Q1. What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?
-
Partial
-
dependent
-
associative
-
linked
-
/companies/{id} and /company
-
/company/{id} and /companies
-
/companies/{id} and /companies
-
/company/{id} and /company
-
data in the token
-
Ownership
-
a permission
-
and integer
Q4. Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?
-
Uniform Interface
-
Client-Server
-
Stateless
-
Chacheable
-
HTTP
-
REST
-
OPTIONS
-
CORS
-
notify other systems of an event
-
catch error faster
-
improve error logging
-
log additional data
-
to add new technologies to an organization's infrastructure.
-
to share features and functionality with other system.
-
to move infrastructure to the cloud.
-
to appease the latest digital transformation effort.
-
bash
-
curl
-
ssh
-
powerShell
-
OpenAPI (Swagger)
-
WADL
-
WSDL
-
OAuth
-
SUBMIT
-
WRITE
-
POST
-
CREATE
-
Mobile app work better.
-
It improves uptime.
-
It offers better security.
-
It reduce load on servers.
Q12. Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?
-
409 Conflict
-
400 Bad Request
-
406 Not Acceptable
-
405 Method Not Allowed
-
an identify layer on top of OAuth 2.0
-
the new name for SAML 3.0
-
a modern replacement for API keys
-
an SSO competitor for OAuth 2.0
-
flexible querying/responses
-
more stable APIs
-
compatible with more gateways
-
more secure by default
-
Stateless
-
Client-Server
-
Uniform Interface
-
Cacheable
-
It identifies the user ID.
-
It identifies the client application or SDK.
-
It identifies if the API should expect a user authentication.
-
It identifies if the API should accept microservice traffic.
Q17. If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?
-
application/json
-
application/json_version2
-
text/html
-
application/vnd.myapp.v2+json
-
A token is encrypted.
-
A token is encoded.
-
A token is scoped to the use case.
-
A token can be shared between systems.
How to easily secure your APIs with API keys and OAuth
Q19. The ability to execute the same API request over and over again without changing the resource's state is an example of _.
-
stateless architecture
-
idempotency
-
a uniform interface
-
cacheability
Q20. What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?
-
API proxy
-
API gateway
-
OpenAPI
-
OAuth authorization server
-
transport over SSL
-
encrypted payload
-
a signature
-
encoded payload
-
token
-
scope
-
claim
-
back channel
-
ID token
-
refresh token
-
access token
-
auth code token
Q24. What should you add to a Cache-Control response header to specify that a response should not be stored in an intermediary cache?
-
no-proxy
-
client-only
-
restricted
-
private
-
Authorization Code Grant
-
Client Credentials Grant
-
Implicit Grant
-
Authentication Grant
-
It varies from API to API.
-
admin
-
write
-
read-write
-
_embedded
-
resources
-
subresources
-
_links
-
tracking downloads
-
Accept headers
-
user agents
-
polling users
Q29. Which REST constraint allows for the presence of caching, routing, and other systems between the client and server?
-
Layered System
-
Stateless
-
Client-Server
-
Cacheable
-
your tech stack
-
reasoning for your naming schema
-
your mission statement
-
sample code
-
Response Time
-
Time to First Hello World
-
TTL
-
Uptime
-
GET /user/{id}
-
GET /users/{id}
-
GET /user?id={id}
-
GET /users?id={id}
-
to describe relationships between resources or actions
-
to describe subresources related to the current one
-
to link two resources together
-
to describe a resource and its purpose
- Java, Javascript, and .NET
- and you can support
- PHP, Python, and Go
- the languages that your target users use
-
resources
-
_embedded
-
subresources
-
_links
- an authorization framework for granted delegated access
- an approach to single sign-on for APIs
- a method for API authentication
- HTTP Basic Authentication 2.0
- JSON
- HTTP
- common use cases
- your tech stack
- to share user profile information
- to update an API configuration
- to keep a web session active
- to retrieve an access token
- how long it takes for a developer to do something with your API
- how long it takes to start a new programming language
- how long it takes to install your SDK
- how long it takes to read your documentation
Q40. Which response header tells the client and intermediaries that the response is not to be cached anywhere?
- Cache-State: none
- Expires:-1
- Cache-Control: no-cache
- Cache-Control: no-store
Q41. What component hides the distinctions or boundaries between various microservices from end-client applications?
-
API gateway
-
API logging
-
a layered system
-
API proxy
-
common knowledge
-
URLs
-
no versioning
-
the Accept header
-
URL parameter
-
Authorization header
-
Base64 encoding
-
Basic Auth
-
client
-
not specified
-
authorization server
-
resource server
-
inbound traffic
-
north-south traffic
-
internal traffic
-
east-west traffic
-
Add .json to the URL.
-
APIs do not use XML.
-
Use the Content-Type header.
-
Use the Accept header.
Q47. When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?
-
403
-
404
-
401
-
405
-
HTTP verbs
-
JSON payloads
-
HTTP response codes
-
rate limiting/throttling
-
red team testing
-
white box testing
-
blue box testing
-
black box testing
-
PUT
-
POST
-
GET
-
OPTIONS
-
Expires: 1 minute
-
Cache-Control: max-age=60
-
Expires: 1 January 2020
-
Cache-Expires: max-age=60
Q52. What is the concept that allows an API client to explore an API via links embedded in payloads?
-
hypermedia
-
link relations
-
parsing
-
browsing
-
405
-
201
-
204
-
202
- AWS Lambda
- downloading open-source software
- Serverless
- JavaScript on a webpage
Q55. Which URL pattern should you follow for accessing a subresource attached to a specific resource?
- /companies/employees/{companyId}/{employeeId}
- /company/{companyId}/employees/{employeeId}
- /companies/{companyId}/employees/{employeeId}
- /companies/{companyId}/employee/{employeeId}
- Stateless
- Cacheable
- Layered System
- Uniform Interface
- FLUSH
- DELETE
- CLEAR
- DESTROY
- DELETE
- GET
- PUT
- POST
Q59. Which REST constraint specifies that each request should stand on its own and not have a specific required order?
- Uniform Interface
- Cacheable
- Stateless
- Client-Server
REST Architectural Constraints
- Check you JSON structure.
- Slow down your requests.
- Check the API uptime status.
- Check you API key.
- date-based filtering
- next/previous cursors
- page size and filters
- database IDs
- OAuth
- biometrics
- API Keys
- username and password
Q63. Which HTTP response code usually means the requested work is still processing and may or may not result in an error later?
- 200 OK
- 204 No Content
- 201 Created
- 202 Accepted
Q64. When validating a JWT, what are some of the claims that you must confirm? (Select all that apply.)
A. The exp (expiration) has not passed.
B. The algorithm is sufficient.
C. The signature matches the payload.
D. The token was Base64 encoded.
E. The iss (issuer) is the auth server you expect.
F. There is a refresh token.
G. The cid (client ID) is the client you expect.
H. The token was encrypted.
- A,B,E,H
- B,C,F,G
- A,D,G,H
- A,C,E,G
-
east-west traffic
-
inbound traffic
-
north-south traffic
-
external traffic
North-South vs East-West Traffic
- Authorization Code with PKCE
- Client Credentials
- Device
- Resource Owner Password
OAuth 2.0 for Native and Mobile Apps
-
YY-M-D hh:mm:ss+TZ
-
YY-M-D h:mm:ss
-
YYYY-MM-DDThh:mm:ssZ
-
YYYY-M-D hh:mm:ss
The 5 laws of API dates and times
- Rate-Limit
- Expires
- Etag
- Cache-Control
Cache-Control Expires Etag Rate limiting your RESTful API
Q69. A client application uses a filter or a search in your API correctly but there are zero results. What is the best response code?
- 204 No Content
- 400 Bad Request
- 200 OK
- 404 Not Found