Appendix A. Answers to Review Questions
Chapter 1
1. B, Task based. In this scenario, you are triggering a task to change the hostnames of all your devices. Even though you are using the device’s IP address to derive its location, this is not what triggers the automation.
2. B, Configuration. The intent is to configure new hostnames.
3. B, Pull model. Your network is already bandwidth constrained, and you don’t want to stress it even further by having devices constantly pushing their metric data.
4. A, Push model. SNMP traps are sent by the devices to a configured destination.
5. Configuration drift means that devices have different configurations from each other or from your template configurations. It occurs when changes are made to the devices in an untracked manner (for example, during maintenance windows or tests). There are many ways to address this issue, and a popular one is to monitor device configurations compared against templates. If a change is detected, the known good configuration should be applied.
6. B, Ansible, and D, Python. Splunk and Kibana are visualization tools and cannot fulfill a configuration use case. In a multivendor environment, Cisco DNAC is not suitable due to its focus on Cisco-only equipment. Terraform’s main use case is provisioning rather than configuration.
7. D, Terraform, and E, Python. Splunk is a visualization tool and cannot fulfill a provisioning use case. Cloud event-driven functions can be executed in response to events; they are not used to provision infrastructure as a workflow. DNAC does not have cloud provisioning capabilities.
8. D, Chef, and E, Ansible. Kibana is a visualization tool. Terraform is best suited for provisioning use cases, but in this case, you want to manage already provisioned servers. Although DNAC can help you manage your infrastructure, it is targeted at network infrastructure, not servers.
9. A, Kibana, and C, Splunk. Kibana is an open-source log visualization tool that perfectly fits this use case. Grafana is also a visualization tool, but its focus in on metric data. Splunk is an enterprise solution that can consume logs in a central place. DNAC can show you logs from the managed devices, but this question does not say that all devices are Cisco and DNA supported; therefore, DNAC is not an ideal choice.
10. B, Plan. Terraform generates an execution plan but does not execute it. It is a nice-to-have step to stage changes before actually applying them, but this step is not mandatory.
11. C, Ansible. The security requirement that bans installation of an agent excludes Chef, as it is an agent-based solution. Terraform is focused on provisioning rather than configuring. As there is no mention of the devices being Cisco DNAC supported devices, the best answer is Ansible.
12. B, False. Kibana excels at utilizing log data.
13. A, True. Although their name has the keyword cloud, event-driven functions can interact with on-premises components as long as there is IP reachability.
Chapter 2
1. A, Container list. All the other options are valid YANG components, according to RFC 6020.
2. B, False. Indentation is key, unlike in other data formats. In a file, the number of indentation spaces must always be the same. By convention, two spaces are typically used.
3. A, scalar, and B, dictionary. In YAML, there are three data types: scalar, list, and dictionary.
4. A, Yes. The YANG shown here conforms to the specifications.
5. A, True. The payload starts and ends with <rpc> tags. This is because the whole process is based on remote procedure calls (RPCs).
6. B, PATCH. You should use PATCH if you only want to update a single field out of many. It allows you to keep every other previously configured value unchanged.
7. B, XML, and D, JSON. RESTCONF can be encoded using either XML or JSON.
8. B, False. Syslog can have slight differences, depending on the vendor implementation.
9. C, Log exporter. SSH and NETCONF need something on top in order to achieve automation; they are only protocols. Python can certainly achieve the goal, but the effort and complexity in comparison to log exporters is higher.
10. A, curl, and B, Postman. curl is a command-line utility tool for getting and sending data using URLs. Postman is a tool with a graphical interface that allows to interact with APIs.
Chapter 3
1. A, d. This wildcard matches one digit.
2. C, s. This wildcard matches a whitespace character.
3. A, 255.257.255.255, and B, 10.00.0.1. This is a relatively simple regex that will match more than valid IP strings as you can see from option A. To match only on valid IP addresses, you should use more complex regex expressions than the one shown.
4. B, Data aggregation. If your network is already constrained, you want to stress it as little as possible while obtaining the necessary monitoring metrics. Aggregating metrics in time ranges or using similar techniques helps you achieve this.
5. B, Line chart. For CPU utilization, the history is important, and a line chart gives the viewer a good understanding of its evolution through time.
6. C, Gauge. A gauge is ideal for quickly understanding a metric when historical data does not add value—as is the case with memory utilization.
7. B, False. Alarms can trigger both manual human interventions and automatic actions, such as Ansible playbook executions or scripts.
8. A, Use AutoML. If you lack domain expertise in artificial intelligence or machine learning but are looking to create models, the best way is to take advantage of AutoML, which enables you to only provide the data.
9. A, One or more occurrences. The wildcard matches one or more occurrences of the previous character.
10. A, Regression. You are trying to predict a numeric value that the machine learning needs to process transactions.
Chapter 4
1. B, Python. Ansible is an open-source software tool written in Python.
2. A, YAML, and B, INI. Ansible inventory files can be written in three formats: YANG, JSON, or INI.
3. D, switch01.example.com. 10.20.20.1 is part of the hosts group Spain, and 10.10.10.1 and switch01.example.com are part of the group Portugal.
4. B, Host variable. The status is under host 10.10.10.1 and has the value “prod”.
5. B, In a separate file that is uploaded to the repository. The hosts variable folder is a fine place to have some variables if they are static to the hosts. Playbook variables are typically different from host variables, and you should separate your variables from your playbooks to enhance reusability. Passing in variables during CLI execution is acceptable but not friendly for automation.
6. A, {{ example }}. The syntax for referring to a variable in Ansible is {{ variable_name }}.
7. Ansible Vault allows you to store variables in encrypted format. When you have sensitive variables, you should use a Vault instead of saving your secrets in plaintext.
8. B, plays. A playbook is composed of one or more plays in a sequence.
9. B, False. By default, Ansible runs each task on all hosts affected by a play before starting the next task on any host.
10. B, False. In use cases that require asynchronous communications (for example, long-running tasks), you can use the async and poll keywords to achieve this type of behavior.
11. C, until. until retries a task until a certain condition is met. This is particularly useful for verifications that may not succeed at first try.
12. B, -f. By default Ansible’s number of forks is 5. If you have the processing power available and want to use more forks, you can configure this by using the -f option.
Chapter 5
1. B, False. The lookup function only works for local files.
2. A, Base-64. You must decode the output before you can read it.
3. B, delegate_to. By using the delegate_to function, you can execute the task in the host you specify; in this case, you would specify localhost.
4. A, Yes. ansible_facts captures the interfaces’ IP addresses.
5. A, command. There is no of using the package manager yum. The machines are Linux servers, not Cisco IOS devices, so ios_config is also out. slurp is a remote file module.
6. A, os_family. The os_family variable takes as a value the operating system of the host you connect to if you are gathering facts. Based on this, you can choose the appropriate installation method.
7. B, No, you can still use Ansible. When no module is available—which can happen with in-house software—you can use the custom API module or build your own Ansible module.
8. C, Use the lookup function. Although the uri module would also work, the preferred way to crawl websites is by using the lookup function.
9. D, netconf_get. Using this module is the easiest way to retrieve information using NETCONF.
10. B, absent. The absent state deletes the virtual machine with the given name if it exists.
Chapter 6
1. B, False. NetDevOps is the adoption of DevOps software practices in networking. It is not a software development methodology.
2. A, Configuration drift. Infrastructure as code helps reduce configuration drift, as do NetDevOps CI/CD practices, by eradicating ad hoc changes in network devices.
3. C, Create. The DevOps phases are plan, code, build, test, release, deploy, operate, and monitor.
4. A, Declarative pipelines, and C, Scripted pipelines. Scripted and declarative are the two supported pipeline types supported by Jenkins.
5. A, Jenkins. Ansible and Terraform are configuration management/provisioning tools, and Git is a source control system.
6. A, Distributed. Git has distributed architecture, keeping full copies in each of the clients’ machines.
7. A, True. Jenkins uses a controller/agent architecture, and you can easily scale it by simply adding more agents.
8. A, git branch. This command creates a new parallel and independent branch that is initially just like the one it branches out of.
9. A, git checkout. This command followed by the commit hash points the head to that commit and modifies the repository to reflect its state at the time of the commit.
10. D, Unlimited. You can define any number of steps (instructions) within a single stage. However, it is not common to use many; rather, different commands are used in different stages.
Chapter 7
1. B, Culture. Although your current corporate culture is very important to consider when crafting an automation strategy document, it is not one of the five pillars.
2. D, High-level purposes. A goal in the context of an automation strategy is a high-level purpose that you want to achieve. For example, Company XYZ’s goal might be to increase its profit margin.
3. D, Description. An action plan should have at least dates and owners for each action. However, you can add more fields if deemed necessary to make the plan more readable and understandable.
4. C, 6 months to 2 years. An automation strategy is bounded by a time frame, typically no less than 6 months and no more than 2 years, depending on the company size. After that time frame, the strategy should be revised.
5. B, False. The automation strategy document should be an effort between a wide variety of stakeholders, from technical to upper management. It is a companywide effort.
6. A, Yes, a strategy can span multiple objectives. There are cases in which a strategy contributes to more than one objective.
7. B, False. You can and should link other strategy documents if they are relevant in the automation context. Examples of commonly linked documents are the financial strategy and the data strategy.
8. D, 4. The four levels are 1: No automation at all, 2: Configuration automation 3: Orchestration management, 4: Service abstraction.
9. D, Tactics. Tactics are the low-level steps to achieve strategies, and you use them to enumerate the tools to be used.
10. D, Unlimited. There is no limit to how many tactics you can define to achieve a specific strategy.