Back to Cisco DevNet Associate 200-901 questions

Scenario-based practice

Hard Difficulty Questions

Practise Cisco DevNet Associate 200-901 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
200-901
exam code
Cisco
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related 200-901 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Full question →

Which TWO statements about REST API design best practices are correct?

A Python script uses the Cisco Meraki API to create a new network and then immediately attempts to configure an SSID on that network. The SSID creation fails with a 400 error indicating 'network is not ready'. What is the most likely cause?

Question 3hardmultiple choice
Read the full wireless explanation →

A DevOps team manages a multi-site Cisco Meraki network with 50 MX appliances and 200 MR access points. They use a Python script that calls the Meraki API to collect device utilization data every hour and stores it in a CSV file. Recently, the script started failing intermittently with HTTP 429 status codes. The team suspects rate limiting but notices that the failures occur even when only one script instance runs. The script uses a single API key and makes requests to the /devices/{serial}/uplink endpoint for each MX and the /devices/{serial}/wireless/status endpoint for each MR. The script is scheduled via cron and runs sequentially. The team wants to resolve the rate limiting while minimizing changes to the script. Which course of action should the team take?

Question 4hardmultiple choice
Study the full QoS explanation →

Refer to the exhibit. A network engineer applies this JSON-based QoS policy to a Cisco device using NETCONF/YANG. Which statement best describes the expected behavior for traffic from 10.0.0.0/24 with DSCP EF?

Exhibit

Refer to the exhibit.

{
  "policy": {
    "name": "QoS-Policy",
    "match": {
      "dscp": "EF",
      "source_ip": "10.0.0.0/24"
    },
    "action": {
      "set_dscp": "AF41",
      "police": {
        "cir": "100000000",
        "bc": "10000000",
        "conform_action": "transmit",
        "exceed_action": "drop"
      }
    }
  }
}
Question 5hardmultiple choice
Read the full REST/YANG explanation →

Refer to the exhibit. A developer sends a PUT request to the RESTCONF endpoint with the above JSON payload. The device already has interface GigabitEthernet1/0/1 configured with IP address 10.10.10.1/24. What is the expected outcome?

Exhibit

Refer to the exhibit.

{
  "Cisco-IOS-XE-native:interface": {
    "GigabitEthernet": [
      {
        "name": "1/0/1",
        "description": "Link to Core",
        "ip": {
          "address": {
            "primary": {
              "address": "10.10.10.1",
              "mask": "255.255.255.0"
            }
          }
        }
      }
    ]
  }
}
Question 6hardmultiple choice
Open the full BGP breakdown →

A company has a three-tier data center architecture with access, aggregation, and core layers. The network team is migrating to a leaf-spine architecture to support increasing east-west traffic. The current network uses STP for loop prevention, and the team wants to eliminate STP in the new design. They plan to use VXLAN overlays with BGP EVPN for control plane. During a pilot deployment, the team notices that some legacy servers that rely on traditional VLANs are not reachable across the new fabric. The servers are connected to access switches that are part of the leaf layer. The access switches are configured as VXLAN tunnel endpoints (VTEPs) but the legacy servers are still using traditional VLANs. The team needs to ensure connectivity between the legacy VLAN-based servers and the new VXLAN-based network. What is the best approach to integrate these legacy servers without changing their configuration?

Question 7hardmultiple choice
Review the full OSPF breakdown →

Based on the routing table, what type of OSPF route is the default route (0.0.0.0/0)?

Exhibit

Refer to the exhibit.
```
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.1, 00:00:34, GigabitEthernet0/0
O    10.0.0.0/8 [110/2] via 10.0.0.1, 00:00:34, GigabitEthernet0/0
O    172.16.0.0/16 [110/3] via 192.168.1.1, 00:00:34, GigabitEthernet0/1
C    192.168.1.0/24 is directly connected, GigabitEthernet0/1
```
Question 8hardmulti select
Review the full OSPF breakdown →

Which THREE factors influence the convergence time of OSPF in a large enterprise network? (Choose three.)

Question 9hardmultiple choice
Full question →

A developer is using the Cisco Webex API to create a room and add members. The API requires an access token with the appropriate scopes. The developer receives a 401 Unauthorized error when trying to create a room. What is the most likely cause?

A developer is writing a Python script that uses the Cisco Meraki API to retrieve a list of networks for an organization. The API returns a JSON array. The developer wants to filter networks where the 'tags' field contains 'production'. Which code snippet correctly filters the results?

Question 11hardmulti select
Read the full NAT/PAT explanation →

Which THREE of the following are common design patterns for microservices? (Choose three.)

Question 12hardmulti select
Full question →

Which THREE are valid reasons to use Cisco DNA Center's Assurance APIs in an enterprise network?

Question 13hardmultiple choice
Study the full SD-Access breakdown →

During a migration from legacy to SD-Access, a network team wants to use Cisco DNA Center to automate policy deployment. They have defined a macro-level intent but need to ensure that the fabric devices are correctly configured. Which API call should they use to validate the fabric configuration?

A developer is writing a Python script using the Cisco Webex Teams API to send a message to a specific room. The script works for some rooms but fails for others with a 404 error. What is the most likely reason?

Question 15hardmultiple choice
Read the full VPN explanation →

Refer to the exhibit. A service engineer runs a 'check-sync' action on the NSO service 'vpn1'. The result shows 'out-of-sync' for device 'pe1'. What does this indicate?

Exhibit

Refer to the exhibit.

! NSO configuration snippet
services {
  l3vpn vpn1 {
    endpoint ce1 {
      device [pe1 pe2]
      interface GigabitEthernet0/0/1
      ip-address 10.0.0.1/30
    }
    endpoint ce2 {
      device pe3
      interface GigabitEthernet0/0/2
      ip-address 10.0.0.5/30
    }
  }
}
Question 16hardmultiple choice
Full question →

A security policy requires that all container images in a registry are scanned for vulnerabilities before deployment. Which approach best integrates this into a CI/CD pipeline without slowing down the pipeline?

Question 17hardmultiple choice
Full question →

A network engineer is troubleshooting a Kubernetes deployment where pods are failing to start with the error 'CrashLoopBackOff'. The pod log shows 'bind: address already in use'. The deployment runs multiple replicas of a container that listens on port 8080. What is the most likely cause?

Question 18hardmulti select
Read the full Ansible explanation →

Which THREE of the following are best practices for writing Ansible playbooks for network automation? (Select exactly 3.)

Question 19hardmultiple choice
Full question →

In a network automation workflow, a developer needs to ensure idempotency. What does idempotency mean in this context?

Which THREE of the following are valid methods to handle API rate limiting in a Python automation script? (Select exactly 3.)

These 200-901 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 200-901 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.