Red Hat Certification
60 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The Red Hat Ansible Automation (EX447) certification validates professional expertise in Red Hat technologies. This study guide covers all 60 practice questions from our EX447 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
Which Ansible module is used to manage systemd services and their enabled/disabled states on target systems?
The systemd module is the modern Ansible module for managing systemd services, enabling/disabling them, and controlling their state. The service module is legacy and less preferred for newer systems.
In Ansible, what is the primary purpose of using the `block` keyword in a playbook?
The block keyword allows grouping of tasks to apply rescue/always blocks, common variables, and conditions to all contained tasks, providing better error handling and organization.
When using Ansible's `become` privilege escalation, which configuration parameter specifies the method to use for privilege escalation?
The become_method parameter determines the escalation method (sudo, su, pbrun, etc.), while become_user specifies which user to escalate to.
Which of the following best describes the role of `ansible-navigator` in modern Ansible automation?
ansible-navigator is the next-generation tool that replaces ansible-playbook, provides execution environment support, improved logging, and a better user interface for running playbooks.
What is the correct syntax to register a variable from a task's output in Ansible?
The register keyword is used to capture task output into a variable for later use in subsequent tasks or conditionals.
In Ansible, which filter would you use to convert a string to uppercase?
The upper filter converts a string to uppercase in Jinja2 templates used by Ansible. The capitalize filter only capitalizes the first letter.
What is the primary function of the `handlers` section in an Ansible playbook?
Handlers are special tasks that execute only when notified by other tasks through the notify keyword, commonly used to restart services when configuration changes.
Which Ansible module is most appropriate for executing arbitrary commands on remote hosts without using shell interpretation?
The command module executes commands directly without shell interpretation, making it safer and more predictable. The shell module invokes /bin/sh for processing.
What does the `ansible-inventory` command primarily allow you to do?
ansible-inventory displays inventory information, shows host/group variables, can output in JSON or YAML format, and helps debug inventory issues.
In Ansible Galaxy, what is a 'collection'?
Collections are distributable packages containing roles, modules, plugins, and documentation that extend Ansible functionality and can be installed from Ansible Galaxy.
Which of the following statements about Ansible idempotency is correct?
Idempotency is a core Ansible principle where running a playbook multiple times produces the same result without making unnecessary changes if the desired state is already achieved.
What is the purpose of the `meta` module in Ansible?
The meta module executes Ansible-specific operations such as 'flush_handlers', 'clear_facts', and 'refresh_inventory' without connecting to target hosts.
Which Jinja2 conditional statement is used in Ansible templates to test if a variable is defined?
The 'is defined' test checks whether a variable has been defined in Ansible's context, which is more reliable than checking for truthiness or None values.
In an Ansible role, what is the standard purpose of the `defaults` directory?
The defaults directory contains main.yml with role variables that have the lowest precedence in Ansible's variable hierarchy, allowing easy customization.
What is the correct way to conditionally execute a task in Ansible using host facts?
The `when` keyword allows conditional execution based on variables, facts, and expressions, such as: when: ansible_facts['os_family'] == 'RedHat'
Which Ansible module would you use to check if a file exists on a remote system and gather information about it?
The stat module retrieves file status and metadata information similar to the Linux stat command, without modifying the file.
In Ansible tower/AWX, what is a 'credential'?
Credentials in AWX/Tower are secure, encrypted storage objects for various authentication methods used by projects, inventory sources, and job templates.
What does the `async` keyword do when used in an Ansible task?
The async keyword specifies a timeout period and allows Ansible to continue without waiting for task completion, useful for long-running tasks.
Which Ansible best practice involves using `ansible-vault` to protect sensitive data?
ansible-vault encrypts specific sensitive files and variables at rest, which can be decrypted at runtime with a password or key file.
In Ansible, what is the purpose of the `loop` keyword compared to the legacy `with_*` constructs?
The loop keyword is the recommended modern approach for iteration in Ansible, providing consistent and predictable behavior, replacing the older with_items, with_dict, etc.
What is the correct syntax to use an Ansible filter to extract the first element from a list?
The first filter in Jinja2 templates returns the first element of a list, using the pipe syntax for Ansible filters.
Which strategy in Ansible determines how tasks are distributed and executed across multiple hosts?
Linear strategy is the default and executes tasks sequentially across all hosts before moving to the next task. Free strategy lets each host progress independently.
In an Ansible playbook, what is the difference between `vars` and `vars_files`?
vars allows inline variable definition within the playbook, while vars_files loads variables from external files, promoting better organization and reusability.
What does the `check` mode in Ansible do?
Check mode (--check flag) performs a dry-run simulation showing what changes would occur, without actually modifying target systems, useful for validation before execution.
Which Ansible plugin type is responsible for processing task return values and determining task status?
Callback plugins process task results and return values, controlling output formatting and status reporting. Other plugin types handle different aspects like variable lookups or connections.
You are designing a playbook that needs to handle multiple inventory sources dynamically. Which inventory plugin would you use to merge inventory from both static files and cloud providers in a single play?
The composite inventory plugin allows multiple inventory sources to be merged and prioritized using the enable_plugins directive in ansible.cfg, enabling dynamic inventory composition from multiple backends.
What is the purpose of using ansible-inventory command with the --graph option?
The --graph option displays the inventory as a hierarchical tree, showing which hosts belong to which groups and group relationships, useful for understanding inventory structure.
You need to create a custom Jinja2 filter that processes host variables. Where should this filter be placed to ensure it loads automatically with your playbooks?
Ansible automatically loads custom filter plugins from a filter_plugins directory relative to the playbook location, making it the standard practice for local custom filters.
What is the correct syntax to register a variable and then use a failed_when condition to determine if a task has failed based on that variable's content?
The failed_when directive is set within the same task block as the register directive, allowing you to define custom failure conditions based on task output immediately.
You are using Ansible to manage both Linux and Windows hosts. Which callback plugin would you enable to get detailed, color-coded output showing task status changes across both platforms?
The default callback plugin with force_color=True option in ansible.cfg provides cross-platform colored output showing task status, and works consistently on both Linux and Windows.
When using the block directive, what is the scope of variables registered within a block when an error occurs and the rescue section executes?
Variables registered in the block section remain accessible in the rescue and always sections, allowing error handling logic to reference data from failed tasks.
You need to dynamically include tasks based on the OS family of the target host. What is the difference between using include_tasks and import_tasks for this scenario?
include_tasks evaluates conditionals dynamically at execution time, allowing OS family conditionals to work properly, while import_tasks resolves everything at parse time.
What Ansible feature allows you to define a set of variables that should be encrypted and automatically decrypted during playbook execution?
Ansible Vault encrypts files containing sensitive variables and automatically decrypts them when the vault password is provided during playbook execution.
You are troubleshooting a playbook that uses the loop keyword with a large list of items. Which strategy would best reduce the amount of output while still showing which specific items failed?
The loop_control label option allows you to specify which item attribute to display, significantly reducing output clutter while maintaining item-level visibility in failures.
When using the vars_prompt feature, how can you mark a variable as sensitive so its value is not echoed to the terminal during input?
The no_echo option in the vars_prompt variable definition prevents displaying the input value, similar to password prompts, protecting sensitive information during interactive playbook execution.
You need to run a task only on hosts where a specific package is already installed. Which conditional should you use to check installed packages?
The package_facts module gathers information about installed packages and stores it in ansible_facts.packages, allowing you to reliably check package installation status in conditionals.
What is the purpose of the meta: clear_host_errors task in a playbook?
meta: clear_host_errors resets the failed flag for hosts that have failed tasks, allowing them to participate in subsequent plays without being skipped due to previous failures.
You are creating a role that should apply different configurations based on the host's memory size. How would you best structure this using role variables?
Storing defaults in defaults/main.yml allows overrides while using conditional includes of memory-specific variable files provides clean, maintainable configuration management within a role.
When using the ansible.builtin.wait_for module, what is the default port checked if you specify a host without explicitly setting the port parameter?
The wait_for module defaults to checking port 22 (SSH) when only a host is specified, making it useful for waiting for SSH availability after server startup.
You need to validate that a playbook will execute correctly against your infrastructure without making any changes. What command-line option should you use?
The --check option runs the playbook in check mode (no changes applied) and --diff shows what would change, allowing you to validate the playbook without affecting the infrastructure.
What does the serial keyword do in a play, and what is its impact on task execution order?
The serial keyword limits the number of hosts processing tasks simultaneously, allowing controlled batch deployments where later batches depend on earlier ones completing successfully.
You have a role that should not be applied to a specific subset of hosts based on inventory group membership. Which approach best achieves this?
The hosts directive supports negation syntax using '!' to exclude specific groups, providing the cleanest way to prevent role application to certain host subsets at the play level.
What is the correct way to pass extra variables to an ansible-playbook command that contains special characters and spaces?
Both methods are valid: inline variables with -e and proper quoting, or file-based variables with @filename. The choice depends on complexity and whether values are reusable.
When implementing role-based access control, which directory structure should you use to organize roles by function or environment?
The roles_path in ansible.cfg can specify multiple colon-separated paths, allowing you to organize roles by environment or function while maintaining clear separation of concerns.
You need to ensure a task only executes if the preceding task's result changed the target system. Which conditional expression is correct?
The is changed test is the correct Jinja2 test to check if a registered variable indicates a system change occurred during task execution.
What is the advantage of using the include_role vs. import_role directives when you have conditional logic that determines which roles should be applied?
include_role processes conditionals at execution time using gathered facts, enabling dynamic role selection, while import_role resolves everything at parse time making it less flexible.
You are designing a playbook that manages configuration across both RHEL and Debian-based systems. How should you structure variable overrides to ensure OS-specific values are applied correctly?
Creating group_vars with directory names matching distribution groups (e.g., group_vars/redhat/, group_vars/debian/) allows variables to be applied based on group membership, cleanly separating OS-specific configurations.
When using the assert module, what is the correct syntax to provide a custom failure message?
The assert module uses the fail_msg parameter to provide custom error messages when assertions fail, allowing descriptive debugging information.
What is the purpose of the ansible.builtin.copy module's backup parameter, and when should it be used?
Setting backup: yes creates a timestamped backup file of the original before overwriting, useful for configuration management when rollback capability is needed.
You need to create a playbook that runs tasks at specific times using cron scheduling. Which Ansible module should you use, and what is the configuration best practice?
The cron module manages cron jobs idempotently and is the recommended approach for Ansible-based cron scheduling, though systemd timers are also viable on modern systems.
When using Ansible Tower/AWX, which credential type is used to authenticate to a remote Ansible host via SSH?
Machine credentials in Ansible Tower/AWX are used for SSH authentication to managed hosts. They contain username, password, or SSH key information needed for host connectivity.
You need to implement role-based access control (RBAC) in Ansible Tower to restrict a team's ability to execute only specific job templates. Which Tower feature should you configure?
Ansible Tower's RBAC system uses team permissions and role assignments to control which users and teams can execute, modify, or view specific job templates and resources.
When writing a custom Ansible module in Python, which class must your module inherit from to ensure proper integration with Ansible's module framework?
Custom Ansible modules in Python must instantiate or work with the AnsibleModule class, which provides the interface for argument parsing, file operations, and result handling required by Ansible's execution framework.
You are debugging an Ansible playbook that uses handlers. The handler is defined but never executes even though a task with 'notify' is changed. What is the most likely cause?
Handler names must match the notify statement exactly, including case and whitespace. Even minor differences in spelling or formatting will prevent handler execution despite task changes.
In an Ansible playbook, you need to conditionally include an entire task file based on the value of a variable. Which approach is most appropriate?
The 'include_tasks' module supports 'when' conditions at the include level, allowing an entire task file to be conditionally included based on variable values. This is more efficient than checking conditions on individual tasks.
You are using Ansible Vault to encrypt sensitive data. After encrypting a file with vault, how should you provide the vault password when running a playbook that uses this encrypted file?
Ansible provides the '--vault-password-file' option to read a password from a file or '--ask-vault-password' to prompt the user. These are the standard, secure methods for providing vault passwords at runtime.
When developing a complex playbook with multiple roles, you notice that variable precedence is causing unexpected behavior. Which of the following represents the CORRECT variable precedence order from lowest to highest in Ansible?
Ansible's variable precedence from lowest to highest is: role defaults, role vars, inventory variables, playbook vars, and extra vars (passed via -e flag). This allows maximum flexibility in variable overrides.
You need to create an Ansible role that can work across multiple operating system families with different package managers and configuration file locations. What is the best practice approach?
Using 'include_vars' with variable files organized by OS family and conditional tasks based on 'ansible_os_family' is the recommended approach for multi-OS roles, keeping the role reusable and maintainable.
In Ansible Tower, you configure a job template to use a credential store integration with HashiCorp Vault. What must be set up first to enable this functionality?
Ansible Tower's credential store integration with HashiCorp Vault requires creating a Vault credential type that specifies the Vault server URL and authentication method (e.g., AppRole, token), which is then referenced in job templates to retrieve secrets dynamically.
You are writing an Ansible playbook that must collect system facts from a newly provisioned server that may take several minutes to become fully responsive. What approach best handles potential timing issues?
The best practice is to use 'wait_for' to ensure SSH connectivity and the system is ready before attempting to gather facts, allowing for retries and reasonable timeouts rather than leaving tasks unhandled or with infinite waits.
You've reviewed all 60 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free