Sample Questions

Working with APIs - Developer

Which statement is correct with regard to the self-registration process in API Manager?

  • a) The user store domain where self-registration users are stored can be set in the sign-up configuration
  • b) Self-registration feature is enabled by default for both super tenant and tenant spaces
  • c) Self-registration cannot be managed using workflow extensions
  • d) Only one role can be attached to a newly created user who gets created by the sign-up process

Working with APIs - Publisher

Which statements are true about creating APIs from an existing Open API definition?

  • I) Open API 3.0.0 based API definitions can be imported as an API
  • II) Open API 2.0 based API definitions can be imported as an API
  • III) SDK(Software Development Kit) generation for an API is only supported for OAS 3.0.0 based APIs
  • IV) Imported API definition can be modified via the Swagger editor
  • a) I, II and III
  • b) I, II and IV
  • c) I, III and IV
  • d) All of the above

Product Administration and DevOps

What is true about the application import/export facility in API Manager?

  • a) Application import/export is supported by the tooling (CLI) provided by API Manager
  • b) When an application is exported from an API it will also export all the APIs subscribed to the application
  • c) The application export facility also imports the client ID and client-secret of the application.
  • d) All of the above


Which statement is correct regarding the JWT header that is sent to back-end systems from the API Gateway (assume a fully distributed deployment of API Manager)?

  • a) The JWT is decoded by the Key Manager
  • b) The JWT is generated for all types of requests including the non-authenticated (no security) requests
  • c) The JWT is signed by the Key Manager
  • d) None of the above

Rate Limiting

The throttling tiers Bronze, Silver, Gold and Unlimited are available. If you want to restrict the Gold tier to app developers having the Premium role only, how would you get it done? Note: Premium users need to have access to the other tiers as well.

  • a) Specify Deny for the Premium role in the Bronze, Silver and Unlimited tiers
  • b) Specify Allow for the Internal/everyone role in the Gold tier
  • c) Specify Allow for the Premium role in the Gold tier
  • d) Specify Allow for the Premium role in the Gold tier, Deny in the Bronze, Deny in the Silver and Deny in the Unlimited tier

API Gateway

What is INCORRECT regarding API Manager Gateway environments?

  • a) A given API must be deployed to all environments.
  • b) Gateway environments are configured by admin/dev-ops users
  • c) Each Gateway environment gets its own HTTP and HTTPS access URLs
  • d) Gateways can be categorized into Production, Sandbox, and Hybrid types

Published APIs

What are the minimum required input values to create and publish an REST API from the Publisher?

  • a) Name, Version, Context, Endpoint URL and Business Plan
  • b) Name, Version, Resource, Context
  • c) Throttling policy, Context, Business Plan
  • d) Version, Gateway Environment, Context, Business Plan


What is the mechanism used for sharing and synchronizing throttling policies in a multi-TM deployment?

  • a) Shared file system based mechanism
  • b) Event-based synchronization mechanism
  • c) Both of the above
  • d) None of the above


What is true about API policies?

  • a) API policies can be engaged in all three message flows (request flow, response flow and fault flow) of an API.
  • b) API policies can only be engaged in API request and response flows.
  • c) API policies cannot be used to configure special HTTP configurations like message chunking.
  • d) API policies will always be executed after the API's authentication flow is completed.