Question 1

DRAG DROP Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_62_img_1.jpg Drag and drop the correct parts of the Dockerfile from the left onto the item numbers on the right that match the missing sections in the exhibit to complete the Dockerfile to successfully build and deploy a container running a Python application. Not all parts of the Dockerfile are used. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_62_img_2.jpg

Accepted Answer

Explanation: To build a functional Docker image for a Python application, the instructions must follow a specific logical order: FROM : Specifies the base image ( python:3.6-alpine ). COPY : Moves files from the local directory ( . ) to the container's working directory ( . ). RUN : Executes commands during the build process, such as installing dependencies via pip . EXPOSE : Informs Docker that the container listens on the specified network port ( 5001 ) at runtime. CMD : Sets the default command to execute when the container starts ( ["python", "app.py"] ). ENV , VOLUME , and WORKDIR are valid Docker instructions but do not match the specific values provided in this scenario.

Question 2

An application has initiated an OAuth authorization code grant flow to get access to an API resource
on behalf of an end user.
Which two parameters are specified in the HTTP request coming back to the application as the end
user grants access? (Choose two.)

Accepted Answer

D, E

Explanation: In the OAuth 2.0 authorization code grant flow, after the end-user authenticates and grants consent, the authorization server redirects the user-agent (browser) back to the application's pre-registered redirect URI. This redirect request includes two key parameters in the query string: 1. code: A temporary, single-use authorization code. The application will exchange this code for an access token in a subsequent back-channel request to the authorization server's token endpoint. 2. state: An opaque value used by the application to maintain state between the request and callback and to prevent Cross-Site Request Forgery (CSRF) attacks. The authorization server must return this value unmodified if it was included in the initial authorization request.

Question 3

A developer is working on an enhancement for an application feature and has made changes to a
branch called ‘devcor-432436127a-enhance4‘. When merging the branch to production, conflicts
occurred. Which Git command must the developer use to recreate the pre-merge state?

Accepted Answer

B

Explanation: When a git merge operation results in conflicts, Git pauses the process, leaving the repository in a special "merging" state. The developer must manually resolve the conflicts before committing. If the developer decides to abandon the merge attempt entirely, the git merge --abort command is used. This command aborts the conflict resolution process and restores the repository and working directory to the state they were in just before the merge was initiated.

Question 4

An automated solution is needed to configure VMs in numerous cloud provider environments to
connect the environments to an SDWAN. The SDWAN edge VM is provided as an image in each of the
relevant clouds and can be given an identity and all required configuration via cloud-init without
needing to log into the VM once online.
Which configuration management and/or automation tooling is needed for this solution?

Accepted Answer

D

Explanation: The scenario requires automating the provisioning of virtual machines (VMs) across multiple cloud providers. The core task is to create the infrastructure (the VM) from a pre-existing image and inject a configuration script (via cloud-init) at launch time. Terraform is an Infrastructure as Code (IaC) tool designed specifically for this purpose. It allows users to declaratively define and provision infrastructure resources across numerous cloud and on-premises providers. It directly supports passing user data (cloud-init scripts) during VM creation, which fulfills the requirement to configure the VM without needing to log in post-deployment. This makes Terraform the most suitable and direct tool for the described solution.

Question 5

Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_318_img_1.jpg An engineer is implementing the response for unrecoverable REST API errors. Which message needs to be placed on the snippet where the code is missing to complete the print statement?

Accepted Answer

A

Explanation: The code snippet checks if the response.status_code falls within the range 500, 501, 502, 503, or 504 . In the HTTP protocol standard, the 5xx series represents Server Error responses. These indicate that the server is aware it has erred or is incapable of performing the requested method. Specifically, a 500-series error signifies an unrecoverable server-side issue (such as a crash, gateway timeout, or overload) that prevents it from fulfilling a valid request. Therefore, the message "Error; The server is unable to handle your request" is the only option that accurately describes a 5xx server-side failure.

Question 6

DRAG DROP Drag and Drop the application requirement on the left onto the database type that should be selected for the requirement on the right. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_138_img_1.jpg

Accepted Answer

Explanation: Relational databases (RDBMS) focus on data consistency and integrity. They utilize Highly normalized data to reduce redundancy, Enforced data integrity tools (like foreign keys and constraints) to ensure accuracy, and Structured Query Language (SQL) for complex querying. Nonrelational (NoSQL) databases are designed for modern, high-velocity data needs. They are Elastic, scalable, and schema-free , allowing for unstructured data. They are Highly horizontally scalable , meaning they scale by adding more servers (sharding) rather than upgrading a single unit. Consequently, they excel at Rapid transaction handling for massive volumes of simple read/write operations where the overhead of complex relational joins would cause bottlenecks.

Question 7

Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_239_img_1.jpg A Docker swarm cluster is configured to load balance services across data centers in three different geographical regions west central and east. The cluster has three manager nodes and three worker nodes Anew service named cisco.devnet is being deployed. The service has these design requirements • All containers must be hosted only on nodes in the central region • The service must run only on nodes that are ineligible for the manager role Which approach fulfills the requirements?

Accepted Answer

C

Explanation: In a Docker Swarm, placement constraints are the standard mechanism to limit the nodes where a service can run based on node attributes or labels. To satisfy the first requirement (central region), you would use a constraint like --constraint 'node.labels.region == central' (assuming labels are set). To satisfy the second requirement (ineligible for manager role), you would use the constraint --constraint 'node.role == worker' . In Docker Swarm, manager nodes handle orchestration, while worker nodes are typically the intended targets for application workloads, and constraints are specifically designed to filter these targets during the scheduling phase.

Question 8

Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_235_img_1.jpg An application is created to serve an enterprise Based on use and department requirements, changes are requested quarterly Which application design change improves code maintainability?

Accepted Answer

D

Explanation: In software engineering, code maintainability is heavily dependent on readability and the ability of a developer to understand the intent of the code without extensive reverse-engineering. The exhibit uses generic, single-character variable names like k , v , i , k2 , and v2 . These names provide no context regarding the data being processed. Replacing these with verbose, descriptive names (e.g., department_key , employee_list , record ) allows future developers to understand the data structure and logic flow quickly during quarterly updates, significantly reducing the risk of errors during modifications.

Question 9

A web application is being developed to provide online sales to a retailer. The customers will need to
use their username and passwords to login into then profile and complete their order For this reason
the application must store user passwords Which approach ensures that an attacker wifi need to
crack the passwords one at a time?

Accepted Answer

C

Explanation: The salting technique involves adding a unique, randomly generated value (the "salt") to each user's password before it is hashed. This salt is then stored alongside the hashed password in the database. Because every user has a different salt, even if two users choose the identical password, their stored hashes will be unique. This uniqueness invalidates pre-computed attack methods like rainbow tables, which rely on mapping common passwords to their hashes. Consequently, an attacker who compromises the password database is forced to attempt to crack each password hash individually, using its corresponding salt, which directly fulfills the requirement.

Question 10

DRAG DROP A developer is creating a Python script to analyze errors during REST API call operations. The script will be used with Cisco solution and devices. Drag and drop the code from the bottom to the box where the code is missing to implement control flow for handling unrecoverable REST API calls. Not all options are used. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_224_img_1.jpg

Accepted Answer

Explanation: In Python's requests library, the standard attribute to check the HTTP response status is status_code ; the attribute .status does not exist in this library, making those options invalid. Box 1: A successful authentication POST returns a 200 OK status. Box 2: Upon successful execution and printing the data, sys.exit(0) is used to signal a clean termination to the operating system. Box 3: An "Authentication error" specifically maps to 403 Forbidden (or 401), identifying unauthorized access attempts. Box 4: If the script encounters an error (the elif or else blocks), sys.exit(1) is standard practice to indicate an unrecoverable failure or error state.

Question 11

While developing an application following the 12-factor app methodology, which approach should be used in the application for logging?

Accepted Answer

D

Explanation: The 12-factor app methodology, under Factor XI: Logs, prescribes that an application should treat logs as event streams. It must not concern itself with the routing or storage of its output. Instead, each running process should write its event stream, unbuffered, to standard output (stdout). The execution environment is then responsible for capturing this stream, collating it with other streams, and routing it to appropriate destinations for analysis and long-term storage. Writing unbuffered ensures that logs are not lost if the application crashes before a buffer is flushed.

Question 12

Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_275_img_1.jpg Which line of code needs to be placed on the snippet where the code is missing to provide APl rate- limiting to the requests?

Accepted Answer

C

Explanation: When an API returns a 429 Too Many Requests status code, the standard HTTP protocol (RFC 7231) dictates that the server should include a Retry-After header indicating how long the client should wait before making a new request. In this specific Python snippet, the object self.response is being used to check the status code. Therefore, to retrieve the header value, you must access the headers dictionary of that same object using the .get() method. The .get() method is preferred in Python as it safely handles cases where the key might be missing, and the value must be converted to an integer to be used in the sleep() function.

Question 13

DRAG DROP Drag and drop the code snippets from the bottom onto the boxes where the code is missing to deploy three Cisco UCS servers each from a different template Not all options ate used. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_210_img_1.jpg

Accepted Answer

Explanation: The script uses the Cisco UCS XML API to perform a configuration change. Import: The requests library is required to handle the HTTP communication. XML Method: The method is the specific UCS API call used to create multiple Service Profiles from an existing Service Profile Template. It requires a dn (the template's distinguished name) and an containing the desired names for the new instances. HTTP Method: Since this operation involves sending a payload to the server to create resources, the POST method is required. GET is used only for retrieving information and cannot carry the XML payload required for instantiation.

Question 14

FILL BLANK Fill in the blanks to complete the Python script to enable the SSID with a name of “371767916” in the network resource “11111111” using the Meraki Dashboard API. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_58_img_1.jpg

Accepted Answer

1., 371767916, 2., "PUT", 3., PAYLOAD

Explanation: The Meraki Dashboard API follows REST guidelines where the PUT method is used to update the configuration of an existing resource, such as an SSID. In the provided script, Blank 1 requires the specific SSID name identified in the requirements ( 371767916 ). Blank 2 requires the HTTP verb as a string; since we are enabling/modifying an existing SSID, "PUT" is the correct method. Blank 3 refers to the data being sent in the request body, which was previously defined in the script as the variable payload .

Question 15

Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/350-901/page_208_img_2.jpg The cisco_devnet Docker swarm service runs across five replicas The development team tags and imports a new image named devnet'test 1 1 and requests that the image be upgraded on each container There must be no service outages during the upgrade process Which two design approaches must be used? (Choose two.)

Accepted Answer

A, C

Explanation: For a zero-downtime upgrade, Rolling Upgrades (A) are the fundamental mechanism; Docker Swarm replaces tasks incrementally (default parallelism is 1), ensuring the service remains partially active. However, the update logic alone isn't enough to prevent outages if the networking layer isn't designed to route traffic away from the specific container being stopped. Hosting the service behind a Virtual IP (VIP) with no session persistence (C) ensures that the Swarm load balancer (Ingress Routing Mesh) can instantly redirect traffic to the remaining healthy replicas. Without session persistence, the load balancer is free to re-route requests immediately, preventing a user from experiencing a timeout if their "sticky" container is being updated.

Free Cisco 350-901 Actual Exam Questions