Free 350-901 Sample Questions — Developing Applications using Cisco Core Platforms and APIs (DEVCOR)

A team of developers created their own CA and started signing certificates for all of their IoT devices. Which action will make the browser accept these certificates?

• A. Install a TLS instead of SSL certificate on the IoT devices
• B. Set the private keys 1024-bit RSA
• C. Preload the developer CA on the trusted CA list of the browser
• D. Enable HTTPS or port 443 on the browser

What is a capability of the End User Monitoring feature of the AppDynamics platform?

• A. discovers traffic flows, nodes, and transport connections where network or application/network issues are developing
• B. monitoring local processes, services, and resource use, to explain problematic server performance
• C. identifies the slowest mobile and IoT network requests, to locate the cause of problems
• D. provides metrics on the performance of the database to troubleshoot performance-related issues

A development team is considering options for implementing a new configuration management solution which must: • be agentless • utilize Python as a developing language • leverage YAML based workflows Which solution must be chosen?

• A. Terraform
• B. Puppet
• C. Ansible
• D. Nornir

Which tool is used to deploy an IOx application to a group of IOx devices at one time?

• A. ioxclient
• B. IOx local manager
• C. Fog Network Director
• D. Kubernetes

An application is developed in order to communicate with Cisco Webex. For reporting, the application must retrieve all the messages sent to a Cisco Webex room on a monthly basis. Which action calls /v1/messages directly?

• A. Set up a webhook that has messages as the resource type and store the results locally
• B. Utilize the pagination functionality by defining the max property
• C. Recursively call the /v1/messages endpoint by using the beforeMessage property
• D. Filter the response results by specifying the created property in the request

A team is developing a cloud-native application. The project has these architecture requirements: • Leverage the use of containers for effective usage of resources. • Scale up the application automatically when more resources are needed. • Ensure that the application is developed as a stateless application. Which two guidelines must be met? (Choose two.)

• A. Rely on the web server to help provide sticky sessions for web transactions
• B. Use Python class definition to leverage object-oriented techniques for development
• C. Develop the application using Python and virtual environments
• D. Ensure that all data that should persist is stored in a data store such as a database
• E. Use memory or disk space for temporary data that should not persist between nodes

Which two design considerations should be considered when building a Cisco Meraki dashboard out of available APIs? (Choose two.)

• A. If the API key is shared, it cannot be regenerated
• B. The API requests require the key and the user credentials
• C. API call volume is rate-limited to five calls per second per organization
• D. The API version does not need to be specified in the URL
• E. Access to the API must first be enabled by using the settings for an organization

What is a reason to choose global load-balancing instead of local load-balancing?

• A. Allow requests to be distributed and served in a round-robin fashion
• B. Load-balance across the infrastructure based on workload
• C. Promote greater security to the application
• D. Better serve users based on their location

Why is end-to-end encryption deployed when exposing sensitive data through APIs?

• A. Data transfers are untraceable from source to destination
• B. Data cannot be read or modified other than by the true source and destination
• C. Server-side encryption enables the destination to control data protection
• D. Traffic is encrypted and decrypted at every hop in the network path

What is the first step in the OAuth2 Authorization code grant flow?

• A. Mutual authentication between client and server
• B. Request authorization from the resource owner
• C. Receive an authorization code from the resource server
• D. Authorization tokens are exchanged

Which authorization steps are required to obtain an access token according to the OAuth2 authorization code grant flow?

• A. Authenticate, get the authorization code, and send it with the client ID and client secret
• B. Send the client ID and client secrets by using the grant flow type, get the token, and authorize by using a callback
• C. Log in with a username and password using a form, get a token, and include the token in the body
• D. Send the base64 encoded username, password, client ID, and client secret to the single sign-on manager

A developer has updated an application to fix a bug with the ID abcd12a123b2c3456. The updated application has been installed on a Cisco Catalyst 9300 series switch. Which command will enable the application called titan03?

• A. app-hosting activate appid titan03
• B. app-hosting start appid titan03
• C. app-hosting run re-start appid titan03 upfx
• D. app-hosting install appid titan03 package usbflash:titan03.tar

What are two steps in the OAuth2 protocol flow? (Choose two.)

• A. The user is authenticated by the authorization server and granted an access token
• B. The user's original credentials are validated by the resource server and authorization is granted
• C. The user indirectly requests authorization through the authorization server
• D. The user requests an access token by authentication and authorization grant presentation
• E. The user requests the protected resource from the resource server using the original credentials

A DevOps engineer needs to design an application to send emails based on incoming webhooks. No more than 10,000 outgoing emails should be sent per hour. How will the engineer ensure that all webhook transactions are processed within the email constraints?

• A. APIs for internal and external communication
• B. rate limit incoming webhooks and pagination
• C. message queues and rate limiting
• D. send emails in batches and on a cadence

Given an application that implements a basic search function as well as a video upload function, which two load-balancing approaches optimize the application's user experience? (Choose two.)

• A. Video upload requests should be routed to the endpoint using an intermediate hop
• B. Search requests should be routed to the endpoint with lowest round-trip latency
• C. Video upload requests should be routed to the endpoint with lowest round-trip latency
• D. Video upload requests should be routed to the endpoint with highest data throughput
• E. Search requests should be routed to the endpoint with highest data throughput

A team of engineers must manage and configure an infrastructure programmatically. The team must be able to bootstrap and configure new servers and switches remotely without using an agent. Which configuration management tool meets the requirements?

• A. Chef
• B. Jenkins
• C. Puppet
• D. Terraform

Which two statements about a stateless application are true? (Choose two.)

• A. Different requests can be processed by different servers
• B. Requests are based only on information relayed with each request
• C. Information about earlier requests must be kept and must be accessible
• D. The same server must be used to process all requests that are linked to the same state
• E. No state information can be shared across servers

Which two countermeasures help reduce the risk of playback attacks? (Choose two.)

• A. Store data in a NoSQL database
• B. Implement message authentication (HMAC)
• C. Enable end-to-end encryption
• D. Remove stack traces from errors
• E. Use short-lived access tokens

How does the use of release packaging allow dependencies to be effectively managed during deployments?

• A. removal of release units if they have issues in testing
• B. dependencies are tested after the release is deployed
• C. designed to prevent any dependencies between release units
• D. dependencies are staggered between multiple releases

Which database type should be used with highly structured data and provides support for ACID transactions?

• A. time series
• B. document
• C. graph
• D. relational