Your API generates tokens to authenticate users. You have the following requirements
1. Limited token lifetime.
2. Managed key rotation.
3. Self-verifiable content.
4 Compact data representation
5. Refresh without new challenge.
You plan to use SAML2 Which two of the above-listed requirements are satisfied by using SAML2? Choose 2
answers

A.

Limited token lifetime.

B.

Managed key rotation

C.

Self-verifiable content

D.

Compact data representation

E.

Refresh without a new challenge

Which are NOT a step in the OAuth 2 0 authorization code grant process? Select all that are correct

A.

generate an authorization code

B.

generate an access token

C.

verify the device ID

D.

validate the client API key

E.

obtain the end user's consent for the application to request the user's protected resources

F.

validate the developer name

Which are characteristics of the PopulateCache and ResponseCache policies'? Select all that are correct

A.

PopulateCache has a TimeOfYear expiry option

B.

PopulateCache allows you to cache any string object.

C.

ResponseCache has separate policy definitions for Lookup vs. Populate cache operations.

D.

ResponseCache caches the complete HTTP response (including headers).

Which proxy endpoint configuration determines the target endpoint that will be used?

A.

Step

B.

TargetConfiguration

C.

RouteRule

D.

Connection

E.

Path

Which is a benefit of three-legged OAuth (authonzation_code grant)'?

A.

authorization codes can be used multiple times to obtain access tokens

B.

allows another individual to access a user's private data

C.

provides access to user-specific resources without exposing end-user credentials to the client application

D.

provides end-user credentials to requesting app

Which of the following statements are true for the out-of-the-box Apigee Edge Analytics Dashboard? Select all that apply Choose 3 answers

A.

Visualize API proxy error metrics

B.

Visualize API traffic metrics

C.

Visualize Developer Engagement metrics

D.

Visualize API Deployment metrics

E.

Visualize Management API traffic metrics

You have a new set of requirements for a mobile app. The product team has asked for the following.
• The app requires access to customer order information
• The app needs to allow a search function for orders by product name
Choose two development tasks that would accomplish the requirements. Choose 2 answers

A.

Create a new API proxy for a GET /v1/customers/{customerid}/orders

B.

Create a new API proxy for a GET /v1/customers/{customerid}/products/{productname}

C.

The design should include a new custom header X-Product-Name

D.

The Apigee proxy should allow a query parameter for q=

E.

The Apigee proxy should allow a query parameter for orderld=

How can we specrfy the type of Security (basic auth, oauth) used by the API in OpenAPI Specification 2.0?

A.

specify using the secuntyDefinrtions name property

B.

specify using the secuntySchemas name property

C.

specify using the security Variables name properly

D.

specify using the securityParams name property

You are generating tokens depending on a partner's service level at runtime You need to control access token expiration What should you do?

A.

Pass access token expiration values as a request query parameter

B.

Add expiration times in product custom attributes for retrieval at run time

C.

Store and fetch access token expiration times from a configuration file to use at run time

D.

Store and fetch expiration value from Key Value Maps at runtime to use for access token creation.

As an API Engineer your team would like to make sure you are simulating a user experience prior to a
deployment in a production environment. Which tests should be ran to closely resemble a consumer
interaction with a APIs?

A.

Unit tests

B.

Smoke tests.

C.

Integration tests

D.

Code quality analysis

Which is true about PostClientFlow?

A.

PostClientFlow will only be executed if a payload is returned.

B.

The response is blocked until! the PostClientFlow policies are executed.

C.

PostClientFlow can only include MessageLogging policies.

D.

PostClientFlow can include any supported policy

Your implementation has the following characteristics
1 There are multiple API Products
2 Some API proxies are part of more than one API Product.
3 Quotas are configured at the API Product level
4 In the Quota policy the count, time interval and unit is referenced using Verify API Key flow variables at
runtime.
5 A single Quota policy is reused across all the products 6. Each app is assigned to exactly one product.
You need to limit the number of requests during weekends for specific products without modifying this design
What should you do?

A.

Add custom attributes for counts for every product. Create custom quota policies for every product which references these custom attributes

B.

Set custom attributes for weekday and weekend count at every product Reference these How variables in the count property of Quota policy at runtime

C.

Add custom attributes at the API Product with counts to use for weekdays and weekends. Using flow variables, reference the custom counts in the Quota policy

D.

Add custom attributes for count at Product level Use a JS Policy to determine which count to use in Quota policy at runtime Use this count attribute in the Quota Policy.