




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam guide focuses on DevOps principles and practices applied to Cisco environments. Topics include CI/CD pipelines, automation tools, version control, infrastructure as code, monitoring, and collaboration between development and operations teams to accelerate delivery and reliability.
Typology: Exams
1 / 105
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which of the following best describes the role of a Jenkinsfile in a Jenkins pipeline? A) It stores compiled binaries for deployment. B) It defines the pipeline stages, steps, and agent configuration as code. C) It provides a graphical interface for pipeline editing. D) It encrypts credentials used by the pipeline. Answer: B Explanation: A Jenkinsfile is a text file that uses Groovy syntax to declare the pipeline’s stages, steps, and agent, enabling “pipeline as code” for version control. Question 2. In GitLab CI/CD, which keyword is used to define a job that runs only when a tag is created? A) only: branches B) only: tags C) when: manual D) except: branches Answer: B Explanation: The only: tags keyword restricts a job to execute only on tag creation events. Question 3. Which test type should be placed immediately after the build step to catch compilation errors before any integration testing? A) Unit test B) Smoke test C) Performance test
D) Security scan Answer: A Explanation: Unit tests run on the compiled code and can detect compilation or logic errors early in the pipeline. Question 4. In a blue/green deployment, what is the primary purpose of the “green” environment? A) To serve as a backup for the “blue” environment. B) To host the new version of the application while the “blue” environment continues serving traffic. C) To run automated tests only. D) To store database snapshots. Answer: B Explanation: The green environment runs the new version; traffic is switched from blue to green once validation succeeds. Question 5. Which deployment strategy minimizes risk by exposing a new release to a small percentage of users before full rollout? A) Rolling update B) Blue/green C) Canary D) Recreate Answer: C Explanation: Canary releases gradually route a subset of traffic to the new version, allowing early detection of issues.
Answer: C Explanation: COPY copies files/directories from the build context into the image, creating a new layer. Question 9. What is the advantage of using a multi-stage Docker build? A) It automatically scales containers. B) It reduces final image size by discarding build-time dependencies. C) It enables container orchestration. D) It provides built-in logging. Answer: B Explanation: Multi-stage builds allow you to compile in one stage and copy only the runtime artifacts to the final stage, producing a smaller image. Question 10. Which of the following is a best practice for managing secrets in Docker containers? A) Embedding API keys directly in the Dockerfile. B) Storing secrets in environment variables within the image. C) Using Docker secrets or external secret managers at runtime. D) Committing secret files to the source repository. Answer: C Explanation: Docker secrets (or tools like HashiCorp Vault) provide secure injection of secrets at runtime without baking them into images.
Question 11. In a microservices architecture, which pattern helps reduce inter-service latency by caching frequently accessed data? A) Circuit breaker B) Service mesh C) Sidecar proxy D) Cache-aside Answer: D Explanation: The cache-aside pattern places a cache in front of services, allowing them to read/write cached data and reducing latency. Question 12. What is a “golden image” in the context of application delivery? A) An image that contains only the application code. B) A pre-configured, immutable VM or container image used as a baseline for deployments. C) An image that automatically updates itself. D) A snapshot of a running production environment. Answer: B Explanation: Golden images are standardized, pre-built images that ensure consistency and speed across deployments. Question 13. Which IaC tool uses a declarative language and a state file to track resources? A) Ansible B) Chef
Question 16. Which practice is essential for NetDevOps when deploying configuration changes to network devices? A) Manual verification of each device after change. B) Using idempotent playbooks that can be re-run safely. C) Disabling SSH on devices during deployment. D) Storing device passwords in plain text. Answer: B Explanation: Idempotent playbooks ensure that repeated runs do not cause unintended side effects, a core NetDevOps principle. Question 17. In Kubernetes, what object provides a stable IP address and DNS name for a set of Pods? A) Deployment B) Service C) ConfigMap D) Ingress Answer: B Explanation: A Service abstracts a group of Pods and assigns a stable virtual IP and DNS name for access. Question 18. Which Kubernetes controller ensures that a specified number of pod replicas are always running? A) DaemonSet B) StatefulSet C) Deployment
D) Job Answer: C Explanation: Deployments manage replica sets and ensure the desired number of pod replicas are maintained. Question 19. When implementing a multicloud strategy, which factor is most critical for achieving true cloud-agnostic portability? A) Using provider-specific APIs for storage. B) Embedding region-specific hard-coded URLs. C) Abstracting infrastructure via IaC tools that support multiple providers. D. Relying on a single vendor’s managed database service. Answer: C Explanation: IaC tools like Terraform enable the same codebase to provision resources across different cloud providers, ensuring portability. Question 20. Which metric is most useful for estimating the cost impact of an auto-scaling group in a public cloud? A) CPU utilization percentage. B) Number of active instances over time. C) Disk I/O latency. D) Network packet loss. Answer: B Explanation: The total number of running instances multiplied by the pricing model directly influences cost.
D) To evaluate network latency. Answer: B Explanation: Killing a node simulates an unexpected failure, testing the system’s ability to reroute traffic and maintain availability. Question 24. Which Python library is commonly used to interact with the Prometheus HTTP API for metric retrieval? A) requests B) prometheus-client C) py-prometheus D) urllib Answer: B Explanation: prometheus-client provides utilities to expose and query Prometheus metrics programmatically. Question 25. When securing a CI/CD pipeline, which practice helps protect the runner environment from malicious code execution? A) Running the runner with root privileges. B) Using a dedicated, isolated container or VM for each pipeline run. C) Storing all credentials in the repository. D. Disabling all security scanning tools. Answer: B Explanation: Isolating each pipeline run limits the impact of compromised code and prevents privilege escalation.
Question 26. Which stage of the Secure SDLC involves analyzing source code for known vulnerabilities without executing it? A) Dynamic Application Security Testing (DAST) B) Static Application Security Testing (SAST) C) Penetration testing D) Runtime Application Self-Protection (RASP) Answer: B Explanation: SAST scans source code or binaries for patterns that indicate security flaws, operating statically. Question 27. Which Cisco tool integrates with Jenkins to provide automated network device testing? A) Cisco DNA Center B) Cisco Prime Collaboration Services C) Cisco Network Services Orchestrator (NSO) D) Cisco DevNet Sandbox Answer: C Explanation: Cisco NSO can be invoked from Jenkins pipelines to programmatically test and configure network devices. Question 28. In a GitOps workflow, where is the desired state of the Kubernetes cluster stored? A) In a Dockerfile. B) In the CI server’s configuration. C) In a Git repository as declarative manifests.
Question 31. Which Kubernetes object is best suited for running a one-time batch job that must complete successfully? A) Deployment B) DaemonSet C) Job D) StatefulSet Answer: C Explanation: A Job creates Pods that run to completion, ensuring the task finishes successfully. Question 32. When configuring a Kubernetes Ingress, which component typically terminates TLS connections? A) Service B) Ingress Controller (e.g., NGINX) C) Pod D) ConfigMap Answer: B Explanation: The Ingress Controller handles TLS termination based on the Ingress resource’s TLS settings. Question 33. In a multi-cloud disaster recovery plan, which metric is most critical to evaluate? A) Number of API calls per second. B) Recovery Time Objective (RTO). C) CPU clock speed of instances.
D) Size of container images. Answer: B Explanation: RTO defines the maximum acceptable downtime, a key factor when designing DR across clouds. Question 34. Which of the following helps reduce “dependency hell” in CI pipelines? A) Frequent manual updates of libraries. B) Using virtual environments or containers for isolated builds. C) Disabling version checks. D) Storing dependencies on a shared network drive. Answer: B Explanation: Isolated environments ensure each build uses its own set of dependencies, preventing conflicts. Question 35. Which command in Docker is used to list all images stored locally? A) docker ps B) docker images C) docker ls D) docker show Answer: B Explanation: docker images displays the repository, tag, image ID, and size of all local images.
D) It forces a full replacement on any change. Answer: B Explanation: prevent_destroy safeguards critical resources by blocking destroy actions. Question 39. Which Kubernetes label selector syntax matches pods with label app=web or tier=frontend? A) app=web,tier=frontend B) app in (web),tier in (frontend) C) app=web || tier=frontend D) app=web,tier!=frontend Answer: C Explanation: The double pipe || operator expresses a logical OR between label requirements. Question 40. Which of the following is a recommended practice for storing Terraform state in a team environment? A) Keeping the state file in the local repository. B) Using a remote backend such as AWS S3 with DynamoDB locking. C) Encrypting the state file with a personal password and sharing it via email. D) Storing the state file on a shared NFS mount without versioning. Answer: B Explanation: Remote backends provide durability, concurrency locking, and secure storage for collaborative teams.
Question 41. In a CI/CD pipeline, which step should be performed after a successful deployment to production? A) Unit testing B) Static code analysis C) Canary verification or post-deployment health checks D) Artifact compilation Answer: C Explanation: Post-deployment verification ensures the new release functions correctly in production before full traffic is shifted. Question 42. Which tool is specifically designed to inject faults into a Kubernetes cluster for chaos testing? A) kube-probe B) LitmusChaos C) kube-audit D) Prometheus Answer: B Explanation: LitmusChaos provides a framework and experiments to introduce failures (e.g., pod kill, network latency) in K8s environments. Question 43. What is the main security advantage of using signed Docker images from a trusted registry? A) Faster image pulls. B) Guarantees the image has not been tampered with. C) Reduces image size.
Question 46. Which of the following is a primary benefit of using a Service Mesh (e.g., Istio) in a microservices environment? A) Automatic container image building. B) Centralized traffic management, observability, and security for inter-service communication. C) Replacing Kubernetes orchestration. D) Providing a GUI for code editing. Answer: B Explanation: Service meshes provide sidecar proxies that handle routing, telemetry, and mTLS between services. Question 47. In a GitLab CI/CD pipeline, which keyword disables job execution for a specific branch? A) only: branches B) except: branches C) when: manual D) rules: allow_failure Answer: B Explanation: except: branches prevents the job from running on the listed branches. Question 48. Which of the following describes “immutable infrastructure”? A) Servers are updated in place with patches. B) Once provisioned, resources are never modified; changes are made by replacing them with new instances.
C) Configuration files are stored in mutable databases. D) All infrastructure is stored on a single VM. Answer: B Explanation: Immutable infrastructure avoids in-place changes, reducing drift and simplifying rollback. Question 49. When using Ansible Vault, what is the purpose of the --ask- vault-pass option? A) It prompts for the vault password at runtime to decrypt encrypted variables. B) It creates a new vault file. C) It disables encryption for the current run. D) It lists all vaulted files. Answer: A Explanation: --ask-vault-pass requests the decryption password interactively, allowing Ansible to read encrypted data. Question 50. Which Kubernetes object is used to store non-confidential configuration data as key-value pairs? A) Secret B) ConfigMap C) PersistentVolume D) ServiceAccount Answer: B Explanation: ConfigMaps hold configuration data that pods can consume as environment variables or files.