CCNA Cisco DNA Center Questions

58 questions · Cisco DNA Center · All types, answers revealed

1
Multi-Selecthard

Which three statements about Cisco DNA Center integration with external systems are true? (Choose three.)

Select 3 answers
A.Cisco DNA Center provides a RESTful API that allows external applications to retrieve network inventory and topology data.
B.Cisco DNA Center can forward syslog messages to external SIEM systems for centralized logging and analysis.
C.Cisco DNA Center can synchronize IP address pools with external IPAM solutions such as Infoblox or SolarWinds.
D.Cisco DNA Center establishes BGP peering sessions with external routers to exchange routing information.
E.Cisco DNA Center only supports SNMP traps as the northbound interface for event notifications.
AnswersA, B, C

Correct because the DNA Center REST API is a primary northbound interface for integration with third-party tools and custom scripts.

Why this answer

DNA Center integrates with various systems for extended functionality. The correct answers cover REST API integration, syslog forwarding, and IPAM synchronization. The wrong answers incorrectly claim direct BGP peering for routing and that SNMP traps are the only northbound interface.

2
MCQeasy

A network engineer is using the Cisco DNA Center REST API to retrieve the health score of a specific device. The API response is as follows: { "response": [ { "deviceId": "1234567890", "hostname": "Core-Switch-1", "score": 8, "overallHealth": "good", "timestamp": 1623456789 } ], "version": "1.0" } The engineer wants to extract the 'overallHealth' value. Which Python code correctly extracts it?

A.health = response['response'][0]['overallHealth']
B.health = response['overallHealth']
C.health = response['response']['overallHealth']
D.health = response[0]['overallHealth']
AnswerA

Correct. This accesses the first element of the list inside 'response' and then retrieves 'overallHealth'.

Why this answer

The response is a dictionary with a key 'response' that contains a list. The list has one dictionary. To access 'overallHealth', you need to index the list and then the key.

3
MCQhard

An engineer is writing a Python script to use the Cisco DNA Center API to assign a device to a site. The code snippet is: import requests url = "https://dna-center.local/dna/intent/api/v1/network-device/assign" headers = { "X-Auth-Token": "token", "Content-Type": "application/json" } payload = { "deviceId": "device-uuid", "siteId": "site-uuid" } response = requests.post(url, headers=headers, json=payload, verify=False) print(response.status_code) What is a potential issue with this code?

A.The HTTP method should be PUT instead of POST for assigning a device to a site.
B.The payload should include 'deviceId' and 'siteId' as a list.
C.The URL is missing the version number.
D.The code should use requests.put instead of requests.post.
AnswerA, D

Correct. The DNA Center API uses PUT for this operation.

Why this answer

The API endpoint for assigning a device to a site typically uses a PUT method, not POST. Using POST may result in a 405 Method Not Allowed error or unexpected behavior.

4
MCQeasy

An engineer is using the Cisco DNA Center GUI to create a new site hierarchy. They add a building under an existing area. After saving, they run a Python script to verify the site via API: import requests url = "https://dna-center.local/dna/intent/api/v1/site" headers = {"X-Auth-Token": "token"} response = requests.get(url, headers=headers, verify=False) sites = response.json()['response'] for site in sites: if site['name'] == 'Building-A': print(site['id']) What is the output if the building was created successfully?

A.A UUID string such as '123e4567-e89b-12d3-a456-426614174000'
B.The script will print 'Building-A'
C.The script will print the entire site dictionary
D.The script will raise an error because the API returns paginated results
AnswerA

Correct. The API returns a UUID for each site, and the script prints it.

Why this answer

The script prints the site ID of the building if it exists. The output will be a string representing the UUID of the building.

5
Matchingmedium

Drag and drop each DNA Center package on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides network analytics, health scores, and troubleshooting insights

Automates device onboarding, configuration deployment, and software image management

Defines network hierarchy, site profiles, and global settings

Enforces access control, QoS, and segmentation policies

Orchestrates workflows for device provisioning and configuration changes

Why these pairings

Cisco DNA Center packages: Assurance provides analytics and troubleshooting; Provision automates device configuration; Design creates network hierarchies and settings; Policy manages access and segmentation.

6
MCQmedium

Examine the following OSPF configuration on a Cisco IOS-XE router: router ospf 1 router-id 1.1.1.1 network 10.0.0.0 0.255.255.255 area 0 network 192.168.1.0 0.0.0.255 area 1 default-information originate always metric 10 metric-type 1 What is the effect of the 'default-information originate always' command?

A.A default route is advertised into OSPF only if the router has a default route in its routing table.
B.A default route is unconditionally advertised into OSPF with metric 10 and type E1.
C.The router will redistribute static default routes into OSPF.
D.The router will generate a default route only for area 1.
AnswerB

The 'always' keyword ensures unconditional advertisement, and metric-type 1 means E1.

Why this answer

This command injects a default route (0.0.0.0/0) into the OSPF domain unconditionally, even if the router does not have a default route in its routing table. The metric and type are set as specified.

7
MCQeasy

What is the default OSPF hello interval on an Ethernet link?

A.10 seconds
B.30 seconds
C.40 seconds
D.5 seconds
AnswerA

This is the standard default for Ethernet and other broadcast networks.

Why this answer

OSPF uses different hello intervals depending on the network type. On broadcast and point-to-point networks (like Ethernet), the default hello interval is 10 seconds.

8
Matchingmedium

Drag and drop each DNA Center Intent API on the left to its matching use on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieves detailed device information including serial numbers and software versions

Returns physical and logical network topology maps

Lists network issues with severity and suggested actions

Subscribes to and retrieves real-time network events and syslog messages

Manages site hierarchy and associated device assignments

Why these pairings

Intent APIs: inventory retrieves device details; topology maps network connections; issues identifies network problems; events provides real-time notifications.

9
Matchingmedium

Drag and drop each PnP workflow step on the left to its matching action on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Assigns the device to a site and triggers the provisioning process

Deploys day-0 configuration, templates, and software image

Applies the configuration and brings the device into operational state

Checks device connectivity and validates configuration compliance

Tracks device status, logs, and alerts during the PnP workflow

Why these pairings

PnP steps: Claim device assigns it to a site; Provision deploys configuration; Activate applies image; Verify checks connectivity; Monitor tracks status.

10
MCQhard

A network engineer is deploying Cisco DNA Center in a brownfield network. The engineer wants to use DNA Center to automate the configuration of QoS policies across all access switches. After discovering the devices and adding them to Inventory, the engineer creates a QoS policy and assigns it to a site. However, when attempting to provision, DNA Center reports that the devices are in 'Compliance Error' state. What is the most likely reason?

A.The devices have existing QoS configurations that conflict with the new policy.
B.The devices are not running a supported IOS-XE version for QoS automation.
C.The DNA Center appliance does not have enough storage to process the QoS policy.
D.The QoS policy was created with an invalid DSCP value.
AnswerA

Correct because DNA Center's compliance check compares the intended configuration with the actual device configuration. Conflicts cause compliance errors.

Why this answer

In brownfield deployments, devices may have existing configurations that conflict with the intended policies. DNA Center performs a compliance check before provisioning. If the current device configuration does not match the intended configuration (e.g., existing QoS settings), DNA Center reports a compliance error.

The engineer must either update the device configuration to match the intent or modify the intent to accommodate the existing configuration.

11
Matchingmedium

Drag and drop each DNA Center API category on the left to its matching endpoint group on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Endpoints for inventory, topology, and health summaries

Endpoints for site, building, and floor creation and management

Endpoints for network device discovery and reachability testing

Endpoints for software image management, device reboot, and configuration archive

Endpoints for creating and applying access and QoS policies

Why these pairings

DNA Center API categories map to endpoint groups: Know Your Network includes inventory and topology; Site Management handles building and floor details; Connectivity covers network device discovery; Operational Tasks includes software image management and device reboot.

12
Multi-Selectmedium

Which two statements about Cisco DNA Center software image management (SWIM) are true? (Choose two.)

Select 2 answers
A.Cisco DNA Center allows administrators to define a golden image for each device family and automatically enforce compliance.
B.Cisco DNA Center can upgrade device images remotely without requiring physical access to the devices.
C.Cisco DNA Center SWIM requires all devices to have a TFTP server configured locally to receive new images.
D.Cisco DNA Center SWIM does not provide any compliance reporting or audit trails for image versions.
E.Cisco DNA Center SWIM only supports Cisco Catalyst 9000 series switches and cannot manage older platforms.
AnswersA, B

Correct because SWIM enables setting a desired image version (golden image) and then checking devices against it, flagging non-compliant ones.

Why this answer

SWIM in DNA Center automates image upgrades and compliance. The correct answers describe golden image definition and remote upgrade capabilities. The wrong answers incorrectly claim mandatory TFTP usage, lack of compliance reporting, and that SWIM only works with specific hardware models.

13
MCQeasy

What is the maximum hop count for EIGRP?

A.15
B.100
C.255
D.Unlimited
AnswerB

The default maximum hop count for EIGRP is 100.

Why this answer

EIGRP uses a metric based on bandwidth and delay, but it also has a hop count limit. The default maximum hop count is 100, but it can be configured up to 255.

14
Multi-Selecthard

Which three statements about Cisco DNA Center Assurance are true? (Choose three.)

Select 3 answers
A.Cisco DNA Center Assurance uses streaming telemetry from devices to monitor network health in real time.
B.Cisco DNA Center Assurance can automatically remediate issues by changing device configurations.
C.Cisco DNA Center Assurance provides a client health score based on RF metrics, application performance, and connectivity.
D.Cisco DNA Center Assurance relies solely on SNMP polling for data collection.
E.Cisco DNA Center Assurance can proactively detect anomalies and send alerts before users are impacted.
AnswersA, C, E

Correct because Assurance leverages model-driven telemetry (e.g., from Cisco IOS-XE) to collect real-time data for analysis.

Why this answer

DNA Center Assurance provides proactive monitoring and troubleshooting using telemetry and AI/ML. The correct answers highlight its use of streaming telemetry, client health scoring, and proactive issue detection. The incorrect options confuse Assurance with automation (configuration changes) or misstate data sources (SNMP polling is secondary to telemetry).

15
Matchingmedium

Drag and drop each DNA Center Intent API on the left to its matching use on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieves network device details, serial numbers, and software versions

Provides physical and logical network topology maps

Lists network problems, severity, and suggested remediation

Tracks configuration changes, syslog messages, and SNMP traps

Manages site hierarchy and location-based network settings

Why these pairings

Intent APIs: inventory retrieves device details; topology provides network maps; issues reports network problems; events tracks changes and alerts.

16
MCQhard

A network engineer is configuring model-driven telemetry on a Cisco IOS-XE device that is part of a DNA Center managed fabric. The telemetry subscription configuration is: telemetry ietf subscription 101 encoding encode-kvgpb filter xpath /process-cpu-ios-xe-oper:cpu-usage/cpu-utilization stream yang-push update-policy periodic 500 receiver ip address 10.10.10.10 port 5555 protocol grpc-tcp What is the purpose of the 'encoding encode-kvgpb' line?

A.It sets the encoding to JSON format for the telemetry data.
B.It specifies that the data should be encoded using Google Protocol Buffers (protobuf) with key-value pairs.
C.It enables encryption of the telemetry data.
D.It defines the compression algorithm for the telemetry stream.
AnswerB

Correct. KVGPB is a protobuf-based encoding optimized for telemetry.

Why this answer

The 'encoding encode-kvgpb' specifies that the telemetry data should be encoded using KVGPB (Key-Value Google Protocol Buffers), which is a compact binary encoding used for efficient data transmission.

17
Drag & Dropmedium

Drag and drop the steps of DNA Center site hierarchy creation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with defining the top-level site (e.g., continent or country), then adds the area, then the building, then the floor, and finally assigns the floor plan. This hierarchical structure is required for proper network segmentation and assurance in Cisco DNA Center.

18
Multi-Selecthard

Which three statements about Cisco DNA Center software image management are true? (Choose three.)

Select 3 answers
A.Cisco DNA Center allows administrators to define a golden image for each device family to enforce consistent software versions.
B.Cisco DNA Center can perform distributed software upgrades using a staging area on the device itself.
C.Cisco DNA Center automatically reboots devices after an image upgrade without any administrator confirmation.
D.Cisco DNA Center can compare the running image on a device against the golden image and report compliance status.
E.Cisco DNA Center uses the device's configuration file to determine the required image version.
AnswersA, B, D

Correct because golden images are a core feature to standardize OS versions across the network.

Why this answer

DNA Center provides centralized image management with golden images, distributed upgrades, and compliance checks. The correct answers cover these key features. The incorrect options confuse image management with configuration backup or misstate the upgrade process (no automatic reboot without approval).

19
Multi-Selectmedium

Which two statements about Cisco DNA Center integration with Cisco SD-Access are true? (Choose two.)

Select 2 answers
A.Cisco DNA Center is used to design and provision the SD-Access fabric, including defining virtual networks and host pools.
B.Cisco DNA Center automatically configures OSPF as the control plane protocol for SD-Access.
C.Cisco DNA Center can enforce group-based policies using Scalable Group Tags (SGTs) in the SD-Access fabric.
D.Cisco DNA Center requires a separate WAN controller to manage SD-Access border nodes.
E.Cisco DNA Center configures SD-Access edge nodes as the core routers of the network.
AnswersA, C

Correct because DNA Center provides the GUI and API to create fabric domains, IP pools, and virtual networks (VRFs).

Why this answer

DNA Center is the management and automation platform for SD-Access. The correct answers describe its role in fabric design and policy enforcement. The incorrect options misrepresent the control plane (LISP, not OSPF), the border role (fabric exit, not WAN), and the device role (edge, not core).

20
Multi-Selectmedium

Which two statements about Cisco DNA Center automation workflows are true? (Choose two.)

Select 2 answers
A.Cisco DNA Center supports Plug and Play (PnP) for zero-touch device onboarding.
B.Cisco DNA Center uses template-based provisioning to apply consistent configurations across devices.
C.Cisco DNA Center only supports GUI-based configuration; CLI access is not available.
D.Cisco DNA Center automates configuration of all network devices, including third-party switches.
E.Cisco DNA Center uses SNMP to push configuration changes to devices.
AnswersA, B

Correct because PnP is a built-in feature of DNA Center that automates the initial deployment of new devices without manual intervention.

Why this answer

Cisco DNA Center uses intent-based APIs and templates to automate network provisioning. The correct answers highlight key automation capabilities: PnP for zero-touch deployment and template-based provisioning for consistent configuration. The incorrect options misrepresent the GUI-only nature (CLI is also available via templates), the role of Assurance (monitoring, not configuration), the scope of SD-Access (fabric, not all devices), and the integration method (REST APIs, not SNMP).

21
MCQeasy

A network engineer is planning to use Cisco DNA Center to automate the deployment of a new branch office. The engineer has already discovered the devices and added them to Inventory. The engineer wants to use a template to configure the devices consistently. Which tool in DNA Center should the engineer use to create and apply the template?

A.Use the 'Template Editor' to create a CLI template and apply it during provisioning.
B.Use the 'Policy Editor' to create a policy-based configuration.
C.Use the 'Command Runner' to execute commands on multiple devices.
D.Use the 'Network Profiles' to define the configuration.
AnswerA

Correct because Template Editor is designed for creating and applying configuration templates in DNA Center.

Why this answer

Cisco DNA Center includes a feature called 'Template Editor' (or 'Network Templates') that allows engineers to create CLI templates for device configuration. These templates can be parameterized and applied to devices during provisioning, ensuring consistent configuration across the branch.

22
MCQmedium

Which BGP attribute is preferred when it has the lowest value?

A.WEIGHT
B.LOCAL_PREF
C.MED
D.ORIGIN
AnswerC

MED is the attribute where a lower value is preferred.

Why this answer

BGP uses multiple attributes to determine the best path. The WEIGHT attribute is Cisco-specific and is preferred when it has the highest value, not lowest. The LOCAL_PREF attribute is preferred with the highest value.

The MED (Multi-Exit Discriminator) attribute is preferred with the lowest value. The ORIGIN attribute prefers IGP over EGP and incomplete.

23
MCQmedium

A network engineer is troubleshooting a problem where Cisco DNA Center is not receiving syslog messages from a critical core switch. The switch is configured to send syslog to the DNA Center's IP address. The engineer checks the DNA Center syslog collector and finds that it is enabled. What should the engineer check next?

A.Verify that the syslog port (UDP 514) is not blocked by a firewall or ACL.
B.Check if the syslog messages are in the correct format.
C.Ensure that the switch is in the Inventory and managed by DNA Center.
D.Restart the syslog collector service on DNA Center.
AnswerA

Correct because syslog uses UDP 514, and if the port is blocked, messages will not reach DNA Center.

Why this answer

Cisco DNA Center's syslog collector listens on specific ports (default UDP 514). If the switch is configured to send syslog but DNA Center is not receiving it, a common issue is that the syslog port is blocked by a firewall or ACL between the switch and DNA Center. The engineer should verify network connectivity and port accessibility.

24
MCQeasy

A network engineer is using Cisco DNA Center to monitor network health. The Assurance dashboard shows that a particular access switch has a high CPU utilization issue. The engineer wants to investigate the root cause using DNA Center's built-in tools. Which feature should the engineer use to analyze the switch's CPU utilization over time?

A.Use the 'Trends' feature in Assurance to view CPU utilization over time.
B.Use the 'Command Runner' to execute 'show process cpu' on the switch.
C.Use the 'Path Trace' tool to analyze traffic paths.
D.Use the 'Software Image Management' to check for software bugs.
AnswerA

Correct because Trends provides historical data for performance metrics, including CPU utilization.

Why this answer

Cisco DNA Center's Assurance module provides historical and real-time data for network devices. The 'Trends' feature allows engineers to view metrics like CPU utilization over a selected time period, helping to identify patterns and root causes.

25
Drag & Dropmedium

Drag and drop the steps of DNA Center SWIM (Software Image Management) upgrade flow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SWIM upgrade begins with importing the image, then distributing it to the device, performing a pre-check, activating the image, and finally committing the upgrade.

26
MCQhard

An Ansible playbook is written to configure a VLAN on a Cisco IOS-XE device via Cisco DNA Center's intent API: - name: Configure VLAN via DNA Center hosts: localhost gather_facts: no tasks: - name: Create VLAN 100 cisco.dnac.vlan: host: "{{ dnac_host }}" username: "{{ dnac_username }}" password: "{{ dnac_password }}" validate_certs: no state: present vlan_name: "Engineering" vlan_id: 100 site_id: "{{ site_id }}" register: result - debug: var=result What is a potential issue with this playbook?

A.The module name is incorrect; it should be cisco.dnac.network_vlan.
B.The playbook does not include a task to obtain an authentication token, which is required by DNA Center API.
C.The 'site_id' parameter is mandatory for creating a VLAN in DNA Center; if missing, the task will fail.
D.The 'state: present' is invalid; it should be 'state: create'.
AnswerC

Correct. DNA Center requires a site ID to associate the VLAN with a specific site. Without it, the API call will return an error.

Why this answer

The cisco.dnac.vlan module requires the 'site_id' parameter to associate the VLAN with a specific site. If the site_id is not provided or is incorrect, the task will fail or create the VLAN in the wrong location. Additionally, the playbook assumes the DNA Center credentials are correctly set.

27
Multi-Selectmedium

Which two statements about Cisco DNA Center automation workflows are true? (Choose two.)

Select 2 answers
A.Cisco DNA Center supports Plug and Play (PnP) for zero-touch deployment of new switches and routers.
B.Cisco DNA Center can push configuration templates to devices using CLI commands or REST API calls.
C.Cisco DNA Center requires an external APIC-EM controller to manage device discovery and inventory.
D.Cisco DNA Center automation is limited to GUI-based workflows and does not support any programmatic interfaces.
E.Cisco DNA Center uses Cisco ISE as the primary source for device discovery and network topology mapping.
AnswersA, B

Correct because PnP is a built-in feature of DNA Center that automates the initial provisioning of network devices without manual intervention.

Why this answer

Cisco DNA Center uses intent-based networking to automate network changes. The correct answers highlight key automation capabilities: PnP for zero-touch provisioning and the ability to push configuration templates via CLI or REST API. The wrong answers misstate the role of APIC-EM (a predecessor), the GUI-only limitation, and the integration with ISE for policy rather than device discovery.

28
MCQmedium

A network engineer is using Netmiko to connect to a Cisco IOS-XE device that is managed by Cisco DNA Center. The script is: from netmiko import ConnectHandler device = { 'device_type': 'cisco_ios', 'host': '10.10.10.1', 'username': 'admin', 'password': 'cisco123', 'secret': 'enable123' } connection = ConnectHandler(**device) connection.enable() output = connection.send_command('show ip interface brief') print(output) connection.disconnect() What is a potential security concern with this script in the context of DNA Center?

A.The script does not handle authentication failures gracefully.
B.The enable secret is hardcoded in plain text, which is a security risk.
C.The device_type should be 'cisco_xe' for IOS-XE.
D.The script should use SSH keys instead of passwords.
AnswerB

Correct. Hardcoding credentials is insecure. They should be stored in a secure manner.

Why this answer

The script stores the enable secret in plain text. In a production environment, credentials should be stored securely, such as using environment variables or a vault. DNA Center itself stores credentials encrypted, but this script exposes them.

29
Drag & Dropmedium

Drag and drop the steps of Cisco DNA Center assurance data collection workflow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Assurance begins with network devices streaming telemetry data (e.g., NetFlow, SNMP, syslog) to DNA Center. DNA Center processes and correlates the data to build a baseline of normal behavior. It then applies machine learning models to detect anomalies.

Alerts and insights are generated for potential issues. Finally, the dashboard displays health scores and recommended actions for the administrator.

30
Drag & Dropmedium

Drag and drop the steps of DNA Center template deployment to a device into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order begins with creating the template in the project, then committing the template, then attaching it to a site, then provisioning the device, and finally pushing the configuration. This ensures the template is properly versioned and applied during provisioning.

31
Multi-Selecthard

Which three statements about Cisco DNA Center Assurance are true? (Choose three.)

Select 3 answers
A.Cisco DNA Center Assurance uses NetFlow, SNMP, and syslog data to analyze network performance and client experience.
B.Cisco DNA Center Assurance assigns a health score to each client based on factors like signal strength, latency, and packet loss.
C.Cisco DNA Center Assurance uses machine learning to detect anomalies and predict potential network issues.
D.Cisco DNA Center Assurance can capture and analyze full packet captures in real time for every flow.
E.Cisco DNA Center Assurance only monitors wired clients and does not provide visibility into wireless client performance.
AnswersA, B, C

Correct because Assurance collects telemetry from multiple sources to provide a holistic view of network health.

Why this answer

DNA Center Assurance provides proactive monitoring and troubleshooting. The correct answers cover its data sources (NetFlow, SNMP, syslog), client health scoring, and AI-driven insights. The wrong answers incorrectly claim real-time packet capture (not a core Assurance feature) and that Assurance only monitors wired clients.

32
Matchingmedium

Drag and drop each PnP workflow step on the left to its matching action on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Assigns a discovered device to a specific site and profile

Applies initial bootstrap configuration via CLI template

Installs the required software image on the device

Deploys full configuration including interfaces, VLANs, and routing

Replaces a failed device with a new one using the same configuration

Why these pairings

PnP steps: Claim assigns a device to a site; Day0 Template applies initial configuration; Image Upgrade updates the device software; Provision deploys the full configuration.

33
MCQmedium

A network engineer is using Cisco DNA Center to automate the deployment of a new VLAN across multiple access switches. The engineer creates a new network profile with the VLAN definition and assigns it to a site. However, after provisioning, the VLAN is not created on any of the switches. The engineer verifies that the devices are in the Inventory and are reachable. What is the most likely cause?

A.The engineer did not run the Provision workflow to push the configuration to the devices.
B.The VLAN ID conflicts with an existing VLAN on the switches.
C.The switches do not support the VLAN ID range.
D.The DNA Center appliance is not licensed for the Automation module.
AnswerA

Correct because creating a profile and assigning it to a site only defines the intent; the actual configuration is pushed only when the Provision workflow is executed.

Why this answer

In Cisco DNA Center, network profiles are used to define settings, but they must be applied to a site and then the devices must be provisioned with that site's settings. If the engineer only created the profile and assigned it to a site, but did not run the provisioning workflow (which pushes the configuration to devices), the VLAN will not be created.

34
MCQmedium

A network engineer is troubleshooting a wireless connectivity issue in a campus network managed by Cisco DNA Center. The Assurance module shows that several access points have high client association failures. The engineer checks the wireless controller configuration and finds that the APs are registered and functional. What is the most likely cause of the association failures?

A.RF interference or poor signal-to-noise ratio on the affected APs.
B.The APs are not running the recommended firmware version.
C.The wireless controller has reached its maximum number of APs.
D.The DNA Center Assurance module is not properly configured to monitor wireless events.
AnswerA

Correct because high association failures are often due to RF issues, which DNA Center Assurance can detect and report.

Why this answer

Cisco DNA Center Assurance can correlate client association failures with RF interference, authentication issues, or configuration mismatches. Since the APs are registered and functional, the issue is likely related to RF interference or signal quality. DNA Center's Assurance can analyze client association events and highlight RF issues as a common cause.

35
MCQmedium

A network engineer is using Cisco DNA Center to manage a network with multiple sites. The engineer wants to ensure that all devices at a remote site have the same NTP server configuration. The engineer creates a network profile with the NTP settings and assigns it to the site. After provisioning, the engineer checks one of the switches and finds that the NTP configuration is missing. What should the engineer check first?

A.Verify that the device is assigned to the correct site in DNA Center.
B.Check if the NTP server is reachable from the device.
C.Ensure that the device is running a supported IOS version.
D.Recreate the network profile with the correct NTP settings.
AnswerA

Correct because if the device is not in the site where the profile is applied, it will not receive the configuration.

Why this answer

In Cisco DNA Center, network profiles are applied to sites, but devices must be assigned to the correct site hierarchy. If a device is not assigned to the site where the profile is applied, it will not receive the configuration. The engineer should verify that the device is in the correct site within DNA Center's hierarchy.

36
MCQeasy

A network engineer uses the Cisco DNA Center API to trigger a provisioning workflow for a new device. The API call returns the following JSON response: { "response": { "taskId": "task-12345", "url": "/api/v1/task/task-12345" }, "version": "1.0" } The engineer then polls the task status using the URL. Which HTTP method should be used to retrieve the task status?

A.GET
B.POST
C.PUT
D.DELETE
AnswerA

Correct. A GET request retrieves the task status.

Why this answer

To retrieve the status of a task, a GET request should be sent to the provided URL. The task ID is used to query the task API endpoint.

37
MCQmedium

Consider the following BGP configuration on a Cisco IOS-XE router: router bgp 65001 neighbor 10.0.0.2 remote-as 65002 neighbor 10.0.0.2 route-map SET_COMMUNITY out ! route-map SET_COMMUNITY permit 10 set community 65001:100 What is the effect of this configuration?

A.The router will set the community to 65001:100 on all routes received from neighbor 10.0.0.2.
B.The router will set the community to 65001:100 on all routes advertised to neighbor 10.0.0.2.
C.The router will filter routes with community 65001:100 from being advertised.
D.The router will remove the community from routes advertised to the neighbor.
AnswerB

The 'out' direction and route-map cause the community to be set on outbound updates.

Why this answer

The route-map is applied to outbound updates to neighbor 10.0.0.2. It sets the BGP community value to 65001:100 on all routes advertised to that neighbor. The community is a well-known transitive attribute that can be used for routing policy.

38
Drag & Dropmedium

Drag and drop the steps of DNA Center site hierarchy creation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Site hierarchy creation begins with defining the top-level area (e.g., continent), then building down to building, floor, and finally assigning devices to the floor.

39
Drag & Dropmedium

Drag and drop the steps of Cisco DNA Center software image update (SWIM) process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The SWIM process starts with the administrator importing the new image into the Cisco DNA Center image repository. Next, the image is distributed to the target devices. A pre-check verifies device compatibility and available storage.

Then the device is rebooted with the new image. Finally, a post-check confirms the device is running the desired image and operational.

40
Drag & Dropmedium

Drag and drop the steps of DNA Center network discovery and device sync into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Discovery starts with defining the discovery scope, running the discovery, adding discovered devices to inventory, syncing device details, and finally assigning devices to a site.

41
MCQmedium

Consider the following configuration snippet from a Cisco IOS-XE router: router eigrp 100 network 10.0.0.0 network 192.168.1.0 passive-interface default no passive-interface GigabitEthernet0/0 What is the effect of the passive-interface commands?

A.EIGRP hellos are suppressed on all interfaces except GigabitEthernet0/0.
B.EIGRP hellos are sent on all interfaces, but updates are blocked.
C.EIGRP adjacency is formed on all interfaces except GigabitEthernet0/0.
D.EIGRP is disabled on all interfaces.
AnswerA

The default passive suppresses hellos on all interfaces, and the no passive allows them on G0/0.

Why this answer

The command 'passive-interface default' makes all interfaces passive by default, meaning they will not send or receive EIGRP hellos. The subsequent 'no passive-interface GigabitEthernet0/0' overrides this for that specific interface, allowing EIGRP adjacency formation on it.

42
MCQmedium

An Ansible playbook uses the cisco.dnac.site module to create a new building site. The playbook is: - name: Create building site cisco.dnac.site: host: "{{ dnac_host }}" username: "{{ dnac_username }}" password: "{{ dnac_password }}" validate_certs: no state: present site: name: Building-B type: building parentName: Area-1 address: "123 Main St" latitude: 37.7749 longitude: -122.4194 register: result What is the purpose of the 'parentName' parameter?

A.It specifies the name of the building's parent in the hierarchy, such as an area or global site.
B.It defines the DNS domain name for the building.
C.It sets the name of the network profile associated with the building.
D.It is used to specify the building's primary IP address.
AnswerA

Correct. The parentName defines where in the site hierarchy the building is placed.

Why this answer

The 'parentName' parameter specifies the name of the parent site (area or global) under which the building is created. This is necessary for building the site hierarchy.

43
Drag & Dropmedium

Drag and drop the steps of DNA Center assurance issue detection and root cause analysis into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Assurance starts with collecting telemetry, detecting an anomaly, raising an issue, correlating data for root cause, and then recommending a remediation action.

44
Matchingmedium

Drag and drop each DNA Center ISE integration component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Shares context and session data between DNA Center and ISE

Enforces security group tags (SGTs) for micro-segmentation

Provides authentication, authorization, and accounting for network access

Manages guest user portal, sponsor workflows, and captive portal

Identifies endpoint device type and attributes for policy enforcement

Why these pairings

ISE integration: pxGrid shares context; TrustSec enforces SGTs; RADIUS provides AAA; Guest services manage guest access; Profiling identifies endpoint types.

45
Matchingmedium

Drag and drop each DNA Center API category on the left to its matching endpoint group on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Endpoints for network discovery, inventory, and topology

Endpoints for site creation, building floors, and maps

Endpoints for device configuration, templates, and software images

Endpoints for command runner, tasks, and events

Endpoints for group-based access control and application policy

Why these pairings

DNA Center API categories: Know Your Network includes discovery and inventory; Site Management handles sites and maps; Connectivity manages network devices; Operational Tasks covers tasks and events.

46
MCQmedium

Consider the following partial configuration for QoS on a Cisco IOS-XE router: class-map match-all VOICE match ip dscp ef ! policy-map QOS_POLICY class VOICE priority 1000 class class-default fair-queue ! interface GigabitEthernet0/0 service-policy output QOS_POLICY What is the effect of the 'priority 1000' command under class VOICE?

A.Voice traffic is placed in a strict priority queue with a bandwidth limit of 1000 kbps.
B.Voice traffic is given a minimum bandwidth guarantee of 1000 kbps but no priority.
C.Voice traffic is dropped if it exceeds 1000 kbps.
D.Voice traffic is shaped to 1000 kbps.
AnswerA

The priority command creates a low-latency queue with a rate limit.

Why this answer

The 'priority' command in a policy-map provides strict priority queuing (low-latency queue) for the matching traffic, with a bandwidth guarantee of 1000 kbps. This ensures that voice traffic (marked with DSCP EF) is serviced before other traffic, up to the specified rate.

47
MCQmedium

Examine the following partial Cisco IOS-XE configuration: interface GigabitEthernet0/1 switchport mode access switchport access vlan 10 ip access-group ACL_IN in spanning-tree portfast What is the effect of this configuration?

A.The port will immediately transition to forwarding state, reducing STP convergence time for end hosts.
B.The port will become a trunk port and participate in VLAN trunking.
C.The port will use Rapid PVST+ and immediately forward after a link failure.
D.The port will block all inbound traffic due to the ACL.
AnswerA

spanning-tree portfast on an access port causes immediate forwarding, as intended for host ports.

Why this answer

The configuration enables PortFast on an access port, allowing it to transition directly to forwarding state, bypassing the listening and learning phases. This is commonly used for end-host ports to avoid delays caused by spanning-tree convergence.

48
Drag & Dropmedium

Drag and drop the steps of DNA Center network discovery and device sync into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with defining the discovery range (IP/subnet), then running the discovery, then the discovered devices are added to inventory, then DNA Center syncs the device configurations, and finally the devices are assigned to sites. This ensures devices are properly discovered, inventoried, and placed in the hierarchy.

49
Drag & Dropmedium

Drag and drop the steps of DNA Center SWIM (Software Image Management) upgrade flow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order begins with importing the image into the image repository, then distributing the image to the device, then activating the image (setting it as the boot image), then rebooting the device, and finally verifying the new version. This ensures a controlled upgrade process.

50
MCQhard

A network engineer is troubleshooting an issue where Cisco DNA Center is not sending configuration changes to a group of switches. The engineer checks the Provisioning dashboard and sees that the devices are in 'Pending' state. The engineer has already created the intent (network profile) and assigned it to the site. What is the most likely cause?

A.The engineer has not executed the Provision workflow to deploy the configuration.
B.The devices are not reachable from DNA Center.
C.The DNA Center appliance is out of disk space.
D.The network profile contains an invalid configuration.
AnswerA

Correct because 'Pending' means the configuration is ready but not yet deployed; the engineer must run the Provision workflow.

Why this answer

In Cisco DNA Center, provisioning is a multi-step process. After creating intent, the engineer must explicitly run the Provision workflow to push the configuration. The 'Pending' state indicates that the intent has been defined but not yet deployed.

The engineer must start the provisioning job to push the configuration to the devices.

51
MCQmedium

A network engineer is deploying Cisco DNA Center in a large campus network with 5000+ devices. After initial setup, the engineer notices that the Assurance module is not receiving telemetry data from many access switches. The switches are running IOS-XE 16.12 and are reachable via SNMP. What is the most likely cause of this issue?

A.The switches are not configured with NETCONF/YANG or telemetry streaming.
B.The DNA Center appliance is not licensed for the Assurance module.
C.The switches are not running the correct IOS-XE version for DNA Center compatibility.
D.The SNMP community string is incorrect on the switches.
AnswerA

Correct because Assurance requires telemetry streaming (e.g., model-driven telemetry) from devices; SNMP alone is insufficient.

Why this answer

Cisco DNA Center Assurance relies on telemetry data collected via NETCONF/YANG or gRPC, not just SNMP. If the switches are not configured for telemetry, Assurance will not receive the necessary data. SNMP is used for inventory and basic monitoring, but not for the rich telemetry required by Assurance.

52
Matchingmedium

Drag and drop each DNA Center package on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides network analytics, health scores, and troubleshooting insights

Automates device onboarding, configuration templates, and software image management

Creates hierarchical network designs, sites, and global network settings

Defines and enforces access control, segmentation, and QoS policies

Orchestrates workflows for device replacement and network changes

Why these pairings

Cisco DNA Center packages: Assurance provides analytics and troubleshooting; Provision automates device configuration; Design creates network hierarchy and settings; Policy manages access and segmentation.

53
Drag & Dropmedium

Drag and drop the steps of DNA Center assurance issue detection and root cause into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with collecting telemetry from devices, then analyzing the data to detect anomalies, then generating an issue, then identifying the root cause via guided remediation, and finally presenting the resolution steps. This aligns with Cisco's assurance workflow.

54
MCQmedium

A network engineer writes the following Python script to retrieve the list of devices from Cisco DNA Center using the REST API: import requests import json url = "https://dna-center.local/dna/intent/api/v1/network-device" headers = { "Content-Type": "application/json", "X-Auth-Token": "valid-token-here" } response = requests.get(url, headers=headers, verify=False) if response.status_code == 200: devices = response.json() for device in devices["response"]: print(device["hostname"]) else: print("Error:", response.status_code) What is the issue with this code?

A.The code uses verify=False which is insecure but functional; the main issue is missing pagination handling.
B.The URL is incorrect; it should be /dna/intent/api/v1/network-device/list.
C.The code does not handle authentication properly; it should use Basic Auth.
D.The code fails because it does not import the json module correctly.
AnswerA

Correct. The API may return multiple pages, but the code only retrieves the first page. It should check for a 'lastIndex' field and loop to fetch all pages.

Why this answer

The code does not handle pagination. Cisco DNA Center API returns a maximum of 500 devices by default, and if more exist, the response includes a 'lastIndex' or similar field. The code only processes the first page.

55
Drag & Dropmedium

Drag and drop the steps of Cisco DNA Center device onboarding via PnP into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The PnP onboarding process begins with the device obtaining an IP address via DHCP and receiving the PnP server address from DHCP options. The device then discovers the Cisco DNA Center PnP server and authenticates using a certificate or credentials. After authentication, the device downloads its Day 0 configuration and image from DNA Center.

Finally, the device applies the configuration and joins the fabric or network.

56
MCQmedium

Examine the following HSRP configuration on a Cisco IOS-XE switch: interface Vlan10 ip address 10.0.0.2 255.255.255.0 standby 10 ip 10.0.0.1 standby 10 priority 150 standby 10 preempt What is the effect of the 'standby 10 preempt' command?

A.The router will immediately become the active router if it has a higher priority than the current active.
B.The router will become active only if the current active fails.
C.The router will send a gratuitous ARP to update the virtual MAC address.
D.The router will lower its priority to avoid becoming active.
AnswerA

Preempt enables the router to take over the active role when it has a higher priority.

Why this answer

The preempt command allows this router to become the active HSRP router if it has a higher priority than the current active router. Without preempt, the router with higher priority would not take over unless the current active fails.

57
Drag & Dropmedium

Drag and drop the steps of DNA Center template deployment to a device into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Template deployment starts with creating the template, then associating it with a site, committing the changes, deploying to the target device, and verifying the deployment.

58
Matchingmedium

Drag and drop each DNA Center ISE integration component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enables real-time context sharing between DNA Center and ISE

Defines and enforces security group access policies across the network

Provides authentication, authorization, and accounting for network access

Carries security group tag information in data packets for policy enforcement

Allows manual configuration of ISE policies and user identity stores

Why these pairings

ISE integration: pxGrid shares context data; TrustSec enforces segmentation; RADIUS provides authentication; SGT carries security group tags.

Ready to test yourself?

Try a timed practice session using only Cisco DNA Center questions.