
























































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
DevOps certification prep covering CI/CD pipelines, automation, infrastructure as code, Cisco platform integrations, monitoring, and software deployment practices.
Typology: Exams
1 / 64
This page cannot be seen from the preview
Don't miss anything!

























































Question 1. Which component in Jenkins is responsible for executing build steps on remote machines? A) Master node B) Agent (or slave) C) Pipeline script D) Plugin manager Answer: B Explanation: Jenkins agents run the actual build steps on remote hosts while the master orchestrates the jobs. Question 2. In GitLab CI, which keyword defines a job that runs after the test stage and before the deploy stage? A) needs B) stage C) after_script D) only Answer: B Explanation: The stage keyword assigns a job to a specific pipeline stage, determining its order. Question 3. What is the primary benefit of a multi-stage Dockerfile? A) Reduces image size by discarding build-time dependencies B) Enables parallel container execution C) Allows containers to run as root by default
D) Provides built-in load balancing Answer: A Explanation: Multi-stage builds copy only the artifacts needed for runtime, producing lean images. Question 4. Which Docker storage driver is recommended for production Linux hosts using overlay networks? A) aufs B) devicemapper C) overlay D) btrfs Answer: C Explanation: overlay2 is the most performant and stable driver for modern Linux kernels. Question 5. In the Twelve-Factor App methodology, how should configuration be stored? A) Hard-coded in source code B) In environment variables C) In a shared database table D) In a JSON file inside the repository Answer: B
A) terraform apply B) terraform plan C) terraform destroy D) terraform init Answer: B Explanation: terraform plan shows proposed changes, enabling review before execution. Question 9. In Ansible, what is the purpose of an inventory file? A) Define variables for playbooks B) List managed hosts and groups C) Store encrypted secrets D) Compile Python modules Answer: B Explanation: The inventory declares which hosts Ansible will target and how they are grouped. Question 10. Which Ansible module is used to configure Cisco IOS interfaces? A) ios_interface B) cisco_config C) net_interface D) ios_vlan
Answer: A Explanation: ios_interface manages interface parameters on Cisco IOS devices. Question 11. What is the main advantage of a canary release? A) Immediate full rollout to all users B) Gradual exposure to a small subset, reducing risk C) Automatic rollback after each deployment D) Eliminates the need for monitoring Answer: B Explanation: Canary releases limit impact by directing traffic to a subset before full deployment. Question 12. In a blue/green deployment, what triggers the switch from blue to green? A) Completion of a database migration script B) Manual DNS update or load balancer reconfiguration C) Automatic container restart D) Scaling event in Kubernetes Answer: B Explanation: The traffic shift is performed by changing DNS entries or load balancer pointers. Question 13. Which of the following is a typical cause of a pipeline failure that is not code-related?
Answer: A Explanation: extends lets a job inherit configuration from a predefined template. Question 16. What does the --no-cache option do when building a Docker image? A) Forces rebuilding of all layers without using any cached layers B) Disables the Docker daemon’s network access C) Prevents the image from being pushed to a registry D) Removes all intermediate containers after build Answer: A Explanation: --no-cache tells Docker to execute every instruction anew, ignoring previous caches. Question 17. In Kubernetes, which resource is used to store sensitive data such as passwords? A) ConfigMap B) Secret C) PersistentVolume D) ServiceAccount Answer: B Explanation: Secrets are base64-encoded objects designed for confidential information.
Question 18. Which CI/CD tool natively supports “runners” that can be installed on any platform, including Windows, Linux, and macOS? A) Jenkins B) Travis CI C) GitLab CI D) CircleCI Answer: C Explanation: GitLab CI uses runners that can be deployed on diverse operating systems. Question 19. What is the primary purpose of a health-check endpoint in a containerized microservice? A) To provide API documentation B) To verify that the service is running and ready to accept traffic C) To expose internal metrics to Prometheus D) To encrypt inbound traffic Answer: B Explanation: Health checks allow orchestrators to detect unhealthy containers and restart them. Question 20. Which Helm command upgrades an existing release while preserving its values? A) helm install B) helm upgrade
Explanation: DockerVolume is not a Kubernetes volume; the others are built-in volume types. Question 23. When using Terraform with a Cisco device, which provider is typically employed? A) aws B) azurerm C) cisco_ios D) google Answer: C Explanation: The cisco_ios provider enables Terraform to manage Cisco IOS configurations. Question 24. Which of the following best describes “Infrastructure as Code” (IaC)? A) Manual configuration of servers via CLI B) Storing infrastructure definitions in version-controlled files C) Using proprietary GUI tools for network design D) Outsourcing infrastructure management to a third-party Answer: B Explanation: IaC treats infrastructure definitions as code that can be versioned, reviewed, and applied automatically.
Question 25. What is the main purpose of a Jinja2 template in NetDevOps workflows? A) To compile Python bytecode for network devices B) To generate device configuration files dynamically C) To encrypt traffic between controllers and switches D) To monitor interface statistics in real time Answer: B Explanation: Jinja2 renders configuration files using variables and logic, enabling dynamic device provisioning. Question 26. Which Ansible feature allows you to run a playbook against a subset of hosts defined by a pattern? A) --limit B) --inventory C) --check D) --diff Answer: A Explanation: The --limit flag restricts execution to hosts matching the given pattern. Question 27. In a microservices architecture, which pattern helps to avoid cascading failures? A) Monolithic deployment B) Circuit breaker
Explanation: kubectl rollout status reports whether a Deployment’s new replica set has been successfully applied. Question 30. Which AWS service is most comparable to Cisco’s Application Policy Infrastructure Controller (APIC) for network automation? A) Amazon EC B) AWS CloudFormation C) AWS Transit Gateway D) AWS Network Manager Answer: D Explanation: AWS Network Manager provides centralized network management akin to APIC’s policy-driven automation. Question 31. In the context of DevSecOps, what is SAST primarily used for? A) Scanning running containers for vulnerabilities B) Analyzing source code for security flaws before compilation C) Penetration testing live applications D) Encrypting secrets in the CI pipeline Answer: B Explanation: Static Application Security Testing examines code without executing it to find security issues early. Question 32. Which tool is commonly used to perform DAST on a web application deployed in Kubernetes?
A) SonarQube B) OWASP ZAP C) Checkov D) Ansible Lint Answer: B Explanation: OWASP ZAP conducts dynamic security testing against live web endpoints. Question 33. What is the primary function of a Service Mesh such as Istio? A) Provide container runtime isolation B) Manage inter-service communication, security, and observability C) Replace the need for a Kubernetes API server D) Store persistent data for stateful applications Answer: B Explanation: Service meshes handle traffic routing, mTLS, and telemetry between microservices. Question 34. Which Prometheus component pulls metrics from target endpoints? A) Alertmanager B) Pushgateway C) Exporter D) Scraper (via prometheus server)
Question 37. What is the purpose of a “dead-letter queue” in a messaging system integrated with a CI pipeline? A) Store successful build artifacts B) Capture messages that could not be processed for later inspection C) Provide high-throughput logging D) Encrypt messages in transit Answer: B Explanation: Dead-letter queues retain failed messages, enabling debugging without losing data. Question 38. Which of the following best describes “chaos engineering”? A) Writing unit tests for every function B) Intentionally injecting failures to test system resilience C) Automating code formatting D) Deploying applications without monitoring Answer: B Explanation: Chaos engineering validates that a system can survive unexpected disruptions. Question 39. In Cisco IOS XE, which command enables streaming telemetry over gRPC? A) telemetry transport grpc B) netconf-yang C) snmp-server enable traps
D) logging host Answer: A Explanation: telemetry transport grpc configures the device to send telemetry data via gRPC. Question 40. Which HashiCorp tool is purpose-built for secret management? A) Consul B) Nomad C) Vault D) Terraform Answer: C Explanation: Vault securely stores, encrypts, and controls access to secrets. Question 41. What does the docker compose up --scale web=3 command achieve? A) Builds three separate images for the web service B) Starts three replica containers of the web service C) Limits the web service to three CPU cores D) Creates a load balancer for the web service Answer: B Explanation: --scale launches the specified number of container instances for a service.
C) Built-in vulnerability scanning for all images D) Eliminates the need for Dockerfiles Answer: B Explanation: Private registries reduce latency and let organizations enforce access policies. Question 45. Which Terraform workspace concept allows you to maintain separate state files for dev, test, and prod environments? A) Modules B) Providers C) Workspaces D) Backends Answer: C Explanation: Workspaces isolate state, enabling parallel environments from the same configuration. Question 46. Which Ansible module can be used to retrieve facts about a Cisco IOS device’s interfaces? A) ios_facts B) cisco_interface C) net_facts D) ios_command Answer: A
Explanation: ios_facts gathers a wide range of device information, including interface details. Question 47. What is the main security risk of running a CI/CD runner with root privileges? A) Slower build times B) Inability to cache dependencies C) Potential for malicious builds to compromise the host system D) Limited access to Docker daemon Answer: C Explanation: Root-level runners can be exploited to gain full control over the CI host. Question 48. Which of the following is an example of a “pre-check” in NetDevOps before applying a configuration change? A) Deploying the new image to production immediately B) Running a dry-run (ansible-playbook --check) to validate syntax and idempotence C) Deleting the existing configuration file D) Skipping unit tests Answer: B Explanation: The --check mode simulates changes without altering devices, catching errors early.