Sample Questions

Working with APIs

What is the default header name to be used when invoking an API using an API Key?

  • a) apikey
  • b) api_key
  • c) api-key
  • d) bearer

Which statements are true about creating APIs from an existing Open API definition?

  • a. Open API 3.0.0 based API definitions can be imported as an API
  • b. Open API 2.0 based API definitions can be imported as an API
  • c. SDK(Software Development Kit) generation for an API is only supported for OAS 3.0.0 based APIs
  • d. Imported API definition can be modified via the Swagger editor
  • a) a, b and c
  • b) a, c and d
  • c) a, b and d
  • d) All of the above

API Gateway

Which service discovery tool is supported by the Microgateway out-of-the-box?

  • a) zookeeper
  • b) consul
  • c) etcd
  • d) marathon

Throttling

Assume that tier permission is set for the Bronze tier as Deny for Internal/everyone role. Then which one of the following is true for a user whose roles are admin and Internal/everyone?

  • a. User cannot subscribe to an API using the Bronze tier.
  • b. User cannot create an API with Bronze tier.
  • c. User cannot create an application with the Bronze tier.
  • d. All of the above.

Security

Which statement is correct regarding the JWT header that is sent to backend systems from the API Gateway (assume a fully distributed deployment of API Manager)?

  • a. The JWT is generated for all types of requests including the non-authenticated (no security) requests.
  • b. The JWT is decoded by the Key Manager.
  • c. The JWT is signed by the Gateway.
  • d. None of the above.

Analytics

What is INCORRECT regarding the real-time alerts feature of API Manager?

  • a. Gateways process the incoming requests and make decisions based on configured alerts.
  • b. Real-time alerts are notified through emails.
  • c. Administrative user can configure the alert types that require notifications and its subscribers through the admin portal.
  • d. Alert notification frequency is a configurable parameter which defines the frequency of a particular alert that needs to be sent to its subscribers.

Product Administration and DevOps

For which scenario is secure vault used?

  • a. To store generated JWT tokens.
  • b. To store access tokens.
  • c. To store private APIs.
  • d. To store credentials of secured endpoints.

Deployment

Which databases does the API Gateway need to connect to in a distributed setup

  • a. AM_DB and SHARED_DB
  • b. Only AM_DB
  • c. SHARED_DB only when multi-tenancy is needed
  • d. None of the above

Published APIs

What is true regarding the definition of the API if you create a REST API from scratch from Publisher?

  • a. It will create an OpenAPI 3.0 API definition for the default set of resources (/*).
  • b. It will create an Swagger 2.0 API definition for the default set of resources (/*).
  • c. No OpenAPI definition will be created unless you specify resources.
  • d. You can choose which OpenAPI version to use during the API creation flow.

Extensions

What is true about message mediation policies?

  • a. Mediation policies can be engaged in all three message flows (request flow, response flow and fault flow) of an API
  • b. Mediation policies can only be engaged in API request and response flows.
  • c. Mediation policies cannot be used to configure special HTTP configurations like message chunking.
  • d. Mediation policies will always be executed after the API's authentication flow is completed.

API Product

What is the content type of the responses of a GraphQL API?

  • a. Can be any content-type that is defined by the user
  • b. text/xml
  • c. plain/text
  • d. application/json