350-401 · topic practice

Ansible Automation practice questions

Practise ENCOR 350-401 Ansible Automation practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Ansible Automation

What the exam tests

What to know about Ansible Automation

Ansible Automation questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Ansible Automation exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Ansible Automation questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is automating the deployment of VLAN configurations on a set of Cisco IOS-XE switches using Ansible. The playbook uses the ios_vlans module and runs successfully on the first switch, but fails on the second switch with an error indicating that the module is not found. Both switches are running the same IOS-XE version and have the same management access configured. What is the most likely cause of this issue?

Question 2hardmultiple choice
Review the full OSPF breakdown →

An engineer is writing an Ansible playbook to configure OSPF on a fleet of Cisco Nexus 9000 switches. The playbook uses the nxos_ospf module. When executed, the playbook reports 'changed' for every switch, even on subsequent runs when no configuration changes are made. The engineer wants to achieve idempotent behavior. What is the most likely cause of the non-idempotent results?

Question 3mediummultiple choice
Read the full Ansible explanation →

A network team uses Ansible Tower to manage configuration backups of 500 Cisco IOS routers. They have a playbook that uses the ios_config module with the 'backup: yes' option. Recently, backups started failing for a subset of routers, with errors like 'backup destination path does not exist'. The playbook uses a variable 'backup_dir' set in the Tower job template. What is the most likely cause of these failures?

Question 4easymultiple choice
Read the full Ansible explanation →

An engineer is automating the configuration of SNMPv3 on a large number of Cisco IOS-XE devices using Ansible. The playbook uses the ios_snmp_server module. The engineer wants to ensure that the SNMP configuration is applied only if the device is running a specific IOS version that supports SNMPv3. Which Ansible feature should the engineer use to conditionally execute the task?

Question 5hardmultiple choice
Study the full ACL explanation →

A network engineer is using Ansible to push ACL changes to a group of Cisco IOS routers. The playbook uses the ios_acl_interfaces module to bind ACLs to interfaces. After running the playbook, the engineer notices that some routers have the ACL applied inbound instead of outbound as intended. The playbook specifies 'direction: outbound'. What is the most likely cause of this issue?

Question 6mediummultiple choice
Read the full Ansible explanation →

An organization uses Ansible to manage network device configurations. They have a playbook that uses the ios_command module to execute 'show ip route' on multiple routers and then uses the 'debug' module to print the output. Recently, the playbook started failing with 'Timeout (12s) waiting for privilege escalation prompt'. The routers are reachable and SSH credentials are correct. What is the most likely cause?

Question 7hardmultiple choice
Open the full VLAN trunking answer →

A network engineer is using Ansible to automate the deployment of a new VLAN on a Cisco Nexus switch. The playbook uses the nxos_vlan module. The engineer wants to ensure that if the VLAN already exists, the playbook does not make any changes (idempotent). However, the playbook always reports 'changed' even when the VLAN exists with the same configuration. What is a likely reason?

Question 8mediummultiple choice
Read the full Ansible explanation →

A company uses Ansible to manage the configuration of 1000 Cisco IOS routers. They have a playbook that uses the ios_config module with the 'src' parameter pointing to a Jinja2 template. The playbook runs successfully for months, but after a recent IOS upgrade on a subset of routers, the playbook fails with 'ERROR! Syntax error while loading YAML script'. The template has not been changed. What is the most likely cause?

Question 9easymultiple choice
Read the full Ansible explanation →

An engineer is using Ansible to automate the configuration of NTP on a group of Cisco IOS-XE switches. The playbook uses the ios_ntp module. The engineer wants to ensure that the NTP configuration is applied only to switches that are in the 'core' group, not the 'access' group. The inventory file defines these groups. Which Ansible feature should the engineer use to restrict the playbook to the 'core' group?

Question 10mediummultiple choice
Read the full Ansible explanation →

A network engineer writes the following Ansible playbook to configure an interface on a Cisco IOS-XE device:

--- - hosts: routers gather_facts: no tasks: - name: Configure interface cisco.ios.ios_config: lines: - ip address 192.168.1.1 255.255.255.0 parents: interface GigabitEthernet0/1

What is the issue with this playbook?

Question 11mediummultiple choice
Read the full Ansible explanation →

A Python script using Netmiko is written to send a command to a Cisco router:

from netmiko import ConnectHandler

device = { 'device_type': 'cisco_ios', 'ip': '192.168.1.1', 'username': 'admin', 'password': 'cisco', 'secret': 'enable'

}

connection = ConnectHandler(**device) connection.enable() output = connection.send_command('show ip interface brief')

print(output)

connection.disconnect()

What is the potential issue with this script?

Question 12easymultiple choice
Read the full Ansible explanation →

A REST API call is made to Cisco DNA Center to get the list of network devices:

GET /dna/intent/api/v1/network-device Headers: X-Auth-Token: <token>

The response is:

{
  "response": [
    {
      "id": "123456",
      "managementIpAddress": "10.10.10.1",
      "platformId": "C9300-24P",
      "role": "ACCESS"
    }
  ],
  "version": "1.0"
}

What does this response indicate?

Question 13hardmultiple choice
Open the full VLAN trunking answer →

An Ansible playbook uses the cisco.nxos.nxos_config module to configure a Nexus switch:

--- - hosts: nxos_switches gather_facts: no connection: network_cli tasks: - name: Configure VLAN cisco.nxos.nxos_config: lines: - vlan 100 - name Test_VLAN parents: vlan 100

What will be the result of this playbook?

Question 14mediummultiple choice
Read the full Ansible explanation →

A Python script uses NAPALM to retrieve the ARP table from a Cisco IOS-XE device:

from napalm import get_network_driver

driver = get_network_driver('ios') device = driver('192.168.1.1', 'admin', 'cisco') device.open() arp_table = device.get_arp_table()

print(arp_table)

device.close()

What is the issue with this script?

Question 15mediummultiple choice
Read the full Ansible explanation →

A RESTCONF request is sent to a Cisco IOS-XE device to retrieve interface statistics:

GET /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet1 Accept: application/yang-data+json

Response:

{

"ietf-interfaces:interface": [

{
      "name": "GigabitEthernet1",
      "type": "iana-if-type:ethernetCsmacd",
      "enabled": true,

"ietf-ip:ipv4": {

"address": [
          {
            "ip": "192.168.1.1",
            "netmask": "255.255.255.0"
          }
        ]
      }
    }
  ]
}

What does the response indicate about the interface?

Question 16mediummultiple choice
Read the full Ansible explanation →

An Ansible playbook uses the uri module to make a REST API call to Cisco DNA Center:

--- - hosts: localhost gather_facts: no tasks: - name: Get devices uri: url: "https://dna-center/api/v1/network-device" method: GET headers: X-Auth-Token: "{{ token }}" return_content: yes register: result

- debug: var: result.json

What is missing from this playbook?

Question 17hardmultiple choice
Read the full Ansible explanation →

A telemetry subscription is configured on a Cisco IOS-XE device using gRPC dial-out:

telemetry ietf subscription 101 encoding encode-kvgpb filter xpath /interfaces/interface/statistics stream yang-push update-policy periodic 500 receiver ip address 10.10.10.10 50001 protocol grpc-tcp

What does this configuration do?

Question 18mediummultiple choice
Read the full Ansible explanation →

A Python script uses the requests library to interact with Cisco DNA Center's REST API:

import requests

url = "https://dna-center/api/v1/network-device" headers = {

"X-Auth-Token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}

response = requests.get(url, headers=headers, verify=False)

print(response.json())

What is a security concern with this script?

Question 19mediummultiple choice
Read the full Ansible explanation →

Given the following Ansible playbook snippet: --- - name: Configure interface hosts: routers gather_facts: no tasks: - name: Set IP address ios_config: lines: - ip address 192.168.1.1 255.255.255.0 - no shutdown parents: interface GigabitEthernet0/1 What is the effect of this playbook?

Question 20mediummultiple choice
Open the full VLAN trunking answer →

Given the following Ansible playbook snippet: --- - name: Configure VLAN hosts: switches gather_facts: no tasks: - name: Create VLAN 100 ios_vlan: vlan_id: 100 name: Engineering state: present Which statement is true about this playbook?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Ansible Automation sessions

Start a Ansible Automation only practice session

Every question in these sessions is drawn from the Ansible Automation domain — nothing else.

Related practice questions

Related 350-401 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-401 exam test about Ansible Automation?
Ansible Automation questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Ansible Automation questions in a focused session?
Yes — the session launcher on this page draws every question from the Ansible Automation domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-401 topics?
Use the topic links above to move to related areas, or go back to the 350-401 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-401 exam covers. They are not copied from any real exam or dump site.