Network Configuration Manager Practice Exam, Exams of Technology

Tailored for network engineers responsible for device configuration, compliance, and change management, this exam tests proficiency in configuration automation, network inventory management, baseline enforcement, version control, and scheduled configuration backups. It includes simulated configuration comparison, compliance policy evaluation, unauthorized change detection, vulnerability mapping, and remediation planning. Candidates learn to operate large-scale network configuration environments with efficiency and precision.

Typology: Exams

2025/2026

Available from 12/11/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 112

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Configuration Manager Practice Exam
**Question 1. What is the primary purpose of a Network Configuration Manager
(NCM)?**
A) To monitor realtime traffic flow
B) To automate configuration backup, change control, and compliance
C) To replace routing protocols
D) To provide enduser VPN access
Answer: B
Explanation: NCM focuses on automating configuration tasks, maintaining
baselines, and ensuring compliance, not on traffic monitoring or routing functions.
**Question 2. Which term describes the “golden” set of settings that defines the
approved state for a device type?**
A) Configuration drift
B) Baseline configuration
C) Change window
D) Incident ticket
Answer: B
Explanation: A baseline configuration is the reference or “golden” configuration
used for comparison and restoration.
**Question 3. Configuration drift most often occurs because of:**
A) Scheduled backups
B) Unauthorized manual edits on devices
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Network Configuration Manager Practice Exam and more Exams Technology in PDF only on Docsity!

Question 1. What is the primary purpose of a Network Configuration Manager (NCM)? A) To monitor real‑time traffic flow B) To automate configuration backup, change control, and compliance C) To replace routing protocols D) To provide end‑user VPN access Answer: B Explanation: NCM focuses on automating configuration tasks, maintaining baselines, and ensuring compliance, not on traffic monitoring or routing functions. Question 2. Which term describes the “golden” set of settings that defines the approved state for a device type? A) Configuration drift B) Baseline configuration C) Change window D) Incident ticket Answer: B Explanation: A baseline configuration is the reference or “golden” configuration used for comparison and restoration. Question 3. Configuration drift most often occurs because of: A) Scheduled backups B) Unauthorized manual edits on devices

C) Regular firmware upgrades D) Use of SNMP for monitoring Answer: B Explanation: Drift is caused by changes made outside the NCM control, typically manual edits that bypass approved processes. Question 4. Which of the following is NOT a direct benefit of implementing NCM? A) Faster disaster recovery B) Reduced network latency C) Simplified compliance auditing D) Decreased downtime Answer: B Explanation: NCM improves management and recovery but does not directly affect latency, which is a data‑plane issue. Question 5. In NCM architecture, the component that stores device credentials securely is called: A) Protocol handler B) Credential vault C) Job scheduler D) Device agent Answer: B

Question 8. The difference between a running‑config backup and a startup‑config backup is that the running‑config is: A) Stored in NVRAM B) Volatile and reflects the current state of the device C) Only accessible via Telnet D) Never changed by administrators Answer: B Explanation: Running configuration is the active, volatile configuration; startup configuration is stored in NVRAM and used after reboot. Question 9. Which backup schedule would best satisfy the requirement to capture every configuration change within 15 minutes? A) Weekly full backup B) Daily incremental backup at midnight C) Real‑time event‑driven backup after each change commit D) Monthly archive only Answer: C Explanation: Event‑driven backups trigger immediately after a change, ensuring near‑instant capture of modifications. Question 10. For secure off‑device storage of configuration files, which practice is recommended? A) Store on the same NCM server without encryption

B) Use a read‑only USB stick attached to the router C) Transfer to an encrypted, access‑controlled repository (e.g., S3 with KMS) D) Email the files to network engineers Answer: C Explanation: An encrypted, centrally managed repository protects backups from unauthorized access and loss. Question 11. During a disaster recovery, which NCM feature allows you to revert a device to the last known good configuration automatically? A) Change window enforcement B) Automated rollback C) Device discovery D) Credential rotation Answer: B Explanation: Automated rollback restores a previous baseline when a change fails, minimizing downtime. Question 12. A template in NCM is primarily used to: A) Generate SNMP traps B) Standardize device‑specific configuration commands across multiple devices C) Encrypt backup files D) Monitor CPU utilization

Question 15. Which language is most commonly used for advanced NCM automation scripts? A) COBOL B) Python C) HTML D) SQL Answer: B Explanation: Python offers extensive libraries for network automation (e.g., Netmiko, NAPALM) and is widely supported by NCM tools. Question 16. A compliance rule that flags any interface configured with “no shutdown” on a production router would be classified as: A) Performance metric B) Security hardening rule C) Configuration drift detection rule D) License enforcement rule Answer: B Explanation: Disabling interfaces can expose the network; the rule enforces a security posture. Question 17. Which regulatory framework specifically requires the removal of default passwords from network devices?

A) PCI DSS

B) ISO 9001

C) ITIL

D) COBIT

Answer: A Explanation: PCI DSS mandates disabling or changing default credentials to protect cardholder data environments. Question 18. When NCM detects a configuration change that violates a compliance policy, the recommended immediate action is to: A) Ignore the change until next maintenance window B) Generate an alert and optionally run a remediation script C) Reboot the device automatically D) Delete the device from inventory Answer: B Explanation: Alerting and automated remediation help quickly bring the device back into compliance. Question 19. A “diff” operation between two configuration files shows a line prefixed with “+”. This indicates: A) The line was removed in the newer file B) The line is unchanged C) The line was added in the newer file

Explanation: The job scheduler orchestrates when backup, change, or audit jobs run. Question 22. When rotating credentials automatically, NCM must update the password on the device and in its: A) DNS server B) Credential vault C) Syslog server D) NetFlow collector Answer: B Explanation: After changing the device password, NCM stores the new credential in its vault for future use. Question 23. Which of the following is a common cause of failed backup jobs? A) Excessive CPU usage on the NCM server B) Using SSH instead of Telnet C) Incorrect SNMP community string or ACL blocking access D) Enabling QoS on the device Answer: C Explanation: Wrong community strings or ACLs prevent NCM from authenticating and retrieving configurations.

Question 24. In a change‑control workflow, “approval gating” typically means: A) Changes are applied without review during off‑hours B) A designated approver must authorize the job before execution C) The change is automatically rolled back after 5 minutes D) All changes are logged but not executed Answer: B Explanation: Approval gating enforces that a change cannot run until an authorized person signs off. Question 25. Which protocol is most suitable for bulk transfer of configuration files with integrity checking? A) FTP B) SCP C) HTTP D) Telnet Answer: B Explanation: SCP (Secure Copy) provides encrypted, reliable file transfer and includes integrity verification. Question 26. An NCM report that lists devices missing a required AAA configuration is an example of: A) Inventory report

Answer: B Explanation: Continuous drift detection monitors devices and alerts instantly when a change occurs outside approved processes. Question 29. When creating a configuration template for edge routers, which placeholder would you use for the unique loopback IP address of each router? A) ${DEVICE_IP} B) ${LOOPBACK_IP} C) ${INTERFACE_NAME} D) ${HOSTNAME} Answer: B Explanation: A specific placeholder like ${LOOPBACK_IP} lets the template insert each router’s assigned loopback address. Question 30. A “post‑check” that verifies the OSPF neighbor adjacency after a routing policy change is primarily intended to: A) Ensure the device’s hardware is functional B) Confirm that the change did not disrupt network connectivity C) Backup the configuration again D) Rotate the device’s credentials Answer: B Explanation: Post‑checks validate that the intended service (e.g., OSPF adjacency) remains operational after the change.

Question 31. Which of the following best describes “policy as code” in the context of NCM? A) Writing firewall rules in a text editor B) Storing compliance policies in version‑controlled scripts that NCM can execute automatically C) Using SNMP traps to enforce policies D) Manually checking device configs against a PDF document Answer: B Explanation: Policy as code treats compliance rules as programmable scripts stored in source control for automated enforcement. Question 32. If an NCM job fails because of a “permission denied” error, the most likely root cause is: A) The device is powered off B) The credential stored in the vault does not have sufficient privilege level C) The NCM server’s hard drive is full D) The device’s firmware is outdated Answer: B Explanation: “Permission denied” indicates the credentials used lack the required rights to execute the commands.

B) Execute commands on the device and return output to the NCM server, often over a secure channel C) Generate SNMP traps for monitoring tools D) Provide DHCP services to end hosts Answer: B Explanation: Device agents act as lightweight proxies that run on or near the device to perform tasks on behalf of the NCM server. Question 36. Which of the following is a key advantage of using SSH keys instead of passwords for NCM device access? A) Keys are easier to remember than passwords B) Keys enable password‑less logins and reduce the risk of credential leakage through replay attacks C) Keys automatically update device firmware D) Keys allow NCM to bypass ACLs Answer: B Explanation: SSH key authentication is more secure and resistant to brute‑force attacks, and it simplifies credential rotation. Question 37. When configuring NCM to back up a Cisco IOS device, which command extracts the running configuration? A) show startup-config B) copy running-config tftp

C) show running-config D) reload Answer: C Explanation: “show running-config” displays the active configuration, which NCM captures for backup. Question 38. A “maintenance window” in NCM change management refers to: A) The period when the NCM server is rebooted B) A predefined time slot during which configuration changes are allowed to minimize impact on production traffic C) The interval between two consecutive backups D) The time it takes to compile a script Answer: B Explanation: Maintenance windows are scheduled periods to perform changes with reduced risk to users. Question 39. Which NCM feature helps ensure that a newly added device automatically receives the correct baseline configuration? A) Manual configuration upload B) Auto‑provisioning with device discovery and template assignment C) DNS lookup only D) SNMP trap suppression

Explanation: Immutable backups are write‑once, read‑only records that protect against accidental or malicious alteration. Question 42. When NCM compares a device’s current configuration to its baseline and finds differences, the result is called: A) A compliance exception B) A configuration drift alert C) A firmware mismatch D) A routing loop Answer: B Explanation: Differences indicate drift from the approved baseline, triggering a drift alert. Question 43. Which of the following is an effective method to reduce the impact of a large‑scale configuration change on network performance? A) Apply the change to all devices simultaneously B) Stagger the change across device groups during low‑traffic periods C) Disable all monitoring tools during the change D) Increase the MTU size on all interfaces before the change Answer: B Explanation: Staggered deployments limit the number of devices affected at any one time, reducing risk.

Question 44. In NCM, a “macro” is used to: A) Generate SNMP traps automatically B) Define a reusable set of commands or variables that can be invoked within multiple scripts C) Increase the CPU priority of backup jobs D) Encrypt configuration files Answer: B Explanation: Macros encapsulate common command sequences or variable definitions for reuse across scripts. Question 45. Which NCM metric would you monitor to detect a potential database performance bottleneck? A) Number of VLANs configured B) Query response time and transaction log growth rate C) Number of SSH sessions open on devices D) Temperature of the NCM server’s CPU Answer: B Explanation: Database query latency and log growth directly indicate storage or performance issues. Question 46. If an NCM script fails because a command returns “% Invalid input detected at ‘^’ marker”, the script should: A) Continue silently