PCEA Exam Prep — Mock Exam & Review

• Know the automation-exam format and topic spread.
• Take a timed 10-question mock.
• Score yourself; find weak areas.
• Follow a one-week plan to the real exam.

PCEA (Python Certified — Automation / DevOps mindset)

Format     : multiple-choice (check the latest spec for count/time)
Pass mark  : ~70%
Topics     :
  - CLIs: sys.argv, argparse (positional/optional/subcommands)
  - filesystem: pathlib, glob/rglob, shutil, os.environ
  - subprocess (list form, exit codes, capture, the shell=True trap)
  - datetime + timezones (aware vs naive, UTC)
  - logging (levels, handlers, rotation) vs print
  - file formats: csv, json, openpyxl, pypdf
  - web/API: requests, retries/backoff, auth/secrets, scraping ethics
  - notifications: webhooks, email (smtplib)
  - scheduling (schedule vs cron) + file watching
  - backups (hashing, rotation), SSH/SFTP (paramiko)
  - resilience: retries, checkpoints, idempotence
  - DevOps mindset: observability, alerting, dry-run, secrets in env

Set a timer for 15 minutes. No notes.

Q1.

The safest way to run an external command with a user-supplied filename is:

(A) subprocess.run(f"cat {name}", shell=True) · (B) subprocess.run(["cat", name]) · (C) os.system("cat " + name) · (D) eval("cat " + name)

Q2.

Where should an API key live so it's safe to share your code publicly?

(A) hard-coded in the script · (B) in an environment variable / .env (git-ignored) · (C) in a comment · (D) committed to the repo

Q3.

To find every .csv anywhere under a folder tree, you'd use:

(A) Path(folder).glob("*.csv") · (B) Path(folder).rglob("*.csv") · (C) os.listdir(folder) · (D) open(folder)

Q4.

A scheduled job "every day at 8am" emails at the wrong hour on a cloud server. The most likely cause:

(A) the email is broken · (B) naive datetimes / a timezone mismatch (server is UTC) · (C) the API is down · (D) cron is disabled

Q5.

For a script run unattended by cron at 3am, you should record progress with:

(A) print() · (B) logging to a rotating file · (C) nothing · (D) a pop-up dialog

Q6.

An API call hits a transient 503. The right response is to:

(A) crash immediately · (B) retry with exponential backoff (and jitter), capping attempts · (C) retry instantly forever · (D) ignore it and continue

Q7.

For reliability that survives a reboot, you should schedule a job with:

(A) the schedule library in a while True loop · (B) the OS scheduler (cron / Task Scheduler) · (C) time.sleep · (D) a browser tab

Q8.

A step is "idempotent" when:

(A) it runs fast · (B) running it twice has the same effect as once · (C) it never fails · (D) it needs no input

Q9.

The reliable way to detect that a file changed (for incremental backup) is:

(A) compare filenames · (B) compare content hashes · (C) check the file is not empty · (D) trust it always changed

Q10.

Which is a sign of good alerting?

(A) every event pages someone · (B) alerts are actionable, urgent, rare, and debounced · (C) only email, never logs · (D) silence always means success even without a heartbeat

Q1.  (B) list form     no shell to inject into — name is a literal arg
Q2.  (B) env / .env     code stays shareable; rotate if ever leaked
Q3.  (B) rglob          recursive glob walks the whole tree
Q4.  (B) timezone        naive 8am ≠ the server's 8am; store UTC, display local
Q5.  (B) logging→file    print vanishes; rotating logs persist + bound disk
Q6.  (B) backoff+jitter  retry transient errors politely, with a cap
Q7.  (B) OS scheduler    survives reboots/crashes; schedule lib dies with process
Q8.  (B) twice == once   the property that makes retries/resumes safe
Q9.  (B) content hash    timestamps lie; identical bytes → identical hash
Q10. (B) actionable…     avoid alert fatigue; heartbeat so silence = failure

Scoring

• 9-10: exam-ready.
• 7-8: pass-likely; review your wrong topics.
• 5-6: another week; redo the relevant lessons.
• ≤4: re-walk Lessons 1-20 then 35-46 — CLIs, files, scheduling, and the mindset.

For each missed question, do the matching drill:

• subprocess / shell safety (Q1) → re-do Lessons 9-10.
• Secrets & config (Q2) → re-do Lessons 8, 25.
• pathlib / glob (Q3) → re-do Lessons 5-6.
• Timezones (Q4) → re-read Lessons 11-12.
• Logging (Q5) → re-do Lessons 13-14.
• Retries / APIs (Q6) → re-do Lessons 24-25.
• Scheduling (Q7) → re-read Lessons 35-36.
• Idempotence / recovery (Q8) → re-do Lessons 45-46.
• Hashing / backups (Q9) → re-do Lessons 38-39.
• Alerting / observability (Q10) → re-read Lessons 34, 46.

Re-type the worked examples from memory — automation patterns stick when your fingers do them.

Level 7 complete. You can:

• Build real command-line tools with argparse subcommands.
• Automate the filesystem: find, organise, copy, archive, back up.
• Drive other programs and remote servers (subprocess, SSH/SFTP).
• Wrangle CSV, JSON, Excel, and PDF data into reports.
• Talk to the web safely: resilient API calls, auth, ethical scraping, browser automation.
• Notify and deliver: email, Slack/Discord, SMS, multi-channel alerts.
• Schedule jobs (schedule & cron), watch files, and recover from failure.
• Apply the DevOps mindset: idempotence, observability, alerting — and orchestrate it all.

You can now make a computer do your boring work — reliably, while you sleep. Level 8 (Security & Cyber) builds on this: hashing & encryption, sockets & TLS, the OWASP Top 10, secure coding and secrets management — protecting the systems your automations now touch.