CCNA Software Dev Design Questions

10 of 85 questions · Page 2/2 · Software Dev Design topic · Answers revealed

76
MCQhard

In a CI/CD pipeline, a code quality check fails due to a security vulnerability in a third-party library. What is the best practice to address this?

A.Suppress the warning and proceed
B.Update the library to a patched version
C.Add a firewall rule to block the vulnerability
D.Remove the dependency and rewrite the code
AnswerB

Updating to the latest patched version resolves the vulnerability and maintains compatibility.

Why this answer

Updating the library to a patched version directly resolves the security vulnerability at its source, aligning with the principle of supply chain security in CI/CD pipelines. This practice ensures that the codebase uses a version of the dependency that has been officially fixed by the maintainer, preventing exploitation without altering the application's functionality or introducing unnecessary risk.

Exam trap

Cisco often tests the misconception that security vulnerabilities can be mitigated with network controls (like firewalls) or by ignoring the issue, rather than addressing the root cause through dependency updates.

How to eliminate wrong answers

Option A is wrong because suppressing the warning ignores the vulnerability, leaving the application exposed to potential exploitation; it violates the security-first principle of DevSecOps. Option C is wrong because a firewall rule only attempts to block network-level access to the vulnerability, which does not fix the underlying insecure code in the library and can be bypassed; it is a network control, not a code fix. Option D is wrong because removing the dependency and rewriting the code is an extreme, time-consuming measure that is unnecessary when a patched version is available; it ignores the standard practice of dependency management and version updates.

77
MCQhard

A developer is using Git for version control of a Python library. A colleague accidentally committed a large sensitive file. Which Git command sequence should be used to remove the file from history without losing subsequent changes?

A.git filter-branch or git filter-repo
B.git rm --cached && git commit
C.git rebase -i && git commit --amend
D.git revert HEAD
AnswerA

These tools rewrite history, removing the file from all commits.

Why this answer

git filter-branch (or git filter-repo) rewrites history to remove the file across all commits. git reset affects recent commits but loses changes after it. git rebase -i can edit specific commits but becomes complex for large files. git rm only removes from current commit.

78
MCQhard

In a CI/CD pipeline for a network automation project, which stage is responsible for validating the syntax of YAML configuration files?

A.Deploy
B.Lint
C.Test
D.Build
AnswerB

Linting checks for syntax errors and coding standards in configuration files.

Why this answer

Lint stage validates syntax and style. Build compiles code, test runs unit tests, deploy pushes to production. Syntax checking is a static analysis step typically done in linting.

79
MCQeasy

A Python script used for network automation requires storing an API secret. Which approach is the most secure and recommended best practice?

A.Hardcode the secret in the Python script
B.Store the secret in a plain text file in the repository
C.Encrypt the secret and store it in the script
D.Use environment variables
AnswerD

Environment variables keep secrets out of code and are configurable per deployment.

Why this answer

Option D is correct because storing secrets in environment variables decouples sensitive data from the source code, preventing accidental exposure in version control systems like Git. This approach follows the principle of least privilege and is recommended by security best practices such as the Twelve-Factor App methodology. Environment variables are managed outside the script, reducing the risk of credential leakage during code sharing or deployment.

Exam trap

Cisco often tests the misconception that encryption within the script is sufficient, but the trap is that the decryption key must still be stored somewhere, creating a key management problem that environment variables solve by keeping secrets out of the code entirely.

How to eliminate wrong answers

Option A is wrong because hardcoding the secret in the Python script exposes it to anyone with access to the source code, including version control history, and violates the principle of separating configuration from code. Option B is wrong because storing the secret in a plain text file in the repository makes it readable by anyone who can access the repo, and it can be inadvertently committed and shared, leading to credential exposure. Option C is wrong because encrypting the secret and storing it in the script still requires managing the decryption key within the script or repository, which creates a circular security problem and does not eliminate the risk of exposure through code access.

80
Multi-Selectmedium

A developer is designing a REST API for managing network devices. Which three best practices should be followed for the API design? (Choose three.)

Select 3 answers
A.Use POST for all state-changing operations to ensure idempotency.
B.Use nouns for resource names (e.g., /devices) rather than verbs.
C.Include versioning in the URL path (e.g., /v1/devices).
D.Always send the entire resource representation in all responses to reduce client requests.
E.Use proper HTTP status codes to describe results.
AnswersB, C, E

D is correct because RESTful APIs use nouns to represent resources, while verbs are typically avoided in endpoint paths.

Why this answer

A, B, and D are correct. A: Using proper HTTP status codes is a REST best practice for clear success/failure indication. B: Including versioning in the URL path ensures backward compatibility.

D: Using nouns for resources (e.g., /devices) aligns with RESTful principles. C is incorrect because POST is not idempotent; PUT/DELETE are preferred for idempotent operations. E is incorrect because transmitting full representations unnecessarily increases bandwidth; partial responses or specific fields should be used.

81
MCQeasy

Which data serialization format is most commonly used for configuration files in Cisco automation tools like Ansible?

A.CSV
B.YAML
C.HTML
D.XML
AnswerB

YAML is the default format for Ansible playbooks and is human-readable, making it ideal for configuration files.

Why this answer

Option B is correct because YAML is the standard configuration format for Ansible playbooks and many Cisco automation tools. Option A (XML) is used in some contexts like NETCONF but not in Ansible. Option C (CSV) is for tabular data, not configuration.

Option D (HTML) is for web pages. Therefore, YAML is the most appropriate choice.

82
MCQhard

A developer is using the Cisco Webex API to create a room and add members. The API requires an access token with the appropriate scopes. The developer receives a 401 Unauthorized error when trying to create a room. What is the most likely cause?

A.The access token only has the 'spark:rooms_read' scope
B.The access token has the 'spark:memberships_write' scope but not 'spark:rooms_write'
C.The access token is not being sent in the Authorization header
D.The access token has expired
AnswerA

Correct: The write scope is required for creating rooms.

Why this answer

The 401 Unauthorized error indicates that the request lacks valid authentication credentials. Since the developer is using an access token but still getting a 401, the most likely cause is that the token does not have the required scopes to perform the operation. The 'spark:rooms_read' scope only allows reading room details, not creating them, so the API rejects the request with a 401 because the token is valid but insufficiently scoped.

Exam trap

Cisco often tests the distinction between 401 Unauthorized (authentication failure) and 403 Forbidden (authorization failure), and the trap here is that candidates assume a 401 always means a missing or expired token, when in fact an invalid scope can also trigger a 401 in Webex APIs.

How to eliminate wrong answers

Option B is wrong because having 'spark:memberships_write' without 'spark:rooms_write' would still cause a 403 Forbidden (insufficient permissions), not a 401 Unauthorized — the token is valid but lacks the specific scope. Option C is wrong because if the token were not sent in the Authorization header, the API would return a 401 Unauthorized, but this is less likely than a scope issue given the developer is explicitly using an access token; however, the question asks for the 'most likely' cause, and scope misconfiguration is a common pitfall. Option D is wrong because an expired token would also return a 401, but the developer is actively generating and using the token, making expiration less probable than a scope mismatch.

83
MCQmedium

A REST API returns a 500 Internal Server Error when a client sends a malformed JSON payload. What is the most appropriate HTTP response code to indicate a client-side error?

A.400 Bad Request
B.401 Unauthorized
C.403 Forbidden
D.422 Unprocessable Entity
AnswerA

400 indicates the server cannot process the request due to malformed syntax, which fits a malformed JSON payload.

Why this answer

Option A is correct because 400 Bad Request is used when the server cannot process the request due to client error (e.g., malformed syntax). Option B (401) is for authentication failures. Option C (403) is for authorization failures.

Option D (422) is for unprocessable entities when the syntax is correct but semantics fail. Therefore, 400 is the best choice for a malformed JSON payload.

84
MCQmedium

A network automation team uses a CI/CD pipeline. Which practice best ensures that configuration changes are validated before deployment to production?

A.Automated unit tests that verify syntax of configuration files
B.Peer review of code only
C.Manual testing by the network engineer after deployment
D.Deploying to a staging environment that mirrors production
AnswerD

A staging environment allows safe validation of changes under realistic conditions before production deployment.

Why this answer

Deploying to a staging environment that mirrors production allows comprehensive testing without risk. This is a key DevOps best practice.

85
MCQhard

A CI/CD pipeline for network automation includes a stage that runs Ansible playbooks against a staging environment. The pipeline is triggered by Git commits. After a commit, the pipeline fails because the Ansible inventory file is missing. What is the most likely reason?

A.The inventory file is listed in .gitignore
B.The pipeline script has a typo in the inventory path
C.The Ansible version in the pipeline is incompatible
D.The staging environment is not reachable
AnswerA

If the inventory file is ignored by Git, it won't be in the repository, so the pipeline cannot find it.

Why this answer

Files that are not tracked by Git will not be available in the CI environment. The inventory file must be committed; ignoring it with .gitignore excludes it.

← PreviousPage 2 of 2 · 85 questions total

Ready to test yourself?

Try a timed practice session using only Software Dev Design questions.