Vce Apigee-API-Engineer Questions Latest

Page: 4 / 4

Question 16

Your APIs are configured as a relying party on an OpenID Connect platform. You need to inspect and verify the OpenID Connect identity. What two actions should you take?

Choose 2 answers

Options:

Verify the signature of the JWT using a shared secret.

Parse the JWT to extract the exp: nbf and iat properties to determine if the token is still valid

Pass the JWT to a preconfigured 3rd party for verification of the signature, exp, nbf and iat properties

Use the OpenID Connect URL to locate a trusted 3rd party for verification the signature, exp, nbf and iat properties

Using the JKWS URL in the OpenID Connect configuration, fetch the signing key to verify the JWT signature and parameters

Question 17

When populating the Quota configuration for an API product, which statement is true?

Options:

The Quota specified will automatically be enforced for any Developer App Keys assigned to the API product.

After validating an API key or access token, flow variables are automatically populated with the Quota configuration for later use in a Quota policy

Rate limiting will be enforced precise to the seconds level, even if you configure a per-minute or higher interval

The Quota configuration specified on the API product enforces a global rate limit across all API proxies

Question 18

As an Apigee API Engineer you attend a meeting where a Product Owner would like to release a new feature to customers. There are several teams in the meeting, Backend API team, Apigee API team, and the Security team. The feature will be exposed through the companies external facing website. The architecture allows the website to call the backend APIs directly. The security team raises a concern about the backend APIs being wide open to anyone inside the network, not just the external website. You are later contacted and asked for your teams impacts. How should you reply?