to eliminate wrong answers

Option B is wrong because converting the list to a string with `str()` produces a string like "['production', 'critical']", and then checking `'production' in` that string would match substrings (e.g., 'production' would also match 'production-backup'), leading to false positives. Option C is wrong because `net['tags'].split(',')` assumes 'tags' is a comma-separated string, but the Meraki API returns a list, not a string; calling `.split()` on a list raises an AttributeError. Option D is wrong because `any('production' in t for t in net['tags'])` checks if the substring 'production' exists within any tag string (e.g., 'production-backup' would match), which is overly broad and not an exact match; the simple `in` on the list already performs exact membership.

67
MCQmedium

A network engineer is developing a Python script to automate the collection of interface statistics from multiple Cisco Catalyst switches using NETCONF. The engineer uses the 'ncclient' library to connect to each switch. The script works for most switches, but for one switch, the connection consistently fails with an authentication error. The engineer has verified that the username and password are correct and that the switch has NETCONF enabled. The engineer suspects the issue might be related to SSH host key checking. The engineer wants to modify the script to bypass host key checking for this specific switch. Which approach should the engineer use?

A.Set the 'hostkey_verify' parameter to False in the connect method
B.Disable SSH key-based authentication by setting 'look_for_keys=False'
C.Use the 'allow_agent' parameter set to False
D.Set the 'known_hosts' parameter to an empty file in the connect method
AnswerA

Correct: This disables host key verification.

Why this answer

Option A is correct because the 'ncclient' library's connect method accepts a 'hostkey_verify' parameter. Setting it to False disables SSH host key checking, which bypasses the verification of the switch's host key against the known_hosts file. This resolves authentication errors caused by host key mismatches, such as when the switch's host key has changed or is not present in the known_hosts file.

Exam trap

Cisco often tests the distinction between SSH host key verification and SSH key-based authentication, leading candidates to confuse parameters like 'look_for_keys' (which controls key-based login) with 'hostkey_verify' (which controls host key trust).

How to eliminate wrong answers

Option B is wrong because 'look_for_keys=False' disables SSH key-based authentication (public/private key pairs), but the engineer is using username/password authentication, and the error is about host key verification, not key-based authentication. Option C is wrong because 'allow_agent=False' prevents the use of an SSH agent for key-based authentication, which is unrelated to host key checking. Option D is wrong because the 'known_hosts' parameter is not a valid parameter in the ncclient connect method; the correct way to bypass host key checking is via 'hostkey_verify=False', not by pointing to an empty file.

68
MCQhard

A large enterprise is migrating to a DevOps model and needs to automate the provisioning of network devices. The team has chosen Ansible for configuration management and is using a Git repository for version control. The network includes Cisco IOS routers, Catalyst switches running IOS-XE, and ASA firewalls. The team has written Ansible playbooks for each device type. The goal is to have a CI/CD pipeline that automatically deploys configuration changes to the production network after the changes are merged into the main branch. However, during a recent deployment, a misconfiguration was pushed to a core router, causing a 10-minute outage. The root cause was that the playbook that was executed was not the correct one for that device model. The team wants to implement a mechanism to prevent similar incidents. Which approach should the team adopt?

A.Implement a CI/CD pipeline that runs playbooks against a staging environment with similar devices, and only deploy to production after successful validation
B.Require all changes to be approved by a change advisory board before merging
C.Require two-person peer review for all playbook changes
D.Use a pre-commit hook that checks the playbook syntax and device compatibility
AnswerA

Correct: Automated testing in staging catches misconfigurations.

Why this answer

Option A is correct because a staging environment with similar devices allows the team to validate playbooks against representative hardware before production deployment. This catches model-specific incompatibilities (e.g., a playbook written for IOS-XE being applied to a classic IOS router) without risking production outages. The CI/CD pipeline can run the same playbooks in staging, verify the resulting device state, and only promote changes to production after successful validation.

Exam trap

Cisco often tests the distinction between static validation (syntax checks, peer review) and dynamic validation (staging environment testing), and the trap here is assuming that code review or pre-commit hooks alone can prevent runtime device-model mismatches.

How to eliminate wrong answers

Option B is wrong because requiring a change advisory board (CAB) approval before merging introduces manual delays and does not automatically prevent the execution of an incorrect playbook for a specific device model; it only gates the merge, not the deployment. Option C is wrong because two-person peer review of playbook changes can catch syntax errors but cannot guarantee that the playbook is compatible with every target device model in production, especially when device types vary. Option D is wrong because a pre-commit hook that checks playbook syntax and device compatibility can only validate static code against predefined rules; it cannot test the actual behavior of the playbook on real hardware or detect runtime issues like model-specific command differences.

69
MCQeasy

Refer to the exhibit. A developer is trying to access the REST API on a Cisco IOS XE device but receives a 401 Unauthorized error. What is the most likely cause?

A.The device does not support REST API
B.Authentication requires local credentials, but none were provided
C.HTTPS is not configured
D.HTTP server is not enabled
AnswerB

With 'ip http authentication local', the device requires valid local username/password, which if missing results in 401.

Why this answer

Option C is correct because authentication is set to 'local', meaning the device uses local usernames and passwords. A 401 error indicates missing or invalid credentials. Option A is incorrect because HTTP server is enabled.

Option B is incorrect because HTTPS is also enabled. Option D is incorrect because the device supports REST API. Therefore, the issue is that the request did not include valid credentials.

70
MCQeasy

A developer is writing a Python script to interact with a Cisco device using RESTCONF. The script sends a PUT request to modify an interface configuration. Which HTTP response code indicates that the resource was successfully created?

A.404 Not Found
B.201 Created
C.200 OK
D.204 No Content
AnswerB

201 Created indicates the resource was successfully created.

Why this answer

A PUT request can create a resource if it does not exist; the 201 Created response is appropriate for successful creation. Option A (200 OK) is typically for successful retrieval, not creation. Option C (204 No Content) is used when no content is returned.

Option D (404 Not Found) indicates the resource does not exist.

71
MCQmedium

A network engineer is developing a Python application that uses the Cisco Meraki Dashboard API. The API responses are in JSON format. Which Python module is most commonly used to parse JSON responses?

A.csv
B.yaml
C.json
D.xml
AnswerC

The json module provides methods for parsing JSON strings and converting Python objects to JSON.

Why this answer

The json module is the standard Python module for parsing JSON data. csv, xml, and yaml are used for other data formats.

72
Multi-Selecteasy

Which TWO of the following are true about REST API design principles?

Select 2 answers
A.PATCH is used for full replacement of a resource
B.GET requests should not change state
C.POST requests should be idempotent
D.DELETE responses must always contain a body
E.PUT can be used for both creation and update of resources
AnswersB, E

GET is intended to retrieve data without side effects.

Why this answer

Option B and C are correct. A is false because POST is not idempotent. D is false because DELETE often returns 204, not necessarily 200.

E is false because PATCH is for partial updates, not full replacement.

73
MCQeasy

Which of the following best describes the purpose of a unit test in software development?

A.To check the performance of the application under load
B.To test individual functions or methods in isolation
C.To verify that different modules work together correctly
D.To test the entire system from end to end
AnswerB

Unit tests focus on the smallest testable parts of an application.

Why this answer

Unit tests verify the behavior of individual functions or methods in isolation. Option A describes integration tests. Option C describes end-to-end tests.

Option D describes performance tests.

74
MCQeasy

When designing a REST API endpoint to update a network device's configuration, which HTTP method should be used?

A.POST
B.DELETE
C.PUT
D.PATCH
AnswerC

PUT replaces or updates the entire resource at the specified URI.

Why this answer

PUT is idempotent and used to update a resource entirely. POST is for creation, GET for retrieval, DELETE for deletion.

75
Multi-Selectmedium

Which THREE of the following are direct benefits of using version control in software development?

Select 3 answers
A.Traceability of changes
B.Automated testing integration
C.Eliminates syntax errors
D.History and rollback capabilities
E.Collaboration among team members
AnswersA, D, E

Version control tracks who made what change and when, providing an audit trail.

Why this answer

Options A, C, and E are correct because version control enables collaboration by allowing multiple developers to work concurrently, provides a history for rollback, and offers traceability for changes. Automated testing (B) is not a direct benefit of version control, and eliminating syntax errors (D) is unrelated to version control.

Page 1 of 2 · 85 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Software Development and Design questions.