What is the purpose of the Authorization header in a REST API call?
Authorization header carries credentials.
Why this answer
The Authorization header carries credentials (e.g., Bearer token) to authenticate the client.
75 of 99 questions · Page 1/2 · Devnet Apis topic · Answers revealed
What is the purpose of the Authorization header in a REST API call?
Authorization header carries credentials.
Why this answer
The Authorization header carries credentials (e.g., Bearer token) to authenticate the client.
Which TWO authentication mechanisms are commonly used with Cisco REST APIs? (Choose two.)
Used by Meraki and others.
Why this answer
API key and OAuth 2.0 are the most common. Basic auth is less common now. Token-based is a subset of OAuth.
Certificate-based is not typical for REST APIs.
An application needs to retrieve a list of network devices from Cisco DNA Center. Which HTTP method should be used against the /dna/intent/api/v1/network-device endpoint?
GET retrieves data without side effects.
Why this answer
GET is used to retrieve resources in REST APIs.
Which authentication flow is most appropriate for a native mobile app that needs to access the Webex API on behalf of a user?
Allows a user to consent and delegate access to the app.
Why this answer
The authorization code grant is designed for apps that can securely store a client secret, but for native apps, PKCE (Proof Key for Code Exchange) is recommended. However, among standard grants, authorization code is the correct choice for user delegation.
Which two HTTP methods are considered idempotent? (Choose two.)
PUT is idempotent.
Why this answer
PUT and DELETE are idempotent because multiple identical requests have the same effect as a single request. GET is also idempotent but POST and PATCH are not.
What is the correct URL path for retrieving the configuration of a network interface using RESTCONF on a Cisco device?
Correct RESTCONF path with YANG module prefix.
Why this answer
RESTCONF uses /restconf/data/ followed by the YANG module path. The standard path for interfaces is /restconf/data/ietf-interfaces:interfaces.
Which TWO HTTP methods are considered safe (idempotent and without side effects on the server)?
HEAD is identical to GET but returns only headers; safe.
Why this answer
Option C (HEAD) is correct because the HEAD method is defined as idempotent and safe per RFC 7231: it retrieves the same headers as a GET request but without a response body, causing no side effects on the server. Option E (GET) is also correct because GET is explicitly defined as a safe method that only retrieves data and does not modify server state, making it idempotent.
Exam trap
Cisco often tests the distinction between idempotent and safe, trapping candidates who assume that idempotent methods (like PUT and DELETE) are also safe, when in fact safety requires no side effects on the server, which PUT and DELETE clearly violate.
Which TWO of the following are commonly used when implementing pagination in REST APIs? (Select TWO)
Uses a token to point to the next page.
Why this answer
Offset/limit (or page/limit) and cursor-based pagination are common. Rate limiting is separate. OAuth is authentication.
Webhooks are for events.
A developer is using the Meraki Dashboard API and receives a 429 Too Many Requests error. The API documentation states a rate limit of 5 calls per second. What is the best practice to handle this?
Exponential backoff with retry headers is the standard rate-limiting handling technique.
Why this answer
Implementing exponential backoff with retry-after headers is the recommended approach for rate-limited APIs. Ignoring or simply retrying immediately may worsen the situation.
Which header is used to pass an API key in Meraki Dashboard API requests?
This is the correct header.
Why this answer
Meraki API uses the X-Cisco-Meraki-API-Key header for authentication.
Which Cisco platform provides an Intent API for network automation, including endpoints for network-device, topology, and site hierarchy?
Catalyst Center (formerly DNA Center) provides the Intent API.
Why this answer
Cisco Catalyst Center (formerly DNA Center) provides an Intent API that abstracts network intent into RESTful endpoints. This API includes specific endpoints for managing network devices, retrieving topology views, and interacting with site hierarchy, enabling declarative network automation without low-level device configuration.
Exam trap
Cisco often tests the distinction between device-level APIs (like IOS XE RESTCONF) and platform-level Intent APIs (like Catalyst Center), causing candidates to confuse direct device management with abstracted network automation.
How to eliminate wrong answers
Option B is wrong because Cisco Webex focuses on collaboration and messaging APIs, not network automation or device management. Option C is wrong because Cisco IOS XE provides model-driven APIs like NETCONF/RESTCONF for device-level configuration, but it does not offer a platform-level Intent API with endpoints for site hierarchy or topology. Option D is wrong because Meraki Dashboard provides a REST API for managing Meraki cloud-managed devices, but it lacks the Intent API abstraction and site hierarchy endpoints specific to Catalyst Center.
In the context of Cisco Webex APIs, which mechanism allows an application to receive real-time notifications when a message is created in a space?
Webhooks provide real-time callbacks.
Why this answer
Webex uses webhooks to send HTTP callbacks for events like message creation.
In gNMI, what is the difference between dial-in and dial-out streaming?
Correct description.
Why this answer
In gNMI, dial-in streaming refers to the client initiating a subscription request to the device, which then streams telemetry data back over the same gRPC session. Dial-out streaming, on the other hand, is a server-initiated model where the device (gNMI target) pushes telemetry data to a pre-configured receiver (collector) without waiting for a client request. Option C correctly captures this distinction: dial-in has the client subscribe and receive data, while dial-out has the device push data to a configured receiver.
Exam trap
Cisco often tests the direction of connection initiation (client vs. device) as the key differentiator, and the trap here is confusing which side initiates the connection in dial-in versus dial-out, leading candidates to reverse the roles as in Option B.
How to eliminate wrong answers
Option A is wrong because both dial-in and dial-out are used for telemetry streaming, not configuration; gNMI uses separate RPCs (Set/Get) for configuration. Option B is wrong because it reverses the roles: in dial-in, the client initiates the connection and subscription, while in dial-out, the device initiates the connection to the receiver. Option D is wrong because both dial-in and dial-out use gRPC as the transport protocol; HTTP is not used for gNMI streaming.
Which HTTP method is used to partially update an existing resource in a RESTful API?
PATCH performs a partial update.
Why this answer
PATCH is used for partial updates; PUT replaces the entire resource.
Which three statements about Webex API webhooks are true? (Choose three.)
Webhooks send POST requests.
Why this answer
Webhooks are registered via POST, deliver payload via HTTP POST, and can be filtered by resource/event. They are not secured by OAuth exclusively and do not use long polling.
A developer needs to create a Postman collection that uses a variable for the base URL and a token variable for authentication. The token is obtained from a login request and must be reused across requests. Where should the token variable be defined to persist across all requests in the collection?
Collection variables are scoped to the collection and persist.
Why this answer
Option C is correct because collection variables in Postman are scoped to the entire collection, meaning they persist across all requests within that collection. By storing the token as a collection variable after the login request, it can be reused in subsequent requests without re-authentication. This is the recommended approach for sharing authentication tokens across requests in a Postman collection.
Exam trap
Cisco often tests the distinction between variable scopes in Postman, and the trap here is that candidates confuse global variables (which are too broad) with collection variables (which are correctly scoped), or mistakenly think local variables persist beyond the request in which they are defined.
How to eliminate wrong answers
Option A is wrong because data variables from a CSV file are used for data-driven testing and are only available during the execution of a single request iteration, not persisted across all requests. Option B is wrong because global variables are shared across all collections and workspaces, which is too broad and can lead to unintended overwrites or conflicts; collection variables provide the correct scope for a single collection. Option D is wrong because local variables are scoped to a single request or script execution and are not accessible outside that request, so the token would be lost after the login request completes.
A developer wants to retrieve a list of network devices from Cisco DNA Center. Which HTTP method and URL structure should be used?
This is the correct method and path.
Why this answer
The DNA Center intent API uses GET with the path /dna/intent/api/v1/network-device to retrieve devices.
A developer is using Postman to test a Cisco Webex API that creates a room. After running the request, they want to verify that the response status is 200 and that the response body contains a non-null 'id' field. Which Postman test code accomplishes this?
Correct syntax for both checks.
Why this answer
pm.response.to.have.status checks the status; pm.expect and pm.response.json() access the body.
Which OAuth 2.0 grant type is most appropriate for a server-to-server integration where no user interaction is required, such as a backend service calling Cisco API?
Allows a client to act on its own behalf without user involvement.
Why this answer
Client credentials grant is designed for server-to-server scenarios without user consent. Authorization code requires user interaction. Device code is for devices with limited UI.
Which THREE of the following are characteristics of NETCONF? (Select THREE)
NETCONF typically runs over SSH (RFC 6242).
Accept specifies the desired response format.
Why this answer
The Accept header is used by the client to tell the server which media types (e.g., application/json) it can understand and prefers for the response. In a GET request, the client does not send a body, so Content-Type is irrelevant for specifying the response format. Setting Accept: application/json ensures the server returns JSON if it supports that format.
Exam trap
Cisco often tests the distinction between Content-Type (for request body) and Accept (for response body), leading candidates to mistakenly choose Content-Type because they confuse 'sending' data with 'receiving' data.
How to eliminate wrong answers
Option A is wrong because Content-Type indicates the media type of the request body, not the desired response format; for a GET request with no body, Content-Type has no effect on the response. Option B is wrong because User-Agent identifies the client software (e.g., browser or tool) and has no role in content negotiation. Option C is wrong because Authorization carries credentials (e.g., Bearer token) for access control, not a preference for response format.
A developer is using gRPC/gNMI for model-driven telemetry from a Cisco device. Which of the following best describes the difference between dial-in and dial-out streaming?
Correct: dial-in subscription from collector; dial-out is device pushing.
Why this answer
In gNMI, dial-in is when the collector initiates the subscription to the device; dial-out is when the device pushes data to the collector.
Content-Type specifies the media type of the request body.
Why this answer
Content-Type indicates the media type of the request body. Accept indicates the desired response format. Authorization carries credentials.
A developer is implementing gRPC telemetry with dial-out streaming from a Cisco IOS XE device. Which component initiates the TCP connection to the collector?
Dial-out means device pushes data.
Why this answer
In dial-out streaming, the network device (server) initiates the connection to the collector (client).
Which THREE of the following are valid NETCONF operations? (Choose three.)
Standard operation to modify configuration.
Why this answer
NETCONF defines standard operations: <get>, <get-config>, <edit-config>, <copy-config>, <delete-config>, <lock>, <unlock>, <close-session>, <kill-session>. <commit> is used in the candidate configuration model but is not a base operation; it's an optional capability. <rpc> is the message wrapper, not an operation.
Which three statements are true about the Cisco Catalyst Center (formerly DNA Center) intent API? (Choose three.)
Yes, e.g., https://<host>:<port>/dna/intent/...
Why this answer
Option A is correct because the Cisco Catalyst Center intent API uses a base URL that includes the Catalyst Center hostname (or IP address) and port (typically 443 for HTTPS). For example, the base URL is formatted as `https://<catalyst-center-hostname>:443/dna/intent/api/v1/`. This is required to direct API calls to the specific Catalyst Center instance.
Exam trap
Cisco often tests the distinction between Catalyst Center and Meraki APIs, so the trap here is confusing the authentication method (token-based vs. API key) and assuming only GET/POST are used, when in fact RESTful APIs support full CRUD operations.
A developer is configuring a RESTCONF request to retrieve the configuration of an interface on a Cisco device. Which URL path and Content-Type header are correct?
Correct path and Content-Type for RESTCONF data retrieval in JSON.
Why this answer
Option A is correct because RESTCONF uses the '/restconf/data' base path to retrieve configuration data (the 'data' resource), and the correct Content-Type for RESTCONF with JSON encoding is 'application/yang-data+json', as defined in RFC 8040. This combination ensures the request targets the operational or configuration datastore and specifies the YANG-encoded JSON media type.
Exam trap
Cisco often tests the distinction between the generic 'application/json' and the RESTCONF-specific 'application/yang-data+json', leading candidates to choose the familiar but incorrect generic type.
How to eliminate wrong answers
Option B is wrong because 'application/xml' is not a valid Content-Type for RESTCONF; the correct XML media type is 'application/yang-data+xml'. Option C is wrong because 'application/json' is too generic; RESTCONF requires the specific media type 'application/yang-data+json' to indicate YANG-encoded JSON data. Option D is wrong because '/restconf/operations' is used for invoking RPC operations, not for retrieving configuration data, which should use '/restconf/data'.
Which pagination method uses a 'Link' header with 'rel="next"' to indicate the next page of results?
The Link header provides the next page URL.
Why this answer
The Link header with rel="next" is used by the Meraki Dashboard API and others for cursor-based pagination.
What does the Link header in a paginated API response typically contain?
Link header provides pagination links.
Why this answer
The Link header includes URLs for next, previous, first, and last pages for cursor-based pagination.
A REST API uses offset and limit parameters for pagination. If the first request returns items 0-49 with limit=50 and offset=0, how should the next request be constructed to get the next page?
Correct: skip first 50 items.
Why this answer
Option B is correct because pagination with offset and limit works by advancing the offset by the limit value to fetch the next set of items. The first request returned items 0-49 (offset=0, limit=50), so the next request should start at offset=50 with the same limit=50 to retrieve items 50-99. This ensures no overlap and no gaps in the data.
Exam trap
The trap here is that candidates mistakenly think offset should be incremented by 1 (like a page number) rather than by the limit value, leading them to choose offset=1 instead of offset=50.
How to eliminate wrong answers
Option A is wrong because offset=1 would skip item 0 and start at item 1, causing a gap and missing item 0 from the second page. Option C is wrong because offset=50 with limit=100 would retrieve items 50-149, which is not the correct next page size (should be 50 items) and could exceed the intended page size. Option D is wrong because offset=0 with limit=100 would retrieve items 0-99, which includes the already-fetched first page and changes the page size, leading to duplicate data.
An application needs to receive real-time notifications when a new message is posted in a Webex space. Which Webex API feature should be used?
Webhooks provide real-time event notifications.
Why this answer
Webex uses webhooks to push real-time event notifications to an external server. By creating a webhook that triggers on 'messages' events, the application receives an HTTP POST request whenever a new message is posted in the specified space, eliminating the need for polling or persistent connections.
Exam trap
Cisco often tests the distinction between push-based (webhooks) and pull-based (polling) mechanisms, and candidates may mistakenly assume WebSocket or SSE are available because they are common real-time technologies, but Webex specifically relies on webhooks for event-driven notifications.
How to eliminate wrong answers
Option A is wrong because Webex does not expose a WebSocket endpoint for real-time messaging events; webhooks are the standard mechanism. Option C is wrong because Webex does not support Server-Sent Events (SSE) for message notifications; SSE is not part of the Webex API. Option D is wrong because polling the messages endpoint every second is inefficient, introduces latency, and violates API rate limits; webhooks provide immediate, push-based notifications without active polling.
In a Postman collection, a developer stores the base URL of a Meraki API as a variable. Which Postman feature allows this?
Environments store key-value pairs.
Why this answer
Environments allow defining variables like base_url that can be reused across requests.
In Cisco DNA Center, which API endpoint is used to retrieve the site hierarchy?
This returns site hierarchy.
Why this answer
The site hierarchy can be retrieved via GET /dna/intent/api/v1/site.
An application uses the Meraki Dashboard API and receives a 429 Too Many Requests error. What is the most likely cause, and how should the application adjust?
429 indicates rate limit; backoff is appropriate.
Why this answer
Meraki API rate limits at 5 calls per second; a 429 indicates rate limit exceeded. The application should implement retry with backoff.
Which header is used in an HTTP request to tell the server the format of the request body?
Content-Type indicates the format of the request body.
Why this answer
Content-Type header specifies the media type of the request body, e.g., application/json.
Which HTTP method is used to partially update a resource in a RESTful API?
PATCH is used for partial updates.
Why this answer
PATCH is used for partial updates, while PUT replaces the entire resource.
A developer is using NETCONF to retrieve the running configuration of a network device. Which operation should be used?
This retrieves configuration from a specified datastore.
Why this answer
The <get-config> operation retrieves configuration from a datastore (e.g., running).
A Cisco Webex bot needs to receive real-time notifications when new messages are posted in a space. Which API feature should the bot use?
Webhooks provide real-time notifications.
Why this answer
Webex Webhooks allow real-time event notifications; the bot registers a webhook with a target URL that receives POST requests when events occur.
A developer needs to partially update a Meraki network's configuration, changing only the time zone. Which HTTP method should be used on the network resource?
PATCH applies partial modifications.
Why this answer
PATCH is used for partial updates in REST APIs.
A network automation engineer wants to retrieve a list of all network devices from Cisco DNA Center. Which HTTP method and URL path should be used with the DNAC intent API?
Correct: GET retrieves the list of network devices.
Why this answer
The intent API uses GET to retrieve data, and /dna/intent/api/v1/network-device is the correct path for listing network devices.
In the OAuth 2.0 authorization code flow, what does the client receive after the user grants authorization?
The code is the intermediate credential.
Why this answer
In the OAuth 2.0 authorization code flow, after the user grants authorization, the authorization server redirects the client with an authorization code in the query string. This code is a temporary credential that the client must exchange for an access token by sending it along with its client credentials to the token endpoint. The authorization code itself is not the final token; it is a one-time-use intermediary that prevents the access token from being exposed to the user agent.
Exam trap
Cisco often tests the distinction between what is received immediately after user authorization (the authorization code) versus what is obtained after the subsequent token exchange (access token and optionally a refresh token), causing candidates to mistakenly select the access token.
How to eliminate wrong answers
Option B is wrong because a client secret is a static credential pre-shared between the client and authorization server, not something received after user authorization. Option C is wrong because a refresh token is issued only after the client exchanges the authorization code for an access token at the token endpoint, not immediately upon user grant. Option D is wrong because the access token is not directly returned to the client after user authorization; the client must first exchange the authorization code for it via a back-channel request to the token endpoint.
A network engineer wants to use NETCONF to change the hostname of a Cisco device. Which operation should be used?
edit-config modifies config.
Why this answer
The <edit-config> operation is used to modify configuration data in NETCONF.
A developer is using the ncclient library in Python to connect to a network device via NETCONF. Which operation should be used to modify the running configuration and commit the changes?
edit_config modifies, commit confirms changes.
Why this answer
Option C is correct because in NETCONF, the `edit-config()` operation is used to modify the running configuration, and the `commit()` operation is required to make those changes permanent when the device operates in candidate configuration mode. The ncclient library provides these methods to align with the NETCONF protocol's standard operations.
Exam trap
Cisco often tests the distinction between candidate and running datastores, and the trap here is that candidates assume `edit_config()` alone commits changes, forgetting that a separate `commit()` is required when the device uses a candidate configuration model.
How to eliminate wrong answers
Option A is wrong because `validate()` checks the syntactic correctness of a configuration but does not modify it, and `get_config()` retrieves configuration data without making changes. Option B is wrong because `get_config()` retrieves configuration, and `copy_config()` copies a configuration from one datastore to another (e.g., running to startup), but neither directly modifies the running configuration with a commit step. Option D is wrong because `discard_changes()` reverts uncommitted changes in a candidate datastore, and `edit_config()` modifies the configuration; performing `discard_changes()` before `edit_config()` would discard any pending changes but does not achieve a commit of new modifications.
PATCH is used for partial updates.
Why this answer
PATCH is used for partial updates, while PUT replaces the entire resource.
A developer is using the Meraki Dashboard API and notices that some requests return a 429 status code. What is the most likely cause?
Meraki enforces a 5 req/s rate limit.
Why this answer
Meraki API rate limits at 5 calls per second; exceeding this returns 429 Too Many Requests.
Which HTTP method is idempotent and safe?
GET is safe and idempotent.
Why this answer
GET is both idempotent and safe because it is designed to retrieve a resource without causing any side effects on the server. According to RFC 7231, a safe method does not modify the resource state, and an idempotent method guarantees that multiple identical requests produce the same result as a single request. GET satisfies both conditions, as it never alters server state and repeating the same GET request returns the same representation.
Exam trap
Cisco often tests the distinction between idempotent and safe by pairing DELETE (idempotent but not safe) or PUT (idempotent but not safe) as distractors, leading candidates to assume that any method that can be repeated safely is also safe, when in fact safety requires no server-side state change.
How to eliminate wrong answers
Option B (DELETE) is wrong because while DELETE is idempotent (repeated calls have the same effect as one call, typically returning 404 after the first deletion), it is not safe because it modifies server state by removing a resource. Option C (POST) is wrong because POST is neither safe nor idempotent; it creates or updates a resource, and multiple identical POST requests can result in multiple resource creations or side effects. Option D (PUT) is wrong because although PUT is idempotent (replacing a resource with the same representation yields the same state), it is not safe because it modifies server state by updating or creating a resource.
PATCH is designed for partial updates to a resource.
Why this answer
PATCH is used for partial updates, whereas PUT replaces the entire resource. GET retrieves, POST creates, DELETE removes.
What is the correct Content-Type header value for a RESTCONF request using JSON encoding?
Defined in RFC 8040 for RESTCONF JSON encoding.
Why this answer
RESTCONF uses application/yang-data+json for JSON and application/yang-data+xml for XML. application/json is not specific to YANG data.
A developer is implementing OAuth 2.0 for a Cisco Webex integration that needs to send messages on behalf of a user. The integration runs on a server with no user interface. Which OAuth 2.0 flow should be used?
Server-to-server without user context; suitable for non-interactive apps.
Why this answer
For a server-to-server scenario without a user interface, the client credentials grant is appropriate, even though Webex typically uses authorization code for user context. However, the question implies a machine-to-machine scenario; client credentials flow is for server-to-server where no user is present.
A developer needs to use Postman to test an API that uses Basic authentication. How should the credentials be configured in Postman?
Postman will automatically encode and set the header.
Why this answer
Postman's Authorization tab provides a Basic Auth type that automatically encodes credentials. The raw base64-encoded string is the underlying mechanism but is handled by Postman. Basic auth does not use bearer tokens.
Which TWO of the following are valid methods for authenticating to a Cisco REST API? (Select two.)
Many Cisco APIs use API keys (e.g., Meraki).
Why this answer
API key and OAuth 2.0 token are common authentication methods. Basic auth (username:password) is also valid but less common for Cisco APIs. The question likely expects API key and OAuth 2.0.
Correct media type for RESTCONF with JSON.
Why this answer
RESTCONF uses application/yang-data+json for JSON encoding of YANG data.
When using the Cisco DNA Center intent API to retrieve issues, the response includes a Link header with rel="next" and a URL. What type of pagination is this?
Link header with rel="next" is cursor-based.
Why this answer
The Link header with rel="next" indicates cursor-based or link-based pagination.
When using OAuth 2.0 client credentials flow with a Cisco API, what is the typical purpose of the access token?
The token represents the client's authorization.
Why this answer
Client credentials flow is for server-to-server; the access token authorizes the client application to access resources on its own behalf, not on behalf of a user.
A developer is designing a REST API that requires pagination. Which two pagination methods are commonly used? (Choose two.)
Uses offset and limit parameters.
Why this answer
Offset/limit (page number/size) and cursor-based (use a token or cursor to navigate) are common. Link headers (RFC 5988) are also used but are not a pagination method themselves; they convey links. B-tree and hash-based are not typical.
Which THREE statements about NETCONF are correct?
RFC 6241 specifies SSH as the mandatory transport.
Why this answer
NETCONF uses SSH as its transport protocol, as specified in RFC 6242. This provides a secure, encrypted channel for network device management, which is a fundamental requirement for production environments.
Exam trap
Cisco often tests the distinction between NETCONF and RESTCONF transport protocols, and the specific datastore retrieval operations, leading candidates to confuse <get-config> with <get> or to assume HTTP is used for NETCONF.
A developer needs to retrieve a list of network devices from Cisco DNA Center with pagination. Which TWO URL components are typically used for offset/limit pagination?
Specifies the maximum number of items.
Why this answer
In Cisco DNA Center's REST API, pagination is typically implemented using the 'offset' and 'limit' query parameters. 'offset' specifies the starting index for the results, and 'limit' specifies the maximum number of items to return per page. This is a common pattern in many RESTful APIs for offset/limit pagination.
Exam trap
Cisco often tests the distinction between offset/limit pagination (using 'offset' and 'limit' query parameters) and page-based pagination (using 'page' and 'size' or 'per_page' parameters), leading candidates to mistakenly select 'page' as a correct option.
A network engineer wants to stream telemetry data from a Cisco router using gRPC. Which gRPC service model is typically used for the router to push data to a collector?
Dial-out is used for device-initiated push of telemetry data.
Why this answer
Dial-out streaming (also called telemetry push) is where the device initiates the connection and sends data to the collector. Dial-in is where the collector pulls data from the device.
Which TWO of the following HTTP methods are considered safe (idempotent and not modifying server state)? (Select two.)
GET is safe and idempotent.
Why this answer
GET and HEAD are safe; they do not change server state and are idempotent.
What is the default rate limit for the Meraki Dashboard API?
This is the documented rate limit.
Why this answer
Meraki Dashboard API enforces a rate limit of 5 calls per second.
Which TWO of the following are valid query parameter-based pagination methods used in REST APIs? (Select two.)
Used by Meraki and others.
Why this answer
Offset/limit and cursor-based (e.g., startingAfter) are common. Page/per_page is similar to offset/limit. Link header is another method but not a query parameter.
A developer is using the Meraki Dashboard API and needs to handle paginated responses. Which TWO ways does Meraki indicate pagination? (Choose two.)
Meraki includes a Link header.
Why this answer
Meraki uses Link header for pagination (rel="next") and also supports query parameters like perPage and startingAfter (cursor-based). Offset is not used by Meraki.
A developer needs to retrieve a list of Webex teams that the authenticated user belongs to. Which HTTP request is correct?
This is the correct endpoint.
Why this answer
The Webex Teams API uses GET /v1/teams to list teams.
A network automation engineer is using the Cisco DNA Center intent API to retrieve a list of network devices. Which API endpoint should be used?
Correct endpoint for listing network devices.
Why this answer
The correct endpoint is GET /dna/intent/api/v1/network-device because the Cisco DNA Center intent API uses this path to retrieve a list of all network devices managed by the controller. The 'network-device' resource is specifically designed for device inventory operations, returning details such as hostname, IP address, platform ID, and software version. This aligns with the intent API's purpose of abstracting underlying complexities into business-relevant resources.
Exam trap
Cisco often tests the distinction between 'network-device' (inventory) and 'topology' (relationships) — candidates mistakenly pick topology because they think 'list of devices' implies a map view, but the intent API separates raw device data from topological connections.
How to eliminate wrong answers
Option A is wrong because GET /dna/intent/api/v1/site retrieves site hierarchy information (buildings, floors, areas), not network device lists. Option B is wrong because GET /dna/intent/api/v1/topology returns the physical or logical topology map of the network, not a flat device inventory. Option D is wrong because GET /dna/intent/api/v1/issue fetches health or assurance issues (e.g., syslog, SNMP traps), not device inventory data.
A developer is designing a Cisco Catalyst Center integration that uses the intent API. Which THREE of the following are available via the intent API? (Select three.)
GET /dna/intent/api/v1/site.
Why this answer
The intent API provides access to network devices, site hierarchy, and issues. Command runner is also available but as a separate endpoint.
Read operation.
Why this answer
GET (read), POST (create), PUT (update/replace) are CRUD; DELETE (delete) is also CRUD but question asks for three, and PATCH is partial update not always considered core CRUD.
In a RESTCONF API call to retrieve a specific interface configuration on a Cisco device, an engineer sends a GET request to /restconf/data/interfaces/interface=GigabitEthernet0/1. What Content-Type should be specified in the Accept header to receive YANG-defined JSON?
This is the correct media type for YANG JSON.
Why this answer
RESTCONF uses application/yang-data+json for JSON encoding of YANG data.
When using the Meraki Dashboard API, how should the API key be included in a request?
This is the required header.
Why this answer
Meraki requires the API key in a custom header X-Cisco-Meraki-API-Key.
An application uses NETCONF to configure a Cisco device. It sends an <edit-config> operation with the target 'running' and the operation 'merge'. Which statement about this operation is correct?
'merge' merges the data into the target datastore.
Why this answer
In NETCONF, <edit-config> with 'merge' operation will update existing data if present, or create if not. The 'running' datastore is typically not directly writable; 'candidate' is used for changes then commit. However, some devices allow direct edit of 'running' with 'merge' if supported.
When using gRPC/gNMI for model-driven telemetry, which mode allows the network device to push telemetry data to a collector without the collector initiating the connection?
Dial-out has the device push data to the collector.
Why this answer
In gRPC/gNMI-based model-driven telemetry, dial-out mode enables the network device (server) to initiate a connection to the collector (client) and push telemetry data without any prior request from the collector. This is the correct mode for unsolicited streaming telemetry, as defined in the gNMI specification (gRPC Network Management Interface).
Exam trap
Cisco often tests the distinction between dial-in and dial-out by reversing the roles of client and server, so the trap here is confusing the direction of connection initiation with the direction of data flow.
How to eliminate wrong answers
Option B is wrong because gRPC streaming is a generic transport mechanism that can be used in both dial-in and dial-out modes, but it does not specify which side initiates the connection. Option C is wrong because streaming pull is a mode where the collector initiates the connection and requests data from the device, not the device pushing data. Option D is wrong because dial-in mode requires the collector to initiate the connection to the device, which is the opposite of the scenario described.
In Postman, what feature allows you to reuse a value like a base URL or token across multiple requests?
Environments contain variables for reuse.
Why this answer
Environments store variables that can be referenced across requests.
A developer is making requests to the Meraki Dashboard API and receives a 429 Too Many Requests response. What is the default rate limit for this API?
Meraki enforces 5 requests per second.
Why this answer
Meraki API rate limits at 5 requests per second per API key.
In the Cisco DNA Center intent API, which HTTP method should be used to update a specific site's information?
PUT replaces the site data.
Why this answer
For updating an existing resource, PUT is used to replace the entire resource, while PATCH is for partial updates. DNA Center intent API typically uses PUT for updates, but PATCH may also be supported. The question asks for update; PUT is the standard.
What is the purpose of the 'Authorization' header in a REST API request?
Authorization header carries authentication credentials.
Why this answer
The Authorization header carries credentials (e.g., Bearer token, Basic auth) to authenticate the client. Content-Type specifies body format. Accept specifies response format.
A developer uses RESTCONF to configure a network device. What is the correct content-type header to send in the request?
This is the standard media type for RESTCONF with JSON.
Why this answer
RESTCONF uses application/yang-data+json for JSON encoding of YANG data.
Ready to test yourself?
Try a timed practice session using only Devnet Apis questions.