Cisco 200-901 Based on Real Exam Environment

The primary security issue in this scenario is that API keys are stored in the configuration files. It is a best practice to store sensitive information such as API keys in a secure vault service rather than in configuration files.

A. Communication between the application and the services is not encrypted - Incorrect. The communication is through HTTPS, which is encrypted. B. The database credentials should be stored in the configuration files so that they are secured on the same server - Incorrect. Database credentials should be securely obtained, as mentioned, through a vault service. C. The API keys are stored in the configuration files but should be stored in the vault service - Correct. Storing API keys in configuration files poses a security risk. They should be stored in a secure vault service. D. The synchronization logs should be encrypted and not stored in a relational database - Incorrect. The issue is not about storing logs in a relational database, but rather the storage of API keys in configuration files.

References:

Secure Secrets Management

Best Practices for Storing API Keys

Synchronous API requests and asynchronous API requests differ primarily in how and when the client receives a response from the server.

Synchronous API Request: In a synchronous API call, the client sends a request to the server and waits for a response. The client is blocked during this time, meaning it cannot perform other tasks until the server responds. The key characteristic is that the client is able to access the results immediately after the request is processed. This is suitable for operations that need an immediate response and where the processing time is relatively short.

Asynchronous API Request: In an asynchronous API call, the client sends a request and continues its process without waiting for the server to respond. The server processes the request and sends the response back to the client at a later time. The client might receive a task ID (option A), subscribe to a webhook (option B), or poll for status (option D) to check when the operation is complete.

Agentless configuration management systems, such as Ansible, do not require agents to be installed on the managed hosts. Instead, they leverage existing protocols and services to perform configuration tasks.

Agentless Approach: These systems rely on protocols like SSH (for Unix/Linux) or WinRM (for Windows) to communicate with and manage the hosts.

No Agent Installation: Managed hosts do not need any additional software (agents) installed, which simplifies management and reduces overhead.

Interpreters: They may require the managed hosts to have an interpreter for scripts (e.g., Python) but primarily use existing network protocols for communication.

Option D correctly identifies that agentless configuration management systems use existing protocols to interface with managed hosts.

A reverse proxy can be used to route external requests to different applications on the same host machine using a single public IP address and port. It forwards the requests to the appropriate backend servers based on the request URL or other routing rules.

Single Entry Point: A reverse proxy serves as a single entry point to multiple applications, making it ideal for managing traffic to multiple services hosted on the same machine.

Routing Requests: It can route requests to different internal ports based on the requested URL or other criteria.

Option A is the correct choice as a reverse proxy handles external access to multiple applications on the same host.