EX294 · topic practice

Manage automation security and operations practice questions

Practise Red Hat Certified Engineer EX294 Manage automation security and operations practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Manage automation security and operations

What the exam tests

What to know about Manage automation security and operations

Manage automation security and operations questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Manage automation security and operations exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Manage automation security and operations questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Ansible explanation →

An Ansible automation controller job template uses a custom credential type that requires a secret token. The token is stored as an extra variable in the job template definition. A security audit reveals the token is visible in plaintext in the job output. Which action should the administrator take to secure the secret?

Question 2hardmultiple choice
Read the full Ansible explanation →

A Red Hat Ansible Automation Platform deployment uses automation mesh to manage remote nodes across a high-latency WAN. An administrator notices that some job runs fail intermittently due to connection timeouts. The administrator wants to improve reliability without changing network infrastructure. Which configuration change is most effective?

Question 3easymultiple choice
Read the full Ansible explanation →

An organization requires that all Ansible playbooks be executed using a specific service account that has limited permissions. The account can only run playbooks from a specific directory. Which approach best enforces this requirement in automation controller?

Question 4hardmultiple choice
Read the full Ansible explanation →

A managed node is not responding to Ansible automation. The administrator verifies that the node is reachable via SSH and that the SSH key is correctly deployed. However, 'ansible all -m ping' fails with 'UNREACHABLE'. The automation controller uses a custom execution environment. What is the most likely cause?

Question 5mediummultiple choice
Read the full Ansible explanation →

An Ansible playbook uses 'become: yes' to install packages. The playbook works when run manually by the administrator but fails when run from automation controller with 'Missing sudo password'. The administrator has configured a machine credential with the SSH key and the 'Become password' field is blank. What is the most likely issue?

Question 6mediummulti select
Read the full Ansible explanation →

An automation controller administrator must ensure that a playbook's output does not expose sensitive data. Which TWO actions should be taken? (Choose exactly two.)

An organization has multiple automation controller clusters spread across different geographic regions. The security policy requires that job artifacts (such as logs and assets) must remain in the region where the job ran. Which THREE configurations support this requirement? (Choose exactly three.)

Question 8hardmultiple choice
Read the full Ansible explanation →

You are managing an Ansible Automation Platform deployment that uses automation mesh with one control node and two execution nodes. The control node is in the DMZ, and the execution nodes are in a private network. The organization's security policy requires that all secrets (e.g., SSH keys, API tokens) be encrypted at rest and never transmitted in plaintext. You have configured vault-encrypted credentials and set the vault password as a credential on the control node. However, a recent audit reveals that when a job runs, the vault password is visible in the job output on the execution nodes. The execution nodes are configured to stream job events back to the control node. The automation controller version is 4.3. The following settings are in place: 'no_log' is not set for any variables; the vault password is stored as a 'Vault password' credential type. The job template uses a custom credential type that injects the vault password as an environment variable. The execution nodes have access to the vault password via that environment variable. The audit shows the environment variable is printed in the job output because the playbook uses the 'env' module to display environment variables for debugging. You must prevent the vault password from appearing in any job output without breaking the ability to decrypt vault-encrypted variables. Which action should you take?

Question 9easymulti select
Read the full Ansible explanation →

A managed node is configured with an Ansible vault-encrypted variable file. When running a playbook that uses these variables, the user receives a 'decryption failed' error. Which two steps should the user take to resolve the issue?

Question 10hardmultiple choice
Read the full Ansible explanation →

Your team manages a fleet of 200 Red Hat Enterprise Linux 8 servers. Security policy requires that all servers have a specific set of security configurations: (1) SELinux must be enforcing, (2) the firewall must allow only SSH and HTTPS, (3) SSH root login must be disabled, and (4) the 'auditd' service must be running and enabled. You have created an Ansible role 'security-hardening' that applies these settings. The role is idempotent and uses the 'lineinfile' module to modify /etc/ssh/sshd_config, the 'firewalld' module to configure firewall rules, the 'selinux' module to set SELinux to enforcing, and the 'service' module to enable and start auditd. You run the playbook against a test group of 10 servers, and it reports 'changed=0' for all tasks, indicating the servers are already compliant. However, a subsequent manual audit reveals that on two servers, SELinux is permissive and SSH root login is still permitted. What is the most likely cause of this discrepancy?

Drag and drop the steps to configure a container using Podman with a custom Dockerfile in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each Linux command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Socket statistics

Query systemd journal

Show current SELinux mode

Manage firewalld rules

Extend a logical volume

Question 13easymultiple choice
Read the full Ansible explanation →

An automation team wants to securely store SSH private keys for use in playbooks. Which Ansible feature should they use?

Question 14mediummultiple choice
Read the full Ansible explanation →

A playbook fails with 'ERROR! 'become' is not a valid attribute for a Play'. What is the most likely cause?

An organization uses Automation Controller with multiple teams. They want to ensure that team members can only launch job templates that are explicitly assigned to their team. Which configuration approach should be used?

Question 16easymultiple choice
Read the full Ansible explanation →

A developer wants to encrypt a string in a playbook variable file. Which command should they use?

Question 17mediummultiple choice
Read the full Ansible explanation →

An Ansible playbook is failing due to an undefined variable. Which approach would best help identify the source of the variable?

Question 18hardmultiple choice
Read the full Ansible explanation →

A Red Hat Ansible Automation Platform installation uses a custom execution environment. The playbook runs fail with 'execution environment not found'. The execution environment is stored in a private registry requiring authentication. What must be configured?

An administrator needs to limit the number of concurrent jobs that can run on a specific automation controller node. Which setting should be adjusted?

Question 20mediummultiple choice
Read the full Ansible explanation →

A playbook using the 'uri' module is timing out when connecting to an external API. The network team confirms connectivity. What Ansible configuration parameter can be adjusted to increase the timeout?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Manage automation security and operations sessions

Start a Manage automation security and operations only practice session

Every question in these sessions is drawn from the Manage automation security and operations domain — nothing else.

Related practice questions

Related EX294 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the EX294 exam test about Manage automation security and operations?
Manage automation security and operations questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Manage automation security and operations questions in a focused session?
Yes — the session launcher on this page draws every question from the Manage automation security and operations domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other EX294 topics?
Use the topic links above to move to related areas, or go back to the EX294 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the EX294 exam covers. They are not copied from any real exam or dump site.