Cisco AITECH 810-110: Agentic AI

Topic snapshot

Sample questions

These original IT Mastery practice questions are aligned to this topic area. Use them for self-assessment, scope review, and deciding what to drill next.

Question 1

Topic: Agentic AI

A team is designing an agent to triage customer refund requests. The agent may read CRM records and draft refund recommendations, but it must follow refund policy, avoid exposing customer PII to external tools, and require manager approval before any refund is issued. Which planning control is the BEST technical decision?

Options:

• A. Increase the model context window for full CRM history

• B. Let the agent self-approve low-confidence refunds

• C. Use a more creative planning prompt for edge cases

• D. Use policy-aware plans with tool allowlists and approval gates

Best answer: D

Explanation: Agent planning controls should translate business intent and safety boundaries into enforceable runtime behavior. For this refund agent, the plan should include explicit policy checks, allowed tools for sensitive data handling, and a human-in-the-loop approval checkpoint before issuing refunds. These controls limit autonomous action while still letting the agent perform useful triage and drafting. A larger context window or more creative prompt may improve information access or idea generation, but they do not enforce policy, privacy, or approval requirements.

• More context may help summarize CRM history, but it does not prevent policy violations or unsafe tool use.
• Self-approval conflicts with the stated manager approval requirement for issuing refunds.
• Creative prompting can make responses more flexible, but it weakens predictability for a governed workflow.

Question 2

Topic: Agentic AI

A network operations team wants an AI system to handle incident triage. The system must break a high-level ticket into investigation steps, query approved monitoring and ticketing APIs, remember findings across steps, and keep working until it either identifies a likely cause or reaches an escalation condition. Which approach best maps to these requirements?

Options:

• A. A scheduled script with fixed API calls and no state

• B. An agentic workflow with planning, tool use, state, and iteration

• C. A single-turn LLM prompt that summarizes the ticket

• D. A RAG chatbot that only retrieves incident documents

Best answer: B

Explanation: Agentic AI is appropriate when a system must do more than generate one response. In this scenario, the system needs to decompose a goal, call approved tools, preserve intermediate results, and repeat actions based on what it learns. State tracking lets the agent avoid losing context between investigation steps, while iterative execution lets it adjust the next action after each tool result. Clear stop or escalation conditions are also important so the workflow does not run indefinitely or take unsupported action. A plain LLM prompt or retrieval-only chatbot can assist, but it does not provide the full autonomous loop required here.

• Single-turn summary fails because summarization does not plan or continue investigation across multiple tool results.
• Retrieval-only RAG can ground answers in documents, but it does not by itself execute multi-step API-driven triage.
• Fixed script lacks adaptive planning and stateful iteration, so it cannot change steps based on findings.

Question 3

Topic: Agentic AI

An operations agent will use Model Context Protocol (MCP) to support a change-review workflow. Interpret the interaction note and choose the MCP primitive mapping that best fits the agent needs.

Exhibit: MCP interaction note

Options:

• A. Tool, resource, prompt

• B. Prompt, tool, resource

• C. Resource, prompt, tool

• D. Resource, tool, prompt

Best answer: D

Explanation: MCP primitives separate different kinds of agent interaction. A resource is used when the agent needs to read or retrieve context, such as approved service metadata. A tool is used when the agent must perform an action in an external system, such as opening a change ticket. A prompt is used when the agent should reuse a predefined instruction template, such as a standard review format.

The key distinction is read context versus invoke action versus reuse instructions.

• Tool for reading is a trap because fetching catalog metadata is context access, not an external action.
• Prompt for metadata fails because a prompt template does not provide live approved service data.
• Prompt for ticketing fails because opening a ticket requires an action-capable tool, not reusable instructions.

Question 4

Topic: Agentic AI

An agent handles customer refund requests and can call CRM and payment tools. Review the trace and choose the best next action before the agent continues.

Exhibit: Agent tool trace

Goal: refund customer if order was delivered late and eligible
CRM.lookup_order(order_id=7841)
  status: delivered_late
  total: $428
  confidence: 0.62
  source: cached replica
  warning: record updated during sync
Next planned tool call: Payments.issue_refund(amount=$428)
Policy: refunds over $250 require verified order data before payment action

Options:

• A. Increase the agent payment permission limit

• B. Issue the refund using the cached CRM result

• C. Verify the order data from an authoritative source

• D. Ask the LLM to infer eligibility from the trace

Best answer: C

Explanation: Agentic workflows should not treat every tool result as safe to use in later actions. Here, the next step is a payment tool call, the amount is over the stated verification threshold, and the CRM output is low confidence from a cached replica with a sync warning. That combination makes the tool output insufficient for an irreversible or sensitive action. The agent should validate the order data against an authoritative source, or route for an approval checkpoint if verification cannot be automated.

The key practitioner judgment is that tool output can become a dependency for later execution. When the downstream step has financial, security, or compliance impact, verification is part of the execution boundary.

• Cached result trust fails because the trace explicitly shows low confidence and a sync warning.
• LLM inference fails because reasoning over uncertain data does not verify the underlying source.
• Permission expansion fails because broader permissions do not fix unverified input data.

Question 5

Topic: Agentic AI

A team is adding an MCP server to a cloud-hosted support agent. The agent may read approved troubleshooting articles and draft remediation steps, but customer tickets can contain PII, network-change actions require human approval, and the security team needs auditability. Which MCP integration design is the best technical decision?

Options:

• A. Expose scoped resources, read-only prompts, approval-gated tools, and audit logs

• B. Embed all procedures in prompts and disable resource access

• C. Expose change tools directly to reduce remediation latency

• D. Expose the full ticket database and rely on the system prompt

Best answer: A

Explanation: MCP integrations can expose three different risk surfaces: resources that provide data, tools that perform actions, and prompts that shape agent behavior. In this scenario, the safest design is to scope resources to approved troubleshooting content, avoid unnecessary PII exposure, keep prompts controlled and read-only, require human approval before any network-changing tool call, and log MCP access and tool use. This supports the agent’s drafting workflow without giving it broad data access or autonomous change authority. A system prompt alone is not a security boundary, and latency improvement does not justify bypassing approval for sensitive actions.

• Prompt-only control fails because instructions can be ignored, overridden, or indirectly attacked, and they do not provide access control.
• Direct change tools fail because the stem requires human approval before network-change actions.
• Prompt-only knowledge fails because it removes governed resource access and makes procedures harder to update, validate, and audit.

Question 6

Topic: Agentic AI

A support team uses an agent to triage network incident tickets and recommend a runbook. The approved boundary allows the agent to read tickets, query approved knowledge sources, and draft recommendations, but not execute changes. Monitoring shows unreliable recommendations when ticket fields are missing or retrieved articles conflict. What is the BEST technical remediation?

Options:

• A. Add input validation, source checks, and human escalation

• B. Increase the model temperature to explore more options

• C. Allow the agent to execute low-risk runbooks automatically

• D. Give the agent access to all internal repositories

Best answer: A

Explanation: Agent reliability should be improved with controls that reduce bad decisions and preserve the approved autonomy boundary. In this scenario, the failures come from missing ticket data and conflicting retrieved context, not from a lack of execution permissions. A good remediation validates required inputs, checks retrieved sources for conflicts or confidence, and escalates incomplete or ambiguous cases to a human reviewer. This keeps the agent in a read/query/draft role while improving the quality and safety of its recommendations.

Expanding tool permissions or broadening data access can increase risk and governance exposure. Reliability controls should match the observed failure mode and add guardrails, not silently increase autonomy.

• Automatic execution violates the approved boundary because the agent is not allowed to make changes.
• Higher temperature can make outputs more variable, which does not address missing fields or conflicting sources.
• All repositories expands data access beyond approved sources and may introduce irrelevant or sensitive context.

Question 7

Topic: Agentic AI

A team is designing an AI agent to triage support cases and draft CRM updates. The agent must use a hosted LLM with a limited context window, handle customer data classified as confidential, avoid unauthorized record changes, and support audit review of its decisions. Which design is the best technical decision?

Options:

• A. Use a general chatbot with no tool access and ask users to paste case details manually

• B. Put the full CRM export in the system prompt and rely on the model to ignore irrelevant data

• C. Allow the agent to browse all CRM records and update fields automatically to reduce latency

• D. Define a narrow triage goal, limit tools, retrieve case-only context, require approval for writes, and log actions

Best answer: D

Explanation: Agent design should make the agent’s objective explicit, bound what it can do, manage context deliberately, and make behavior observable. In this scenario, the agent needs only the current case and related approved data, not broad CRM access or a full export. Tool permissions should follow least privilege, especially for confidential customer data. Drafting can be automated, but CRM writes should be gated by a human approval checkpoint because record changes affect business systems. Logging plans, tool calls, retrieved context, and outcomes supports audit review and troubleshooting. The key design principle is controlled autonomy: let the agent assist the workflow, but constrain actions and preserve accountability.

• Broad CRM access reduces safety by giving the agent more data and write authority than the triage task requires.
• Full export context worsens privacy and context-window issues instead of selecting only relevant case information.
• Manual chatbot flow avoids tool risk but fails the workflow objective and does not provide a reliable agent design.

Question 8

Topic: Agentic AI

A support operations team wants an AI system that can work toward the goal of reducing open incident tickets. It must break each ticket into subtasks, query monitoring and knowledge-base tools, decide the next step from tool results, update the ticket only after a human approval checkpoint, and improve its next action based on feedback. Which approach best matches these requirements?

Options:

• A. An agentic workflow with planning, tool use, feedback, and HITL approval

• B. A single-turn LLM prompt that summarizes each ticket

• C. A batch text classifier that labels ticket priority

• D. A RAG chatbot that answers technician questions from documentation

Best answer: A

Explanation: Agentic AI differs from ordinary generative AI by pursuing a goal through multiple steps, not just producing a response to one prompt. In this scenario, the system must plan subtasks, call external tools, evaluate returned information, choose the next action, and use feedback to adjust behavior. The human approval checkpoint adds governance without removing the agentic pattern. A summarizer, RAG chatbot, or classifier can be useful AI components, but they do not by themselves show autonomous goal-directed execution with iterative decision-making and tool use.

• Ticket summarization produces helpful text, but it does not plan actions or adapt through tool-result feedback.
• RAG chatbot grounds answers in documentation, but it mainly responds to user queries rather than pursuing an operational goal.
• Batch classification labels tickets, but it does not perform multi-step tool orchestration or request approval before action.

Question 9

Topic: Agentic AI

A support automation team is building an agent that reads customer-submitted ticket text and may call tools to update CRM records, issue refunds, or open service-change requests. Ticket text is untrusted and may contain prompt-injection instructions. The business wants routine summarization to stay fast, but any external action must follow existing approval policy. Which technical safeguard is the best fit?

Options:

• A. Increase the context window to include the full ticket history

• B. Use a policy-enforced tool gateway with approval for side effects

• C. Add a system prompt that tells the agent to ignore malicious ticket text

• D. Run the model locally so customer tickets never leave the network

Best answer: B

Explanation: For an agent that uses untrusted input and can affect external systems, the key safeguard is an execution boundary around tool use. A policy-enforced gateway or broker should allow only approved tools, validate inputs against schemas and business rules, restrict permissions, log actions, and require human approval for side-effecting operations such as refunds or service changes. The agent can still summarize tickets quickly, but it cannot directly convert malicious ticket instructions into external actions. Prompt wording helps, but it is not a sufficient security boundary when the input itself may be hostile. Hosting location and context size do not control what the agent is authorized to do.

• Prompt-only defense is weak because malicious instructions can still influence the model, and prompts do not enforce permissions.
• Local hosting may help with data residency, but it does not prevent unsafe tool calls or unauthorized actions.
• More context can improve completeness, but it may also include more untrusted text and does not create an execution boundary.

Question 10

Topic: Agentic AI

A team is exposing help-desk capabilities to an agent through Model Context Protocol (MCP). The agent must perform these functions:

• Retrieve the latest incident runbook text for context
• Execute a ticket-status lookup against the service-desk API
• Reuse a standard triage instruction template for outage reports

Which MCP primitive mapping best fits these requirements?

Options:

• A. Runbook as prompt, ticket lookup as resource, triage template as tool

• B. Runbook as tool, ticket lookup as prompt, triage template as resource

• C. Runbook as resource, ticket lookup as tool, triage template as prompt

• D. Runbook as resource, ticket lookup as resource, triage template as tool

Best answer: C

Explanation: In MCP, each primitive has a distinct role in the agent workflow. A resource exposes data or context the model can read, such as a file, document, database record, or runbook. A tool is an executable capability the model can invoke to perform an action or query an external system, such as calling a service-desk API. A prompt is a reusable template that packages instructions, variables, or workflow guidance for a recurring task. The key distinction is whether the agent is reading context, taking an action, or applying a reusable instruction pattern.

• Runbook as tool fails because the runbook is reference context, not an executable action.
• Ticket lookup as resource fails because querying an API is an invoked capability, not just static context.
• Triage template as tool fails because a template guides the model; it does not execute external work.

Continue with full practice

Use the Cisco AITECH 810-110 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Try Cisco AITECH 810-110 on Web View Cisco AITECH 810-110 Practice Test

Related focused pages

• Free Cisco AITECH 810-110 Full-Length Practice Exam
• Generative AI Models
• Prompt Engineering
• Ethics and Security
• Data Research and Analysis
• Development and Workflow Automation

Free review resource

Use the full IT Mastery practice page above for the latest review links and practice page.