How many times can an authorization code be used to obtain an access token?
- A . 1
- B . 2
- C . 5
- D . Unlimited until it expires
- E . Unlimited as long as requests come within specified time of authorization code creation
When is it appropriate to use query parameters in RESTful API design? Select all that are correct
- A . When passing username and passwords.
- B . When providing the ability to return different levels of detail in the response.
- C . When requesting that an entire collection be deleted.
- D . When filtering the response based upon a query
What does the variable "message.content" represent?
- A . the request content in the request flow
- B . the response content in the response flow
- C . the request content when in the request flow and the response content when in the response flow
- D . neither the request content nor the response content
Which features are supported in the OAulhV2 policy’? Select all that are correct. Choose 3
answers
- A . setting custom attributes for generated access tokens
- B . storing external access tokens
- C . credentials validation when password grantjype is used
- D . setting different expiration for refresh and access tokens
Which describe OAuth 2.0 Refresh Tokens’? Select all that are correct
- A . can be used to generate or renew access tokens
- B . is always issued with every access token
- C . can be used to reset crederfflals
- D . may be reused multiple times to create new access tokens
The performance testing team would like to improve the transactions per second for an API you recently developed. The API retrieves partner names and contact information.
What should you do?
- A . Add Caching Policies
- B . Add a Spike Arrest Policy
- C . Add an Assign Message Policy
- D . Add a Statistics Collector Policy
Which feature can be used to automatically distribute traffic across multiple target servers’?
- A . use a concurrent rate limiting policy
- B . use a LoadBalancer entry in the HTTPTargelConnection session
- C . use RouteRules with multiple TargetEndpoints
- D . use an AssignMessage policy
Which features are supported in the OAuthV2 policy? Choose 3 answers
- A . Storing of external access tokens
- B . Setting custom attributes for generated access tokens
- C . Credentials validation when password grant type is used
- D . Setting different expiration for refresh and access tokens.
As an API Engineer your team is deploying code to production tonight. The test team will spend most of the night ensuring there are no bugs in the new release. After you deploy you want to go home.
What is the best way to quickly verify a complete deployment?
- A . Unit tests
- B . Smoke tests.
- C . Integration tests.
- D . Code quality analysis.
You are working on a project that adheres strictly to the Roy Fielding REST concepts. You need to update a single property named "status" of a complicated entity.
What should you do?
- A . Fetch the full entity, update the status value locally. DELETE the original entity and POST the new version.
- B . Fetch the full entity. Change only the status value and then send the whole object in the request body of the PUT service
- C . Create a new service that uses the UPDATE verb that accepts the "status* property and updates the entity UPDATE /api/trucks/42/status HTTP/1.1 {status: 5}
- D . Create a new service that uses the PATCH verb designed to update only given fields. PATCH /api/trucks/42 HTTP/1.1 {status: 5}
You are using Apigee Edge as the OAuth Resource Server. The product owner asks you to create an API that logs a user out by revoking OAuth tokens.
What should you do?
- A . Use the InvalidateToken operation with cascade=true
- B . Use the InvalidateToken operation with cascade=false
- C . Store a list of revoked tokens in Firebase. On each access, check the list and only allow unrevoked tokens through
- D . Store a list of revoked tokens in Key-Value Maps. On each access, check the list and only allow unrevoked tokens through
When retrieving a value from an encrypted KVM. the variable name to which it is assigned must be prefixed with which value to prevent it from being readable in tracing sessions?
- A . encrypted
- B . mask
- C . kvm
- D . private
- E . hidden
Which Edge Microgateway plugin does not need to be explicitly added to the plugin sequence attribute configuration for execution?
- A . analytics
- B . oauth
- C . quota
- D . spike arrest
Which approaches can be used for extracting data from a SOAP body and returning it as a JSON response in Apigee Edge? Select all that are correct. Choose 3 answers
- A . Use XSLT to transform the XML payload and then use a XML to JSON policy
- B . Use XML to JSON policy first to convert to JSON and then ExtractVariables with a JSONPath to extract the body from the converted SOAP envelope
- C . Use ExtractVariables with an XPath first to extract the SOAP body and then use XML to JSON policy
- D . Use an AssignMessage policy to convert the SOAP response to a JSON response, using XPath expressions to retrieve the data
How can we specrfy the type of Security (basic auth, oauth) used by the API in OpenAPI Specification 2.0?
- A . specify using the secuntyDefinrtions name property
- B . specify using the secuntySchemas name property
- C . specify using the security Variables name properly
- D . specify using the securityParams name property
You need to log certain data to a custom logging service while processing the response You want to avoid processing delays due to logging during the logic flow.
What should you do?
- A . Use a Node.JS target to implement a nonblocking call.
- B . Attach a Message Logging policy to the Post Client Flow
- C . Implement a Java Extension Callout with a worker thread
- D . Use an asynchronous Service Callout policy in your proxy (low as soon as you have enough data to log
As an API Engineer you are approached late in the day with an emergency request to configure a 2 way TLS connection between Apigee and the backend server. All existing certificates have been revoked. The security team provides you the PEM file for the backend server and your new Apigee TLS certificate.
What minimum steps are required to reconfigure 2-way TLS? Choose 2 answers
- A . Add your Apigee TLS certificate to the key store.
- B . Add the backend servers PEM file to the key store.
- C . Add the backend certificate chain to the trust store
- D . Add the backend servers PEM file to the trust store.
- E . Use the KVM to store the contents of the PEM file.
- F . Use the Access Control Policy to reference the PEM file
When using a Shared Flow from a Flow Hook, which proxies will call the Shared Flow?
- A . All proxies in the environment where the Flow Hook is configured
- B . Only proxies that contain a Flow Callout policy
- C . All proxies within an Organization
- D . Only proxies with the Flow Hook checkbox checked
Which are NOT a step in the OAuth 2 0 authorization code grant process? Select all that are correct
- A . generate an authorization code
- B . generate an access token
- C . verify the device ID
- D . validate the client API key
- E . obtain the end user’s consent for the application to request the user’s protected resources
- F . validate the developer name
Which protocols are supported by the Message Logging policy? Select all that are correct
- A . FTP
- B . HTTP
- C . SCP
- D . TCP
- E . UDP
You have a single back end that needs to be exposed to customers using different API request and response payloads You need to allow these different request types without breaking existing implementations.
What should you do?
- A . Create a new API proxy for new customers and invoke backend target system with required parameters.
- B . Configure the API as a pass-through proxy and invoke backend target system with client request parameters.
- C . Create a new proxy xml and base path with upgraded version and invoke backend target system with required parameters
- D . Include a new customer requirement in an existing API proxy and invoke backend target system with required parameters.
Which JavaScript statement can be used to raise a fault from a JavaScript policy named "Weather"?
- A . return-1;
- B . return false;
- C . contextsetVariablefWeather.Fauir, "true*);
- D . throw "Bad Data",
Which policies can be used to create or modify a request message for a service callout? Select all that are correct
- A . ServiceCallout
- B . AssignMessage
- C . RequestMessage
- D . Message Validation
You need to interact with two different back end systems, depending on inbound request data One backend is a default target URL without SSL and another one is a dynamic target URL with 2-Way SSL.
What should you do?
- A . Use service callouts configuration for each target, and use a condition to decide which to invoke.
- B . Use a Key-Value Map configuration to access SSL and URL information to invoke target systems
- C . Use an AssignMessage policy to override default target URL and define 2-way SSL configuration at runtime
- D . Create another target endpoint with SSL configured and define route rule to pick that depends on available variables.
When implementing a node js application in Edge, what is the only supported configuration for running the application?
- A . ScriptTarget in a ServiceCallout policy
- B . ScriptTarget in a TargetEndpotnt
- C . NodeApp policy
- D . ResourceURL in a Javascript policy
You have created an OpenAPl specification and begun a sample implementation of the API Proxy in Apigee Edge Another team is asking for early access for interactive documentation.
What should you do1?
- A . Publish using SwaggerUI
- B . Generate web documents using SmartDocs
- C . Send the requesting team the OpenAPl spec.
- D . Create a sample web app that uses your API, and publish the source code.
If a string value is put in both a cache and a key value map (KVM) using the same key, which one is true?
- A . The object will expire from both locations after the TimeToLive has passed.
- B . The object will be stored in Cassandra twice
- C . When object is retrieved from KVM, the object with the same key will be returned from the cache instead to improve performance
- D . One of the inserts (either to cache or to KVM) will fail as you cant insert the same key twice
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
In an API Proxy flow we need to orchestrate two XML services – Service A and Service B Data fields from each response must be returned in the response to the client.
Which identifies a set of Apigee policies that, when used together, could be used to implement this?
- A . AccessEntity,XSL,ExtractVariable
- B . ServiceCallout, ExtractVanable, AssignMessage
- C . XMLToJSON, ExtractVanables, APIKeyValidation
- D . MessageValidation, ServiceCallout, AccessControl
Each app is assigned to exactly one product.
You need to limit the number of requests during weekends for specific products without modifying this design.
What should you do?
- A . Add custom attributes for counts for every product. Create custom quota policies for every product which references these custom attributes
- B . Set custom attributes for weekday and weekend count at every product Reference these How variables in the count property of Quota policy at runtime
- C . Add custom attributes at the API Product with counts to use for weekdays and weekends. Using flow variables, reference the custom counts in the Quota policy
- D . Add custom attributes for count at Product level Use a JS Policy to determine which count to use in Quota policy at runtime Use this count attribute in the Quota Policy.
You are implementing several flows in Apigee Edge and realize that there is common functionality used across many different APIs and flows You want to use Apigee Edge to minimize the number of releases.
What should you do?
- A . Use a Shared Flow and a Flow Callout where needed.
- B . Use Proxy Chaining and a Service Callout where needed
- C . Use a template build process to compose flows from flow fragments.
- D . Use a Shared Flow and Flow Hooks to enforce all APIs call the shared flow
Your team has the following requirements in building an API:
• Adhere to Pragmatic REST.
• Model the API to the consumption use case.
• Require API Key authentication
• Implement CORS
• Validate inputs.
You have begun migrating a SOAP-based web service to a REST API by using the SOAP to REST function in Apigee Edge.
Which two of the above-listed requirements could be satisfied by this action? Choose 2 answers
- A . Adhere to Pragmatic REST
- B . Model the API to the consumption use case
- C . Require API Key authentication
- D . Implement CORS.
- E . Validate inputs.
Which HTTP method would NOT be used for CRUD operations?
- A . GET
- B . POST
- C . OPTIONS
- D . PUT
Your APIs are configured as a relying party on an OpenID Connect platform. You need to inspect and verify the OpenID Connect identity.
What two actions should you take? Choose 2 answers
- A . Verify the signature of the JWT using a shared secret.
- B . Parse the JWT to extract the exp: nbf and iat properties to determine if the token is still valid
- C . Pass the JWT to a preconfigured 3rd party for verification of the signature, exp, nbf and iat properties
- D . Use the OpenID Connect URL to locate a trusted 3rd party for verification the signature, exp, nbf and iat properties
- E . Using the JKWS URL in the OpenID Connect configuration, fetch the signing key to verify the JWT signature and parameters
You are asked by the mobile app team which API should be used to populate a drop down for regions. According to pragmatic RESTful practices, which method should be used?
- A . GET
- B . HEAD
- C . POST
- D . PUT
- E . OPTIONS
Which are characteristics of the PopulateCache and ResponseCache policies’? Select all that are correct
- A . PopulateCache has a TimeOfYear expiry option
- B . PopulateCache allows you to cache any string object.
- C . ResponseCache has separate policy definitions for Lookup vs. Populate cache operations.
- D . ResponseCache caches the complete HTTP response (including headers).
You are using the Apigee ExtractVariables policy JSONPath feature, and discover that the query is not returning the expected result for the payload you are providing.
What should you do?
- A . Check that the Accept header is set to text/json
- B . Check that the Accept header is set to application/json.
- C . Check that the Content-Type header is set to text/json
- D . Check that the Content-Type header is set to application/json
Which components of Edge used to configure HTTPS inbound communication?
- A . TLS Store
- B . Virtual Hosts
- C . Certificate Manager
- D . Keystores and Truststores
A customer has added response cache policy on all their search APIs, but traffic to the backend has not reduced much. They ask you to investigate, you find that GET queries are being cached and available in memory but cache misses are still high You want to improve caching and reduce cache misses.
What should you do?
- A . Use lookup/populate cache policy.
- B . Increase the TimeToLive of cached objects
- C . Review key fragments in cache key, ensuring only important parameters are used
- D . Review and increase the number of items on the cache resource to a higher number
You need to make multiple target system calls in parallel for a single inbound request The response should return to the client app as a single object.
What should you do?
- A . Use Apigee service callouts
- B . Create route rules for each target endpoint
- C . Create multiple target proxy xmls for each endpoint
- D . Use the Node JS async module to invoke target systems
The product team is rolling out a new reseller program with API’s. The product owner has created Epics covering the high level requirements. The product owner delegate has asked for help creating a product backlog.
What task would the product owner delegate need assistance with?
- A . Creation of a message logging policy in Apigee.
- B . Creating user stories to fulfill the business requirements.
- C . Creating support tickets that cover each of the business requirements.
- D . Creating a cross functional team of API engineers, business analysts, and backend software developers.