REST APIs - Skill Assignment Quiz

Q1. What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?

  •  Partial
  •  dependent
  •  associative
  •  linked

Q2. Which URL pattern is recommended when working with one resource and a collection of resources?

  •  /companies/{id} and /company
  •  /company/{id} and /companies
  •  /companies/{id} and /companies
  •  /company/{id} and /company

Q3. When dealing with JSON web Tokens (JWTs), what is a claim?

  •  data in the token
  •  Ownership
  •  a permission
  •  and integer

Q4. Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?

  •  Uniform Interface
  •  Client-Server
  •  Stateless
  •  Chacheable

Q5. What would you enable to allow a browser on another site to make an AJAX request to your API?

  •  HTTP
  •  REST
  •  CORS

Q6. APIs commonly use webhooks to _.

  •  notify other systems of an event
  •  catch error faster
  •  improve error logging
  •  log additional data

Q7. What is the underlying goal of all APIs?

  •  to add new technologies to an organization's infrastructure.
  •  to share features and functionality with other system.
  •  to move infrastructure to the cloud.
  •  to appease the latest digital transformation effort.

Q8. Which is a common command-line tool for using or exploring an API?

  •  bash
  •  curl
  •  ssh
  •  powerShell

Q9. What is the modern specification for describing an API?

  •  OpenAPI (Swagger)
  •  WADL
  •  WSDL
  •  OAuth

Q10. Which HTTP verb is normally used to update or create a resource in an API?

  •  WRITE
  •  POST

Q11. What is one benefit of server-side caching in APIs?

  •  Mobile app work better.
  •  It improves uptime.
  •  It offers better security.
  •  It reduce load on servers.

Q12. Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?

  •  409 Conflict
  •  400 Bad Request
  •  406 Not Acceptable
  •  405 Method Not Allowed

Q13. What is OpenID Connect?

  •  an identify layer on top of OAuth 2.0
  •  the new name for SAML 3.0
  •  a modern replacement for API keys
  •  an SSO competitor for OAuth 2.0

Q14. What is one benefit of GraphQl over REST approaches?

  •  flexible querying/responses
  •  more stable APIs
  •  compatible with more gateways
  •  more secure by default

Q15. Which REST constraint specifies that there should be no shared context?

  •  Stateless
  •  Client-Server
  •  Uniform Interface
  •  Cacheable

Q16. What purpose does a User-Agent serve?

  •  It identifies the user ID.
  •  It identifies the client application or SDK.
  •  It identifies if the API should expect a user authentication.
  •  It identifies if the API should accept microservice traffic.

Q17. If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?

  •  application/json
  •  application/json_version2
  •  text/html
  •  application/vnd.myapp.v2+json

Q18. What is one benefit that OAuth provides over an API key approach?

  •  A token is encrypted.
  •  A token is encoded.
  •  A token is scoped to the use case.
  •  A token can be shared between systems.

Q19. The ability to execute the same API request over and over again without changing the resource's state is an example of _.

  •  stateless architecture
  •  idempotency
  •  a uniform interface
  •  cacheability

Q20. What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?

  •  API proxy
  •  API gateway
  •  OpenAPI
  •  OAuth authorization server

Q21. What protection does a JSON Web Token (JWT) offer to mitigate tampering with its contents?

  •  API proxy
  •  API gateway
  •  OpenAPI
  •  OAuth authorization server

Q22. What OAuth term is used to represent permissions?

  •  token
  •  scope
  •  claim
  •  back channel

Q23. What should you add to a Cache-Control response header to specify that a response should not be stored in an intermediary cache?

  •  no-proxy
  •  client-only
  •  restricted
  •  private

Q24. Which OAuth grant type can support a refresh token?

  •  Authorization Code Grant
  •  Client Credentials Grant
  •  Implicit Grant
  •  Authentication Grant

Q25. Using OAuth, what scope would you request for write access to the API?

  •  It varies from API to API.
  •  admin
  •  write
  •  read-write

Q26. Which content is best to include in your documentation?

  •  your tech stack
  •  reasoning for your naming schema
  •  your mission statement
  •  sample code

Q27. What metric tracks overall availability for your API?

  •  Response Time
  •  Time to First Hello World
  •  TTL
  •  Uptime

Q28. What is the recommended method and URL pattern for retrieving a specific user?

  •  GET /user/{id}
  •  GET /users/{id}
  •  GET /user?id={id}
  •  GET /users?id={id}

Q29. What is the purpose of a link relation?

  •  to describe relationships between resources or actions
  •  to describe subresources related to the current one
  •  to link two resources together
  •  to describe a resource and its purpose

Q30. What is OAuth?

  •  an authorization framework for granted delegated access
  •  an approach to single sign-on for APIs
  •  a method for API authentication
  •  HTTP Basic Authentication 2.0

Q31. What should your API documentation describe?

  •  JSON
  •  HTTP
  •  common use cases
  •  your tech stack

Q32. What is the purpose of an OAuth refresh token?

  •  to share user profile information
  •  to update an API configuration
  •  to keep a web session active
  •  to retrieve an access token

Q33. What is Time to First Hello World?

  •  how long it takes for a developer to do something with your API
  •  how long it takes to start a new programming language
  •  how long it takes to install your SDK
  •  how long it takes to read your documentation

Q34. Which response header tells the client and intermediaries that the response is not to be cached anywhere?

  •  Cache-State: none
  •  Expires:-1
  •  Cache-Control: no-cache
  •  Cache-Control: no-store

Q35. What component hides the distinctions or boundaries between various microservices from end-client applications?

  •  API gateway
  •  API logging
  •  a layered system
  •  API proxy

Q36. The textbook approach to api versioning is to use _.

  •  common knowledge
  •  URLs
  •  no versioning
  •  the Accept header

Q37. Within Oauth, what component validates the user's identity?

  •  client
  •  not specified
  •  authorization server
  •  resource server

Q38. API traffic that is entirely internal to your organization is normally called _?

  •  inbound traffic
  •  north-south traffic
  •  internal traffic
  •  east-west traffic

Q39. When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?

  •  403
  •  404
  •  401
  •  405

Q40. Which is a benefit of using an API gateway?

  •  HTTP verbs
  •  JSON payloads
  •  HTTP response codes
  •  rate limiting/throttling

Q41. Which HTTP verb is used in a CORS preflight request?

  •  PUT
  •  POST
  •  GET

Q42. What is the concept that allows an API client to explore an API via links embedded in payloads?

  •  hypermedia
  •  link relations
  •  parsing
  •  browsing

Q43. Which is an example of Code on Demand?

  •  AWS Lambda
  •  downloading open-source software
  •  Serverless
  •  JavaScript on a webpage

Q44. Which verb is not considered idempotent?

  •  GET
  •  PUT
  •  POST

Q45. Which REST constraint specifies that each request should stand on its own and not have a specific required order?

  •  Uniform Interface
  •  Cacheable
  •  Stateless
  •  Client-Server

Q46. When exploring record sets, what is the best approach for pagination?

  •  date-based filtering
  •  next/previous cursors
  •  page size and filters
  •  database IDs

Q47. Which HTTP response code usually means the requested work is still processing and may or may not result in an error later?

  •  200 OK
  •  204 No Content
  •  201 Created
  •  202 Accepted

Q48. Which header is not used in cache management?

  •  Rate-Limit
  •  Expires
  •  Etag
  •  Cache-Control

Q49. A client application uses a filter or a search in your API correctly but there are zero results. What is the best response code?

  •  204 No Content
  •  400 Bad Request
  •  200 OK
  •  404 Not Found


Are you ready

Let’s Make Something Amazing Together

Need help? Contact our experts
Tell us about your project