50 Cisco Certified DevNet Professional Practice Questions: Question Bank 2025

A developer is consuming a REST API that returns HTTP 429 responses during traffic spikes. The API includes a Retry-After header. What is the best client-side behavior?

You are building a Python automation tool to access a network controller’s REST API. Which practice best protects the API credential without hardcoding it in source code?

A team wants to validate incoming webhook requests from a SaaS provider to ensure the payload was not modified in transit. The provider includes an HMAC signature header. What should the receiving service do?

In a CI pipeline, your tests require a Cisco sandbox or internal lab controller that is sometimes unavailable. What is the best approach to keep the pipeline reliable while still testing integration behavior?

A microservice uses OAuth 2.0 to call a Cisco platform API on behalf of itself (no user context). Which OAuth 2.0 grant type is typically the best fit?

An application subscribes to network events. The business requires that events are processed in order per device, and duplicates must not cause incorrect state changes. Which design best meets the requirement?

A DevNet engineer is writing an Ansible playbook to configure a large set of switches. The playbook is not idempotent and pushes changes every run, causing unnecessary churn. What is the best fix?

You are querying a Cisco controller API and receive intermittent TLS errors only in production. The service uses an HTTP proxy for outbound traffic. Which troubleshooting step is most appropriate first?

A team is deploying a containerized API service that needs to access a Kubernetes secret (for an API token). A security review flags that developers can exec into pods and read the secret from environment variables. Which change most reduces secret exposure while preserving functionality?

You are designing an automation service that configures network devices through a controller. The controller API supports asynchronous jobs: the POST returns a job ID, and status must be polled. The business requirement is: "Never apply the same configuration twice, even if the client retries due to timeouts." Which approach best meets the requirement?

Your Python script calls a REST API and repeatedly receives HTTP 429 responses during peak hours. Which client-side change is the BEST practice to improve reliability without overwhelming the API?

You are packaging a containerized microservice for Kubernetes. The app must know the API token at runtime, and the token must not appear in the image or logs. Which approach is MOST appropriate?

Your team publishes a reusable internal Python library used across several network automation projects. Which practice BEST supports maintainability and safe upgrades for downstream consumers?

A webhook receiver intermittently fails with HTTP 401 when calling a partner API. Packet captures show the Authorization header is missing on failed requests, but the code always sets it. Which is the MOST likely cause in an intermediate proxy/gateway setup?

You are designing an integration that must respond to network events from Cisco platforms in near real time and also allow replay of events for auditing. Which design choice BEST satisfies both requirements?

A NetDevOps team uses a CI pipeline to test configuration changes before deploying to routers. They want fast feedback and to prevent merging changes that violate agreed standards (naming, NTP, AAA, logging). Which pipeline step MOST directly enforces this goal?

A Kubernetes-deployed API has intermittent timeouts only during rolling updates. Readiness probes pass, but clients still see 503 errors. Which change MOST likely fixes the issue?

You must automate configuration across hundreds of devices using Ansible. Some tasks should run only once (for example, generating a unique PKI CA cert), while device-specific tasks should run per host. Which Ansible feature BEST supports this requirement?

A developer calls a Cisco platform REST API and receives HTTP 415 Unsupported Media Type. The endpoint expects JSON. Which fix is MOST likely to resolve the issue?

Your organization must allow an external automation app to access Cisco platform APIs. The security team requires short-lived access tokens, centralized revocation, and no sharing of user passwords. Which approach BEST meets these requirements?

You are building a Python-based internal SDK for multiple teams to interact with a REST API. The API returns structured error payloads and uses HTTP status codes correctly. What is the BEST practice for error handling in the SDK?

An application must call a third-party REST API that enforces rate limits and may respond with HTTP 429. Which client behavior is MOST appropriate?

You are provisioning a new Cisco IOS XE device for automated management. Which action BEST prepares the device for model-driven programmability?

You expose an internal API through an API gateway. Security requires that downstream services do not need to validate external OAuth tokens directly and should receive only minimal identity context. Which design BEST meets the requirement?

A CI pipeline deploys a containerized microservice. The service must not start until its required secret (API key) is available, and the secret must not be baked into the image. In Kubernetes, which approach is BEST?

A team uses Infrastructure as Code and wants to ensure idempotent deployments while preventing accidental changes to production outside the pipeline. Which combination BEST supports this goal?

An API returns large collections of resources. Clients report slow performance and high memory usage when retrieving all results at once. Which API design improvement is MOST appropriate?

You deploy a stateless API service behind a load balancer. During rolling updates, some requests fail because the service starts receiving traffic before it is ready to handle it. In Kubernetes, what is the BEST fix?

An automation script configures network devices using NETCONF. Occasionally, configuration is partially applied when a connectivity issue occurs mid-change. Which NETCONF capability MOST directly addresses this problem?

Your organization is standardizing on an event-driven architecture. A network telemetry pipeline must tolerate bursts, allow multiple consumers (analytics, alerting, storage), and avoid tight coupling between producers and consumers. Which design BEST meets these requirements?

A DevNet team wants to prevent accidental exposure of credentials when publishing a Python automation repository. Which approach is the BEST practice?

An internal API is being protected by an API gateway. The security team requires that each client app can access only specific endpoints and that access can be revoked without changing the backend service. Which mechanism best meets this requirement?

You are building a CI pipeline that packages a microservice into a container image. To speed up builds and reduce image size, which Dockerfile practice is MOST appropriate?

A Python script repeatedly calls a REST API and intermittently receives HTTP 429 responses. What is the MOST appropriate client-side behavior?

You are designing an event-driven automation system that reacts to network telemetry and triggers remediation workflows. To keep producers and consumers loosely coupled and allow multiple consumers to process the same event independently, which design is BEST?

A team uses Git for infrastructure-as-code. They want to reduce the risk of merging breaking changes into the main branch while keeping delivery frequent. Which workflow is MOST appropriate?

An Ansible playbook configures VLANs on a fleet of switches. The playbook sometimes reports 'changed' even when the devices are already in the desired state. Which improvement MOST directly increases idempotency accuracy?

A developer is troubleshooting a REST API call that returns HTTP 415 (Unsupported Media Type). The request includes a JSON body. What is the MOST likely fix?

You are deploying a remediation service that consumes events and pushes configuration changes to network devices. Security requires that the service has only the minimum permissions needed, and that credentials can be rotated without redeploying the service. Which approach BEST meets these requirements in a containerized environment?

A platform team wants to standardize network automation across multiple tools and vendors. They need a data model-driven approach that can validate configuration structure and enable consistent automation workflows regardless of device CLI differences. Which solution is MOST appropriate?

A developer needs to store configuration for an application deployed in Kubernetes and ensure sensitive values are not visible in plain text in Git. Which approach best meets this requirement?

A script calls a REST API and receives an HTTP 429 response. What is the best next action for the client to take?

You are creating an event-driven automation workflow. Which description best matches the role of a webhook?

A team is building a microservice that makes outbound REST calls to multiple Cisco platform APIs. They want resilient behavior when one API intermittently times out, without overwhelming the remote service. Which design pattern is most appropriate?

An application that consumes Cisco APIs is failing with an HTTP 415 (Unsupported Media Type) when sending JSON in the request body. Which client-side fix is most likely to resolve the issue?

You must allow a CI/CD pipeline to deploy to a Kubernetes cluster using least privilege. The pipeline only needs to create and update Deployments and Services in one namespace. What is the best approach?

A Python automation script queries a Cisco API that returns a large dataset. The API supports pagination using a 'next' link in the response. Which client implementation is the best practice?

Your Ansible playbook configures network devices, but repeated runs show changes even when the configuration is already correct. You need idempotent behavior and accurate change reporting. What is the best first step?

A company is standardizing on a zero-trust model for internal microservices that call Cisco platform APIs. They want each service-to-service call to be authenticated and authorized without embedding long-lived API keys. Which approach best aligns with this goal?

You are building an internal platform that triggers automated remediation when a network event is detected. Requirements: decouple producers and consumers, handle bursts without losing events, and allow multiple independent consumers to process the same event. Which architecture best fits?