Zabbix Certified Specialist Exam (5)
(2026/2027 Update) Questions and Verified
Answers | Grade A
Domain 1: Zabbix API Automation & Scripting (12 Questions
Question 1 (Multiple-Choice)
Which HTTP header must be included in every Zabbix API request following
successful token-based authentication?
A. X-Auth-Token: <token>
B. Authorization: Bearer <token>
C. Authorization: Basic <token>
D. Cookie: zbx_session=<token>
Correct Answer: B [CORRECT]
Rationale: Zabbix API token-based authentication requires the Authorization: Bearer
<token> header in all subsequent API calls after obtaining the token via user.login. The
token is passed as a Bearer token in the Authorization header, which is the standard
OAuth 2.0-compliant method Zabbix adopted for API authentication. This ensures
stateless, secure communication without session cookies and is the required header
format for programmatic automation scripts provisioning hosts or retrieving events at
scale.
Question 2 (Select-All-That-Apply)
Which of the following are valid methods for authenticating to the Zabbix API?
(Select all that apply)
,A. Token-based authentication using Authorization: Bearer <token> header
B. User-password authentication via user.login JSON-RPC method
C. Session cookie authentication via zbx_session cookie
D. API key authentication via X-API-Key header
Correct Answers: A, B, C [CORRECT]
Rationale: Zabbix supports three primary API authentication methods: (1) Token-based
authentication using the Authorization: Bearer <token> header for stateless
programmatic access; (2) User-password authentication via the user.login JSON-RPC
method, which returns an auth token for subsequent calls; and (3) Session cookie
authentication using the zbx_session cookie for browser-based or session-persistent
integrations. The X-API-Key header is not a valid Zabbix API authentication mechanism.
Understanding these methods is critical for designing secure automation pipelines that
provision monitoring environments across multiple tenants.
Question 3 (Fill-in-Blank)
Complete the JSON-RPC payload for token-based API authentication. The request is
sent to api_jsonrpc.php and must use the user.login method:
JSON
Copy
{
"jsonrpc": "2.0",
"method": "user.login",
"params": {
"user": "Admin",
"password": "zabbix"
},
"id": 1
}
The response contains an auth token. In subsequent requests, this token must be passed
in the ________ HTTP header as a ________ token.
Correct Answer: Authorization, Bearer [CORRECT]
Rationale: After successful user.login, the response returns an auth token string. All
subsequent API calls must include this token in the Authorization HTTP header
formatted as Authorization: Bearer <token>. This is the standard token-based
,authentication flow for the Zabbix API, enabling secure, stateless automation scripts to
perform operations like host.create, template.massadd, and event.get without
maintaining session state.
Question 4 (Multiple-Choice)
A DevOps engineer needs to programmatically create a new host in Zabbix with the
following requirements:
• Host name: web-server-01
• IP address: 192.168.1.100
• Group: Linux servers (groupid: 2)
• Template: Linux by Zabbix agent (templateid: 10001)
• Interface type: Zabbix agent (type: 1)
Which host.create API payload correctly provisions this host?
A.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interfaces": [{"type": 1, "main": 1, "useip": 1, "ip":
"192.168.1.100", "dns": "", "port": "10050"}],
"groups": [{"groupid": "2"}],
"templates": [{"templateid": "10001"}]
},
"auth": "<token>",
"id": 1
}
B.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interfaces": [{"type": 1, "ip": "192.168.1.100", "port": "10050"}],
, "groups": [{"name": "Linux servers"}],
"templates": [{"name": "Linux by Zabbix agent"}]
},
"auth": "<token>",
"id": 1
}
C.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"name": "web-server-01",
"interfaces": [{"type": "agent", "ip": "192.168.1.100"}],
"groups": [2],
"templates": [10001]
},
"auth": "<token>",
"id": 1
}
D.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interface": {"type": 1, "ip": "192.168.1.100", "port": "10050"},
"group": {"groupid": "2"},
"template": {"templateid": "10001"}
},
"auth": "<token>",
"id": 1
}
Correct Answer: A [CORRECT]
Rationale: The host.create API method requires a JSON payload with the host
property (not name), an interfaces array containing objects with type (1 for Zabbix
agent), main, useip, ip, dns, and port fields, a groups array with groupid objects, and a
templates array with templateid objects. Option A is the only payload that correctly
structures all required fields with proper data types and array syntax. The interfaces,
groups, and templates must all be arrays of objects, and the host field (not name) is the
primary identifier for host creation.
(2026/2027 Update) Questions and Verified
Answers | Grade A
Domain 1: Zabbix API Automation & Scripting (12 Questions
Question 1 (Multiple-Choice)
Which HTTP header must be included in every Zabbix API request following
successful token-based authentication?
A. X-Auth-Token: <token>
B. Authorization: Bearer <token>
C. Authorization: Basic <token>
D. Cookie: zbx_session=<token>
Correct Answer: B [CORRECT]
Rationale: Zabbix API token-based authentication requires the Authorization: Bearer
<token> header in all subsequent API calls after obtaining the token via user.login. The
token is passed as a Bearer token in the Authorization header, which is the standard
OAuth 2.0-compliant method Zabbix adopted for API authentication. This ensures
stateless, secure communication without session cookies and is the required header
format for programmatic automation scripts provisioning hosts or retrieving events at
scale.
Question 2 (Select-All-That-Apply)
Which of the following are valid methods for authenticating to the Zabbix API?
(Select all that apply)
,A. Token-based authentication using Authorization: Bearer <token> header
B. User-password authentication via user.login JSON-RPC method
C. Session cookie authentication via zbx_session cookie
D. API key authentication via X-API-Key header
Correct Answers: A, B, C [CORRECT]
Rationale: Zabbix supports three primary API authentication methods: (1) Token-based
authentication using the Authorization: Bearer <token> header for stateless
programmatic access; (2) User-password authentication via the user.login JSON-RPC
method, which returns an auth token for subsequent calls; and (3) Session cookie
authentication using the zbx_session cookie for browser-based or session-persistent
integrations. The X-API-Key header is not a valid Zabbix API authentication mechanism.
Understanding these methods is critical for designing secure automation pipelines that
provision monitoring environments across multiple tenants.
Question 3 (Fill-in-Blank)
Complete the JSON-RPC payload for token-based API authentication. The request is
sent to api_jsonrpc.php and must use the user.login method:
JSON
Copy
{
"jsonrpc": "2.0",
"method": "user.login",
"params": {
"user": "Admin",
"password": "zabbix"
},
"id": 1
}
The response contains an auth token. In subsequent requests, this token must be passed
in the ________ HTTP header as a ________ token.
Correct Answer: Authorization, Bearer [CORRECT]
Rationale: After successful user.login, the response returns an auth token string. All
subsequent API calls must include this token in the Authorization HTTP header
formatted as Authorization: Bearer <token>. This is the standard token-based
,authentication flow for the Zabbix API, enabling secure, stateless automation scripts to
perform operations like host.create, template.massadd, and event.get without
maintaining session state.
Question 4 (Multiple-Choice)
A DevOps engineer needs to programmatically create a new host in Zabbix with the
following requirements:
• Host name: web-server-01
• IP address: 192.168.1.100
• Group: Linux servers (groupid: 2)
• Template: Linux by Zabbix agent (templateid: 10001)
• Interface type: Zabbix agent (type: 1)
Which host.create API payload correctly provisions this host?
A.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interfaces": [{"type": 1, "main": 1, "useip": 1, "ip":
"192.168.1.100", "dns": "", "port": "10050"}],
"groups": [{"groupid": "2"}],
"templates": [{"templateid": "10001"}]
},
"auth": "<token>",
"id": 1
}
B.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interfaces": [{"type": 1, "ip": "192.168.1.100", "port": "10050"}],
, "groups": [{"name": "Linux servers"}],
"templates": [{"name": "Linux by Zabbix agent"}]
},
"auth": "<token>",
"id": 1
}
C.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"name": "web-server-01",
"interfaces": [{"type": "agent", "ip": "192.168.1.100"}],
"groups": [2],
"templates": [10001]
},
"auth": "<token>",
"id": 1
}
D.
JSON
Copy
{
"jsonrpc": "2.0",
"method": "host.create",
"params": {
"host": "web-server-01",
"interface": {"type": 1, "ip": "192.168.1.100", "port": "10050"},
"group": {"groupid": "2"},
"template": {"templateid": "10001"}
},
"auth": "<token>",
"id": 1
}
Correct Answer: A [CORRECT]
Rationale: The host.create API method requires a JSON payload with the host
property (not name), an interfaces array containing objects with type (1 for Zabbix
agent), main, useip, ip, dns, and port fields, a groups array with groupid objects, and a
templates array with templateid objects. Option A is the only payload that correctly
structures all required fields with proper data types and array syntax. The interfaces,
groups, and templates must all be arrays of objects, and the host field (not name) is the
primary identifier for host creation.
