Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
APIGEE
| Question | Answer |
|---|---|
| When creating an API product, what built-in access levels are available? | 1. Private 2. Public 3. Internal Only |
| Your new proxies are designed to offer valuable information to a range of apps, but you also want to make it possible for industry partners to contribute to that information. What do you do? | 1. Create one API product that incorporates the proxies along with an Allowed OAuth read-only scope of targeted resources. 2. Create one API product that incorporates the proxies along with an Allowed OAuth write access of targeted resources. |
| In order for a Quota policy to enforce settings defined at the product level, what else must be in place? | A VerifyAPIKey policy. |
| In keeping with RESTful design principals, after a successful POST call, which response code should be returned? | 201 Created |
| When setting up API resources for an API product, which of the following paths would give access to all sub-paths of the base path, but not the base path itself? | /** |
| Which of the following are true statements regarding Apigee Edge Microgateway? | 1. It can be used to provide API management for services running in a Kubernetes cluster. 2. It can be run inside a Docker container. 3. It can be run as a stand-alone process. |
| Which hash objects does the crypto object reference support in the JavaScript policy? | 1. MD5 2. SHA-256 |
| What best describes Apigee Edge Microgateway? | A secure, HTTP-based message processor for APIs. |
| Customer surveys have revealed that different groups of users have different quota requirements. What's your best approach to this issue? | 1. Set different quotas at the product level. 2. Add a Quota policy to the flow that references the product configuration. |
| You want to make sure that your servers are not overwhelmed by the number of simultaneous requests. What should you do? | Use a ConcurrentRateLimit policy. |
| Let's say you want to conditionally switch target endpoints according to a custom variable set in the API product as target\b2b and the API key is named "TargetKey". How should the condition be written? | <Condition>(verifyapikey.TargetKey.apiproduct.target = "consumer")</Condition> |
| Your team has developed a series of policies to handle logging and want to apply the same configuration to all of them. What's the best approach? | Save the policies in a shared flow and then attach the shared flow to the desired proxies with a FlowCallout policy. |
| Which of the following should you keep in mind when choosing naming conventions for your data model? | 1. Names of collections should be in proper plural form. 2.Use standard American English. 3.Commonly understood abbreviations are acceptable |
| Which of the following features are found in the Developer section of the Apigee user interface? | 1. Links to any associated apps 2. A Status toggle for switching the developer from Active to Inactive |
| You need to restrict access to specific resources as read-only. Which authentication policy is best suited for this requirement and how should it be applied? | OAuthV2 policy via its scoping capabilities |
| You're leading the team designing your company's first API. Which model is considered the best practice to follow? | The consumption model, also known as the outside-in model, is API design from the developer's perspective and is considered to be the best practice. |
| Which of the following are characteristics of Apigee flows? | 1. Flows are sequential stages along the API processing path. 2. Flows are used to control what happens and when. |
| When releasing a new version, what are the best practices for handling the old version? | 1. Maintain the older version with bug fixes and security patches. 2. Keep the older version active for 6 to 12 months. |
| Where should the ConcurrentRateLimit policy be added, when incorporating the policy in API? | Both the Target Endpoint Request Preflow and the Target Endpoint Response Postflow. |
| Where in the Apigee UI should you look for the state of variables during an API transaction? | In the Phase Details area. |
| How do you add a custom object to an OpenAPI specification? | Name the object with the prefix x- |
| Which of the following predefined Apigee Edge roles has the most access? | Organization Administrator |
| Which properties of the SpikeArrest policy work together to further throttle requests by specific clients or apps? | 1. Message Weight 2. Identifier |
| Which of the following HTTP verbs are supported by the KeyValueMap Operations policy? | GET, PUT, DELETE |
| Your team has added the requirement of an outbound SSL. Where do you configure this? | TargetEndpoint |
| Name an Apigee feature that can both host and version your API documentation | SmartDocs |
| In Apigee's pre-defined roles, which one is responsible for creating API proxies and running them in the test environment, but cannot deploy them? | User |
| Your back-end service needs to inspect validated third-party JSON Web Token and execute conditions based on those claims. Which policies would be used to accomplish this? | 1. DecodeJWT 2. VerifyJWT |
| The API that the proxy connects to is contained in what code element? | <HTTPTargetConnection> in the default Target Endpoint. |
| Flow hooks can be deployed to which of the following points in the Apigee flow? | Request ProxyEndpoint Preflow |
| You're working on an API that returns employee names and contact information and you'd like to increase the TPS. What do you do? | Add a ResponseCache policy. |
| When discussing "users" in regards to role-based access control, to whom are we referring? | Members in your Apigee organization |
| When creating a Reverse proxy, what are your options regarding an OpenAPI specification? | 1Use an existing one, already stored in Apigee. 2.Import one from a URL. 3.Do not use an OpenAPI specification. |
| Which of the following code blocks smooths the rate to allow for one request every five seconds? | <SpikeArrest> <Rate>12pm</Rate> </SpikeArrest> The rate here is per second, so the smoothing formula in this case would result in 1000 / 5 and equal to one click every 200 milliseconds. Video for reference: Handling Traffic Spikes When the time unit is minutes, the SpikeArrest policy smooths according to the formula 60 / Rate and here, 60 / 12 = 5. |
| What's the most efficient way to display an error message if a particular condition is met with a request to your API? | Add a RaiseFault policy to the Proxy Endpoint Request Preflow. |
| Security is concerned about a recent data breach where private URLs to back-end services may have been exposed. What's your recommendation to prevent last-mile attacks without limiting access to just the company network? | Apply the BasicAuthentication policy. |
| In addition to validating SOAP messages against WSDL definitions, what else can the SOAPMessageValidation policy do? | Verify that JSON and XML messages are well formed. |
| You want to be able to control whether an entry in the back-end service is active or inactive, but leave the entry for later reference. Which HTTP verb should be used? | PUT is used for updating existing entries and will not delete the entry. |
| Your company is working on new functionality for your API proxy that requires the ID of the developer and the app accessing the API product. Which Apigee policy would be best to use? | AccessEntity |
| Your organization is anticipating a major influx of traffic during their upcoming Cyber Monday sale. They think they are prepared but don't want to risk the server being overwhelmed. Which of these policies should be implemented? | SpikeArrest The Quota policy limits the number of connections that apps can make to your API proxy's target back end over a specific period of time and isn't appropriate for handling traffic surges. The SpikeArrest policy can be adjusted to handle surges in traffic at any level and should be set accordingly. |
| Your API is set up to use OAuth 2.0. Management has decided that when a user logs out, the access and the refresh token should be revoked. How do you accomplish this? | Use the InvalidateToken operation with the Token properties type=accesstoken cascade=true |
| Your API proxy has four fault rules in the <ProxyEndpoint> section. During one test, the conditions are such that the first, second, and third rules all evaluate to true. Which rule is executed? | 3rd. Because Apigee evaluates fault rules in the <ProxyEndPoint> from the bottom up, it's the third rule. |
| The directive has come down from leadership that traffic to the API should be held to under 200 TPS. How do you manage this? | Add a SpikeArrest policy with a set rate of 200 per second. |
| What key Apigee feature allows it to gather a full range of analytical data? | Asynchronous output. Because Apigee's analytical data is designed to be captured asynchronously, every operation and interaction can be tracked. |
| What is a scenario where multiple StatisticsCollector policies might be used in a proxy? | One StatisticsCollector policy is placed in the request flow and another in a fault handler. |
| You've noticed some issues with the back-end service and want to review the frequency of generated errors. What do you do? | The Error Code Analysis dashboard tells you about error rates for API proxies and targets and uses both the response code and the target response code. |
| In an Apache Maven project, which file is used to configure the environment profiles? | The shared-pom.xml file contains the profiles for the desired Apigee environments as well as information about the Maven plugins to be used. The edge.json file is the primary configuration file for the API proxy. |
| For a latency report, you've been asked to calculate the total overhead of the proxy. Which of the following values do you incorporate into your calculation? | 1. Request Processing Latency 2. Response Processing Latency |
| Which of the following is true regarding the PostClientFlow? | A PostClientFlow can include only MessageLogging policies. |
| Your new API requires multiple target system calls with just one request and the response needs to be returned as one object. What approach should you take? | Include route rules for each target endpoint. |
| You want to design an API that would allow apps to retrieve all films by a specific director. Which is the proper RESTful design? | GET /directors/{DIRECTOR_ID}/films. In a RESTful design, it's best to follow a collection with a identifying resource; this option uses two consecutives collections. |
| In an Apigee UI development lifecycle strategy, where does the lifecycle begin? | In the Apigee Edge user interface. |
| "Use the InvalidateToken operation with the Token properties type=accesstoken cascade=true". | The combination of simultaneous development in the Apigee Edge UI and with offline developers. |
| Which of the following are advantages of Apigee unit testing? | 1. Faster than integration testing. 2. Can be integrated with source repositories to trigger testing. 3. No need to deploy to Apigee prior to testing. |
| During integration testing, you see that your ExtractVariables policy, which includes the JSONPath feature, is not returning the expected result for the payload. What's your next move? | Confirm that the Content-Type header is set to application/json. |
| Which of the following policies should undergo unit testing? | 1. JavaCallout 2. JavaScript 3.PythonScript |
| What is the key difference in the local/UI development and early testing SDLC strategy? | Preliminary testing is done prior to commiting the code. |
| Where does the MessageLogging policy store its custom messages for Apigee Edge Cloud? | Syslog |
| You have a back-end API that is authorized by a machine user credential, and each API call must use unique credentials at runtime. How should you store these user credentials securely? | In an optionally encrypted KVM. |
| Which aspect of an Apigee API proxy is unit testing typically focused on? | Integrated custom code |
| In the OpenAPI spec, in which primary section is the base path specified? | The servers section. |
| When an error is raised in an API proxy, where is the request sent? | The request is sent to the fault handler. |
| In Trace, which aspects of a request can be filtered? | HTTP headers |
| What's the most efficient way to display an error message if a particular condition is met with a request to your API? | Add a RaiseFault policy to the Proxy Endpoint Request Preflow. |
| Your organization needs to incorporate stored sensitive data while processing your API proxy. How can you ensure that this data is kept private during testing? | Store the information in an enrypted Key Value Map. |
| You've been asked to set up your proxy to provide secure access for in-house apps that need to access resources from other departments. Which OAuth V2 grant type is appropriate? | The resource owner password grant type. The authorization code grant type is intended for apps that are written by third-party developers who do not have a trusted business relationship with the API provider. The resource owner password grant type is used for highly trusted apps, such as those in-house. |
| What is the optional flow following a PreFlow called? | Conditional Flow |
| Which of the following statements about API versions are true? | 1. A new version is exposed to customers. 2. A new version represents a major API change. 3. A new API version may not be backwards compatible. |
| What is the standard technique for including pagination in API requests? | Include the string page_token with the value set to the number of the desired page in the request. |
| Which of the following correctly directs the rate in a Quota policy to be pulled from the product-level setting where the VerifyAPIKey policy is named Verify-API-Key? | <Allow count="200" countRef="verifyapikey.Verify-API-Key.apiproduct.developer.quota.limit"/> |
| When setting up the base path for your API proxy in Apigee, which of the following is an example of the recommended approach to handling versioning? | /v1/la-courses/ |
| To which Apigee entities can custom attributes be added through the Apigee Edge UI? | 1. API products 2. Apps 3. Developers |
| Your team is in a highly competitive market where the back-end services are constantly updating and it's vital that API response be handled as quickly as possible. As an Apigee API engineer, what solution should you suggest? | Install an Apigee Edge Microgateway on the same server as the primary resource. Because the service is frequently updated, adding a ResponseCache would not be overly beneficial. |
| Your organization has hired someone to take over responsibility of the Apigee analytics. They'll have full responsibility for creating, editing, and viewing all analytics; however, they will have no other responsibilities. What predefined role should they be assigned? | None. A custom role should be created for them |
| Where can fault rules be placed in the proxy configuration? | 1. <TargetEndPoint> 2. <ProxyEndPoint> |
| Which of the following protocols are NOT supported by the MessageLogging policy? | 1. SCP 2. FTP |
| Which of the following protocols are supported by the MessageLogging policy? | 1. TCP 2. UDP |
| You notice that a certain policy is repeated exactly in a number of your organization's proxies and you decide to implement a shared flow. What is your next step? | Add a FlowCallout policy to either the ProxyEndpoint Preflow or the TargetEndpoint Postflow. |
| Your API is about to release into production and you want to ensure that everything deployed properly. What kind of tests should you run? | Smoke tests |
| You need to modify the flow variable target.url. In which flow should you put the policy to effect this change? | The Target Request flow. |
| In the local development SDLC strategy, when does Apigee Edge come into play? | After the developer has triggered automated testing. |
| You've been asked to set up a procedure to track a specific response string and capture the data for analysis. Which policies are best to use? | StatisticsCollector |
| What step do you have to take before running a static code analysis of your API proxy? | Export the proxy. |
| How would you change the path of a ServiceCallout policy programmatically? | Use an AssignMessage policy. |
| You'd want to present a helpful message whenever a problem arises with your API proxy. To this end, you've created numerous fault rules for every conceivable issue. What else could you do? | 1. Define a <DefaultFaultRule> in the TargetEndpoint. 2. Define a <DefaultFaultRule> in the ProxyEndpoint. |
| Your team lead has noticed through one of the Analytics dashboards that one of your APIs is experiencing an unusual decrease in performance. You've been asked to debug the problem. What should you do? | Review the execution times in Trace. |
| In the AccessContol policy, which of the following code blocks would allow access to the IP address 10.10.10.20? | 1. <MatchRule action="ALLOW"> <SourceAddress mask="24">10.10.10.30</SourceAddress </MatchRule> 2. <MatchRule action="ALLOW"> <SourceAddress mask="32">10.10.10.20</SourceAddress </MatchRule> |
| Which of the following statements about API revisions are true? | 1. A revision is an Apigee Edge construct. 2. A revision does not impact customers. |
| What code would you use to get the value of a query parameter zip using a JavaScript policy? | var theZip = context.getVariable('request.queryparam.zip'); |
| Which part of Apigee allows you to work with multiple domain names and their API proxy resources on a server? | Virtual host |
| Which of the following are ways that an error can be raised in an Apigee API proxy? | 1. The developer can raise an error by setting a condition that is triggered. 2. Apigee can raise the error during a policy execution or other problem. |
| Once the ExtractVariables policy has defined a new variable, from where can that variable be accessed? | In any flow or code that executes after the ExtractVariables policy. |
| You've been asked to integrate functionality that verifies an incoming XML message against a specific XSD schema. Which Apigee policy should you use? | SOAPMessageValidation |
| What's the best flow to use if you need to make sure that something happens before anything else? | Response ProxyEndpoint PreFlow |
| When developing a resource-oriented hierarchy for your data, what's the difference between a resource and a collection? | A resource has zero or more sub-resources, and a collection is a list of resources of the same type. |
| You are developing a custom analytics report which needs to filter data from the request payload. Which policy should be implemented to retrieve the necessary data? | ExtractVariables |
| Which policy is capable of authenticating SAML assertions attached to inbound SOAP requests? | ValidateSAMLAssertion |
| What formats can apigeelint output? | 1. JSON 2. HTML 3. Terminal table |
| What process is used for exporting an Apigee API proxy? | The Apigee Management API. |
| What kind of testing is applied to ensure that the various systems of an API proxy work as expected? | Integration tests |
| Which of the following are benefits for static code analysis? | 1. Ensures consistency. 2. Improves overall code quality. 3. Speeds development. |
| What is the key distinguishing characteristic of the hybrid development SDLC strategy? | The combination of simultaneous development in the Apigee Edge UI and with offline developers. |
| A number of bugs have emerged on previously working features. How can you be sure that such regression bugs are identified as early in the process as possible? | Run apigeelint on all code updates. |
| In what ways does scoping the OAuth 2.0 tokens allows you to grant access? | 1. To view resources. 2. To target specific resources. 3. To update resources. |
| Your company is bringing on-board a new Operations Administrator to work on a new API proxy. Management wants to restrict the new hire's access to just the new proxy. What is the most efficient way this should be handled? | Assign an Operations Administrator role and edit it to target the specific proxy. Apigee can restrict roles to specific resources, include distinct proxies, products, environments and more. |
| In an OpenAPI specification, which of the following is an example of the proper format for an internal reference to another section? | $ref: '#/components/parameters/q' |
| You've been asked to adjust the network timeout values of the <HTTPTargetConnection> element. Which properties do you modify? | 1. connect.timeout.millis 2. io.timeout.millis |
| Which of the following can be set in a fault rule response? | 1. StatusCode 2. ReasonPhrase 3. Payload The StatusCode rather than the error code is returned. The <FaultResponse> within a fault rule typically sets the payload, status code, and reason phrase. It can also set a header. |
| Your team lead wants to ensure that all API calls are properly logged. What is the best flow to use? | PostClientFlow. The PostClientFlow, not the Response ProxyEndpoint Postflow, is the best flow to use for logging messages. Coming after the request and response have completed the circuit of flows, the PostClientFlow is the best flow to use for logging messages. |
| Your team requires a different back-end target for each environment. What's the best strategy? | Set up a TargetServer. TargetServers decouples the concrete endpoint URLs from TargetEndpoint configurations so you can modify the variable according to the environment. |
| In the OpenAPI specification, what is the object used to define authentication and related issues? | securitySchemes |
| Security assertions, also known as SAML assertions, are managed and consumed by two types of entities: identity providers and security providers. Which does Apigee support? | Both types of entities are supported. The SAMLAssertion policy allows the API platform to act as both an identity provider and a security provider |
| Which properties are available in the SpikeArrest policy? | 1.Message Weight 2. Identifier 3. Rate |
Created by:
CapMax
Popular Computers sets