CCNA Devnet Apis Questions

75 of 99 questions · Page 1/2 · Devnet Apis topic · Answers revealed

1
MCQeasy

What is the purpose of the Authorization header in a REST API call?

A.To specify the content type of the request body
B.To specify the format of the response body
C.To indicate the desired language
D.To authenticate the client sending the request
AnswerD

Authorization header carries credentials.

Why this answer

The Authorization header carries credentials (e.g., Bearer token) to authenticate the client.

2
Multi-Selectmedium

Which TWO authentication mechanisms are commonly used with Cisco REST APIs? (Choose two.)

Select 2 answers
A.API key
B.Basic authentication (base64 encoded)
C.Certificate-based authentication
D.Token-based authentication (self-issued)
E.OAuth 2.0
AnswersA, E

Used by Meraki and others.

Why this answer

API key and OAuth 2.0 are the most common. Basic auth is less common now. Token-based is a subset of OAuth.

Certificate-based is not typical for REST APIs.

3
MCQeasy

An application needs to retrieve a list of network devices from Cisco DNA Center. Which HTTP method should be used against the /dna/intent/api/v1/network-device endpoint?

A.PUT
B.DELETE
C.GET
D.POST
AnswerC

GET retrieves data without side effects.

Why this answer

GET is used to retrieve resources in REST APIs.

4
MCQmedium

Which authentication flow is most appropriate for a native mobile app that needs to access the Webex API on behalf of a user?

A.Client credentials grant
B.Resource owner password grant
C.Authorization code grant
D.Implicit grant
AnswerC

Allows a user to consent and delegate access to the app.

Why this answer

The authorization code grant is designed for apps that can securely store a client secret, but for native apps, PKCE (Proof Key for Code Exchange) is recommended. However, among standard grants, authorization code is the correct choice for user delegation.

5
Multi-Selecteasy

Which two HTTP methods are considered idempotent? (Choose two.)

Select 2 answers
A.POST
B.PATCH
C.PUT
D.GET
E.DELETE
AnswersC, D

PUT is idempotent.

Why this answer

PUT and DELETE are idempotent because multiple identical requests have the same effect as a single request. GET is also idempotent but POST and PATCH are not.

6
MCQmedium

What is the correct URL path for retrieving the configuration of a network interface using RESTCONF on a Cisco device?

A./restconf/data/ietf-interfaces:interfaces
B./restconf/data/interfaces
C./api/restconf/data/interfaces
D./restconf/operations/get-config
AnswerA

Correct RESTCONF path with YANG module prefix.

Why this answer

RESTCONF uses /restconf/data/ followed by the YANG module path. The standard path for interfaces is /restconf/data/ietf-interfaces:interfaces.

7
Multi-Selectmedium

Which TWO HTTP methods are considered safe (idempotent and without side effects on the server)?

Select 2 answers
A.POST
B.PUT
C.HEAD
D.DELETE
E.GET
AnswersC, E

HEAD is identical to GET but returns only headers; safe.

Why this answer

Option C (HEAD) is correct because the HEAD method is defined as idempotent and safe per RFC 7231: it retrieves the same headers as a GET request but without a response body, causing no side effects on the server. Option E (GET) is also correct because GET is explicitly defined as a safe method that only retrieves data and does not modify server state, making it idempotent.

Exam trap

Cisco often tests the distinction between idempotent and safe, trapping candidates who assume that idempotent methods (like PUT and DELETE) are also safe, when in fact safety requires no side effects on the server, which PUT and DELETE clearly violate.

8
Multi-Selectmedium

Which TWO of the following are commonly used when implementing pagination in REST APIs? (Select TWO)

Select 2 answers
A.Cursor-based token in response
B.Rate limiting headers
C.OAuth 2.0 token
D.Offset and limit query parameters
E.Webhook callback URL
AnswersA, D

Uses a token to point to the next page.

Why this answer

Offset/limit (or page/limit) and cursor-based pagination are common. Rate limiting is separate. OAuth is authentication.

Webhooks are for events.

9
MCQhard

A developer is using the Meraki Dashboard API and receives a 429 Too Many Requests error. The API documentation states a rate limit of 5 calls per second. What is the best practice to handle this?

A.Ignore the error and retry immediately.
B.Use a different API key to bypass the limit.
C.Increase the number of concurrent requests to exhaust the rate limit quickly.
D.Implement exponential backoff and honor the Retry-After header.
AnswerD

Exponential backoff with retry headers is the standard rate-limiting handling technique.

Why this answer

Implementing exponential backoff with retry-after headers is the recommended approach for rate-limited APIs. Ignoring or simply retrying immediately may worsen the situation.

10
MCQmedium

Which header is used to pass an API key in Meraki Dashboard API requests?

A.X-API-Key: <key>
B.Authorization: Bearer <token>
C.Authorization: Basic <base64>
D.X-Cisco-Meraki-API-Key: <key>
AnswerD

This is the correct header.

Why this answer

Meraki API uses the X-Cisco-Meraki-API-Key header for authentication.

11
MCQmedium

Which Cisco platform provides an Intent API for network automation, including endpoints for network-device, topology, and site hierarchy?

A.Cisco Catalyst Center
B.Cisco Webex
C.Cisco IOS XE
D.Meraki Dashboard
AnswerA

Catalyst Center (formerly DNA Center) provides the Intent API.

Why this answer

Cisco Catalyst Center (formerly DNA Center) provides an Intent API that abstracts network intent into RESTful endpoints. This API includes specific endpoints for managing network devices, retrieving topology views, and interacting with site hierarchy, enabling declarative network automation without low-level device configuration.

Exam trap

Cisco often tests the distinction between device-level APIs (like IOS XE RESTCONF) and platform-level Intent APIs (like Catalyst Center), causing candidates to confuse direct device management with abstracted network automation.

How to eliminate wrong answers

Option B is wrong because Cisco Webex focuses on collaboration and messaging APIs, not network automation or device management. Option C is wrong because Cisco IOS XE provides model-driven APIs like NETCONF/RESTCONF for device-level configuration, but it does not offer a platform-level Intent API with endpoints for site hierarchy or topology. Option D is wrong because Meraki Dashboard provides a REST API for managing Meraki cloud-managed devices, but it lacks the Intent API abstraction and site hierarchy endpoints specific to Catalyst Center.

12
MCQhard

In the context of Cisco Webex APIs, which mechanism allows an application to receive real-time notifications when a message is created in a space?

A.Enabling Server-Sent Events (SSE)
B.Registering a webhook with the resource 'messages' and event 'created'
C.Polling the /messages endpoint every second
D.Using a long-lived HTTP connection
AnswerB

Webhooks provide real-time callbacks.

Why this answer

Webex uses webhooks to send HTTP callbacks for events like message creation.

13
MCQhard

In gNMI, what is the difference between dial-in and dial-out streaming?

A.Dial-in is for configuration, dial-out for telemetry
B.Dial-in: device initiates the connection; dial-out: client initiates
C.Dial-in: client initiates subscription and receives data; dial-out: device pushes data to a configured receiver
D.Dial-in uses gRPC, dial-out uses HTTP
AnswerC

Correct description.

Why this answer

In gNMI, dial-in streaming refers to the client initiating a subscription request to the device, which then streams telemetry data back over the same gRPC session. Dial-out streaming, on the other hand, is a server-initiated model where the device (gNMI target) pushes telemetry data to a pre-configured receiver (collector) without waiting for a client request. Option C correctly captures this distinction: dial-in has the client subscribe and receive data, while dial-out has the device push data to a configured receiver.

Exam trap

Cisco often tests the direction of connection initiation (client vs. device) as the key differentiator, and the trap here is confusing which side initiates the connection in dial-in versus dial-out, leading candidates to reverse the roles as in Option B.

How to eliminate wrong answers

Option A is wrong because both dial-in and dial-out are used for telemetry streaming, not configuration; gNMI uses separate RPCs (Set/Get) for configuration. Option B is wrong because it reverses the roles: in dial-in, the client initiates the connection and subscription, while in dial-out, the device initiates the connection to the receiver. Option D is wrong because both dial-in and dial-out use gRPC as the transport protocol; HTTP is not used for gNMI streaming.

14
MCQeasy

Which HTTP method is used to partially update an existing resource in a RESTful API?

A.UPDATE
B.POST
C.PATCH
D.PUT
AnswerC

PATCH performs a partial update.

Why this answer

PATCH is used for partial updates; PUT replaces the entire resource.

15
Multi-Selecthard

Which three statements about Webex API webhooks are true? (Choose three.)

Select 3 answers
A.Webhooks deliver event data via HTTP POST to a specified URL.
B.Webhooks require OAuth 2.0 client credentials grant for security.
C.Webhooks can be filtered to trigger only on specific resources and events.
D.Webhooks are created by sending a POST request to the /webhooks endpoint.
E.Webhooks use long polling to receive events.
AnswersA, C, D

Webhooks send POST requests.

Why this answer

Webhooks are registered via POST, deliver payload via HTTP POST, and can be filtered by resource/event. They are not secured by OAuth exclusively and do not use long polling.

16
MCQmedium

A developer needs to create a Postman collection that uses a variable for the base URL and a token variable for authentication. The token is obtained from a login request and must be reused across requests. Where should the token variable be defined to persist across all requests in the collection?

A.As a data variable from a CSV file
B.As a global variable
C.As a collection variable
D.As a local variable in the login request
AnswerC

Collection variables are scoped to the collection and persist.

Why this answer

Option C is correct because collection variables in Postman are scoped to the entire collection, meaning they persist across all requests within that collection. By storing the token as a collection variable after the login request, it can be reused in subsequent requests without re-authentication. This is the recommended approach for sharing authentication tokens across requests in a Postman collection.

Exam trap

Cisco often tests the distinction between variable scopes in Postman, and the trap here is that candidates confuse global variables (which are too broad) with collection variables (which are correctly scoped), or mistakenly think local variables persist beyond the request in which they are defined.

How to eliminate wrong answers

Option A is wrong because data variables from a CSV file are used for data-driven testing and are only available during the execution of a single request iteration, not persisted across all requests. Option B is wrong because global variables are shared across all collections and workspaces, which is too broad and can lead to unintended overwrites or conflicts; collection variables provide the correct scope for a single collection. Option D is wrong because local variables are scoped to a single request or script execution and are not accessible outside that request, so the token would be lost after the login request completes.

17
MCQeasy

A developer wants to retrieve a list of network devices from Cisco DNA Center. Which HTTP method and URL structure should be used?

A.POST /dna/intent/api/v1/network-device
B.GET /dna/intent/api/v1/network-device
C.DELETE /dna/intent/api/v1/network-device
D.PUT /dna/intent/api/v1/network-device
AnswerB

This is the correct method and path.

Why this answer

The DNA Center intent API uses GET with the path /dna/intent/api/v1/network-device to retrieve devices.

18
MCQhard

A developer is using Postman to test a Cisco Webex API that creates a room. After running the request, they want to verify that the response status is 200 and that the response body contains a non-null 'id' field. Which Postman test code accomplishes this?

A.pm.test('Status code is 200', () => { pm.response.to.have.status(200); }); pm.test('ID exists', () => { pm.expect(pm.response.json().id).to.not.be.null; });
B.pm.response.to.have.status(200); if(pm.response.json().id) { console.log('exists'); }
C.pm.expect(pm.response.code).to.equal(200); pm.expect(pm.response.json().id).to.not.be.null;
D.pm.test('Status code is 200', () => { pm.response.to.have.status(200); }); pm.test('ID exists', () => { pm.expect(pm.response.json().id).to.be.null; });
AnswerA

Correct syntax for both checks.

Why this answer

pm.response.to.have.status checks the status; pm.expect and pm.response.json() access the body.

19
MCQmedium

Which OAuth 2.0 grant type is most appropriate for a server-to-server integration where no user interaction is required, such as a backend service calling Cisco API?

A.Authorization code grant
B.Password grant
C.Device code grant
D.Client credentials grant
AnswerD

Allows a client to act on its own behalf without user involvement.

Why this answer

Client credentials grant is designed for server-to-server scenarios without user consent. Authorization code requires user interaction. Device code is for devices with limited UI.

20
Multi-Selecthard

Which THREE of the following are characteristics of NETCONF? (Select THREE)

Select 3 answers
A.Uses SSH as the transport protocol
B.Uses HTTP as the transport protocol
C.Supports JSON encoding for data
D.Encodes operations as XML RPCs
E.Supports operations like <edit-config> and <get-config>
AnswersA, D, E

NETCONF typically runs over SSH (RFC 6242).

Why this answer

NETCONF uses SSH for transport, XML-encoded RPCs, and operations like edit-config/get-config. It does not use HTTP or JSON, and it is not stateless.

21
MCQeasy

A developer is making a GET request to a REST API and needs to specify that the response should be in JSON format. Which HTTP header should be set?

A.Content-Type
B.User-Agent
C.Authorization
D.Accept
AnswerD

Accept specifies the desired response format.

Why this answer

The Accept header is used by the client to tell the server which media types (e.g., application/json) it can understand and prefers for the response. In a GET request, the client does not send a body, so Content-Type is irrelevant for specifying the response format. Setting Accept: application/json ensures the server returns JSON if it supports that format.

Exam trap

Cisco often tests the distinction between Content-Type (for request body) and Accept (for response body), leading candidates to mistakenly choose Content-Type because they confuse 'sending' data with 'receiving' data.

How to eliminate wrong answers

Option A is wrong because Content-Type indicates the media type of the request body, not the desired response format; for a GET request with no body, Content-Type has no effect on the response. Option B is wrong because User-Agent identifies the client software (e.g., browser or tool) and has no role in content negotiation. Option C is wrong because Authorization carries credentials (e.g., Bearer token) for access control, not a preference for response format.

22
MCQmedium

A developer is using gRPC/gNMI for model-driven telemetry from a Cisco device. Which of the following best describes the difference between dial-in and dial-out streaming?

A.Dial-in uses gNMI; dial-out uses NETCONF.
B.Dial-in uses TCP; dial-out uses UDP.
C.Dial-in is initiated by the network device; dial-out is initiated by the collector.
D.Dial-in is initiated by the collector; dial-out is initiated by the device.
AnswerD

Correct: dial-in subscription from collector; dial-out is device pushing.

Why this answer

In gNMI, dial-in is when the collector initiates the subscription to the device; dial-out is when the device pushes data to the collector.

23
MCQmedium

Which HTTP header is used to specify the format of the request body (e.g., application/json) when sending a POST request to a REST API?

A.Accept
B.Content-Type
C.Authorization
D.X-Requested-With
AnswerB

Content-Type specifies the media type of the request body.

Why this answer

Content-Type indicates the media type of the request body. Accept indicates the desired response format. Authorization carries credentials.

24
MCQhard

A developer is implementing gRPC telemetry with dial-out streaming from a Cisco IOS XE device. Which component initiates the TCP connection to the collector?

A.A third-party orchestrator initiates
B.The network device initiates the connection
C.The collector initiates the connection
D.Both initiate simultaneously
AnswerB

Dial-out means device pushes data.

Why this answer

In dial-out streaming, the network device (server) initiates the connection to the collector (client).

25
Multi-Selecthard

Which THREE of the following are valid NETCONF operations? (Choose three.)

Select 3 answers
A.<edit-config>
B.<rpc>
C.<get-config>
D.<commit>
E.<close-session>
AnswersA, C, E

Standard operation to modify configuration.

Why this answer

NETCONF defines standard operations: <get>, <get-config>, <edit-config>, <copy-config>, <delete-config>, <lock>, <unlock>, <close-session>, <kill-session>. <commit> is used in the candidate configuration model but is not a base operation; it's an optional capability. <rpc> is the message wrapper, not an operation.

26
Multi-Selecthard

Which three statements are true about the Cisco Catalyst Center (formerly DNA Center) intent API? (Choose three.)

Select 3 answers
A.The base URL for the API includes the Catalyst Center hostname and port.
B.Authentication is done by sending a POST request to /dna/system/api/v1/auth/token with credentials.
C.The API uses only GET and POST methods.
D.It uses RESTful principles and returns JSON responses.
E.It requires an API key passed in the X-Cisco-Meraki-API-Key header.
AnswersA, B, D

Yes, e.g., https://<host>:<port>/dna/intent/...

Why this answer

Option A is correct because the Cisco Catalyst Center intent API uses a base URL that includes the Catalyst Center hostname (or IP address) and port (typically 443 for HTTPS). For example, the base URL is formatted as `https://<catalyst-center-hostname>:443/dna/intent/api/v1/`. This is required to direct API calls to the specific Catalyst Center instance.

Exam trap

Cisco often tests the distinction between Catalyst Center and Meraki APIs, so the trap here is confusing the authentication method (token-based vs. API key) and assuming only GET/POST are used, when in fact RESTful APIs support full CRUD operations.

27
MCQhard

A developer is configuring a RESTCONF request to retrieve the configuration of an interface on a Cisco device. Which URL path and Content-Type header are correct?

A.GET /restconf/data/interface with Content-Type: application/yang-data+json
B.GET /restconf/data/interface with Content-Type: application/xml
C.GET /restconf/data/interface with Content-Type: application/json
D.GET /restconf/operations/interface with Content-Type: application/yang-data+json
AnswerA

Correct path and Content-Type for RESTCONF data retrieval in JSON.

Why this answer

Option A is correct because RESTCONF uses the '/restconf/data' base path to retrieve configuration data (the 'data' resource), and the correct Content-Type for RESTCONF with JSON encoding is 'application/yang-data+json', as defined in RFC 8040. This combination ensures the request targets the operational or configuration datastore and specifies the YANG-encoded JSON media type.

Exam trap

Cisco often tests the distinction between the generic 'application/json' and the RESTCONF-specific 'application/yang-data+json', leading candidates to choose the familiar but incorrect generic type.

How to eliminate wrong answers

Option B is wrong because 'application/xml' is not a valid Content-Type for RESTCONF; the correct XML media type is 'application/yang-data+xml'. Option C is wrong because 'application/json' is too generic; RESTCONF requires the specific media type 'application/yang-data+json' to indicate YANG-encoded JSON data. Option D is wrong because '/restconf/operations' is used for invoking RPC operations, not for retrieving configuration data, which should use '/restconf/data'.

28
MCQmedium

Which pagination method uses a 'Link' header with 'rel="next"' to indicate the next page of results?

A.Offset/limit pagination
B.Page-based pagination
C.Token-based pagination
D.Cursor-based pagination with Link header
AnswerD

The Link header provides the next page URL.

Why this answer

The Link header with rel="next" is used by the Meraki Dashboard API and others for cursor-based pagination.

29
MCQeasy

What does the Link header in a paginated API response typically contain?

A.The rate limit status
B.URLs for navigating to other pages
C.The API version
D.Only the total count of resources
AnswerB

Link header provides pagination links.

Why this answer

The Link header includes URLs for next, previous, first, and last pages for cursor-based pagination.

30
MCQmedium

A REST API uses offset and limit parameters for pagination. If the first request returns items 0-49 with limit=50 and offset=0, how should the next request be constructed to get the next page?

A.offset=1, limit=50
B.offset=50, limit=50
C.offset=50, limit=100
D.offset=0, limit=100
AnswerB

Correct: skip first 50 items.

Why this answer

Option B is correct because pagination with offset and limit works by advancing the offset by the limit value to fetch the next set of items. The first request returned items 0-49 (offset=0, limit=50), so the next request should start at offset=50 with the same limit=50 to retrieve items 50-99. This ensures no overlap and no gaps in the data.

Exam trap

The trap here is that candidates mistakenly think offset should be incremented by 1 (like a page number) rather than by the limit value, leading them to choose offset=1 instead of offset=50.

How to eliminate wrong answers

Option A is wrong because offset=1 would skip item 0 and start at item 1, causing a gap and missing item 0 from the second page. Option C is wrong because offset=50 with limit=100 would retrieve items 50-149, which is not the correct next page size (should be 50 items) and could exceed the intended page size. Option D is wrong because offset=0 with limit=100 would retrieve items 0-99, which includes the already-fetched first page and changes the page size, leading to duplicate data.

31
MCQmedium

An application needs to receive real-time notifications when a new message is posted in a Webex space. Which Webex API feature should be used?

A.Establish a WebSocket connection to the Webex API
B.Create a webhook that triggers on 'messages' events
C.Use Server-Sent Events (SSE) from the Webex API
D.Poll the messages endpoint every second
AnswerB

Webhooks provide real-time event notifications.

Why this answer

Webex uses webhooks to push real-time event notifications to an external server. By creating a webhook that triggers on 'messages' events, the application receives an HTTP POST request whenever a new message is posted in the specified space, eliminating the need for polling or persistent connections.

Exam trap

Cisco often tests the distinction between push-based (webhooks) and pull-based (polling) mechanisms, and candidates may mistakenly assume WebSocket or SSE are available because they are common real-time technologies, but Webex specifically relies on webhooks for event-driven notifications.

How to eliminate wrong answers

Option A is wrong because Webex does not expose a WebSocket endpoint for real-time messaging events; webhooks are the standard mechanism. Option C is wrong because Webex does not support Server-Sent Events (SSE) for message notifications; SSE is not part of the Webex API. Option D is wrong because polling the messages endpoint every second is inefficient, introduces latency, and violates API rate limits; webhooks provide immediate, push-based notifications without active polling.

32
MCQeasy

In a Postman collection, a developer stores the base URL of a Meraki API as a variable. Which Postman feature allows this?

A.Tests
B.Environments
C.Pre-request Scripts
D.Collections
AnswerB

Environments store key-value pairs.

Why this answer

Environments allow defining variables like base_url that can be reused across requests.

33
MCQhard

In Cisco DNA Center, which API endpoint is used to retrieve the site hierarchy?

A.POST /dna/intent/api/v1/site
B.GET /dna/intent/api/v1/network-device
C.GET /dna/intent/api/v1/site
D.GET /dna/intent/api/v1/topology
AnswerC

This returns site hierarchy.

Why this answer

The site hierarchy can be retrieved via GET /dna/intent/api/v1/site.

34
MCQmedium

An application uses the Meraki Dashboard API and receives a 429 Too Many Requests error. What is the most likely cause, and how should the application adjust?

A.The request body is malformed; check JSON syntax.
B.The API key is invalid; regenerate the key.
C.The network is down; check connectivity.
D.The application exceeded the rate limit of 5 calls per second; implement exponential backoff.
AnswerD

429 indicates rate limit; backoff is appropriate.

Why this answer

Meraki API rate limits at 5 calls per second; a 429 indicates rate limit exceeded. The application should implement retry with backoff.

35
MCQeasy

Which header is used in an HTTP request to tell the server the format of the request body?

A.Authorization
B.Content-Type
C.Accept
D.Host
AnswerB

Content-Type indicates the format of the request body.

Why this answer

Content-Type header specifies the media type of the request body, e.g., application/json.

36
MCQeasy

Which HTTP method is used to partially update a resource in a RESTful API?

A.POST
B.PUT
C.UPDATE
D.PATCH
AnswerD

PATCH is used for partial updates.

Why this answer

PATCH is used for partial updates, while PUT replaces the entire resource.

37
MCQhard

A developer is using NETCONF to retrieve the running configuration of a network device. Which operation should be used?

A.<get>
B.<copy-config>
C.<get-config>
D.<edit-config>
AnswerC

This retrieves configuration from a specified datastore.

Why this answer

The <get-config> operation retrieves configuration from a datastore (e.g., running).

38
MCQmedium

A Cisco Webex bot needs to receive real-time notifications when new messages are posted in a space. Which API feature should the bot use?

A.Server-Sent Events (SSE)
B.Polling the /messages endpoint every second
C.Webhooks via the /webhooks API
D.Long polling with a keep-alive connection
AnswerC

Webhooks provide real-time notifications.

Why this answer

Webex Webhooks allow real-time event notifications; the bot registers a webhook with a target URL that receives POST requests when events occur.

39
MCQeasy

A developer needs to partially update a Meraki network's configuration, changing only the time zone. Which HTTP method should be used on the network resource?

A.PUT
B.PATCH
C.DELETE
D.POST
AnswerB

PATCH applies partial modifications.

Why this answer

PATCH is used for partial updates in REST APIs.

40
MCQeasy

A network automation engineer wants to retrieve a list of all network devices from Cisco DNA Center. Which HTTP method and URL path should be used with the DNAC intent API?

A.PUT /dna/intent/api/v1/network-device
B.POST /dna/intent/api/v1/network-device
C.GET /dna/intent/api/v1/network-device
D.DELETE /dna/intent/api/v1/network-device
AnswerC

Correct: GET retrieves the list of network devices.

Why this answer

The intent API uses GET to retrieve data, and /dna/intent/api/v1/network-device is the correct path for listing network devices.

41
MCQmedium

In the OAuth 2.0 authorization code flow, what does the client receive after the user grants authorization?

A.An authorization code
B.A client secret
C.A refresh token
D.An access token
AnswerA

The code is the intermediate credential.

Why this answer

In the OAuth 2.0 authorization code flow, after the user grants authorization, the authorization server redirects the client with an authorization code in the query string. This code is a temporary credential that the client must exchange for an access token by sending it along with its client credentials to the token endpoint. The authorization code itself is not the final token; it is a one-time-use intermediary that prevents the access token from being exposed to the user agent.

Exam trap

Cisco often tests the distinction between what is received immediately after user authorization (the authorization code) versus what is obtained after the subsequent token exchange (access token and optionally a refresh token), causing candidates to mistakenly select the access token.

How to eliminate wrong answers

Option B is wrong because a client secret is a static credential pre-shared between the client and authorization server, not something received after user authorization. Option C is wrong because a refresh token is issued only after the client exchanges the authorization code for an access token at the token endpoint, not immediately upon user grant. Option D is wrong because the access token is not directly returned to the client after user authorization; the client must first exchange the authorization code for it via a back-channel request to the token endpoint.

42
MCQmedium

A network engineer wants to use NETCONF to change the hostname of a Cisco device. Which operation should be used?

A.<lock>
B.<copy-config>
C.<edit-config>
D.<get-config>
AnswerC

edit-config modifies config.

Why this answer

The <edit-config> operation is used to modify configuration data in NETCONF.

43
MCQhard

A developer is using the ncclient library in Python to connect to a network device via NETCONF. Which operation should be used to modify the running configuration and commit the changes?

A.validate() followed by get_config()
B.get_config() followed by copy_config()
C.edit_config() followed by commit()
D.discard_changes() followed by edit_config()
AnswerC

edit_config modifies, commit confirms changes.

Why this answer

Option C is correct because in NETCONF, the `edit-config()` operation is used to modify the running configuration, and the `commit()` operation is required to make those changes permanent when the device operates in candidate configuration mode. The ncclient library provides these methods to align with the NETCONF protocol's standard operations.

Exam trap

Cisco often tests the distinction between candidate and running datastores, and the trap here is that candidates assume `edit_config()` alone commits changes, forgetting that a separate `commit()` is required when the device uses a candidate configuration model.

How to eliminate wrong answers

Option A is wrong because `validate()` checks the syntactic correctness of a configuration but does not modify it, and `get_config()` retrieves configuration data without making changes. Option B is wrong because `get_config()` retrieves configuration, and `copy_config()` copies a configuration from one datastore to another (e.g., running to startup), but neither directly modifies the running configuration with a commit step. Option D is wrong because `discard_changes()` reverts uncommitted changes in a candidate datastore, and `edit_config()` modifies the configuration; performing `discard_changes()` before `edit_config()` would discard any pending changes but does not achieve a commit of new modifications.

44
MCQeasy

Which HTTP method should be used to partially update an existing resource in a REST API?

A.PUT
B.DELETE
C.POST
D.PATCH
AnswerD

PATCH is used for partial updates.

Why this answer

PATCH is used for partial updates, while PUT replaces the entire resource.

45
MCQmedium

A developer is using the Meraki Dashboard API and notices that some requests return a 429 status code. What is the most likely cause?

A.The organization ID is incorrect.
B.The request payload is too large.
C.The API key is invalid.
D.The rate limit of 5 requests per second has been exceeded.
AnswerD

Meraki enforces a 5 req/s rate limit.

Why this answer

Meraki API rate limits at 5 calls per second; exceeding this returns 429 Too Many Requests.

46
MCQeasy

Which HTTP method is idempotent and safe?

A.GET
B.DELETE
C.POST
D.PUT
AnswerA

GET is safe and idempotent.

Why this answer

GET is both idempotent and safe because it is designed to retrieve a resource without causing any side effects on the server. According to RFC 7231, a safe method does not modify the resource state, and an idempotent method guarantees that multiple identical requests produce the same result as a single request. GET satisfies both conditions, as it never alters server state and repeating the same GET request returns the same representation.

Exam trap

Cisco often tests the distinction between idempotent and safe by pairing DELETE (idempotent but not safe) or PUT (idempotent but not safe) as distractors, leading candidates to assume that any method that can be repeated safely is also safe, when in fact safety requires no server-side state change.

How to eliminate wrong answers

Option B (DELETE) is wrong because while DELETE is idempotent (repeated calls have the same effect as one call, typically returning 404 after the first deletion), it is not safe because it modifies server state by removing a resource. Option C (POST) is wrong because POST is neither safe nor idempotent; it creates or updates a resource, and multiple identical POST requests can result in multiple resource creations or side effects. Option D (PUT) is wrong because although PUT is idempotent (replacing a resource with the same representation yields the same state), it is not safe because it modifies server state by updating or creating a resource.

47
MCQeasy

What HTTP method should be used to update only the description field of a network device resource via a REST API?

A.DELETE
B.PUT
C.POST
D.PATCH
AnswerD

PATCH is designed for partial updates to a resource.

Why this answer

PATCH is used for partial updates, whereas PUT replaces the entire resource. GET retrieves, POST creates, DELETE removes.

48
MCQmedium

What is the correct Content-Type header value for a RESTCONF request using JSON encoding?

A.application/yang-data+json
B.application/json
C.text/json
D.application/xml
AnswerA

Defined in RFC 8040 for RESTCONF JSON encoding.

Why this answer

RESTCONF uses application/yang-data+json for JSON and application/yang-data+xml for XML. application/json is not specific to YANG data.

49
MCQhard

A developer is implementing OAuth 2.0 for a Cisco Webex integration that needs to send messages on behalf of a user. The integration runs on a server with no user interface. Which OAuth 2.0 flow should be used?

A.Implicit flow
B.Client Credentials flow
C.Authorization Code flow with PKCE
D.Device Code flow
AnswerB

Server-to-server without user context; suitable for non-interactive apps.

Why this answer

For a server-to-server scenario without a user interface, the client credentials grant is appropriate, even though Webex typically uses authorization code for user context. However, the question implies a machine-to-machine scenario; client credentials flow is for server-to-server where no user is present.

50
MCQhard

A developer needs to use Postman to test an API that uses Basic authentication. How should the credentials be configured in Postman?

A.Send the credentials in the request body as JSON
B.Use the Authorization tab, select Basic Auth, and enter username and password
C.Set the Authorization header to 'Bearer base64(username:password)'
D.Add a query parameter 'auth' with base64-encoded credentials
AnswerB

Postman will automatically encode and set the header.

Why this answer

Postman's Authorization tab provides a Basic Auth type that automatically encodes credentials. The raw base64-encoded string is the underlying mechanism but is handled by Postman. Basic auth does not use bearer tokens.

51
Multi-Selectmedium

Which TWO of the following are valid methods for authenticating to a Cisco REST API? (Select two.)

Select 2 answers
A.API key in a custom header
B.IP address whitelisting
C.Username and password in the request body
D.Session ID in a cookie
E.OAuth 2.0 access token in Authorization header
AnswersA, E

Many Cisco APIs use API keys (e.g., Meraki).

Why this answer

API key and OAuth 2.0 token are common authentication methods. Basic auth (username:password) is also valid but less common for Cisco APIs. The question likely expects API key and OAuth 2.0.

52
MCQmedium

When using RESTCONF to configure a network device, what Content-Type header should be set in the HTTP request to indicate YANG data in JSON format?

A.application/yang
B.application/yang-data+json
C.application/xml
D.application/json
AnswerB

Correct media type for RESTCONF with JSON.

Why this answer

RESTCONF uses application/yang-data+json for JSON encoding of YANG data.

53
MCQmedium

When using the Cisco DNA Center intent API to retrieve issues, the response includes a Link header with rel="next" and a URL. What type of pagination is this?

A.Offset/limit pagination
B.Cursor-based pagination via Link header
C.Page-based pagination
D.No pagination
AnswerB

Link header with rel="next" is cursor-based.

Why this answer

The Link header with rel="next" indicates cursor-based or link-based pagination.

54
MCQhard

When using OAuth 2.0 client credentials flow with a Cisco API, what is the typical purpose of the access token?

A.To identify the user's role
B.To authenticate the user
C.To authorize the client application to access resources
D.To encrypt the request payload
AnswerC

The token represents the client's authorization.

Why this answer

Client credentials flow is for server-to-server; the access token authorizes the client application to access resources on its own behalf, not on behalf of a user.

55
Multi-Selectmedium

A developer is designing a REST API that requires pagination. Which two pagination methods are commonly used? (Choose two.)

Select 2 answers
A.B-tree pagination
B.Offset/limit pagination
C.Link header pagination
D.Cursor-based pagination
E.Hash-based pagination
AnswersB, D

Uses offset and limit parameters.

Why this answer

Offset/limit (page number/size) and cursor-based (use a token or cursor to navigate) are common. Link headers (RFC 5988) are also used but are not a pagination method themselves; they convey links. B-tree and hash-based are not typical.

56
Multi-Selecthard

Which THREE statements about NETCONF are correct?

Select 3 answers
A.NETCONF uses HTTP as the transport protocol.
B.NETCONF uses SSH as the transport protocol.
C.The <edit-config> operation is used to modify configuration data.
D.The <get-config> operation retrieves both configuration and state data.
E.NETCONF operations are XML RPCs.
AnswersB, C, E

RFC 6241 specifies SSH as the mandatory transport.

Why this answer

NETCONF uses SSH as its transport protocol, as specified in RFC 6242. This provides a secure, encrypted channel for network device management, which is a fundamental requirement for production environments.

Exam trap

Cisco often tests the distinction between NETCONF and RESTCONF transport protocols, and the specific datastore retrieval operations, leading candidates to confuse <get-config> with <get> or to assume HTTP is used for NETCONF.

57
Multi-Selectmedium

A developer needs to retrieve a list of network devices from Cisco DNA Center with pagination. Which TWO URL components are typically used for offset/limit pagination?

Select 2 answers
A.Link header
B.Query parameter 'page'
C.Query parameter 'limit'
D.Query parameter 'offset'
E.Path parameter 'page'
AnswersC, D

Specifies the maximum number of items.

Why this answer

In Cisco DNA Center's REST API, pagination is typically implemented using the 'offset' and 'limit' query parameters. 'offset' specifies the starting index for the results, and 'limit' specifies the maximum number of items to return per page. This is a common pattern in many RESTful APIs for offset/limit pagination.

Exam trap

Cisco often tests the distinction between offset/limit pagination (using 'offset' and 'limit' query parameters) and page-based pagination (using 'page' and 'size' or 'per_page' parameters), leading candidates to mistakenly select 'page' as a correct option.

58
MCQhard

A network engineer wants to stream telemetry data from a Cisco router using gRPC. Which gRPC service model is typically used for the router to push data to a collector?

A.RESTCONF events
B.NETCONF subscription
C.Dial-in model
D.Dial-out model
AnswerD

Dial-out is used for device-initiated push of telemetry data.

Why this answer

Dial-out streaming (also called telemetry push) is where the device initiates the connection and sends data to the collector. Dial-in is where the collector pulls data from the device.

59
Multi-Selecteasy

Which TWO of the following HTTP methods are considered safe (idempotent and not modifying server state)? (Select two.)

Select 2 answers
A.PUT
B.DELETE
C.POST
D.GET
E.HEAD
AnswersD, E

GET is safe and idempotent.

Why this answer

GET and HEAD are safe; they do not change server state and are idempotent.

60
MCQeasy

What is the default rate limit for the Meraki Dashboard API?

A.20 calls per second
B.1 call per second
C.10 calls per second
D.5 calls per second
AnswerD

This is the documented rate limit.

Why this answer

Meraki Dashboard API enforces a rate limit of 5 calls per second.

61
Multi-Selectmedium

Which TWO of the following are valid query parameter-based pagination methods used in REST APIs? (Select two.)

Select 2 answers
A.Timestamp-based (e.g., since)
B.Link header with rel="next"
C.Cursor-based (e.g., startingAfter)
D.Offset and limit
E.Page and per_page
AnswersC, D

Used by Meraki and others.

Why this answer

Offset/limit and cursor-based (e.g., startingAfter) are common. Page/per_page is similar to offset/limit. Link header is another method but not a query parameter.

62
Multi-Selectmedium

A developer is using the Meraki Dashboard API and needs to handle paginated responses. Which TWO ways does Meraki indicate pagination? (Choose two.)

Select 2 answers
A.Offset and limit query parameters
B.Link header with rel="next"
C.Multiple pages returned in a single response
D.Total count in response body
E.Cursor-based pagination with startingAfter parameter
AnswersB, E

Meraki includes a Link header.

Why this answer

Meraki uses Link header for pagination (rel="next") and also supports query parameters like perPage and startingAfter (cursor-based). Offset is not used by Meraki.

63
MCQhard

A developer needs to retrieve a list of Webex teams that the authenticated user belongs to. Which HTTP request is correct?

A.GET https://api.ciscospark.com/v1/teams
B.POST https://api.ciscospark.com/v1/teams
C.PUT https://api.ciscospark.com/v1/teams
D.GET https://api.webex.com/v1/teams
AnswerA

This is the correct endpoint.

Why this answer

The Webex Teams API uses GET /v1/teams to list teams.

64
MCQmedium

A network automation engineer is using the Cisco DNA Center intent API to retrieve a list of network devices. Which API endpoint should be used?

A.GET /dna/intent/api/v1/site
B.GET /dna/intent/api/v1/topology
C.GET /dna/intent/api/v1/network-device
D.GET /dna/intent/api/v1/issue
AnswerC

Correct endpoint for listing network devices.

Why this answer

The correct endpoint is GET /dna/intent/api/v1/network-device because the Cisco DNA Center intent API uses this path to retrieve a list of all network devices managed by the controller. The 'network-device' resource is specifically designed for device inventory operations, returning details such as hostname, IP address, platform ID, and software version. This aligns with the intent API's purpose of abstracting underlying complexities into business-relevant resources.

Exam trap

Cisco often tests the distinction between 'network-device' (inventory) and 'topology' (relationships) — candidates mistakenly pick topology because they think 'list of devices' implies a map view, but the intent API separates raw device data from topological connections.

How to eliminate wrong answers

Option A is wrong because GET /dna/intent/api/v1/site retrieves site hierarchy information (buildings, floors, areas), not network device lists. Option B is wrong because GET /dna/intent/api/v1/topology returns the physical or logical topology map of the network, not a flat device inventory. Option D is wrong because GET /dna/intent/api/v1/issue fetches health or assurance issues (e.g., syslog, SNMP traps), not device inventory data.

65
Multi-Selecthard

A developer is designing a Cisco Catalyst Center integration that uses the intent API. Which THREE of the following are available via the intent API? (Select three.)

Select 3 answers
A.Site hierarchy
B.Network device configuration files
C.Issues and health scores
D.List of network devices
E.Real-time interface statistics
AnswersA, C, D

GET /dna/intent/api/v1/site.

Why this answer

The intent API provides access to network devices, site hierarchy, and issues. Command runner is also available but as a separate endpoint.

66
Multi-Selectmedium

Which three HTTP methods are used for CRUD operations in REST APIs? (Choose three.)

Select 3 answers
A.DELETE
B.GET
C.PATCH
D.POST
E.PUT
AnswersB, D, E

Read operation.

Why this answer

GET (read), POST (create), PUT (update/replace) are CRUD; DELETE (delete) is also CRUD but question asks for three, and PATCH is partial update not always considered core CRUD.

67
MCQhard

In a RESTCONF API call to retrieve a specific interface configuration on a Cisco device, an engineer sends a GET request to /restconf/data/interfaces/interface=GigabitEthernet0/1. What Content-Type should be specified in the Accept header to receive YANG-defined JSON?

A.text/plain
B.application/xml
C.application/yang-data+json
D.application/json
AnswerC

This is the correct media type for YANG JSON.

Why this answer

RESTCONF uses application/yang-data+json for JSON encoding of YANG data.

68
MCQmedium

When using the Meraki Dashboard API, how should the API key be included in a request?

A.In the X-Cisco-Meraki-API-Key header
B.As a query parameter named 'apiKey'
C.In the Authorization header using Bearer scheme
D.In the request body as JSON
AnswerA

This is the required header.

Why this answer

Meraki requires the API key in a custom header X-Cisco-Meraki-API-Key.

69
MCQhard

An application uses NETCONF to configure a Cisco device. It sends an <edit-config> operation with the target 'running' and the operation 'merge'. Which statement about this operation is correct?

A.It will merge the new data into the running configuration, creating or updating as needed.
B.It will delete the specified data from the running configuration.
C.It will remove all configuration and apply only the new data.
D.It will replace the entire running configuration with the new data.
AnswerA

'merge' merges the data into the target datastore.

Why this answer

In NETCONF, <edit-config> with 'merge' operation will update existing data if present, or create if not. The 'running' datastore is typically not directly writable; 'candidate' is used for changes then commit. However, some devices allow direct edit of 'running' with 'merge' if supported.

70
MCQhard

When using gRPC/gNMI for model-driven telemetry, which mode allows the network device to push telemetry data to a collector without the collector initiating the connection?

A.Dial-out
B.gRPC streaming
C.Streaming pull
D.Dial-in
AnswerA

Dial-out has the device push data to the collector.

Why this answer

In gRPC/gNMI-based model-driven telemetry, dial-out mode enables the network device (server) to initiate a connection to the collector (client) and push telemetry data without any prior request from the collector. This is the correct mode for unsolicited streaming telemetry, as defined in the gNMI specification (gRPC Network Management Interface).

Exam trap

Cisco often tests the distinction between dial-in and dial-out by reversing the roles of client and server, so the trap here is confusing the direction of connection initiation with the direction of data flow.

How to eliminate wrong answers

Option B is wrong because gRPC streaming is a generic transport mechanism that can be used in both dial-in and dial-out modes, but it does not specify which side initiates the connection. Option C is wrong because streaming pull is a mode where the collector initiates the connection and requests data from the device, not the device pushing data. Option D is wrong because dial-in mode requires the collector to initiate the connection to the device, which is the opposite of the scenario described.

71
MCQeasy

In Postman, what feature allows you to reuse a value like a base URL or token across multiple requests?

A.Mock Servers
B.Workspaces
C.Environments
D.Collections
AnswerC

Environments contain variables for reuse.

Why this answer

Environments store variables that can be referenced across requests.

72
MCQmedium

A developer is making requests to the Meraki Dashboard API and receives a 429 Too Many Requests response. What is the default rate limit for this API?

A.20 requests per second
B.10 requests per second
C.1 request per second
D.5 requests per second
AnswerD

Meraki enforces 5 requests per second.

Why this answer

Meraki API rate limits at 5 requests per second per API key.

73
MCQmedium

In the Cisco DNA Center intent API, which HTTP method should be used to update a specific site's information?

A.GET
B.POST
C.PUT
D.DELETE
AnswerC

PUT replaces the site data.

Why this answer

For updating an existing resource, PUT is used to replace the entire resource, while PATCH is for partial updates. DNA Center intent API typically uses PUT for updates, but PATCH may also be supported. The question asks for update; PUT is the standard.

74
MCQeasy

What is the purpose of the 'Authorization' header in a REST API request?

A.To enable caching of the response
B.To authenticate the client
C.To specify the desired response format
D.To specify the format of the request body
AnswerB

Authorization header carries authentication credentials.

Why this answer

The Authorization header carries credentials (e.g., Bearer token, Basic auth) to authenticate the client. Content-Type specifies body format. Accept specifies response format.

75
MCQmedium

A developer uses RESTCONF to configure a network device. What is the correct content-type header to send in the request?

A.application/json
B.application/xml
C.application/yang-data+json
D.text/plain
AnswerC

This is the standard media type for RESTCONF with JSON.

Why this answer

RESTCONF uses application/yang-data+json for JSON encoding of YANG data.

Page 1 of 2 · 99 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Devnet Apis questions.