This guide is authored based on Version 1.1, which officially took effect on February 3, 2026. It deliberately bypasses foundational topics covered in previous iterations to focus instead on core dimensions—specifically, the underlying logic of the grading criteria, strategies for navigating dynamic scenarios within design modules, and the deconstruction of hidden exam objectives. All content is derived directly from official release notes and the latest feedback from exam candidates.

1. The Underlying Logic of the Grading Criteria

(1) The Triple-Pass Mechanism (A Critical Rule Unknown to 90% of Candidates)

The exam employs a "minimum score in both modules + meeting the overall total score threshold" triple-pass standard. Failure to satisfy *any* one of these criteria results in immediate failure:

Design Module (3 hours): The internal minimum score threshold is approximately 60% of the module's total points. Grading focuses not merely on the final design solution, but places greater emphasis on the business alignment of design decisions, the executability of documentation, and the completeness of risk assessments.

Deploy / Operate / Optimize Module (5 hours): The internal minimum score threshold is approximately 65% ​​of the module's total points. Grading is based entirely on the correctness of configurations, the completeness of verification, and the systematic approach taken to troubleshooting.

Overall Score Requirement: The weighted sum of the scores from both modules must meet the official passing threshold (approximately 70%).

Note: Cisco does not publish specific raw scores; the score report merely provides a percentage score for each domain. If a candidate falls below the minimum score threshold in *either* module—even if their overall weighted score meets the passing threshold—they will fail the exam immediately.

(2) Hidden Grading Points

Mandatory Verification: Configurations that have not undergone verification receive only 50% of the allotted points; configurations that remain completely unverified receive zero points.

Fault Documentation: Merely resolving a fault earns only 30% of the points; full credit requires a comprehensive record detailing the observed symptoms, troubleshooting steps, root cause, and resolution.

Code Quality: Points will be deducted for missing comments, inadequate error handling, or a lack of logging—even if the code functions correctly.

Implicit Best Practices: Bonus points are awarded for the implementation of best practices—such as the principle of least privilege, comprehensive logging, and version control—even if these were not explicitly required in the instructions.

Documentation Completeness: The absence of any core section—such as network topology diagrams, IP addressing plans, or hardware/software selection rationale—will result in the complete forfeiture of all points allocated to this documentation component.

(3) Point Deduction Rules

Configuration conflicts result in zero credit for all related tasks. Over-configuration yields no bonus points, but errors arising from it will incur deductions.

Overdue tasks receive no credit; code syntax or logic errors resulting in execution failure result in zero credit.

2. High-Scoring Methodology for the Design Module

The Design Module is a weak point for most candidates and serves as a critical factor in determining the final score gap. Version 1.1 introduces dynamic scenario changes: during the exam, candidates will receive new requirements—such as emails or chat logs—and once a submission is made, it cannot be recalled for revision. The following is a proven, high-scoring approach to answering exam questions:

(1) Question Analysis Phase (30 minutes)

Read through the entire problem statement and all dynamic materials (emails/chat logs) to anticipate future requirements.

Highlight keywords such as "mandatory," "forbidden," "priority," and "minimum cost"; break down business requirements into technical specifications.

Identify hidden constraints (e.g., "Existing configurations must not be modified").

(2) Solution Design Phase (1.5 hours)

Design the solution following the sequence: Topology → Architecture → Protocols → IP Addressing → Security → High Availability → Observability.

Justify every design decision with its business rationale; reserve room for expansion to accommodate dynamic requirements.

When new requirements arise, iterate upon the existing design rather than scrapping it to start over.

(3) Documentation Phase (1 hour)

Must include: Executive Summary, Network Topology Diagram, IP Planning Table, Design Specifications (Architecture, Protocols, Security, High Availability), and Risk Assessment.

Use concise and professional language; dedicate one paragraph per topic; ensure all diagrams and charts are clearly labeled.

Submissions cannot be modified after submission; ensure no details are omitted.

(4) Common Design Pitfalls

Do not engage in over-engineering that exceeds the scope of the requirements; ensure the entire solution remains centered on business objectives.

Always include basic security design elements, even if the problem statement does not explicitly request them.

Reserve capacity for future expansion, such as IP address ranges and resource quotas.

3. Hidden Exam Topics and Common Pitfalls for Each Module

(1) Software Design and Development (20%)

Hidden Exam Topics:

CI/CD Pipeline Troubleshooting: Scenarios involving code errors, missing dependencies, version conflicts, test failures, deployment failures, etc.

Application Performance Diagnosis: Asynchronous request handling, database latency, high memory/CPU utilization, microservice network latency, asymmetric routing.

Modification of Existing Solutions: Performing a gap analysis on existing code and modifying it to meet new business requirements.

Advanced Git Operations: `cherry-pick`, `reset`, `revert`, branching strategies, resolving merge conflicts.

Common Pitfalls:

Lack of a systematic approach to CI/CD pipeline troubleshooting, resulting in an inability to quickly pinpoint the root cause of issues.

Diagnosing application performance based solely on surface symptoms, failing to identify the underlying root cause.

Modifying existing code in a way that introduces new bugs, leading to functional anomalies.

Lack of proficiency in Git operations, resulting in code loss or versioning chaos.

(2) Infrastructure as Code (30%)

Hidden Exam Topics:

Terraform Remote State Management: Using S3 or Consul to store state files, enabling team collaboration and state locking.

Terraform Module Development: Writing reusable modules that support parameterized configuration, conditional execution, and loops.

Importing Existing Resources into Terraform: Importing existing infrastructure into Terraform management to avoid manual configuration.

Terraform Resource Graphs and Dependency Management: Understanding the dependencies between resources to optimize deployment order.

Advanced Ansible Role Usage: Role dependencies, variable precedence, conditional execution, loop control.

Ansible Connection Plugins: Using connection plugins such as `network_cli`, `HTTPAPI`, and `NETCONF` to manage various devices.

Common Pitfalls:

Terraform state file conflicts, leading to configuration failures or resource corruption.

Writing Terraform modules without adhering to best practices, rendering them non-reusable or difficult to maintain.

Misunderstanding Ansible variable precedence, resulting in configurations that do not meet expectations.

Improper use of Ansible connection plugins, preventing successful connections to devices.

(3) Network Programmability and Automation (25%)

Hidden Exam Topics:

YANG Model Analysis: Generating NETCONF/RESTCONF payloads based on a given YANG model.

Advanced NETCONF Usage: XPath filters, candidate datastores, commit confirmation, rollback.

Rapid Adoption of New APIs: Quickly learning and utilizing new REST APIs or GraphQL based on provided documentation. API

Python REST API Development: Developing Python REST APIs using web frameworks, including endpoint design, request handling, response generation, and OpenAPI specifications.

Python CLI Application Development: Developing Python CLI applications for automating network tasks.

Common Pitfalls:

Misunderstanding of YANG models, resulting in incorrectly formatted payloads.

Errors in writing NETCONF filters, preventing the retrieval of required data.

Slow learning curve for new APIs, making it impossible to complete tasks within the allotted time.

Lack of error handling and logging in Python API development, leading to program crashes.

(4) Network Security Automation (20%)

Hidden Exam Topics:

OWASP Secure Coding Practices: Preventing common vulnerabilities such as SQL injection, XSS, and CSRF.

API Security: Authentication, authorization, rate limiting, and data encryption.

Key Management: Using Key Management Systems (KMS) to store and manage sensitive information, avoiding hard-coded keys.

Security Scan Integration: Integrating security scanning tools into CI/CD pipelines to enable "Shift-Left" security.

Compliance Checks: Automating checks to ensure infrastructure compliance with security regulations.

Common Pitfalls:

Security vulnerabilities present in code, leading to sensitive data leakage or system attacks.

Improper API security configuration, resulting in unauthorized access.

Hard-coding keys directly into the code, creating severe security risks.

Improper handling of security scan results, leading to unpatched vulnerabilities.

(5) Operations and Troubleshooting (25%)

Hidden Exam Topics:

Automated Fault Self-Healing: Writing scripts to automatically detect and remediate common faults.

Distributed System Troubleshooting: Diagnosing issues in microservice architectures, such as network latency and service call failures.

Log Analysis: Using log aggregation tools to analyze large volumes of logs and quickly pinpoint faults.

Performance Optimization: Optimizing the performance of automation scripts to improve execution efficiency.

Capacity Planning: Conducting capacity planning based on monitoring data to scale up resources proactively.

Common Pitfalls:

Lack of a systematic approach to troubleshooting, wasting significant time on irrelevant areas.

Inability to analyze complex issues within distributed systems.

Insufficient log analysis skills, making it difficult to extract useful information from large volumes of logs.

Inappropriate performance optimization methods, leading to a decline in system performance.

Summary: The core objective of the CCIE Automation v1.1 exam is to assess the capabilities of a full-stack automation architect. It requires not merely the mastery of individual tools, but—more importantly—the ability to design, deploy, operate, and optimize end-to-end automation solutions.

In its exam preparation curriculum, SPOTO places a strong emphasis on navigating dynamic scenarios within the design module, mastering the advanced application of automation tools, systematically training troubleshooting skills, and adhering to best practices for lab operations. This approach helps you specifically target and overcome hidden exam objectives and common pitfalls—areas where candidates frequently lose points—enabling you to avoid unnecessary errors and pass the exam with maximum efficiency!