Q1) Secure calls to device APIs with self-signed certs
Your Python script talks to an IOS-XE device’s RESTCONF API over HTTPS. The device uses a self-signed certificate. What’s the best practice?
A. Pass verify=False in requests.get() to skip TLS checks
B. Import the device (or CA) cert into a trust bundle and pass its path via verify="/path/to/ca.pem"
C. Switch to plain HTTP to avoid certificate errors
D. Add a custom header X-Trust: true so the server allows the call
Detailed Explanation: Properly trust the certificate by adding the device/CA cert to a bundle and using verify=.... Disabling verification or using HTTP weakens security; headers don’t affect TLS validation.
Q2) RESTCONF media types
When sending and receiving YANG-modeled data in JSON via RESTCONF, which headers are correct?
A. Content-Type: application/json only
B. Accept: application/yang-data+json and Content-Type: application/yang-data+json
C. Accept: text/plain
D. No headers required
Detailed Explanation: RESTCONF uses YANG-aware media types; both request and response should negotiate application/yang-data+json for JSON payloads.
Q3) Preventing configuration race conditions in NETCONF
Before editing the <running> datastore on a multi-user device, which NETCONF RPC should the client send?
A. <get>
B. <commit>
C. <lock>
D. <discard-changes>
Detailed Explanation: <lock> reserves the target datastore to prevent concurrent edits. <commit> applies changes, <discard-changes> drops candidate edits, and <get> only reads data.
Q4) gNMI subscription choice
You need near real-time updates only when configuration or state changes occur, minimizing bandwidth. Which gNMI subscription mode fits?
A. sample
B. once
C. on_change
D. poll
Detailed Explanation: on_change streams updates only when values change. sample is periodic, once is a one-time snapshot, and poll is client-triggered.
Q5) Ansible with RESTCONF on IOS-XE
You will automate IOS-XE via RESTCONF (not CLI or NETCONF). Which inventory connection is correct?
A. ansible_connection=network_cli
B. ansible_connection=netconf
C. ansible_connection=httpapi
D. ansible_connection=local
Detailed Explanation: RESTCONF is HTTP-based, so use ansible_connection=httpapi (with the appropriate ansible_network_os for IOS-XE). network_cli is SSH CLI; netconf is for NETCONF sessions.
