350-901: Developing Applications using Cisco Core Platforms and APIs (DEVCOR) Part 1
Question #: 1
Topic #: 1
A developer has created an application based on customer requirements. The customer needs to run the application with the minimum downtime.
Which design approach regarding high-availability applications, Recovery Time Objective, and Recovery Point Objective must be taken?
A. Active/passive results in lower RTO and RPO. For RPO, data synchronization between the two data centers must be timely to allow seamless request flow.
B. Active/passive results in lower RTO and RPO. For RPO, data synchronization between the two data centers does not need to be timely to allow seamless request flow.
C. Active/active results in lower RTO and RPO. For RPO, data synchronization between the two data centers does not need to be timely to allow seamless request flow.
D. Active/active results in lower RTO and RPO. For RPO, data synchronization between the two data centers must be timely to allow seamless request flow.
Selected Answer: D
Question #: 2
Topic #: 1
DRAG DROP –
An application is being built to collect and display telemetry streaming data. Drag and drop the elements of this stack from the left onto the correct element functions on the right.
Select and Place:
Suggestion Answer:
Question #: 3
Topic #: 1
A cloud native project is being worked on in which all source code and dependencies are written in Python, Ruby, and/or JavaScnpt. A change in code triggers a notification to the CI/CD tool to run the CI/CD pipeline.
Which step should be omitted from the pipeline?
A. Deploy the code to one or more environments, such as staging and/or production.
B. Build one of more containers that package up code and all its dependencies.
C. Compile code.
D. Run automated tests to validate the code.
Selected Answer: C
Question #: 4
Topic #: 1
Which two statements are considered best practices according to the 12-factor app methodology for application design? (Choose two.)
A. Application code writes its event stream to stdout.
B. Application log streams are archived in multiple replicated databases.
C. Application log streams are sent to log indexing and analysis systems.
D. Application code writes its event stream to specific log files.
E. Log files are aggregated into a single file on individual nodes.
Selected Answer: AC
Question #: 5
Topic #: 1
An organization manages a large cloud-deployed application that employs a microservices architecture. No notable issues occur with downtime because the services of this application are redundantly deployed over three or more data center regions. However, several times a week reports are received about application slowness. The container orchestration logs show faults in a variety of containers that cause them to fail and then spin up brand new.
Which action must be taken to improve the resiliency design of the application while maintaining current scale?
A. Update the base image of the containers.
B. Test the execution of the application with another cloud services platform.
C. Increase the number of containers running per service.
D. Add consistent ג€try/catch(exception)ג€ clauses to the code.
Selected Answer: D
Question #: 6
Topic #: 1
How should a web application be designed to work on a platform where up to 1000 requests per second can be served?
A. Use algorithms like random early detection to deny excessive requests.
B. Set a per-user limit (for example, 5 requests/minute/user) and deny the requests from the users who have reached the limit.
C. Only 1000 user connections are allowed; further connections are denied so that all connected users can be served.
D. All requests are saved and processed one by one so that all users can be served eventually.
Selected Answer: B
Question #: 7
Topic #: 1
An organization manages a large cloud-deployed application that employs a microservices architecture across multiple data centers. Reports have been received about application slowness. The container orchestration logs show that faults have been raised in a variety of containers that caused them to fail and then spin up brand new instances.
Which two actions can improve the design of the application to identify the faults? (Choose two.)
A. Automatically pull out the container that fails the most over a time period.
B. Implement a tagging methodology that follows the application execution from service to service.
C. Add logging on exception and provide immediate notification.
D. Do a write to the datastore every time there is an application failure.
E. Implement an SNMP logging system with alerts in case a network link is slow.
Selected Answer: BC
Question #: 8
Topic #: 1
Which two situations are flagged by software tools designed for dependency checking in continuous integration environments, such as OWASP? (Choose two.)
A. publicly disclosed vulnerabilities related to the included dependencies
B. mismatches in coding styles and conventions in the included dependencies
C. incompatible licenses in the included dependencies
D. test case failures introduced by bugs in the included dependencies
E. buffer overflows to occur as the result of a combination of the included dependencies
Selected Answer: AC
Question #: 9
Topic #: 1
A network operations team is using the cloud to automate some of their managed customer and branch locations. They require that all of their tooling be ephemeral by design and that the entire automation environment can be recreated without manual commands. Automation code and configuration state will be stored in git for change control and versioning. The engineering high-level plan is to use VMs in a cloud-provider environment, then configure open source tooling onto these VMs to poll, test, and configure the remote devices, as well as deploy the tooling itself.
Which configuration management and/or automation tooling is needed for this solution?
A. Ansible
B. Ansible and Terraform
C. NSO
D. Terraform
E. Ansible and NSO
Selected Answer: B
Question #: 10
Topic #: 1
DRAG DROP –
Drag and drop the git commands from the left into the correct order on the right to create a feature branch from the master and then incorporate that feature branch into the master.
Select and Place:
Suggestion Answer:
Question #: 11
Topic #: 1
An application is hosted on Google Kubernetes Engine. A new JavaScript module is created to work with the existing application.
Which task is mandatory to make the code ready to deploy?
A. Create a Dockerfile for the code base.
B. Rewrite the code in Python.
C. Build a wrapper for the code to ג€containerizeג€ it.
D. Rebase the code from the upstream git repo.
Selected Answer: A
Question #: 12
Topic #: 1
DRAG DROP –
Drag and drop the steps from the left into the correct sequence on the right to describe how to use Git to maintain the current HEAD and revert back to a previous commit, while undoing all intermediate commits.
Select and Place:
Suggestion Answer:
Question #: 13
Topic #: 1
Which database type should be used with highly structured data and provides support for ACID transactions?
A. time series
B. document
C. graph
D. relational
Selected Answer: D
Question #: 14
Topic #: 1
Where should distributed load balancing occur in a horizontally scalable architecture?
A. firewall-side/policy load balancing
B. network-side/central load balancing
C. service-side/remote load balancing
D. client-side/local load balancing
Selected Answer: D
Question #: 15
Topic #: 1
Which two statements about a stateless application are true? (Choose two.)
A. Different requests can be processed by different servers.
B. Requests are based only on information relayed with each request.
C. Information about earlier requests must be kept and must be accessible.
D. The same server must be used to process all requests that are linked to the same state.
E. No state information can be shared across servers.
Selected Answer: AB
Question #: 16
Topic #: 1
Which statement about microservices architecture is true?
A. Applications are written in a single unit.
B. It is a complex application composed of multiple independent parts.
C. It is often a challenge to scale individual parts.
D. A single faulty service can bring the whole application down.
Selected Answer: B
Question #: 17
Topic #: 1
DRAG DROP –
Drag and drop the characteristics from the left onto the correct data processing techniques on the right, in the context of GDPR.
Select and Place:
Suggestion Answer:
Question #: 18
Topic #: 1
Which two data encoding techniques are supported by gRPC? (Choose two.)
A. XML
B. JSON
C. ASCII
D. ProtoBuf
E. YAML
Selected Answer: BD
Question #: 19
Topic #: 1
Refer to the exhibit. Which two functions are performed by the load balancer when it handles traffic originating from the Internet destined to an application hosted on the file server farm? (Choose two.)
A. Terminate the TLS over the UDP connection from the router and originate an HTTPS connection to the selected server.
B. Terminate the TLS over the UDP connection from the router and originate an HTTP connection to the selected server.
C. Terminate the TLS over the TCP connection from the router and originate an HTTP connection to the selected server.
D. Terminate the TLS over the TCP connection from the router and originate an HTTPS connection to the selected server.
E. Terminate the TLS over the SCTP connection from the router and originate an HTTPS connection to the selected server.
Selected Answer: CD
Question #: 20
Topic #: 1
Which transport protocol is used by gNMI?
A. HTTP/2
B. HTTP 1.1
C. SSH
D. MQTT
Selected Answer: A
Question #: 21
Topic #: 1
DRAG DROP –
Refer to the exhibit. Drag and drop the steps from the left into the correct order of operation on the right for a successful OAuth2 three-legged authorization code grant flow.
Select and Place:
Suggestion Answer:
Question #: 22
Topic #: 1
A developer plans to create a new bugfix branch to fix a bug that was found on the release branch.
Which command completes the task?
A. git checkout -t RELEASE BUGFIX
B. git checkout -b RELEASE BUGFIX
C. git checkout -t BUGFIX RELEASE
D. git checkout -b BUGFIX RELEASE
Selected Answer: D
Question #: 23
Topic #: 1
Which Git command enables the developer to revert back to f414f31 commit to discard changes in the current working tree?
A. git reset –hard f414f31
B. git reset checkout –hard f414f31
C. git reset –soft f414f31
D. git checkout f414f31
Selected Answer: A
Question #: 24
Topic #: 1
An application has these characteristics:
* provide one service or function
* distributed database
* API gateway
* central repository for code
* configuration database
* uses session management
Which two design approaches contribute to the scalability of the application? (Choose two.)
A. session management in a stateless architecture
B. modular design iteration
C. distributed computing with tightly coupled components
D. built to scale based on a star topology
E. planned before the first device is deployed
Selected Answer: AB
Question #: 25
Topic #: 1
How is AppDynamics used to instrument an application?
A. Enables instrumenting a backend web server for packet installation by using an AppDynamics agent.
B. Retrieves a significant amount of information from the perspective of the database server by using application monitoring.
C. Provides visibility into the transaction logs that can be correlated to specific business transaction requests.
D. Monitors traffic flows by using an AppDynamics agent installed on a network infrastructure device.
Selected Answer: C
Question #: 26
Topic #: 1
Refer to the exhibit. Which action will complete the workflow that represents how an API call sends multiple messages?
A. {PUT} messages(roomID)
B. {PUT} messages(BearerToken)
C. {POST} messages(roomID)
D. {POST} messages(BearerToken)
Selected Answer: D
Question #: 27
Topic #: 1
DRAG DROP –
Drag and drop the application requirement on the left onto the database type that should be selected for the requirement on the right.
Select and Place:
Suggestion Answer:
Question #: 28
Topic #: 1
What is the function of dependency management?
A. separating code into modules that execute independently
B. utilizing a single programming language/framework for each code project
C. automating the identification and resolution of code dependencies
D. managing and enforcing unique software version names or numbers
Selected Answer: C
Question #: 29
Topic #: 1
Which two types of organization are subject to GDPR? (Choose two.)
A. only organizations that operate outside the EU
B. any organization that offers goods or services to customers in the EU
C. only organizations that have offices in countries that are part of the EU
D. any organization that operates within the EU
E. only organizations that physically reside in the EU
Selected Answer: BD
Question #: 30
Topic #: 1
What is a benefit of continuous testing?
A. increases the number of bugs found in production
B. enables parallel testing
C. removes the requirement for test environments
D. decreases the frequency of code check-ins
Selected Answer: B
Question #: 31
Topic #: 1
What is a characteristic of a monolithic architecture?
A. It is an application with multiple independent parts.
B. New capabilities are deployed by restarting a component of the application.
C. A service failure can bring down the whole application.
D. The components are platform-agnostic.
Selected Answer: C
Question #: 32
Topic #: 1
What are two principles according to the build, release, run principle of the twelve-factor app methodology? (Choose two.)
A. Code changes are able to be made at runtime.
B. Separation between the build, release, and run phases.
C. Releases should have a unique identifier.
D. Existing releases are able to be mutated after creation.
E. Release stage is responsible for compilation of assets and binaries.
Selected Answer: BC
Question #: 33
Topic #: 1
What is a well-defined concept for GDPR compliance?
A. Data controllers must confirm to data subjects as to whether, where, and why personal data is being processed.
B. Personal data that was collected before the compliance standards were set do not need to be protected.
C. Compliance standards apply to organizations that have a physical presence in Europe.
D. Records that are relevant to an existing contract agreement can be retained as long as the contract is in effect.
Selected Answer: A
Question #: 34
Topic #: 1
Given an application that implements a basic search function as well as a video upload function, which two load-balancing approaches optimize the application’s user experience? (Choose two.)
A. Video upload requests should be routed to the endpoint using an intermediate hop.
B. Search requests should be routed to the endpoint with lowest round-trip latency.
C. Video upload requests should be routed to the endpoint with lowest round-trip latency.
D. Video upload requests should be routed to the endpoint with highest data throughput.
E. Search requests should be routed to the endpoint with highest data throughput.
Selected Answer: BD
Question #: 35
Topic #: 1
A developer is working on a bug fix. The existing branch named ‘bugfix05328’ needs to be merged with the current working primary branch named
‘prim404880077’. All changes must be integrated into a single commit instead of preserving them as individual commits. Which git command must be used?
A. git checkout ג€” ג€”squash bugfix05328
B. git merge ג€” ג€”squash bugfix05328
C. git rebase ג€” ג€”merge bugfix05328
D. git push ג€” ג€”rebase bugfix05328
Selected Answer: B
Question #: 36
Topic #: 1
A developer has completed the implementation of a REST API, but when it is executed, it returns a 401 error message.
What must be done on the API to resolve the issue?
A. Access permission to the resource must be granted, before the request.
B. Configure new valid credentials.
C. The requested API endpoint does not exist, and the request URL must be changed.
D. Additional permission must be granted before the request can submitted.
Selected Answer: B
Question #: 37
Topic #: 1
Refer to the exhibit. Many faults have occurred in the ACI environment and a sample of them needs to be examined.
Which API call retrieves faults 31 through 45?
A. GET https://apic-ip-address/api/class/faultInfo.json\?order-by=faultInst.severity|desc&page=1&page-size=15
B. GET https://apic-ip-address/api/class/faultInfo.json\?order-by=faultInst.severity|desc&page=2&page-size=15
C. GET https://apic-ip-address/api/class/faultInfo.json\?order-by=faultInst.severity|desc&page-size=30
D. GET https://apic-ip-address/api/class/faultInfo.json\?order-by=faultInst.severity|desc&page=2&page-size=30
Selected Answer: B
Question #: 38
Topic #: 1
Refer to the exhibit. The cURL POST request creates an OAuth access token for authentication with FDM API requests.
What is the purpose of the file `@token_data` that cURL is handling?
A. This file is a container to log possible error responses in the request.
B. This file is given as input to store the access token received from FDM.
C. This file is used to send authentication-related headers.
D. This file contains raw data that is needed for token authentication.
Selected Answer: D
Question #: 39
Topic #: 1
DRAG DROP –
Drag and drop the expressions from below onto the code to implement error handling. Not all options are used.
Select and Place:
Suggestion Answer:
Question #: 40
Topic #: 1
User report that they can no longer able to process transactions with the online ordering application, and the logging dashboard is displaying these messages.
Fri Jan 10 19:37:31.123 EST 2020 [FRONTEND] INFO: Incoming request to add item to cart from user 45834534858
Fri Jan 10 19:37:31.247 EST 2020 [BACKEND] INFO: Attempting to add item to cart
Fri Jan 10 19:37:31.250 EST 2020 [BACKEND] ERROR: Failed to add item: MYSQLDB ERROR: Connection refused
What is causing the problem seen in these log messages?
A. The database server container has crashed.
B. The backend process is overwhelmed with too many transactions.
C. The backend is not authorized to commit to the database.
D. The user is not authorized to add the item to their cart.
Selected Answer: A
Question #: 41
Topic #: 1
Refer to the exhibit. An Intersight API is being used to query RackUnit resources that have a tag keyword set to `Site`.
What is the expected output of this command?
A. list of all resources that have a tag with the keyword ג€Siteג€
B. error message because the Value field was not specified
C. error message because the tag filter should be lowercase
D. list of all sites that contain RackUnit tagged compute resources
Selected Answer: A
Question #: 42
Topic #: 1
A user is receiving a 429 Too Many Requests error.
Which scheme is the server employing that causes this error?
A. rate limiting
B. time outs
C. caching
D. redirection
Selected Answer: A
Question #: 43
Topic #: 1
Refer to the exhibit. Which line of code must be added to this code snippet to allow an application to pull the next set of paginated items?
A. requests.get(url, links=[‘next’][‘url’])
B. requests.get(url, headers=links[‘next’][‘url’])
C. requests.get(res.links[‘next’][‘url’], headers=headers)
D. requests.get(res.headers.get(‘Link’)[‘next’][‘url’], headers=headers)
Selected Answer: C
Question #: 44
Topic #: 1
An ETag header is included in the HTTP response for an API resource.
What are two benefits of using the value of the ETag for future interactions involving the same API resource? (Choose two.)
A. caching and optimization of response payloads
B. creating conditional requests
C. categorizing and comparing this API resource with others
D. checking the integrity of the resource
E. requesting the list of operations authorized for this resource
Selected Answer: AB
Question #: 45
Topic #: 1
Refer to the exhibit. An application uses an API to periodically sync a large data set.
Based on the HTTP message sequence provided, which statements are true about the caching behavior seen in the scenario? (Choose two.)
A. The full dataset was transmitted to the client twice.
B. The dataset changed sometime between message #4 and #5.
C. A partial dataset was transmitted to the client in message #4.
D. The dataset did not change during the scenario.
E. Messages #3 and #5 are equivalent.
Selected Answer: AD
Question #: 46
Topic #: 1
DRAG DROP –
Refer to the exhibit. Drag and drop the code snippets from the left onto the item numbers on the right that match the missing sections in the cURL exhibit to complete the cURL request to FirePower Device Manager API to create objects. Not all code snippets are used.
Select and Place:
Suggestion Answer:
Question #: 47
Topic #: 1
Which RFC5988 (Web Linking) relation type is used in the Link header to control pagination in APIs?
A. rel=ג€indexג€
B. rel=ג€pageג€
C. rel=ג€nextג€
D. rel=ג€sectionג€
Selected Answer: C
Question #: 48
Topic #: 1
A client is written that uses a REST API to interact with a server. Using HTTPS as the transport, an HTTP request is sent and received an HTTP response. The response contains the HTTP response status code: 503 Service Unavailable.
Which action is the appropriate response?
A. Add an Authorization header that supplies appropriate credentials and sends the updated request.
B. Resend the request using HTTP as the transport instead of HTTPS.
C. Add an Accept header that indicates the content types that the client understands and send the updated request.
D. Look for a Retry-After header in the response and resend the request after the amount of time indicated.
Selected Answer: D
Question #: 49
Topic #: 1
Refer to the exhibit. Two editors are concurrently updating an article’s headline from their mobile devices.
What results from this scenario based on this REST API sequence?
A. The article is marked as ג€Conflictedג€
B. The article headline is ג€Monday Headlinesג€
C. The article headline is ג€Today Headlinesג€
D. The article headline is ג€Top Headlinesג€
Selected Answer: D
Question #: 50
Topic #: 1
An application uses OAuth to get access to several API resources on behalf of an end user.
What are two valid parameters to send to the authorization server as part of the first step of an authorization code grant flow? (Choose two.)
A. URI to which the authorization server will send the user-agent back when access is granted or denied
B. list of the API resources that the application is requesting to access
C. secret that was generated by the authorization server when the application registered as an OAuth integration
D. list of scopes that correspond to the API resources to which the application is requesting to access
E. name of the application under which the application registered as an OAuth integration
Selected Answer: AD
Question #: 51
Topic #: 1
DRAG DROP –
Refer to the exhibit above and click on the tab in the top left corner to view a diagram that describes the typical flow of requests involved when a webhook is created for a booking service. Drag and drop the requests from the left onto the item numbers on the right that match the missing sections in the sequence diagram to design the complete flow of requests involved as a booking is updated from a web application.
Select and Place:
Suggestion Answer:
Question #: 52
Topic #: 1
DRAG DROP –
Refer to the exhibit above and click on the resource tabs in the top left corner to view resources to help with this question. Python code that uses the UCS Python
SDK is instantiating a service profile named `devcore-server-01` from service profile template `devcore_template`, then associating the service profile instance to blade 3 in chassis 7. Drag and drop the code snippets from the left onto the item numbers on the right that match the missing sections in the Python exhibit.
Select and Place:
Suggestion Answer:
Question #: 53
Topic #: 1
DRAG DROP –
Refer to the exhibit above and click on the Meraki Resources tab in the top left corner to view Meraki documentation to help with this question. Drag and drop the parts of the Python code from the left onto the item numbers on the right that match the missing sections in the exhibit to enable an SSID. Not all code parts are used.
Select and Place:
Suggestion Answer:
Question #: 54
Topic #: 1
DRAG DROP –
Drag and drop the expressions from below onto the code to implement error handling. Not all options are used.
Select and Place:
Suggestion Answer:
Question #: 55
Topic #: 1
Refer to the exhibit. An application’s REST API GET call is tested to the inventory database.
Which missing code must be included to limit the number of values that are returned from the query to 20?
A. ?inventory=20
B. inventory?limit=20
C. limit=?20
D. inventory=limit?20
Selected Answer: B
Question #: 56
Topic #: 1
Which security approach should be used for developing a REST API?
A. Add an API key to each URL string.
B. Use custom security relevant HTTP response codes.
C. Utilize CORS headers.
D. Utilize TLS for end-to-end encryption.
Selected Answer: D
Question #: 57
Topic #: 1
Refer to the exhibit. The application follows a containerized microservices architecture that has one container per microservice. The microservices communicate with each other by using REST APIs. The double-headed arrows in the diagram display chains of synchronous HTTP calls needed for a single user request.
Which action ensures the resilience of the application in the scope of a single user request?
A. Implement retries with exponential backoff during HTTP API calls.
B. Set up multiple instances of each microservice in active/active mode by using the Orchestrator.
C. Redesign the application to be separated into these three layers: Presentation, API, and Data.
D. Create two virtual machines that each host an instance of the application and set up a cluster.
Selected Answer: A
Question #: 58
Topic #: 1
DRAG DROP –
Drag and drop the steps on the left into the order on the right for an end-user to access an OAuth2 protected resource using the ‘Authorization Code Grant’ flow.
Select and Place:
Suggestion Answer:
Question #: 59
Topic #: 1
In the three-legged OAuth2 authorization workflow, which entity grants access to a protected resource?
A. resource owner
B. client
C. resource server
D. authorization server
Selected Answer: D
Question #: 60
Topic #: 1
What are two steps in the OAuth2 protocol flow? (Choose two.)
A. The user is authenticated by the authorization server and granted an access token.
B. The user’s original credentials are validated by the resource server and authorization is granted.
C. The user indirectly requests authorization through the authorization server.
D. The user requests an access token by authentication and authorization grant presentation.
E. The user requests the protected resource from the resource server using the original credentials.
Selected Answer: CE
