Apigee-API-Engineer Google Cloud - Apigee Certified API Engineer Questions and Answers

restrict access to a set of APIs

configure the quota limits for APIs

restrict access to APIs in different environments

all of the above

the request content in the request flow

the response content in the response flow

the request content when in the request flow and the response content when in the response flow

neither the request content nor the response content

Modify the RouteRuies to be more specific.

Create a new proxy for this special condition.

Reorder the RouteRuies so that your condition is found

Add a new TargetServer to handle your specific condition

ServiceCallout

AssignMessage

RequestMessage

Message Validation

Verify the signature of the JWT using a shared secret.

Parse the JWT to extract the exp: nbf and iat properties to determine if the token is still valid

Pass the JWT to a preconfigured 3rd party for verification of the signature, exp, nbf and iat properties

Use the OpenID Connect URL to locate a trusted 3rd party for verification the signature, exp, nbf and iat properties

Using the JKWS URL in the OpenID Connect configuration, fetch the signing key to verify the JWT signature and parameters

Notify operations of the release

Run an automated smoke test suite.

Monitor the logs looking for unusual error patterns

Ensure all sources are checked into source control

Write business and functional requirements documents.

Implement ad-hoc microservices using a managed container system.

Catalog the data model of the backing data store or API into a data dictionary

Work with the existing or targeted application consumers to build an Open API Specification model

Anywhere in a ProxyEndpoint or TargetEndpoint except PostClientFlow

In a Shared Flow

Only in the Flow phase of ProxyEndpoint or TargetEndpoint

Anywhere except another Shared Flow

Only in ProxyEndpoint PreFlow or TargetEndpoint PostFlow

Use lookup/populate cache policy.

Increase the TimeToLive of cached objects

Review key fragments in cache key, ensuring only important parameters are used

Review and increase the number of items on the cache resource to a higher number

Use service callouts configuration for each target, and use a condition to decide which to invoke.

Use a Key-Value Map configuration to access SSL and URL information to invoke target systems

Use an AssignMessage policy to override default target URL and define 2-way SSL configuration at runtime

Create another target endpoint with SSL configured and define route rule to pick that depends on available variables.

Use a Node.JS target to implement a nonblocking call.

Attach a Message Logging policy to the Post Client Flow

Implement a Java Extension Callout with a worker thread

Use an asynchronous Service Callout policy in your proxy (low as soon as you have enough data to log

GET

PUT

POST

DELETE

OPTIONS

Virtual host

API product

Developer app

RBAC (Role-based Access Control)

FTP

HTTP

SCP

TCP

UDP

Publish using SwaggerUI

Generate web documents using SmartDocs

Send the requesting team the OpenAPl spec.

Create a sample web app that uses your API, and publish the source code.

GET

PUT

POST

HEAD

Add custom attributes for counts for every product. Create custom quota policies for every product which references these custom attributes

Set custom attributes for weekday and weekend count at every product Reference these How variables in the count property of Quota policy at runtime

Add custom attributes at the API Product with counts to use for weekdays and weekends. Using flow variables, reference the custom counts in the Quota policy

Add custom attributes for count at Product level Use a JS Policy to determine which count to use in Quota policy at runtime Use this count attribute in the Quota Policy.

Use XSLT to transform the XML payload and then use a XML to JSON policy

Use XML to JSON policy first to convert to JSON and then ExtractVariables with a JSONPath to extract the body from the converted SOAP envelope

Use ExtractVariables with an XPath first to extract the SOAP body and then use XML to JSON policy

Use an AssignMessage policy to convert the SOAP response to a JSON response, using XPath expressions to retrieve the data

Add smoke tests to your CI/CD process

Add code quality analysis into your CI/CD process.

Ask the developers to run unit tests prior to code check-in.

Ask the developers to run anti-virus against the code prior to check in.

Use a Shared Flow and a Flow Callout where needed.

Use Proxy Chaining and a Service Callout where needed

Use a template build process to compose flows from flow fragments.

Use a Shared Flow and Flow Hooks to enforce all APIs call the shared flow

GET

POST

OPTIONS

PUT

Creation of a message logging policy in Apigee.

Creating user stories to fulfill the business requirements.

Creating support tickets that cover each of the business requirements.

Creating a cross functional team of API engineers, business analysts, and backend software developers.

generate an authorization code

generate an access token

verify the device ID

validate the client API key

obtain the end user ' s consent for the application to request the user ' s protected resources

validate the developer name

Storing of external access tokens

Setting custom attributes for generated access tokens

Credentials validation when password grant_type is used

Setting different expiration for refresh and access tokens

Create a different URL for updates

Implement user rights checks in the underlying microservice

Use an OAuth2 scope to identify allowed applications and user granted rights

Retrieve user rights from a database by inspecting the user id bound to the OAuth2 token

Use a default Spike Arrest policy setting the limit to 100 TPS

Use a Quota enforcement policy set to limit throughput to 100 TPS

Use a Spike Arrest policy setting the UseEffectiveCount parameter

Keep a count of accesses in the back-end, rejecting queries when they exceed 100 TPS

Unit tests

Smoke tests.

Integration tests

Code quality analysis

GET/customers/{customer-id)/orders

GET/orders7customer-id={customer-id}

GET /getOrdersForCustomer?customer-id={customer-id}

POST /orders with a post-body of customer-id={customer-id}

You should recommend an Apigee Edge Access Control policy

You should recommend that the backend API ' s use TLS v12 to secure their APIs.

You should recommend the use of custom secure headers with time stamp verification

You should recommend a design change that uses a Apigee microgateway in front of the backend APIs.

GET/getOrdersBetweenDates/2016-01-01/2016-02-01

GET/orders ' ?from-date=2016-01-01 & to-date=2016-02-01

GET /customers/{customer-id}/orders ' ?from-date=2016-01-01 & to-date^2016-02-01

POST /searchorders with a post-body of from-date-2016-01-01 & to-date=2016-02-01

specify using the secuntyDefinrtions name property

specify using the secuntySchemas name property

specify using the security Variables name properly

specify using the securityParams name property

AssignMessage

Message Validation

SOAPToJSON

XMLToJSON

Sensitive data presented to end users will be encrypted

Certificates can be used to verify the identity of both Apigee Edge and the target endpoint

End users can use the name of the system to verify that they are connecting to a trusted system.

All of the above

Specify in PopulateCache policy

Specify number of Max Elements In Memory on the Cache Resource definition

Specify max size in KB in Cache Resource definition

It cannot be configured as Apigee manages it internally.