Cisco DevNet Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for Cisco Certified DevNet Associate topics such as REST APIs, HTTP methods, JSON payloads, Python basics, Git, Cisco platform APIs, authentication, secret handling, containers, CI/CD, idempotency, and automation troubleshooting. The prompts emphasize API contract reading and safe automation decisions.

Where these questions fit in the DevNet guide

The sample set below is part of the Cisco DevNet guide path:

• Cisco certification hub
• DevNet exam guide
• DevNet cheat sheet
• DevNet study plan
• DevNet FAQ
• DevNet resources
• DevNet glossary

DevNet automation sample questions

Work through each prompt before opening the explanation. DevNet questions usually reward the answer that honors the API contract, protects credentials, validates state, and makes automation safe to rerun.

---

Question 1

Topic: API method selection

A script needs to retrieve a list of network devices from a controller API without changing controller state. Which HTTP method is the strongest fit?

• A. POST
• B. GET
• C. PATCH
• D. DELETE

Best answer: B

Explanation: GET is the normal read operation for retrieving resources without changing server state.

Why the other choices are weaker:

• A usually creates or submits data.
• C applies a partial update to an existing resource.
• D removes a resource.

What this tests: REST method semantics, read versus write operations, and API contract basics.

Related topics: REST; HTTP methods; APIs; Controller

---

Question 2

Topic: Token exposure in logs

A CI job prints full API request headers during troubleshooting. The logs now contain a bearer token used to access a Cisco platform API. What is the strongest response?

• A. Leave the token unchanged because it was only printed in a build log.
• B. Commit the token to the repository so all developers can reproduce the issue.
• C. Rotate or revoke the exposed token, remove or restrict the logs, and update the pipeline to mask secrets.
• D. Disable authentication on the API until the pipeline is fixed.

Best answer: C

Explanation: DevNet security questions reward secret hygiene. Once a token is exposed, treat it as compromised, limit access to the logs, and prevent future disclosure.

Why the other choices are weaker:

• A ignores credential exposure risk.
• B makes the exposure worse and violates secret-handling practice.
• D weakens the platform instead of fixing token handling.

What this tests: API tokens, CI/CD secrets, log sanitization, rotation, and least privilege.

Related topics: Secrets; CI/CD; Authentication; Logging

---

Question 3

Topic: JSON shape mismatch

A Python script expects an API response field named interfaces to be a list. The script fails when iterating because the actual response contains {"interfaces": {"items": [...]}}. What should the developer do first?

• A. Retry the same request indefinitely because JSON shape errors fix themselves.
• B. Switch from JSON to plain text without checking the API documentation.
• C. Delete the API endpoint because it returned a nested object.
• D. Inspect the response schema and update the parsing logic to match the nested object and list structure.

Best answer: D

Explanation: DevNet parsing questions are often about data shape. The code must match whether the response has arrays, objects, nested keys, and required fields.

Why the other choices are weaker:

• A treats a deterministic parsing problem like a transient fault.
• B changes format without understanding the contract.
• C is an unsafe and irrelevant reaction.

What this tests: JSON objects, arrays, nested keys, Python parsing, and API schema reading.

Related topics: JSON; Python; Parsing; Schema

---

Question 4

Topic: Safe automation rerun

An automation job updates network device configuration across many sites. It may be run multiple times during rollout. Which design principle best reduces duplicate or unintended changes?

• A. Send the same commands repeatedly without reading device state.
• B. Disable error handling so failures are easier to ignore.
• C. Make the workflow idempotent by checking current state before changing it and verifying the result afterward.
• D. Store every device password in clear text inside the script.

Best answer: C

Explanation: Idempotent automation can be rerun safely because it compares desired state with observed state before making changes.

Why the other choices are weaker:

• A risks duplicate changes and does not validate state.
• B hides failure and weakens operational control.
• D violates credential safety.

What this tests: Idempotency, desired state, verification, error handling, and automation safety.

Related topics: Automation; Idempotency; Validation; Desired state

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Cisco or any certification body.