Products - WSO2 API Manager - API Management Profile
JSON Web Tokens (JWTs) are an open, industry standard RFC 7519 method for representing claims securely between two parties. In what ways does WSO2 API Manager support JWTs?
a) WSO2 API Manager can exchange the JWT token with OAuth 2.0 access tokens in order to access protected resources on behalf of the resource owner.
b) API requests with JWTs can be validated by the WSO2 API Manager Gateway itself as long as trust can be established between the gateway and the Oauth provider.
c) You can enable WSO2 API Gateway to pass a JWT with end-user attributes to the back-end service.
d) All of the above.
Products - WSO2 API Manager - Micro Integrator Profile
Which protocol CANNOT be used to invoke a dataservice in WSO2 Micro Integrator?
d) Local transport
Products - WSO2 Identity Manager
Xamsons is a telecommunication company who wants to build a native mobile app using OpenID Connect protocol for authentication and need to authenticate the users to the mobile app through SMS OTP validation. They also have their own SMS gateway and a validation service. What is the best way to achieve this with WSO2 Identity Server?
a) Write a custom grant with a mobile number and the response from OTP validation service and return the access token.
b) Integrate with password grant.
c) Write a custom grant overriding password grant.
d) Write a custom authenticator.
Capacity, Infrastructure and DevOps
What is true about vertical scaling?
a) Vertical scaling is increasing the overall application capacity by adding nodes.
b) Vertical scaling is increasing the overall application capacity by increasing resources within nodes.
c) Vertical scaling is increasing the overall application capacity by increasing resources within nodes.
d) Vertical scaling is reducing the memory footprint of an application so that it becomes lightweight.
Generic Enterprise Architecture
XFinance is a bank who wants to build a native mobile app with their own login pages. They wanted to use OpenID Connect protocol for authentication along with SMS OTP capabilities but do not have a SMS service or validation mechanism. What is the best way to achieve this?
a) Use password grant and orchestrate the login flow.
b) Write a custom endpoint to orchestrate the native user login flow with SMS OTP and a custom grant written overriding password grant.
c) Use authorization grant and configure SMS OTP as the second factor after basic authentication.
d) Use implicit grant and configure SMS OTP as the second factor after basic authentication.
Zebra Solutions wants to provide trial accounts for a 30-day period using WSO2 Identity Server. How is it possible to achieve this requirement?
a) Write an XACML policy to allow access only before the expiry date value in a custom claim called expiry date.
b) Write a custom listener to expire the user account with a custom claim called expiry date.
c) WSO2 Identity Server does not support trial or temporary accounts.
d) None of the above..
Will consist of a particular scenario and multiple choice questions related to business architecture, solutions architecture, and deployment architecture for that scenario.