50 rhcsa rhce exam questions Practice Questions: Question Bank 2025

You need to run an ad-hoc Ansible command to check free disk space on all managed nodes in the inventory group "web" without writing a playbook. Which command is the best choice?

A playbook task using the yum/dnf module fails on several managed nodes with an error indicating Python is missing. What is the recommended way to allow Ansible to manage a minimal RHEL-like node that has no Python installed yet?

You want to avoid using passwords in playbooks and ensure predictable authentication to managed nodes. Which approach is considered best practice for SSH connectivity in Ansible-managed environments?

A task in your playbook should run only when the host is in the inventory group "db". Which task directive is the most appropriate?

You have a playbook that should restart a service only if its configuration file was changed by a template task. What is the recommended Ansible pattern to implement this behavior?

Your playbook must deploy an application configuration that differs by environment (dev, test, prod). You want a clean variable precedence model without duplicating tasks. Which approach is most appropriate?

You are building a role named "webapp". The role must support different OS families by installing different packages, but the service configuration tasks are identical. What is the best role structure to keep the role maintainable?

Your organization requires that database credentials be stored securely and never appear in plaintext in git. You need to use the credentials in templates and tasks. Which solution best meets this requirement?

You downloaded a role from Ansible Galaxy and need to ensure future installs are repeatable in CI/CD. The pipeline must always use the same role version that you tested. What is the best way to implement this?

A playbook uses a vaulted vars file. In a scheduled automation job, the run fails because no interactive prompt is available to enter the vault password. You must fix this while keeping the vault secret out of the playbook and git repository. Which approach is most appropriate?

You need to run an ad-hoc command to gather only the OS distribution facts from hosts in the inventory group 'web' without running a full playbook. Which command is the best choice?

Some managed nodes are only reachable through a bastion host (jump host). You want Ansible to connect to these nodes without modifying the target nodes. Which approach is recommended?

You want to download and install a community role from Ansible Galaxy and ensure it is installed into a project-local roles directory named ./roles. Which command should you use?

A playbook should restart the httpd service only when its configuration file changes. Which task pattern best meets this requirement?

You have a role that must install a package named 'httpd' on Red Hat-based systems and 'apache2' on Debian-based systems. Which role structure is the best practice to implement this cleanly?

A playbook fails with: "ERROR! conflicting action statements: hosts, tasks". The snippet is: - name: Deploy app hosts: app tasks: - name: Include tasks include_tasks: hosts: app tasks: - debug: msg="hi" What is the most accurate fix?

You need to reference a vaulted variable file in a playbook, and the automation must run non-interactively in a CI pipeline. Which approach is recommended to provide the vault secret?

A play must run a task only on hosts that have at least 2 GB of memory (based on gathered facts). Which condition is correct?

You manage multiple environments (dev, test, prod) with the same role. Each environment needs different values for the same variables, and you want the most predictable, maintainable precedence. Which design is best?

A team uses both internal and external Galaxy content. They need to ensure playbook runs are reproducible and do not unexpectedly change when upstream releases updates. What is the best solution?

You want to confirm Ansible can reach a newly added managed node and gather basic facts without running any configuration changes. Which command is most appropriate?

A playbook uses tasks that require elevated privileges on managed nodes. What is the recommended way to enable privilege escalation for all tasks in a play?

You need to protect a variable file containing API credentials used by multiple playbooks. Which approach best aligns with Ansible best practices?

A playbook should run a potentially disruptive task only when the file /etc/myapp/enable_maintenance exists on the managed node. Which task condition is most appropriate?

You are writing a reusable role to install and configure a service. Some tasks should run only on Red Hat-based systems, and others only on Debian-based systems. Which design is most maintainable?

A playbook fails with an error indicating it cannot connect using SSH keys. You confirm the correct key exists on the control node, but Ansible still prompts for a password. What inventory setting most directly addresses using a specific private key per host?

You must consume a role from Ansible Galaxy in a controlled manner so that repeated installs on different systems produce the same role content. Which approach is recommended?

A role includes a Jinja2 template and should restart a service only when the rendered configuration file changes. Which implementation best matches Ansible’s idempotent pattern?

Your site.yml includes a vaulted vars file. Automation runs non-interactively in CI and must decrypt vault content without prompting. Which solution is most appropriate while keeping secrets out of the playbooks?

A play uses serial: 2 to update a cluster. A task sets a fact used later to decide whether to drain nodes. However, the decision must be based on a value computed once from the first host in the play and shared across all hosts in subsequent tasks. Which technique is most appropriate?

You are writing a playbook that should only run tasks on hosts that belong to the inventory group webservers AND have the host variable env set to 'prod'. Which approach best fits Ansible best practices?

A playbook uses the yum module to install packages. On some managed nodes the task fails because Python is not available, but SSH access works. What is the recommended Ansible approach to bootstrap these nodes so modules can run?

You need to store sensitive variables (like database passwords) in a Git repository used by a team. Which Ansible feature is specifically designed for encrypting these variables while keeping them in source control?

You want to reuse a role across multiple projects without copying it into each repository. Which approach is most aligned with Ansible best practices for sharing reusable content?

A role should manage a configuration file and restart a service only when the file content changes. What is the correct design pattern inside the role?

A playbook uses a Jinja2 template that references hostvars[inventory_hostname]['ansible_default_ipv4']['address']. On some hosts, the value is undefined and the playbook fails. What is the most likely cause and best fix?

You need a playbook to install a package on all hosts, but only start and enable a service on hosts in the inventory group appservers. Which implementation is most appropriate?

A team wants to set a default value for a role variable but allow inventory or extra-vars to override it. Where should the role define this default value?

Your organization requires that a playbook can be run non-interactively in CI while using Vault-encrypted variable files. What is the most secure and automation-friendly method to provide the Vault secret?

A playbook must run on a hardened environment where SSH access is only allowed through a bastion host, and direct SSH to managed nodes is blocked. The bastion can reach the managed nodes. Which Ansible configuration best addresses this requirement while keeping playbooks unchanged?

You are running playbooks from a control node where SSH host key checking is enabled. Several newly provisioned managed nodes fail with "Host key verification failed". What is the BEST practice to avoid interactive prompts and still keep SSH trust intact?

A playbook needs to reference a group of hosts called dbservers and use group-specific variables defined in group_vars/dbservers.yml. Which inventory structure is MOST appropriate?

You need to ensure a task runs only when a package named httpd is installed on the managed node, without attempting to install it. Which approach is MOST appropriate?

A role named webconfig contains a template task that should notify a handler to restart nginx, but the handler never runs. The task is in roles/webconfig/tasks/main.yml and includes: notify: restart nginx. Where must the handler be defined for Ansible to find it by default?

Your team uses ansible-navigator with an execution environment. A playbook fails because it cannot find a required Ansible collection that exists on the control node, but not inside the execution environment. What is the BEST fix?

A playbook includes a file vars/vault.yml that is encrypted with Ansible Vault. In a CI pipeline, you must run the playbook non-interactively without storing the vault password in plaintext on disk. Which solution is MOST appropriate?

You are writing a role that must work on both RHEL and Debian-family systems. The role needs to install a list of packages whose names differ by OS family. Which approach is BEST practice for maintainability?

A playbook configures a service by writing a config file and then restarting the service. You want the restart to occur only if the config file actually changed, and you also want the restart to happen at the end of the play (not immediately). What should you do?

You are using ansible-galaxy to install a set of collections specified in requirements.yml. The CI job must be deterministic and avoid unexpected updates. Which requirements.yml entry BEST supports this goal?

A role must store an encrypted API token. Different environments (dev, test, prod) each have their own token, and all use the same role. You want to avoid duplicating role code and keep secrets separated per environment while allowing the same playbook to run against all environments. Which design is BEST?