Working with APIs
What is the default header name to be used when invoking an API using an API Key?
- a) apikey
- b) api_key
- c) api-key
- d) bearer
Which statements are true about creating APIs from an existing Open API definition?
- I. Open API 3.0.0 based API definitions can be imported as an API
- II. Open API 2.0 based API definitions can be imported as an API
- III. SDK(Software Development Kit) generation for an API is only supported for OAS 3.0.0 based APIs
- IV. Imported API definition can be modified via the Swagger editor
- a) I, II and III
- b) I, III and IV
- c) I, II and IV
- d) All of the above
Which service discovery tool is supported by the Microgateway out-of-the-box?
- a) zookeeper
- b) consul
- c) etcd
- d) marathon
How can message transformation be done in the API Microgateway?
- a) Writing interceptor logic in Java implementing onRequest, onResponse methods and placing the file in the interceptors directory.
- b) Writing interceptor logic in Java implementing interceptRequest, interceptResponse methods.
- c) Place mediation sequences in the interceptors directory of the Microgateway project.
- d) Microgateway does not support message transformation.
Assume that tier permission is set for the Bronze tier as Deny for Internal/everyone role. Then which one of the following is true for a user whose roles are admin and Internal/everyone?
- a. User cannot subscribe to an API using the Bronze tier.
- b. User cannot create an API with Bronze tier.
- c. User cannot create an application with the Bronze tier.
- d. All of the above.
Which statement is correct regarding the JWT header that is sent to back-end systems from the API Gateway (assume a fully distributed deployment of API Manager)?
- a. The JWT is generated for all types of requests including the non-authenticated (no security) requests.
- b. The JWT is decoded by the Key Manager.
- c. The JWT is signed by the Gateway.
- d. None of the above.
What is INCORRECT regarding the real-time alerts feature of API Manager?
- a. Gateways process the incoming requests and make decisions based on configured alerts.
- b. Real-time alerts are notified through emails.
- c. Administrative user can configure the alert types that require notifications and its subscribers through the admin portal.
- d. Alert notification frequency is a configurable parameter which defines the frequency of a particular alert that needs to be sent to its subscribers.
Product Administration and DevOps
For which scenario is secure vault used?
- a. To store generated JWT tokens.
- b. To store access tokens.
- c. To store private APIs.
- d. To store credentials of secured endpoints.
Which databases does the API Gateway need to connect to in a distributed setup?
- a. AM_DB and SHARED_DB
- b. Only AM_DB
- c. SHARED_DB only when multi-tenancy is needed
- d. None of the above
What is true regarding the definition of the API if you create a REST API from scratch in the Publisher?
- a. It will create an OpenAPI 3.0 API definition for the default set of resources (/*).
- b. It will create an Swagger 2.0 API definition for the default set of resources (/*).
- c. No OpenAPI definition will be created unless you specify resources.
- d. You can choose which OpenAPI version to use during the API creation flow.
What is true about message mediation policies?
- a. Mediation policies can be engaged in all three message flows (request flow, response flow and fault flow) of an API
- b. Mediation policies can only be engaged in API request and response flows.
- c. Mediation policies cannot be used to configure special HTTP configurations like message chunking.
- d. Mediation policies will always be executed after the API's authentication flow is completed.
What is the content-type of the responses of a GraphQL API?
- a. Can be any content-type that is defined by the user
- b. text/xml
- c. plain/text
- d. application/json