API Management MCQ

hello friends if you are looking for API Management MCQ with answers| API Management Multiple choice questions | API Management Objective Type Questions with Answers | API Management Accenture question answers

1.What is the HTTP Security Response header to restrict clickjacking attack


Ans: a

2.Which of the options provided is not a token based authentication?


Ans: b

3.Is this statement TRUE or FALSE? By Default API gateways do not support horizantal scaling

ans – true

4.What is the header which prevents the browser from doing MIME-type sniffing


Ans: b

5.What is the http header that hackers can exploit break the IP Whitelisting

A. X-Forwarded-Proto
B.None of the Options
D. X-Forwarded-Hosts

Ans: c

6.In the provided options which is a header not related to cache a. Cache-Control b. Content type c. Expira d. Etag


Ans: b

7.The key concepts associated with information security are

A. a.integrity b.availability

B. a.integrity d.availability c.authenticity d.non-repudiation

C.a.integrity b.confidentiality

D.a.integrity b.confidentiality c.availability d.authenticity e.non-repudiation

Ans: d

8.Which property should be used to override the default handling of target error responses in APIGEE Edge API Proxy configuration?

  1. success, codes
  2. enable.method.override
  3. error, code

Ans: 1

9.What categroy of executable steps should be limited to once within an API Management ?

  1. Traffic Management
  2. Statistics
  3. Security
  4. Mediation

Ans: 3

10.In API/Webservers acting as a server, the Client certificates would be installed in the Keystore

Ans – true

11.API’s/Webservers return this response code when uploading a file which is older than the one already on the server resulting in a version control conflict.

D. 404

Ans: b

12.The certificate stored in Base64 ASCII would be in this format

C.None of the Options

Ans: D

13.Which is true about ‘DefaultFaultRule’ in API oxy configuration in APIGEE?

A.DefaultFaultRule can be used to handle an error that is not explicitly FaultRule
B.DefaultFaultRule is used when the fault happens during communication with the targat.
C.DefaultFaultRules are a fixed set of fault rules defined in the product.
D.You cannot use both FaultRule and DefaultFaultRules in the same aerials proxy.

Ans: a

14.What happens to the API request processing wh proxy in APIGEE are matched? none of the conditional flows in an API erials when

A. fault is raised and this should be handled in the FaultRules.
B.A 404 Not Found error is immediately returned.
C. Processing will continue with the proxy PostFlow.
D.The last conditional flow is a default flow that automatically runs if none of the previous flows matched.

Ans: c

15.What is the protocol API Gateways need to pport for email alerts

C.None of the Options

Ans: b

16.What is the section in swagger which would allow for defining the API Authentication


B.None of the Options



Ans: A

17.The concept that API-Gateways adopt to provide host aliasing

B.Virtual Hosting

Ans: a

18.What is the use of “nonce” param in the OAuth2.0 & Openid connect protocols .

A.A unique value used by client application to protect against replay and cross-site request forgery (CSRF) attacks on your implementation
B.A unique value to prevent XSS attacks
C.A unique value to prevent Injection attacks
D. None of the Options

Ans: a

19.What is the popular opensource tool for API Load testing

A.Apache Jmeter
B.None of the Options

Ans: a

20.What is the mobile Notification service offerred by Google to deliver push notifications to Google Andriod devices

A.Google Messenger

B.Google Cloud Messaging

C.None of the Options

D.Google Alerts

Ans: b

21.As per the API Nomenclature what is the Role responsible for commissioning APIs and tracking their business adoption

A.Organization Owner

B.API Developer

C.Product Manager

D.App Developer

Ans: c

21.Which of these documents will act as an direction for the App Developers w.r.t APIs

B.None of the Options

Ans: a

23.As a Data Architect I want to search all my this search ‘s in a single catalogue, so where can I perform this search

A.API Developer Portal

B.None of the Options

C.API Analytics Manager

D.API Manager

Ans: d

24.This is a text file placed within the root directory of a site that tells bots (such as indexers employed by search engines) how to behave, by instructing them not to index certain paths on the website

B.None of the Options

Ans: c

25.The API monitoring features include

A.Real-time API monitoring, with alerting based on errors, exceptions, and thresholds
B.Configurable logging of API transaction data
C.Analyze API use for insight and trends

Ans: d

26.Which one of the options provided is not an SSL implementation


Ans: b

27.What happens when the matching API Proxy configuration in APIGEE Edge has no TargetEndpoint property defined?

A.the default TargetEndpoint is invoked

B.this is not valid and the proxy cannot be deployed

C.the request is rejected and an error is raised

D.no TargetEndpoint is invoked

Ans: a

28.Which HealthMonitor could be used to validate that an API call can be made to a target endpoint?




D.HTTP Monitor

Ans: a

29.In the Enterprise Digital journey the success depends on the API Response time

ans – true

30.Is this statement TRUE or FALSE? API Gatways can integrate with enterprise LDAP Providers Eka IDAM, IBM Tivoli manager etc

Ans – true

31.CORS defines a “behind-the-scenes” request between a CORScompliant browser and server, in advance of the JavaScript client’s actual request to access a cross-origin resource, what is that request named as ?

A. precors request

B.preembedded request

C.preempt request

D.preflight request

Ans: d

32.Implementing an API façade pattern involves three basic steps. Select the best 3 answers

A.Design the ideal API-design the URLS, request parameters and responses, payloads headers, query parameters, and so on. The API design should be self-consistent.

B.implement the design with data stubs. This allows application developers to use your A and give you feedback even before your API is connected to internal systems.

C.Use the Data Exchange format as JSON

D.Mediate or integrate between the façade and the system.

Ans: a b c

33.For a SSO Solution an API-Gateway like Apigee can act as a Identity Provider & service Provider

Ans – true

34.What does Pragma header do

A.The Pragma header is used for CSRF Prevention
B.The Pragma header is used to pass directions along with the message. Those directions could be almost anything, but often they are used to control caching behavior.
C.The Pragma header is used for XSS Prevention
D.None of the Options

Ans: b

35.When should the Authorization Code Flow Be Used?

A. a.Long-lived access is required. b. The OAuth client is a web application server. c.Accountability for API calls is very important and the OAuth token shouldn’t be leaked t the browser, where the user may have access to it. Security Properties The Authorization
B.when the we server has redirection capabilities mater
C. When the SSL is not supported

Ans: a

36.Which are characteristics of the PopulateCache and ResponseCache policies in APIGEE API Management Platform? Select all that are correct

A.PopulateCache has a Time Of Year expiry option
B.PopulateCache allows you to cache any string object
C.ResponseCache has separate policy definitions for Lookup vs. alsos cache operations
D.ResponseCache caches the complete HTTP response (including headers).

Ans: C D

37.Which of these are the best comprehensive list of typical NFR’s handled by API Gateway for enterprises

A.a. Authentication b. Security c. Transforamtion d. Logging e. Load-Balancing f.caching

B. a. Authentication b. Security c.

C. Logging


Ans: b

38.Which one is generally considered as the weakest hash algorithm




D. MD5

Ans: c

39.Content-Type Request header is applicable for GET Resource.

Ans – True

40.What does the client id in API Gateway uniquely identify?





Ans: b

41.Is this statement TRUE or FALSE? Digest Authentication does not use hash of the username and password


42.Where should a virtual host be configured in an API Proxy?





Ans: c

43.Is there a possibility that an API Management platform be a proxy to a non-existant BackEnd/Target Service?

Ans – Yes

44. Given the following Javascript code snippet, which statement is true? var DaloAlto = httpClient.get(“http://weather.yahooapis.com/forec context. sesion[paloAlto] = paloAlto ; ? w = 2467861 deg )

A. The code execution will wait for the httpClient to receive a response and store that into a session variable named paloAlto.

B. The string ‘paloAlto’ will be stored in a message flow variable named ‘palaAlto’

C. The code execution will complete even if the httpClient has not yet received a response.

D. The httpClient request will send a POST request to

Ans: b

45.Which policy should be used to limit the number of outbound connections from the message processors in APIGEE Edge?

A.Access Control

B.Concurrent Rate Limit

C.Spike Arrest


Ans: c

46.Is this statement TRUE or FALSE? By Default API gateways support integration with NTP Servers


47.Which is a benefit of using API keys to access API resources?

A. provides simple mechanism to authenticate developers

B. provides simple mechanism to identify developer apps

C.authenticates the developer

D.authenticates the client application

Ans: d

48.What is the Swagger element that would have all the Request and Response Definitions

A. definitions

B. None of the Options

C. securityDefinitions

D. apiDefinitions

Ans: c

49.With OpenID Connect authentication, there is an additional type of OAuth token called as

A. bearer token

B. JWT Assertion Token

C. SAML Assertion Token

D. ID Token

Ans: d

50.When configured for 12 calls per minute, which policy would result in only one request boing accepted every five seconds?

A. Access Control

B. Concurrent Rate Limit

C. Spike Arrest

D. Quota

Ans: c

Leave a Reply

Your email address will not be published. Required fields are marked *