CCNA Python for Network Automation Questions

58 questions · Python for Network Automation · All types, answers revealed

1
Drag & Dropmedium

Drag and drop the steps of NAPALM get_facts() retrieval from IOS-XE device into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the NAPALM library, then establishing a connection to the device, calling get_facts() to retrieve device facts, processing the returned dictionary, and finally closing the connection to free resources.

2
Matchingmedium

Drag and drop each Python data structure on the left to its matching network config use on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Storing key-value pairs for device configuration parameters

Ordered collection of configuration commands or interface names

Immutable sequence for storing device credentials

Unordered collection of unique VLAN IDs

Immutable set of allowed SNMP communities

Why these pairings

dict stores key-value config pairs like interface settings, list stores ordered config lines, tuple stores immutable device credentials, set stores unique VLAN IDs, and frozenset stores immutable sets of allowed protocols.

3
Matchingmedium

Drag and drop each HTTP method on the left to its matching REST operation on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve a resource

Create a new resource

Replace an existing resource entirely

Remove a resource

Apply partial modifications to a resource

Why these pairings

GET retrieves; POST creates; PUT replaces; DELETE removes; PATCH partially updates.

4
Multi-Selecthard

Which three statements about using Python for interacting with Cisco IOS-XE devices via NETCONF and RESTCONF are true? (Choose three.)

Select 3 answers
A.The ncclient Python library can be used to establish a NETCONF session with a Cisco IOS-XE device and retrieve YANG-modeled data.
B.RESTCONF uses HTTP methods such as GET, POST, PUT, and DELETE to access YANG-defined data on a network device.
C.YANG models define the structure and constraints of data that can be accessed via NETCONF or RESTCONF.
D.RESTCONF only supports data encoding in YAML format.
E.NETCONF is always faster than RESTCONF for retrieving large amounts of data because it uses a binary encoding.
AnswersA, B, C

Correct because ncclient is a widely used Python library that implements NETCONF client functionality, allowing retrieval and manipulation of YANG-defined data on devices that support NETCONF.

Why this answer

The correct answers cover key aspects: ncclient is the standard Python library for NETCONF, RESTCONF uses HTTP methods like PUT for creating resources, and YANG models define the data structures. The incorrect options misrepresent RESTCONF's data format (it uses JSON/XML, not YAML), incorrectly state that NETCONF is always faster (it is XML-based and can be slower), and wrongly claim that ncclient is deprecated.

5
MCQmedium

A network engineer is writing a Python script to automate the backup of running configurations from a list of 50 Cisco IOS-XE devices. The script uses the netmiko library and a for loop to connect to each device, execute 'show run', and write the output to a file. After running the script, the engineer notices that the script fails on the 15th device with a timeout error, and the remaining devices are not processed. The engineer wants to ensure that if one device fails, the script continues with the next device. What is the best way to modify the script?

A.Increase the global timeout value in the netmiko connection handler.
B.Use the concurrent.futures module to run each connection in a separate thread.
C.Wrap the connection and backup logic inside a try-except block within the for loop.
D.Replace the for loop with a while loop that retries the connection three times before moving on.
AnswerC

Correct because a try-except block catches the exception for the failing device and allows the loop to continue to the next device.

Why this answer

The correct answer uses a try-except block to catch exceptions and continue the loop. Option A is incorrect because removing the timeout will not prevent the script from stopping on failure. Option B is incorrect because multithreading adds complexity and does not inherently handle failures gracefully.

Option D is incorrect because a while loop does not solve the issue of handling exceptions within the loop.

6
Drag & Drophard

Drag and drop the steps of gNMI Subscribe RPC using Python gRPC library into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with generating gNMI protobuf stubs, then creating a gRPC channel and stub. Next, a SubscribeRequest is built with paths and mode, the Subscribe RPC is called, and finally responses are iterated from the stream.

7
MCQmedium

Consider the following Python script using the requests library to interact with a Cisco IOS-XE device via RESTCONF: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=1/0/1' headers = { 'Accept': 'application/yang-data+json', 'Content-Type': 'application/yang-data+json' } auth = HTTPBasicAuth('admin', 'cisco') response = requests.get(url, headers=headers, auth=auth, verify=False) print(response.json()) ``` What is the script attempting to do?

A.It updates the IP address of GigabitEthernet1/0/1.
B.It retrieves the configuration of GigabitEthernet1/0/1 in JSON format.
C.It deletes the interface configuration.
D.It creates a new interface.
AnswerB

The GET request with Accept header for YANG data+JSON retrieves the interface configuration.

Why this answer

The script sends a GET request to retrieve the configuration of GigabitEthernet1/0/1 using RESTCONF.

8
Multi-Selecthard

Which three statements about Python functions and modules for network automation are true? (Choose three.)

Select 3 answers
A.Using functions helps avoid code duplication and improves script maintainability.
B.The os module is used to parse JSON data from network device responses.
C.The json module is used to convert JSON strings to Python dictionaries.
D.The csv module is used to parse JSON data from network devices.
E.The re module is useful for extracting specific patterns from device show command output.
AnswersA, C, E

Correct because functions encapsulate reusable logic, reducing duplication and making scripts easier to maintain.

Why this answer

Correct answers: A, C, and E. A is correct because functions promote code reuse and readability by encapsulating logic. C is correct because the json module is essential for parsing JSON responses from REST APIs.

E is correct because the re module allows pattern matching in device outputs, such as parsing 'show' command results. B is incorrect because the os module is for operating system interactions, not for parsing JSON. D is incorrect because the csv module is for reading/writing CSV files, not for parsing JSON.

9
Drag & Dropmedium

Drag and drop the steps of Jinja2 template rendering for device config generation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The process begins by importing the Jinja2 Environment and FileSystemLoader, creating an environment with a loader pointing to the template directory, loading the template file, defining a dictionary with variables, and finally calling render() to produce the configuration string.

10
MCQeasy

Which BGP attribute is preferred when it has the lowest value?

A.Local Preference
B.Weight
C.MED (Multi-Exit Discriminator)
D.AS Path
AnswerC

MED is used to influence inbound traffic; lower MED is preferred.

Why this answer

BGP uses the MED (Multi-Exit Discriminator) attribute to influence inbound traffic; lower MED is preferred.

11
Matchingmedium

Drag and drop each HTTP method on the left to its matching REST operation on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Retrieve a resource (read data)

Create a new resource

Update or replace an existing resource

Remove a resource

Partially modify an existing resource

Why these pairings

GET retrieves a resource, POST creates a new resource, PUT updates/replaces a resource, DELETE removes a resource, and PATCH partially modifies a resource.

12
MCQeasy

What is the default OSPF hello interval on an Ethernet link?

A.5 seconds
B.10 seconds
C.30 seconds
D.40 seconds
AnswerB

The default OSPF hello interval on Ethernet (broadcast) links is 10 seconds.

Why this answer

OSPF uses a default hello interval of 10 seconds on broadcast and point-to-point links like Ethernet.

13
MCQmedium

Consider the following Python script that uses the requests library to delete a VLAN via RESTCONF on a Cisco IOS-XE device: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/vlan=10' headers = { 'Accept': 'application/yang-data+json', 'Content-Type': 'application/yang-data+json' } auth = HTTPBasicAuth('admin', 'cisco') response = requests.delete(url, headers=headers, auth=auth, verify=False) print(response.status_code) ``` What is the expected outcome if the VLAN 10 exists?

A.It will retrieve the configuration of VLAN 10.
B.It will create VLAN 10 if it does not exist.
C.It will delete VLAN 10 from the device configuration.
D.It will return an error because the payload is missing.
AnswerC

The DELETE method removes the specified resource.

Why this answer

A DELETE request to the VLAN resource will remove VLAN 10 from the device configuration.

14
Matchingmedium

Drag and drop each Netmiko device type on the left to its matching OS on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco IOS

Cisco NX-OS

Cisco IOS-XR

Cisco IOS-XE

Cisco ASA

Why these pairings

cisco_ios maps to IOS, cisco_nxos to NX-OS, cisco_xr to IOS-XR, and cisco_xe to IOS-XE. The fifth pair cisco_asa maps to ASA.

15
MCQmedium

A network engineer is using the Cisco Meraki Dashboard API to automate the creation of VLANs across multiple networks. The engineer writes a Python script that uses the 'createNetworkVlan' endpoint. The script runs successfully for the first few networks, but then starts returning HTTP 429 errors. The engineer checks the API documentation and finds that the Meraki API has rate limits. The script currently sends requests as fast as possible. What should the engineer implement to avoid hitting the rate limit?

A.Reduce the number of networks being processed in a single script run.
B.Increase the 'per-second' rate limit by setting a higher value in the API request header.
C.Add a retry mechanism with exponential backoff when a 429 response is received.
D.Switch to using the Meraki API version 1.0 which has no rate limits.
AnswerC

Correct because exponential backoff is a standard technique to handle rate limits by pausing and retrying after increasing intervals.

Why this answer

The correct answer is to implement exponential backoff with retries. Option A is incorrect because reducing the number of networks does not solve the rate limit issue for the remaining networks. Option B is incorrect because increasing the limit is not possible; the limit is enforced by the API.

Option D is incorrect because using a different API version does not change the rate limit policy.

16
Matchingmedium

Drag and drop each NAPALM getter on the left to its matching returned data on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Device hostname, vendor, model, OS version, serial number

Interface name, description, IP address, status, speed

BGP neighbor IP, remote AS, state, uptime

LLDP neighbor device ID, port ID, platform

Power supply, fan, temperature status

Why these pairings

get_facts returns device facts like hostname and OS version, get_interfaces returns interface details, get_bgp_neighbors returns BGP neighbor information, get_lldp_neighbors returns LLDP neighbor data, and get_environment returns power and fan status.

17
Drag & Dropmedium

Drag and drop the steps of Netmiko multi-threaded device polling workflow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The workflow begins by importing required modules (threading and Netmiko), defining a function for device connection and command execution, creating a list of devices, then using threading.Thread to spawn threads for each device, and finally joining threads to wait for completion.

18
Drag & Dropmedium

Drag and drop the steps of connecting to a network device via Netmiko into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the Netmiko library, then creating a device dictionary with connection parameters, establishing the SSH connection using ConnectHandler, sending a command (e.g., 'show ip interface brief'), and finally closing the connection with disconnect(). This sequence follows standard Netmiko workflow for device access.

19
Drag & Dropmedium

Drag and drop the steps of Jinja2 template rendering for device config generation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The process begins by loading the Jinja2 environment and template file, then defining a dictionary with configuration variables. Next, the template is rendered with those variables, the resulting configuration string is printed or saved, and finally it can be pushed to the device.

20
Drag & Dropmedium

Drag and drop the steps of parsing 'show interfaces' output using TextFSM into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, the raw CLI output is captured from the device. Then, the TextFSM template file is loaded. The TextFSM parser is initialized with the template.

The parsed data is extracted using the ParseText method. Finally, the structured data (list of dictionaries) is accessed for further processing.

21
MCQhard

A network engineer configures model-driven telemetry on a Cisco IOS-XE device using gRPC dial-out. The subscription configuration snippet is: ``` telemetry ietf subscription 100 encoding encode-kvgpb filter xpath /interfaces/interface/statistics stream yang-push update-policy periodic 500 receiver ip address 10.1.1.1 50001 protocol grpc-tcp ``` What is the primary issue with this configuration?

A.The 'encoding' should be 'encode-json' or 'encode-gpb' instead of 'encode-kvgpb' for gRPC.
B.The 'stream' should be 'yang-notif' instead of 'yang-push'.
C.The 'update-policy periodic' value must be between 100 and 1000 milliseconds.
D.The 'receiver' command should specify 'protocol grpc' instead of 'grpc-tcp'.
AnswerA

KVGPB is not a standard encoding for gRPC; JSON or GPB are used.

Why this answer

The 'encoding' command uses 'encode-kvgpb' which is incorrect. The correct encoding keyword for gRPC is 'encode-kvgpb'? Actually, in IOS-XE, the encoding for gRPC is 'encode-kvgpb' (Key-Value GPB) or 'encode-json'. However, the command 'encoding encode-kvgpb' is valid.

Another issue: The 'receiver' command should specify 'ip address' but the syntax is 'receiver ip address <ip> <port> protocol <protocol>'. That seems correct. Wait, the protocol should be 'grpc-tcp' which is valid.

The real issue might be that the subscription uses 'stream yang-push' but the filter xpath is not properly scoped. However, a common mistake is that the 'update-policy periodic' requires a time in seconds, but 500 is valid. Let me think: The major issue is that the 'receiver' command is missing the 'protocol' keyword? Actually, it's there.

Hmm. Perhaps the issue is that the encoding 'encode-kvgpb' is not supported for gRPC; it should be 'encode-json' or 'encode-gpb'. In IOS-XE, for gRPC dial-out, the encoding is typically 'encode-json' or 'encode-gpb' (Google Protocol Buffers). 'kvgpb' is a different format.

So the correct answer is that 'encode-kvgpb' is invalid; it should be 'encode-json' or 'encode-gpb'.

22
MCQmedium

A network engineer uses NAPALM to retrieve the ARP table from a Cisco IOS-XE device: ```python from napalm import get_network_driver driver = get_network_driver('ios') device = driver('192.168.1.1', 'admin', 'cisco123') device.open() arp_table = device.get_arp_table() print(arp_table) device.close() ``` What is the expected data type of arp_table?

A.A list of dictionaries, each with keys such as 'interface', 'ip', 'mac', and 'age'.
B.A dictionary with keys 'arp_table' and a list of tuples.
C.A string containing the raw CLI output of 'show arp'.
D.A list of strings, each representing an ARP entry.
AnswerA

NAPALM returns structured data as a list of dictionaries for ARP entries.

Why this answer

NAPALM's get_arp_table() returns a list of dictionaries, each containing keys like 'interface', 'ip', 'mac', and 'age'. This is standard across all NAPALM drivers.

23
MCQmedium

An engineer is using the Cisco DNA Center REST API to retrieve a list of network devices and their health scores. The engineer writes a Python script using the requests library. The script successfully retrieves data for the first 100 devices, but when trying to get the next 100, the API returns an empty list. The engineer checks the API documentation and finds that the endpoint supports pagination with the 'offset' and 'limit' parameters. The current script does not handle pagination. What should the engineer do to retrieve all devices?

A.Increase the 'limit' parameter to 1000 in a single API call.
B.Use the 'next' URL from the response headers to automatically fetch the next page.
C.Write a loop that increments the 'offset' parameter by the 'limit' value until all pages are retrieved.
D.Switch to using the Cisco DNA Center Python SDK which handles pagination automatically.
AnswerC

Correct because this implements standard pagination by adjusting the offset parameter in each iteration until no more data is returned.

Why this answer

The correct answer implements a loop that increments the offset parameter until all pages are retrieved. Option A is incorrect because increasing the limit may exceed the maximum allowed value. Option B is incorrect because the API does not return a 'next' link in this scenario.

Option D is incorrect because using a different library does not solve the pagination issue.

24
MCQmedium

Examine this Python script that uses the napalm library to manage a Cisco IOS-XE device: ```python from napalm import get_network_driver driver = get_network_driver('ios') device = driver('192.168.1.1', 'admin', 'cisco') device.open() print(device.get_facts()) device.close() ``` What is the output of this script?

A.It displays the running configuration of the device.
B.It prints a dictionary containing device facts like hostname, model, uptime, etc.
C.It applies a configuration change to the device.
D.It tests connectivity to the device using ICMP.
AnswerB

get_facts() returns a dictionary with device information.

Why this answer

The script uses NAPALM to retrieve device facts such as hostname, OS version, serial number, etc.

25
MCQmedium

Examine the following Python script snippet that uses netmiko to configure a Cisco IOS-XE device: ```python from netmiko import ConnectHandler device = { 'device_type': 'cisco_ios', 'ip': '192.168.1.1', 'username': 'admin', 'password': 'cisco', } connection = ConnectHandler(**device) output = connection.send_command('show ip interface brief') print(output) connection.disconnect() ``` What is the primary purpose of this script?

A.It configures an IP address on an interface.
B.It retrieves and prints the output of 'show ip interface brief'.
C.It saves the running configuration to startup configuration.
D.It backs up the configuration to a TFTP server.
AnswerB

The script connects, sends a show command, prints the output, and disconnects.

Why this answer

The script uses netmiko to connect to a Cisco device and retrieve the output of 'show ip interface brief'.

26
MCQmedium

A network engineer writes a Python script using Paramiko to execute a command on a Cisco IOS device: ```python import paramiko ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect('192.168.1.1', username='admin', password='cisco123') stdin, stdout, stderr = ssh.exec_command('show version') output = stdout.read().decode() print(output) ssh.close() ``` What is a potential issue with this approach?

A.The script will work fine because exec_command() sends the command over SSH.
B.The script will fail because the username and password are passed as plaintext; Paramiko requires key-based authentication.
C.The script will fail because Cisco IOS does not support SSH command execution; it requires an interactive shell session.
D.The script will fail because the output should be read using stdout.readlines() instead of stdout.read().
AnswerC

Paramiko's exec_command() opens a single channel that may not work with IOS; using invoke_shell() is needed.

Why this answer

Paramiko's exec_command() is designed for SSH command execution, but Cisco IOS devices do not support direct command execution via SSH like Unix systems. Instead, the device expects an interactive shell. The command may not execute or may return an error because the SSH channel is not a shell.

Netmiko or similar libraries handle this by opening a shell and sending commands.

27
MCQmedium

Examine the following Python script that uses the netmiko library to send configuration commands to a Cisco IOS-XE device: ```python from netmiko import ConnectHandler device = { 'device_type': 'cisco_ios', 'ip': '192.168.1.1', 'username': 'admin', 'password': 'cisco', } connection = ConnectHandler(**device) config_commands = [ 'interface GigabitEthernet1/0/1', 'description Link to Core', 'ip address 10.1.1.1 255.255.255.0', 'no shutdown' ] output = connection.send_config_set(config_commands) print(output) connection.disconnect() ``` What is the purpose of this script?

A.It retrieves the running configuration of the device.
B.It configures interface GigabitEthernet1/0/1 with a description, IP address, and enables it.
C.It saves the configuration to the startup configuration.
D.It tests connectivity to the device using ping.
AnswerB

The commands configure the interface as described.

Why this answer

The script sends configuration commands to configure an interface with a description, IP address, and enable it.

28
Matchingmedium

Drag and drop each NAPALM getter on the left to its matching returned data on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Hostname, vendor, model, uptime

Interface name, status, MAC address, speed

BGP peer IP, ASN, state, prefixes

LLDP neighbor device ID, port ID

NTP server IP, stratum, offset

Why these pairings

get_facts returns device info like hostname, vendor; get_interfaces returns interface details; get_bgp_neighbors returns BGP peer info.

29
MCQhard

A network engineer is automating the configuration of VLANs on a Cisco Nexus 9000 switch using Python and the NX-API. The engineer sends a Python dictionary with the CLI commands to the API and receives a successful response. However, when checking the switch, the VLANs are not created. The engineer verifies that the credentials and IP address are correct, and the API is enabled. The engineer also notices that the API response contains a 'code' field of '200' and a 'result' field that shows the command output. What is the most likely cause of the issue?

A.The API response code of 200 indicates an error, and the engineer should check for a different status code.
B.The VLAN commands are incorrect; the engineer should use 'vlan 10' instead of 'vlan 10-20'.
C.The engineer used the 'show' message type in the API request instead of 'cli_conf'.
D.The switch requires a 'commit' command after configuration changes via NX-API.
AnswerC

Correct because NX-API requires the 'cli_conf' type to execute configuration commands; 'show' only executes show commands and does not apply changes.

Why this answer

The correct answer is that the engineer used the 'show' command type instead of 'cli_conf' for configuration commands. Option A is incorrect because a 200 response indicates the API call was successful. Option B is incorrect because the commands are valid.

Option D is incorrect because the API does not require a commit command by default.

30
MCQhard

An engineer is writing a Python script to parse the output of 'show ip interface brief' from multiple Cisco routers. The engineer uses the netmiko library to collect the output and then uses regular expressions to extract the interface name, IP address, and status. The script works correctly for most routers, but on one router, the output format is slightly different (e.g., extra spaces or different column headers). The engineer wants to make the parsing more robust. What is the best approach?

A.Write a custom parser that handles each router's output format individually.
B.Use the 'split()' method to tokenize each line and then extract the relevant fields by position.
C.Use the 'textfsm' library with a pre-defined template for 'show ip interface brief'.
D.Use the 're' module with a more complex regular expression that accounts for optional whitespace.
AnswerC

Correct because textfsm templates are designed to handle variations in output format and provide structured data.

Why this answer

The correct answer is to use the 'textfsm' library with a pre-defined template for 'show ip interface brief'. Option A is incorrect because it is not scalable for many devices. Option B is incorrect because it does not handle format variations.

Option D is incorrect because it does not change the parsing logic.

31
Drag & Dropmedium

Drag and drop the steps of NAPALM get_facts() retrieval from IOS-XE device into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the NAPALM library and driver, then creating a driver object with device credentials, calling the open() method to establish the connection, invoking get_facts() to retrieve device facts, and finally closing the connection.

32
Multi-Selectmedium

Which two statements about Python data structures used in network automation are true? (Choose two.)

Select 2 answers
A.Tuples are commonly used to store device credentials because they can be modified easily.
B.Dictionaries are used to store key-value pairs such as device IP, username, and password.
C.Sets are ordered and allow indexing to retrieve specific elements.
D.Lists are ordered and can be used to store multiple device names for iteration.
E.Strings are mutable and ideal for storing multiple device configurations.
AnswersB, D

Correct because dictionaries map keys to values, which is perfect for storing device parameters like IP, username, and password.

Why this answer

Correct answers: B and D. B is correct because dictionaries are ideal for storing key-value pairs such as device parameters (IP, username, password). D is correct because lists are ordered and can hold multiple device names or IPs, and they support iteration.

A is incorrect because tuples are immutable, so they cannot be modified after creation, which limits their use for dynamic data. C is incorrect because sets are unordered and do not support indexing; they are used for unique elements, not ordered collections. E is incorrect because strings are immutable and not suitable for storing multiple separate values.

33
MCQmedium

A network engineer writes the following Python script using Netmiko to configure a Cisco IOS-XE device: ```python from netmiko import ConnectHandler device = { 'device_type': 'cisco_ios', 'ip': '192.168.1.1', 'username': 'admin', 'password': 'cisco123', } connection = ConnectHandler(**device) output = connection.send_command('show ip interface brief') print(output) connection.disconnect() ``` What is the primary issue with this script?

A.The script will fail because the device_type should be 'cisco_ios_xe' for IOS-XE devices.
B.The script will fail because the send_command method cannot be used for show commands; it requires send_command_timing.
C.The script will fail because the device is not in enable mode, and 'show ip interface brief' may not execute or return restricted output.
D.The script will fail because the password is not encrypted; Netmiko requires an encrypted password.
AnswerC

Without enable mode, the command may be rejected or return limited output. The script should call connection.enable() after connecting.

Why this answer

The script does not enable privileged EXEC mode (enable) before running 'show ip interface brief', which requires privilege level 15. Netmiko's send_command does not automatically enter enable mode unless the device_type expects it, and cisco_ios requires an explicit enable() call or use of secret parameter.

34
Multi-Selectmedium

Which two statements about using Python for network automation are true? (Choose two.)

Select 2 answers
A.The netmiko library is commonly used to automate SSH connections to Cisco devices.
B.The paramiko library provides a high-level API for network automation tasks.
C.The requests library can be used to send HTTP requests to REST APIs on network devices.
D.The telnetlib library is recommended for secure network automation.
E.The scapy library is used to send configuration commands to network devices.
AnswersA, C

Correct because netmiko is a popular Python library that simplifies SSH connections to network devices and supports sending commands and retrieving output.

Why this answer

Correct answers: A and C. A is correct because the netmiko library simplifies SSH connections to network devices and is widely used for sending commands. C is correct because the requests library can be used to interact with REST APIs on devices like Cisco DNA Center or IOS-XE.

B is incorrect because paramiko is a low-level SSH library, not a high-level one; netmiko is built on paramiko but adds higher-level abstractions. D is incorrect because the telnetlib library is for Telnet, which is insecure and rarely used in modern automation. E is incorrect because the scapy library is for packet manipulation and network scanning, not for sending configuration commands.

35
Drag & Dropmedium

Drag and drop the steps of REST API call using Requests library to DNA Center into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the Requests library, sending a POST request to the authentication endpoint with credentials, extracting the token from the JSON response, using the token in headers for a GET request to a resource endpoint, and finally parsing the JSON response.

36
Multi-Selectmedium

Which two statements about using Python for network automation with Cisco devices are true? (Choose two.)

Select 2 answers
A.Netmiko is a Python library that simplifies SSH connections to network devices by handling authentication and session establishment.
B.NAPALM can be used to retrieve operational state data from network devices using a vendor-agnostic API.
C.Python scripts for network automation are compiled into native machine code for faster execution.
D.The netmiko library can only be used with Cisco IOS devices.
E.Paramiko is a higher-level library than Netmiko and provides additional automation features.
AnswersA, B

Correct because Netmiko is built on Paramiko and provides a higher-level interface for SSH connections, including automatic handling of device prompts and authentication.

Why this answer

The correct answers highlight key aspects of Python automation: Netmiko simplifies SSH management by handling authentication and connection, and NAPALM provides a vendor-agnostic API for retrieving operational data. The incorrect options misrepresent Python's role: Python does not compile to native machine code (it is interpreted), netmiko is not limited to Cisco (it supports many vendors), and paramiko is lower-level than Netmiko, not the other way around.

37
Drag & Dropmedium

Drag and drop the steps of using a Python REST API call to retrieve device configuration via Cisco DNA Center into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The process begins with authenticating to the DNA Center API to obtain a token. Then, the device UUID is retrieved using a GET request to the device list endpoint. Next, a GET request is sent to fetch the running configuration for that device.

The JSON response is parsed to extract the configuration text. Finally, the configuration is saved to a local file.

38
MCQhard

An engineer is using the Cisco pyATS framework to test the configuration of a new QoS policy on a router. The engineer writes a testbed file and a test script that logs into the router, applies the configuration, and then verifies the output of 'show policy-map interface'. The test script fails because the verification step cannot find the expected output. The engineer confirms that the configuration was applied successfully. What is the most likely cause of the failure?

A.The pyATS library requires Python 3.8 or later, and the engineer is using an older version.
B.The testbed file has incorrect credentials for the router.
C.The test script does not include a sleep or wait mechanism after applying the configuration.
D.The test script uses the 'genie' library instead of 'pyats' for parsing.
AnswerC

Correct because QoS policies may take a few seconds to be reflected in the output; the script should wait before verifying.

Why this answer

The correct answer is that the test script is not waiting long enough for the QoS policy to take effect. Option A is incorrect because pyATS does not require a specific Python version. Option B is incorrect because the testbed file is correct.

Option D is incorrect because the script is using the correct library.

39
MCQmedium

What is the maximum hop count for EIGRP?

A.15
B.100
C.255
D.Unlimited
AnswerB

EIGRP's default maximum hop count is 100, configurable up to 255.

Why this answer

EIGRP has a default maximum hop count of 100, but it can be configured up to 255.

40
MCQeasy

A network engineer is automating the deployment of a new VLAN configuration across 100 Cisco IOS-XE switches using Ansible. The engineer writes a playbook that uses the 'ios_config' module. The playbook runs, but the engineer notices that the configuration is applied to only 50 switches before the playbook stops with an error. The error message indicates that one switch is unreachable. The engineer wants to ensure that the playbook continues with the remaining switches even if some are unreachable. What Ansible configuration should the engineer use?

A.Set 'timeout: 60' in the playbook to allow more time for connections.
B.Set 'gather_facts: no' to speed up the playbook and avoid timeouts.
C.Set 'ignore_errors: yes' on the task that configures the VLAN.
D.Set 'serial: 10' to run the playbook on 10 switches at a time.
AnswerC

Correct because this tells Ansible to continue even if the task fails on a host.

Why this answer

The correct answer is to set 'ignore_errors: yes' on the task or use 'max_fail_percentage'. Option A is incorrect because increasing the timeout does not prevent the playbook from stopping. Option B is incorrect because 'gather_facts: no' is unrelated.

Option D is incorrect because 'serial' controls batch size, not error handling.

41
MCQhard

A network engineer writes an Ansible playbook to gather facts from a Cisco IOS device using the ios_facts module: ```yaml --- - name: Gather IOS Facts hosts: ios_devices gather_facts: no tasks: - name: Collect facts cisco.ios.ios_facts: gather_subset: - hardware register: device_facts - name: Show serial number debug: msg: "Serial number is {{ device_facts['ansible_facts']['ansible_net_serialnum'] }}" ``` What is a potential issue with this playbook?

A.The 'gather_subset' parameter is misspelled; it should be 'gather_subset' (correct spelling).
B.The playbook is missing 'connection: network_cli' and 'become: yes' to enable network device access.
C.The registered variable 'device_facts' should be accessed as 'device_facts.ansible_facts.ansible_net_serialnum' using dot notation.
D.The 'hardware' subset is invalid; it should be 'all' to get serial number.
AnswerB

Network modules require these settings to function properly.

Why this answer

The playbook uses 'gather_facts: no' at the play level, which is fine. However, the ios_facts module returns facts under the key 'ansible_facts' by default, but the registered variable 'device_facts' will contain the entire response, including 'ansible_facts' as a subkey. The debug message tries to access 'device_facts['ansible_facts']['ansible_net_serialnum']', which is correct.

But there is a subtle issue: The module 'ios_facts' requires the connection to be 'network_cli' and privilege escalation. If not set, the task may fail. Also, the 'gather_subset' parameter is misspelled as 'gather_subset' instead of 'gather_subset'? Actually, it's 'gather_subset' in the module.

Wait, the correct parameter is 'gather_subset'? Let me check: In cisco.ios.ios_facts, the parameter is 'gather_subset' (with underscore). The playbook uses 'gather_subset' which is correct. Hmm.

Another common issue: The 'ansible_net_serialnum' fact might not be available if the hardware subset does not include it. But hardware subset does include serial number. The real issue might be that the playbook does not specify 'connection: network_cli' and 'become: yes', which are required for network modules.

That is the most likely problem.

42
MCQeasy

A network engineer is automating the collection of syslog messages from a Cisco ASA firewall using a Python script that connects via SSH and runs 'show log'. The script uses the paramiko library. The script works for a few minutes, but then the SSH connection drops with an error 'Server connection dropped'. The engineer suspects that the ASA is closing the connection due to inactivity. What is the best way to keep the connection alive?

A.Increase the buffer size in the paramiko SSH client.
B.Run a dummy command like 'show clock' every 30 seconds to keep the session active.
C.Set the 'keepalive' parameter in the paramiko Transport object to send keepalive packets every 30 seconds.
D.Use the netmiko library instead, which automatically handles keepalives.
AnswerC

Correct because keepalive packets prevent the firewall from closing the idle connection.

Why this answer

The correct answer is to enable keepalive packets in the SSH transport. Option A is incorrect because increasing the buffer size does not prevent disconnection. Option B is incorrect because running a command repeatedly may not be efficient and could interfere with the log collection.

Option D is incorrect because using a different library does not automatically solve the keepalive issue.

43
Drag & Dropmedium

Drag and drop the steps of REST API call using Requests library to DNA Center into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the requests library, then obtaining an authentication token via POST to the login endpoint. Next, the token is used as a header in a GET request to retrieve network devices, the response is parsed as JSON, and finally the token is used for subsequent API calls.

44
MCQmedium

A network engineer uses the Requests library to send a RESTCONF PATCH request to modify the hostname of a Cisco IOS-XE device: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/hostname' headers = {'Content-Type': 'application/yang-data+json'} auth = HTTPBasicAuth('admin', 'cisco123') payload = { 'Cisco-IOS-XE-native:hostname': 'NewRouter' } response = requests.patch(url, json=payload, headers=headers, auth=auth, verify=False) print(response.status_code) ``` What is the expected HTTP status code if the request is successful?

A.200 OK
B.201 Created
C.204 No Content
D.202 Accepted
AnswerC

RESTCONF PATCH returns 204 on success.

Why this answer

In RESTCONF, a successful PATCH request returns 204 No Content, as the resource is modified and no content is returned in the response body. Some implementations may return 200, but the standard is 204.

45
Multi-Selectmedium

Which two statements about using Python for configuration management and templating in network automation are true? (Choose two.)

Select 2 answers
A.Jinja2 templates allow the use of variables and control structures like loops and conditionals to generate network device configurations.
B.A Python script can load a Jinja2 template, render it with device-specific data, and push the resulting configuration to a network device.
C.Jinja2 can be used to execute CLI commands on network devices directly from within the template.
D.Jinja2 is a Python library used for parsing YAML files.
E.Python cannot be used to generate configuration files because it lacks templating capabilities.
AnswersA, B

Correct because Jinja2 is a powerful templating engine that supports variables, for loops, if statements, and filters, making it ideal for generating dynamic configurations.

Why this answer

The correct answers focus on Jinja2 templating and its integration with Python. The incorrect options either misstate Jinja2's capabilities (it does not execute commands), misidentify the library for YAML parsing (PyYAML, not Jinja2), or incorrectly claim that Python cannot be used for configuration generation (it can, via templates).

46
Multi-Selecthard

Which three statements about error handling and debugging in Python network automation scripts are true? (Choose three.)

Select 3 answers
A.Using 'pass' in an except block is a best practice to ignore errors in production scripts.
B.The try-except block allows a script to handle connection timeouts without crashing.
C.Using the logging module helps record errors and debug information to a file.
D.Print statements can be used to debug variable values during script development.
E.The continue statement is used to handle exceptions in Python.
AnswersB, C, D

Correct because try-except catches exceptions like timeouts, allowing the script to take alternative actions or retry.

Why this answer

Correct answers: B, C, and D. B is correct because try-except blocks allow the script to handle exceptions gracefully without crashing. C is correct because logging provides a structured way to record events and errors for later analysis.

D is correct because print statements are a simple debugging technique to output variable values during development. A is incorrect because 'pass' is a no-op statement that silently ignores exceptions, which is not recommended for production code. E is incorrect because the continue statement is used in loops to skip to the next iteration, not for error handling.

47
Drag & Dropmedium

Drag and drop the steps of Netmiko multi-threaded device polling workflow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The workflow begins by importing necessary modules (threading and Netmiko), then defining a function that connects and sends a show command. After that, a list of devices is created, threads are started for each device, and finally all threads are joined to collect results.

48
Matchingmedium

Drag and drop each Python library on the left to its matching network use case on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Multi-vendor SSH connection and command execution

Network automation and configuration management with vendor-agnostic API

Parallel task execution for network automation

Screen-scraping network devices with structured output

Low-level SSH protocol implementation for Python

Why these pairings

Netmiko is used for multi-vendor SSH connections, NAPALM for network automation and configuration management, Nornir for parallel task execution, Scrapli for screen-scraping network devices, and Paramiko for low-level SSH connections.

49
Multi-Selecthard

Which three statements about using Python for device inventory and data serialization in network automation are true? (Choose three.)

Select 3 answers
A.A Python script can read a YAML file containing device hostnames and IP addresses, then use that data to connect to each device and gather inventory information.
B.The json module in Python can be used to serialize a dictionary containing device inventory data into a JSON string for storage or transmission.
C.CSV files can be parsed using Python's csv module to import device inventory data, such as hostname, IP, and credentials, into a script.
D.YAML files in Python cannot contain comments, so all inventory data must be described without explanatory text.
E.JSON is always more human-readable than YAML for complex inventory structures.
AnswersA, B, C

Correct because this is a common pattern: use PyYAML to load a YAML inventory file, iterate over devices, and use Netmiko or NAPALM to collect facts.

Why this answer

The correct answers describe practical uses of Python for inventory management and data handling. The incorrect options either misattribute YAML's features (it does not support comments natively in all parsers) or incorrectly state that JSON is always more human-readable than YAML (YAML is often considered more readable).

50
MCQmedium

A network engineer uses the Cisco DNA Center REST API to retrieve the list of devices. The API returns the following JSON: ```json { "response": [ { "id": "12345678-1234-1234-1234-123456789abc", "managementIpAddress": "192.168.1.1", "hostname": "Router1", "platformId": "ISR4331", "role": "ACCESS", "series": "ISR4300 Series" } ], "version": "1.0" } ``` The engineer writes the following Python code to extract the hostname of the first device: ```python import requests url = 'https://dna-center.local/dna/intent/api/v1/network-device' headers = {'X-Auth-Token': 'valid_token', 'Accept': 'application/json'} response = requests.get(url, headers=headers, verify=False) data = response.json() hostname = data['response'][0]['hostname'] print(hostname) ``` What is a potential issue with this code?

A.The URL is missing the '/v1' version segment.
B.The code does not check if the HTTP response status is 200 before parsing JSON, which could lead to errors if the token is invalid.
C.The 'Accept' header should be 'application/yang-data+json' for DNA Center.
D.The 'X-Auth-Token' header is not the correct authentication method; DNA Center uses Basic Auth.
AnswerB

Without status check, a 401 or 500 error would cause the script to fail unpredictably.

Why this answer

The code assumes the API call succeeds and the 'response' list is non-empty. If the token is expired or the API returns an error, response.json() may not have the expected structure, causing a KeyError or IndexError. The code lacks error handling for HTTP status codes and empty responses.

51
MCQhard

A network engineer writes an Ansible playbook to configure a VLAN on a Cisco Nexus switch: ```yaml --- - name: Configure VLAN hosts: nxos_switches gather_facts: no tasks: - name: Create VLAN 100 cisco.nxos.nxos_vlan: vlan_id: 100 name: test_vlan state: present ``` What is a potential issue with this playbook?

A.The module name is incorrect; it should be 'nxos_vlan_config' instead of 'nxos_vlan'.
B.The playbook is missing the 'connection: network_cli' and 'become: yes' directives to enable privileged mode.
C.The VLAN ID must be a string, not an integer.
D.The 'state: present' is invalid; it should be 'state: create'.
AnswerB

Network modules require network_cli connection and privilege escalation.

Why this answer

The playbook does not specify the connection type or become method. For Cisco NX-OS, Ansible requires connection: network_cli and become: yes with become_method: enable (or ansible_connection: network_cli in inventory). Without these, the module may fail to execute.

52
Matchingmedium

Drag and drop each Netmiko device type on the left to its matching operating system on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco IOS (classic)

Cisco NX-OS

Cisco IOS-XR

Cisco IOS-XE

Arista EOS

Why these pairings

cisco_ios is for classic IOS; cisco_nxos is for NX-OS; cisco_xr is for IOS-XR; cisco_xe is for IOS-XE.

53
MCQmedium

Review the following Python script that uses the Cisco IOS-XE RESTCONF API to modify an interface: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=1/0/1' headers = { 'Accept': 'application/yang-data+json', 'Content-Type': 'application/yang-data+json' } auth = HTTPBasicAuth('admin', 'cisco') payload = { 'Cisco-IOS-XE-native:GigabitEthernet': { 'name': '1/0/1', 'description': 'Configured via RESTCONF' } } response = requests.put(url, headers=headers, auth=auth, json=payload, verify=False) print(response.status_code) ``` What is the expected result if the script runs successfully?

A.It will create a new interface named GigabitEthernet1/0/1.
B.It will set the description of GigabitEthernet1/0/1 to 'Configured via RESTCONF'.
C.It will delete the interface configuration.
D.It will return an error because the payload is missing required fields.
AnswerB

The PUT request updates the interface configuration with the provided description.

Why this answer

A PUT request to the interface URL with a payload that includes a description will update the interface description.

54
Matchingmedium

Drag and drop each Python data structure on the left to its matching network config use on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Store interface configuration as key-value pairs

Maintain ordered list of VLANs to apply

Define immutable routing table entry

Collect unique OSPF router IDs

Represent immutable set of allowed protocols

Why these pairings

dict maps parameter to value; list stores ordered items; tuple is immutable; set holds unique elements.

55
Matchingmedium

Drag and drop each Python library on the left to its matching network use case on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Simplifies SSH connections to network devices

Provides a unified API for configuration and state retrieval

Enables parallel task execution across inventory

Supports asynchronous network device communication

Offers raw SSH protocol implementation

Why these pairings

Netmiko simplifies SSH to network devices; NAPALM provides multi-vendor abstraction; Nornir is task-based and parallel; Scrapli is async-focused; Paramiko is low-level SSH.

56
Drag & Drophard

Drag and drop the steps of gNMI Subscribe RPC using Python gRPC library into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with importing the gNMI protobuf modules and gRPC, creating a secure channel with credentials, instantiating the gNMI stub, building a SubscribeRequest with paths and mode, and finally calling the Subscribe RPC and iterating over responses.

57
MCQhard

A network engineer uses the Requests library to query a Cisco IOS-XE device via RESTCONF for interface statistics: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet1/statistics' headers = {'Accept': 'application/yang-data+json'} auth = HTTPBasicAuth('admin', 'cisco123') response = requests.get(url, headers=headers, auth=auth, verify=False) print(response.json()) ``` What is the most likely issue with this code?

A.The URL is missing the '/data' segment; it should be '/restconf/data/...'
B.The interface name 'GigabitEthernet1/0/1' in the URL must be URL-encoded as 'GigabitEthernet1%2F0%2F1'.
C.The Accept header should be 'application/json' instead of 'application/yang-data+json'.
D.The HTTP method should be POST instead of GET.
AnswerB

The slash in the interface name must be percent-encoded to avoid being interpreted as a path separator.

Why this answer

The URL uses 'https://' but the code does not disable SSL certificate verification properly; verify=False is used, but the requests library may still raise an InsecureRequestWarning. More critically, the URL path is incorrect: the interface name should be URL-encoded (e.g., 'GigabitEthernet1' is fine, but the path may need to be 'Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet1/statistics' — however, the module is 'Cisco-IOS-XE-interfaces-oper' and the leaf is 'interface', but the correct YANG path might require a different format. The most common issue is that the interface name must be URL-encoded if it contains special characters, but here it's simple.

A more likely issue is that the device may require a specific namespace or the path is missing the 'data' prefix? Actually, the path seems correct. Another common issue: the device may not have RESTCONF enabled or the credentials are wrong. But the most immediate problem is that the code does not handle HTTP errors or check response status, and the 'verify=False' may cause a warning but not failure.

However, the question expects a specific bug: the URL should be 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet1/statistics' — but the module name is case-sensitive. The real issue is that the interface name in the URL must be URL-encoded if it contains a slash (e.g., 'GigabitEthernet1/0/1'), but here it's simple. Let me adjust: The typical bug is that the engineer forgot to include the 'data' keyword in the URL.

Actually, the URL includes '/restconf/data/', which is correct. Hmm. Let me think of a common mistake: The Accept header should be 'application/yang-data+json' which is correct.

Perhaps the issue is that the device uses self-signed certificate and the code does not suppress warnings, but that's not a failure. Another common issue: The interface name in the URL should be URL-encoded, but for 'GigabitEthernet1' it's fine. I'll change the interface to 'GigabitEthernet1/0/1' to introduce a URL encoding bug.

58
MCQmedium

A junior engineer is tasked with writing a Python script that uses the Cisco IOS-XE RESTCONF API to retrieve the hostname of a router. The engineer uses the requests library and sends a GET request to the URL 'https://router/restconf/data/Cisco-IOS-XE-native:native/hostname'. The request returns a 404 Not Found error. The engineer has verified that the RESTCONF service is enabled and the credentials are correct. What is the most likely reason for the 404 error?

A.The hostname data node does not exist in the YANG model.
B.The engineer forgot to include the 'Accept: application/yang-data+json' header in the request.
C.The URL path should be '/restconf/data/Cisco-IOS-XE-native:hostname' instead of including 'native' in the path.
D.The engineer must use a different HTTP method like POST to retrieve the hostname.
AnswerC

Correct because the YANG module name is 'Cisco-IOS-XE-native', and the top-level node is 'hostname', so the path should be '/restconf/data/Cisco-IOS-XE-native:hostname'.

Why this answer

The correct answer is that the URL path is incorrect; the correct path should include the module namespace correctly. Option A is incorrect because the hostname is a valid data node. Option B is incorrect because the Content-Type header is not required for GET requests.

Option D is incorrect because the error is not related to authentication.

Ready to test yourself?

Try a timed practice session using only Python for Network Automation questions.