350-901 — DEVCOR DevNet Core Study Guide

Which HTTP status code indicates that a request was successful and a new resource was created?

• A 201 Created ✓ Correct
• B 202 Accepted
• C 200 OK
• D 204 No Content

When designing a REST API, which principle best describes the use of HTTP methods to perform operations on resources?

• A Use GET for all read and write operations to simplify client implementation
• B Use POST exclusively since it supports any payload structure without restrictions
• C HTTP method selection is arbitrary as long as the URI path clearly indicates the operation
• D Match HTTP methods to intended operations: GET for retrieval, POST for creation, PUT/PATCH for updates, DELETE for removal ✓ Correct

What is the primary purpose of implementing retry logic with exponential backoff in API clients?

• A To increase the total number of requests sent to the server
• B To improve API response time by spreading requests across multiple time intervals
• C To ensure that every request eventually succeeds regardless of network conditions
• D To avoid overwhelming a service during temporary failures by progressively increasing wait times between retry attempts ✓ Correct

In a Python application using the requests library, how would you properly handle JSON parsing errors when consuming an external API?

• A Use a try-except block to catch json.JSONDecodeError and requests.exceptions.JSONDecodeError ✓ Correct
• B Always check the Content-Type header manually before attempting to parse JSON
• C Implement a custom JSON parser that skips malformed data silently
• D Call response.json() without error handling since the requests library validates JSON automatically

Which authentication method is most appropriate for server-to-server API communication where credentials need to be included with every request?

• A API Key passed in request headers ✓ Correct
• B Session cookies with CSRF protection
• C HTTP Basic Authentication
• D OAuth 2.0 Authorization Code Flow

What does the term 'idempotency' mean in the context of REST API design?

• A The API response time remains constant regardless of server load
• B The server automatically caches responses for faster subsequent retrieval
• C Multiple identical requests produce the same result as a single request without side effects ✓ Correct
• D All requests must include authentication credentials in the header

When implementing a webhook receiver, which of the following is a critical security consideration?

• A Store webhook payloads in plain text for easy debugging
• B Disable HTTPS for webhook endpoints to reduce latency
• C Accept webhooks from any source to maximize integration flexibility
• D Verify the signature or token provided by the webhook sender to authenticate the source ✓ Correct

In YAML configuration files, what does the ampersand (&) symbol do?

• A Creates an anchor that allows reusing the same content elsewhere in the file ✓ Correct
• B Marks a required field that must have a value
• C Denotes a comment that will be ignored by parsers
• D Indicates a string concatenation operation

How does JSON Web Token (JWT) authentication differ from session-based authentication in REST APIs?

• A JWTs can only be used for mobile applications while sessions work for all client types
• B JWTs require server-side session storage while sessions are stateless
• C Sessions are more secure because they don't expose user data like JWTs do
• D JWTs are stateless tokens containing encoded information that the client sends with each request, whereas sessions require server-side storage and session IDs ✓ Correct

When writing unit tests for API endpoints, what is the primary purpose of using mock objects?

• A To permanently replace all external services in production
• B To increase test execution speed by skipping assertions
• C To document the expected API response format for client developers
• D To simulate external dependencies without making actual API calls or database queries ✓ Correct

In Python, what is the purpose of using the 'with' statement when opening files or creating connections?

• A To establish a connection pool for concurrent operations
• B To create a conditional block that executes only if a resource is available
• C To ensure proper resource cleanup by automatically calling context manager methods even if exceptions occur ✓ Correct
• D To declare variables with limited scope that expire after the block

What is the primary benefit of using environment variables for API credentials in application code?

• A They prevent accidental exposure of sensitive data in version control and allow different credentials per deployment environment without code changes ✓ Correct
• B Environment variables are encrypted by the operating system automatically
• C They enable automatic credential rotation without application restart
• D They improve API performance by reducing the number of authentication requests

Which testing approach focuses on verifying the interaction between integrated components without mocking internal dependencies?

• A Performance testing
• B End-to-end testing
• C Integration testing ✓ Correct
• D Unit testing

In the context of API rate limiting, what is 'token bucket' algorithm used for?

• A Generating unique identifiers for each API request
• B Allowing a certain number of requests per time period with burst capacity for temporary spikes ✓ Correct
• C Storing authentication tokens in a database bucket for quick lookup
• D Encrypting request payloads before transmission

What does the 'Content-Negotiation' mechanism in HTTP allow clients to do?

• A Negotiate the price of API usage with the service provider
• B Specify preferred response formats (like JSON or XML) and the server selects the best match using Accept headers ✓ Correct
• C Determine the geographic location of the API server
• D Request compression of large responses automatically

When implementing CI/CD pipelines, what is the primary purpose of the 'build' stage?

• A To document code changes for compliance purposes
• B To compile source code, run tests, and create deployable artifacts ✓ Correct
• C To deploy the application to production servers
• D To monitor application performance in production

In Docker, what is the difference between the COPY and ADD instructions in a Dockerfile?

• A COPY copies local files into the image while ADD adds both files and supports URL sources with automatic tar extraction ✓ Correct
• B ADD is the legacy instruction replaced by COPY in modern Docker versions
• C They are identical and can be used interchangeably
• D COPY only works for files while ADD only works for directories

What is the purpose of using a message queue in distributed systems architecture?

• A To replace the need for databases in applications
• B To decouple services by allowing asynchronous message passing and handling traffic spikes through buffering ✓ Correct
• C To encrypt all communication between microservices
• D To provide a backup storage for API responses

In a Python requests session, what advantage does using Session objects provide over individual request calls?

• A They allow unlimited concurrent requests without throttling
• B Session objects automatically retry failed requests without explicit configuration
• C They maintain connection pooling, cookies, and headers across multiple requests, reducing overhead and improving performance ✓ Correct
• D They provide built-in encryption for all traffic

What is the primary use case for GraphQL compared to traditional REST APIs?

• A GraphQL provides better caching than REST APIs by default
• B GraphQL is simpler to implement and requires less server processing
• C Clients can request exactly the fields they need in a single query, reducing over-fetching and under-fetching problems ✓ Correct
• D GraphQL automatically handles all security concerns without additional configuration

When designing microservices, what pattern is used to handle failures when one service calls another unreliable service?

• A Load balancing across multiple instances of the service
• B Circuit breaker pattern that stops sending requests to a failing service and provides fallback behavior ✓ Correct
• C Increasing the timeout duration for all service calls
• D Always caching responses to avoid calling the service

In Kubernetes, what is the purpose of a 'Service' resource?

• A To manage network policies and firewall rules for the cluster
• B To expose pods as a stable network endpoint with load balancing and service discovery ✓ Correct
• C To configure persistent storage for stateful applications
• D To define the container image and runtime environment for applications

What does the Hypertext Transfer Protocol Secure (HTTPS) protocol provide that HTTP does not?

• A Faster request processing and reduced latency
• B Encryption of data in transit and verification of server identity through certificates ✓ Correct
• C Automatic caching of responses on the client side
• D Protection against rate limiting and DDoS attacks

In API documentation tools like Swagger/OpenAPI, what is the primary benefit of defining specifications in a standardized format?

• A It guarantees that the API will achieve 100% uptime
• B It enables automatic code generation for client SDKs, server stubs, and interactive documentation that stays synchronized with implementation ✓ Correct
• C It replaces the need for version control systems
• D It automatically prevents all security vulnerabilities in the API

What is the primary difference between 'push' and 'pull' deployment models in DevOps?

• A Pull deployments require human approval while push deployments are fully automated
• B Push deployment sends configurations from a central server to target nodes; pull deployment has nodes request configurations from a server, providing better control and auditability ✓ Correct
• C Push deployments are faster while pull deployments are more secure
• D Push and pull refer to different database replication strategies

Which HTTP status code indicates that a request was successful and a new resource was created on the server?

• A 202 Accepted
• B 204 No Content
• C 200 OK
• D 201 Created ✓ Correct

What is the primary purpose of using environment variables in Python applications?

• A To encrypt sensitive data automatically
• B To reduce memory consumption during runtime
• C To store configuration values that may change between deployment environments ✓ Correct
• D To increase the execution speed of the application

In RESTful API design, which HTTP method should be used to modify an existing resource at a specific URI?

• A POST
• B GET
• C DELETE
• D PUT ✓ Correct

Which of the following best describes the role of a webhook in API integration?

• A A load balancing strategy that distributes API requests across multiple servers
• B A security protocol that encrypts all data transmitted between client and server
• C A caching layer that improves API response times by storing frequently requested data
• D A mechanism for the API server to push real-time notifications to a client application when specific events occur ✓ Correct

What is the primary advantage of using API pagination?

• A It improves server performance by limiting the amount of data processed and returned in a single response ✓ Correct
• B It eliminates the need for database indexing on large tables
• C It automatically encrypts sensitive data in API responses
• D It reduces the total bandwidth required for API responses across multiple requests

In Python, what is the purpose of the `requests` library?

• A To manage database connections and execute SQL queries
• B To parse and validate JSON schema documents
• C To make HTTP requests and handle responses in a simplified manner ✓ Correct
• D To provide cryptographic functions for secure data transmission

Which authentication method sends credentials with every HTTP request and should only be used over HTTPS?

• A HTTP Basic Authentication ✓ Correct
• B JWT token-based authentication
• C API Key authentication via headers
• D OAuth 2.0

What does the YAML format excel at compared to JSON?

• A It supports more complex data types than JSON can represent
• B It offers faster parsing performance in all programming languages
• C It is more human-readable and supports comments natively ✓ Correct
• D It provides better compression of data for network transmission

When designing an API, what does the term 'idempotency' refer to?

• A The measure of how quickly an API responds to client requests
• B Making identical requests multiple times produces the same result without unintended side effects ✓ Correct
• C The ability of an API to handle concurrent requests from multiple clients without data corruption
• D The encryption standard used to secure sensitive data in transit

What is the primary benefit of using JSON Web Tokens (JWT) for authentication in microservices?

• A JWTs reduce the bandwidth required for API requests by compressing the payload data
• B JWTs are self-contained and do not require server-side session storage, enabling stateless authentication across distributed systems ✓ Correct
• C JWTs automatically prevent SQL injection attacks on backend databases
• D JWTs are encrypted using government-approved cryptographic standards

In the context of CI/CD pipelines, what is the primary purpose of a webhook trigger?

• A To manually approve deployments before they proceed to production
• B To automatically start a pipeline when changes are pushed to the repository ✓ Correct
• C To encrypt all artifacts generated during the pipeline execution
• D To backup source code repositories to an external storage service

Which of the following statements best describes the difference between REST and SOAP?

• A REST requires more processing power and is slower than SOAP for large payloads
• B SOAP is simpler to implement and debug compared to REST-based architectures
• C REST uses XML while SOAP uses JSON for all data exchanges
• D SOAP is a protocol with strict specifications while REST is an architectural style using HTTP methods and status codes ✓ Correct

What is the purpose of using versioning in APIs?

• A To limit the number of API calls a single client can make per hour
• B To allow multiple versions of an API to coexist, enabling backward compatibility while introducing new features or changes ✓ Correct
• C To encrypt different versions of API responses based on client authentication levels
• D To track the number of times an API endpoint has been called by clients

In Python, what does the `json.loads()` function do?

• A It converts a JSON string into a Python dictionary or list ✓ Correct
• B It compresses JSON data to reduce file size for storage
• C It writes a Python dictionary to a file in JSON format
• D It validates JSON syntax without converting it to Python objects

What is the significance of the Content-Type header in HTTP requests?

• A It limits the maximum size of the request payload that can be accepted
• B It specifies the format of the request body so the server can parse it correctly ✓ Correct
• C It determines which database table should be queried by the server
• D It encrypts the request body using the specified content encoding algorithm

Which Python module is commonly used to parse and manipulate XML data?

• A xml.etree.ElementTree ✓ Correct
• B requests.xmllib
• C urllib.xmltree
• D json.xmlparser

In RESTful API design, what does the concept of 'resource representation' mean?

• A The visual design of API documentation on a web browser
• B A specific format (JSON, XML, etc.) showing the current or desired state of a resource ✓ Correct
• C The number of database queries required to fetch a single API resource
• D The compression algorithm used to minimize bandwidth when transferring resources

What is the primary advantage of using a configuration management tool like Ansible compared to manual server configuration?

• A It encrypts all data in transit between the control node and managed nodes using AES-256
• B It provides real-time monitoring and alerting for all infrastructure metrics
• C It automatically generates API documentation from your infrastructure configuration
• D It enables reproducible, version-controlled infrastructure changes across multiple servers simultaneously ✓ Correct

When implementing error handling in APIs, what is the best practice for including error details in the response?

• A Include the complete Python stack trace in every error response for debugging purposes
• B Provide meaningful error codes and messages that help clients understand and recover from the error without exposing internal system details ✓ Correct
• C Return generic error messages to prevent exposing sensitive system information to potential attackers
• D Always return HTTP 500 status code regardless of the error type to maintain consistency

What does the HTTP PATCH method accomplish that PUT does not?

• A PATCH automatically handles concurrency conflicts better than PUT
• B PATCH allows partial updates to a resource, while PUT replaces the entire resource ✓ Correct
• C PATCH provides faster performance for large resource updates
• D PATCH supports compression of request payloads while PUT does not

In Python, what is the purpose of using a virtual environment?

• A To encrypt Python source code before deployment to production servers
• B To improve Python script execution speed by precompiling bytecode
• C To simulate a production server environment on a local development machine
• D To isolate project dependencies, preventing conflicts between packages used in different projects ✓ Correct

What is the primary purpose of rate limiting in an API?

• A To prevent abuse by restricting the number of requests a client can make within a specific time window ✓ Correct
• B To ensure that all clients receive responses in the exact same order they were requested
• C To gradually increase API response times during high traffic periods
• D To automatically compress API responses to reduce bandwidth consumption

Which of the following best describes the relationship between Docker containers and virtual machines?

• A Docker containers are heavier and consume more resources than virtual machines
• B Virtual machines are deprecated and have been completely replaced by Docker containers in modern development
• C Docker containers and virtual machines are identical technologies with different naming conventions
• D Docker containers share the host OS kernel while virtual machines each run a complete OS, making containers more lightweight ✓ Correct

In the context of microservices architecture, what problem does service discovery solve?

• A It encrypts all inter-service communication using industry-standard protocols
• B It enables services to locate and communicate with each other dynamically, especially as services are added, removed, or scaled ✓ Correct
• C It monitors and logs all API calls between different microservices for compliance purposes
• D It automatically generates documentation for all microservices in the architecture

What is the primary security concern when storing API credentials in version control systems?

• A Storing credentials in version control improves performance by caching authentication tokens
• B Version control systems cannot handle large credential files efficiently
• C Credentials stored in version control history become exposed if the repository is compromised, even if later deleted from the current branch ✓ Correct
• D Version control systems automatically reject credentials due to built-in security policies

Which of the following accurately describes the purpose of CORS (Cross-Origin Resource Sharing) headers?

• A To encrypt API responses before sending them to cross-origin clients
• B To ensure that all cross-origin requests are logged and audited for security purposes
• C To automatically compress API responses for cross-origin requests to reduce bandwidth
• D To allow or restrict API access from web applications running on different domains than the API server ✓ Correct

In DevOps practices, what is the primary benefit of infrastructure as code (IaC)?

• A It enables infrastructure to be version-controlled, tested, and deployed repeatably using the same processes as application code ✓ Correct
• B It provides a graphical user interface for managing cloud infrastructure resources without technical knowledge
• C It automatically converts infrastructure requirements into executable application code without manual intervention
• D It allows developers to write code in multiple programming languages simultaneously for the same project

When implementing API rate limiting in a Python application using the requests library, which approach best prevents exceeding a third-party API's limits?

• A Use a fixed 1-second delay between all requests regardless of API response headers
• B Cache responses indefinitely to avoid making repeated requests to the same endpoint
• C Send all requests simultaneously and handle 429 responses by discarding data
• D Implement exponential backoff with retry logic and respect the Retry-After header ✓ Correct

Which of the following best describes the relationship between OpenAPI specifications and API documentation generation tools like Swagger UI?

• A OpenAPI specifications are only used for REST APIs, while Swagger UI supports all API types including GraphQL
• B OpenAPI provides a machine-readable definition that Swagger UI consumes to automatically generate interactive API documentation ✓ Correct
• C OpenAPI and Swagger UI are competing standards that serve the same purpose but cannot be used together
• D Swagger UI creates OpenAPI specifications that developers must then implement in their code

In a microservices architecture using Docker containers, what is the primary advantage of using Docker Compose for local development versus deploying directly to Kubernetes?

• A Docker Compose allows rapid local testing of multi-container applications with simpler configuration, while Kubernetes introduces additional complexity not needed for development ✓ Correct
• B Docker Compose automatically scales containers horizontally across multiple machines in production
• C Docker Compose provides better security isolation than Kubernetes for sensitive microservices
• D Kubernetes cannot run containers locally, making Docker Compose the only option for any development work

When designing a CI/CD pipeline using Jenkins or GitLab CI, which practice best ensures that code quality issues are caught before merging to the main branch?

• A Perform code quality checks manually during the code review process to ensure thorough human inspection
• B Configure automated linting, unit tests, and SAST scanning to run on every pull request before merge approval is allowed ✓ Correct
• C Run security scans only on the main branch after code has been merged to catch issues early
• D Deploy to production first, then run tests to validate that the code works in the actual environment

In the context of RESTful API design, what is the most appropriate HTTP status code and action when a client attempts to modify a resource they do not have permission to access?

• A Return 401 Unauthorized and prompt the user to authenticate regardless of their current authentication status
• B Return 403 Forbidden to indicate the request is understood but access is denied, and log the unauthorized attempt ✓ Correct
• C Return 500 Internal Server Error and alert administrators about the access attempt
• D Return 404 Not Found to hide the existence of the resource from unauthorized users

Which approach most effectively secures API credentials and secrets in an application deployed to a Kubernetes cluster?

• A Store all credentials in plain text configuration files committed to the Git repository with restricted file permissions
• B Embed credentials directly in Docker images and tag them with the secret values for easy reference
• C Store credentials in Kubernetes Secrets, mount them as environment variables or files, and implement RBAC to restrict access to Secret objects ✓ Correct
• D Hard-code credentials in the application source code and rely on network-level security to prevent exposure

When consuming a REST API that returns paginated results, which strategy best balances performance and data completeness when retrieving all records?

• A Retrieve results without pagination and parse the entire response body even if it causes memory issues
• B Request all results in a single query with limit=999999 to retrieve everything at once and avoid network overhead
• C Make concurrent requests to all pages simultaneously without waiting for responses to complete faster
• D Implement pagination loops with appropriate page size, respect rate limits and Retry-After headers, and aggregate results efficiently ✓ Correct

In a Python Flask or Django application, what is the purpose of implementing input validation at the API endpoint level?

• A To improve application performance by filtering requests before they reach the database layer
• B Input validation is primarily a frontend responsibility and backend validation is optional
• C To reject malformed or malicious requests early, prevent injection attacks, and ensure only valid data reaches business logic ✓ Correct
• D To provide user-friendly error messages that explain how the API should be used correctly

When implementing infrastructure-as-code using tools like Terraform or CloudFormation, what is a key advantage of version controlling the configuration files?

• A Configuration changes are tracked, can be reviewed via pull requests, enable rollback to previous versions, and provide audit trails for compliance ✓ Correct
• B It allows multiple team members to modify production infrastructure simultaneously without any coordination
• C Version control reduces the size of infrastructure configurations by compressing the files automatically
• D Version control eliminates the need for documentation because the code is self-documenting

In the context of API testing, what distinguishes integration testing from unit testing, and why is each important in a DevOps pipeline?

• A Unit tests validate individual API endpoints in isolation, while integration tests validate interactions between multiple services and external dependencies; both are essential for comprehensive coverage ✓ Correct
• B Unit tests should only be run during development, while integration tests are production-only validations
• C Integration testing is only needed for monolithic applications while unit testing applies to microservices
• D Integration tests are faster and cheaper than unit tests, so they should replace unit testing entirely