Sample Questions

Working with APIs

What is the default header name to be used when invoking an API using an API Key?

  • a) apikey
  • b) api_key
  • c) api-key
  • d) bearer

Which statements are true about creating APIs from an existing Open API definition?

  • I. Open API 3.0.0 based API definitions can be imported as an API
  • II. Open API 2.0 based API definitions can be imported as an API
  • III. SDK(Software Development Kit) generation for an API is only supported for OAS 3.0.0 based APIs
  • IV. Imported API definition can be modified via the Swagger editor
  • a) I, II and III
  • b) I, III and IV
  • c) I, II and IV
  • d) All of the above

API Gateway

Which service discovery tool is supported by the Microgateway out-of-the-box?

  • a) zookeeper
  • b) consul
  • c) etcd
  • d) marathon

How can message transformation be done in the API Microgateway?

  • a) Writing interceptor logic in Java implementing onRequest, onResponse methods and placing the file in the interceptors directory.
  • b) Writing interceptor logic in Java implementing interceptRequest, interceptResponse methods.
  • c) Place mediation sequences in the interceptors directory of the Microgateway project.
  • d) Microgateway does not support message transformation.


Assume that tier permission is set for the Bronze tier as Deny for Internal/everyone role. Then which one of the following is true for a user whose roles are admin and Internal/everyone?

  • a. User cannot subscribe to an API using the Bronze tier.
  • b. User cannot create an API with Bronze tier.
  • c. User cannot create an application with the Bronze tier.
  • d. All of the above.


Which statement is correct regarding the JWT header that is sent to back-end systems from the API Gateway (assume a fully distributed deployment of API Manager)?

  • a. The JWT is generated for all types of requests including the non-authenticated (no security) requests.
  • b. The JWT is decoded by the Key Manager.
  • c. The JWT is signed by the Gateway.
  • d. None of the above.


What is INCORRECT regarding the real-time alerts feature of API Manager?

  • a. Gateways process the incoming requests and make decisions based on configured alerts.
  • b. Real-time alerts are notified through emails.
  • c. Administrative user can configure the alert types that require notifications and its subscribers through the admin portal.
  • d. Alert notification frequency is a configurable parameter which defines the frequency of a particular alert that needs to be sent to its subscribers.

Product Administration and DevOps

For which scenario is secure vault used?

  • a. To store generated JWT tokens.
  • b. To store access tokens.
  • c. To store private APIs.
  • d. To store credentials of secured endpoints.


Which databases does the API Gateway need to connect to in a distributed setup?

  • a. AM_DB and SHARED_DB
  • b. Only AM_DB
  • c. SHARED_DB only when multi-tenancy is needed
  • d. None of the above

Published APIs

What is true regarding the definition of the API if you create a REST API from scratch in the Publisher?

  • a. It will create an OpenAPI 3.0 API definition for the default set of resources (/*).
  • b. It will create an Swagger 2.0 API definition for the default set of resources (/*).
  • c. No OpenAPI definition will be created unless you specify resources.
  • d. You can choose which OpenAPI version to use during the API creation flow.


What is true about message mediation policies?

  • a. Mediation policies can be engaged in all three message flows (request flow, response flow and fault flow) of an API
  • b. Mediation policies can only be engaged in API request and response flows.
  • c. Mediation policies cannot be used to configure special HTTP configurations like message chunking.
  • d. Mediation policies will always be executed after the API's authentication flow is completed.

API Product

What is the content-type of the responses of a GraphQL API?

  • a. Can be any content-type that is defined by the user
  • b. text/xml
  • c. plain/text
  • d. application/json