200-901 · topic practice

Application Deployment and Security practice questions

Practise Cisco DevNet Associate 200-901 Application Deployment and Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Application Deployment and Security

What the exam tests

What to know about Application Deployment and Security

Application Deployment and Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Application Deployment and Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Application Deployment and Security questions

20 questions · select your answer, then reveal the explanation

A developer wants to ensure that a Docker container running a web application can only accept incoming traffic on port 443. Which Docker run option should be used?

During a security audit, an engineer discovers that a CI/CD pipeline is storing API keys in plain text in environment variables. Which best practice should be implemented to mitigate this risk?

A network engineer is troubleshooting a Kubernetes deployment where pods are failing to start with the error 'CrashLoopBackOff'. The pod log shows 'bind: address already in use'. The deployment runs multiple replicas of a container that listens on port 8080. What is the most likely cause?

A developer needs to ensure that microservice A can securely communicate with microservice B over HTTPS within a Kubernetes cluster. What is the simplest approach?

Question 5mediummultiple choice
Study the full Python automation breakdown →

An engineer is designing a CI/CD pipeline for a Python application. The pipeline should automatically run unit tests, build a Docker image, push it to a private registry, and deploy to a Kubernetes cluster. Which sequence of stages is correct?

A security policy requires that all container images in a registry are scanned for vulnerabilities before deployment. Which approach best integrates this into a CI/CD pipeline without slowing down the pipeline?

Question 7easymultiple choice
Read the full Ansible explanation →

A DevOps engineer wants to automate the configuration of network devices using Ansible. Which file format is commonly used for Ansible playbooks?

In a Cisco DNA Center environment, an application needs to retrieve the network device list using REST API. Which authentication method is required?

Which TWO statements about Dockerfile best practices are correct? (Choose two.)

Which THREE security measures should be implemented in a CI/CD pipeline to protect against supply chain attacks? (Choose three.)

Which TWO are valid methods to secure a REST API? (Choose two.)

Question 12mediummultiple choice
Study the full Python automation breakdown →

Refer to the exhibit. A Python script uses the Cisco IOS-XE RESTCONF API to retrieve the device configuration. The returned JSON is shown. What must be done to enable the GigabitEthernet0/1 interface using the API?

Exhibit

Refer to the exhibit.
```
{
  "hostname": "Router1",
  "interfaces": [
    {
      "name": "GigabitEthernet0/0",
      "ip": "10.1.1.1",
      "mask": "255.255.255.0",
      "enabled": true
    },
    {
      "name": "GigabitEthernet0/1",
      "ip": "192.168.1.1",
      "mask": "255.255.255.0",
      "enabled": false
    }
  ]
}
```

Refer to the exhibit. A developer is building a Docker image for a Node.js application. The Dockerfile contains: ``` FROM node:14 WORKDIR /usr/src/app COPY package*.json ./ RUN npm install COPY . . CMD ["node", "app.js"] ``` When building, the error shown occurs. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
Error: EACCES: permission denied, mkdir '/usr/src/app/node_modules/.cache'
    at Object.mkdirSync (fs.js:753:3)
    at ...
```

A company runs a microservices application on a Kubernetes cluster with 10 worker nodes. The application consists of 3 services: frontend, backend, and database. The database service is stateful and uses persistent volumes. Recently, the operations team noticed that the backend service is experiencing intermittent failures with 'Connection refused' errors when trying to connect to the database. The database service is exposed via a ClusterIP service named 'database-service'. The backend service uses environment variable DB_HOST=database-service to connect. The pod logs show that the connection is attempted to an IP address that does not correspond to any database pod. Further investigation reveals that the database pod has been restarted multiple times due to OOMKilled errors. The backend service is configured with a liveness probe that checks the health endpoint every 10 seconds, and a readiness probe that checks the same endpoint every 5 seconds. The database pod has resource limits set to 512Mi memory and 500m CPU. The node running the database pod has 4Gi memory and 2 CPU cores. What is the most likely cause of the intermittent connection failures?

Question 15mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is automating the deployment of a new VLAN across multiple Cisco switches using Ansible. The engineer has written a playbook that uses the ios_vlan module to create VLAN 100 with name 'Users'. The playbook runs successfully on the first switch but fails on the second switch with the error message: 'VLAN name is already in use'. The engineer checks the second switch and confirms that VLAN 100 does not exist, but a different VLAN with the name 'Users' exists. The engineer wants to ensure that the playbook creates VLAN 100 with the exact name 'Users' only if it does not already exist, and without conflicting with existing VLANs. Which approach should the engineer take?

A DevOps team is deploying a microservices application on Cisco UCS using Docker containers. They need to ensure that secrets such as database credentials are securely managed without hardcoding them in the application code or container images. Which approach should they use?

Which TWO of the following are valid security considerations when deploying an application to a Kubernetes cluster managed by Cisco Intersight? (Choose two.)

Refer to the exhibit. An engineer applied this configuration to a Cisco switch port connected to an application server. The server runs a critical business application that should not be disrupted. However, after applying the configuration, the port goes into errdisable state. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
interface GigabitEthernet1/0/1
 description CONNECTION TO APP SERVER
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
```
Question 19mediumdrag order
Read the full DHCP explanation →

Drag and drop the steps to set up a basic DHCP server on a Cisco router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediumdrag order
Read the full REST/YANG explanation →

Drag and drop the steps to configure a Cisco IOS device for NETCONF access into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Application Deployment and Security sessions

Start a Application Deployment and Security only practice session

Every question in these sessions is drawn from the Application Deployment and Security domain — nothing else.

Related practice questions

Related 200-901 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 200-901 exam test about Application Deployment and Security?
Application Deployment and Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Application Deployment and Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Application Deployment and Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 200-901 topics?
Use the topic links above to move to related areas, or go back to the 200-901 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 200-901 exam covers. They are not copied from any real exam or dump site.