🔌 Using APIs - DEVCOR Practice Questions

Master REST, SOAP, GraphQL APIs, webhooks, pagination, rate limiting, and how to consume and build APIs for network and infrastructure automation.

21Questions Available
1Exam Domains

Practice APIs Questions Now

Start a timed practice session focusing on Using APIs topics from the DEVCOR question bank.

Start DEVCOR Practice Quiz →

DEVCOR APIs Question Bank (21 Questions)

Browse all 21 practice questions covering Using APIs for the DEVCOR certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

  1. Question 1Using APIs

    Which API pagination approach uses a cursor/token to fetch the next page of results?

    AOffset-based pagination
    BCursor-based pagination
    CPage number pagination
    DRandom pagination
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cursor-based pagination uses an opaque cursor/token (often the last item's ID) to fetch the next page. It's more efficient than offset-based for large datasets because it doesn't skip rows and handles real-time data changes better.

  2. Question 2Using APIs

    What advantage does GraphQL provide over traditional REST APIs?

    AGraphQL uses XML instead of JSON
    BClients specify exactly which fields they need, preventing over-fetching and under-fetching of data
    CGraphQL eliminates the need for authentication
    DGraphQL only supports GET requests
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    GraphQL allows clients to request exactly the data they need in a single query, avoiding over-fetching (getting unnecessary fields) and under-fetching (needing multiple requests). The schema defines available types and relationships.

  3. Question 3Using APIs

    What is API rate limiting and how should clients handle HTTP 429 responses?

    ARate limiting blocks all API access permanently
    BIt restricts the number of requests per time period; clients should implement exponential backoff and retry
    CRate limiting only applies to GET requests
    DClients should switch to a different API
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Rate limiting restricts the number of API requests a client can make per time window (e.g., 100 requests/minute). HTTP 429 (Too Many Requests) signals the limit is exceeded; clients should use exponential backoff with jitter before retrying.

  4. Question 4Using APIs

    Which HTTP method is idempotent and used to update an entire resource?

    APOST
    BPUT
    CPATCH
    DDELETE
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    PUT is idempotent — calling it multiple times with the same data produces the same result. It replaces the entire resource at the specified URI. PATCH partially updates a resource; POST creates a new resource (not idempotent).

  5. Question 5Using APIs

    What is pagination in REST APIs?

    APage layout
    BBreaking large result sets into smaller pages with metadata (total count, next/prev links) to improve performance and usability
    CPrinting pages
    DDocument formatting
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Pagination strategies: offset-based (?page=2&per_page=25), cursor-based (after=eyJpZCI6MTB9), keyset-based (after_id=100). Include total count, next/prev links. Cursor-based is preferred for large/changing datasets.

  6. Question 6Using APIs

    How do webhooks differ from polling for receiving event notifications from an API?

    AWebhooks require the client to repeatedly check for updates
    BWebhooks push notifications to a client's URL when events occur, eliminating the need for repeated polling
    CWebhooks are slower than polling
    DWebhooks only work with SOAP APIs
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Webhooks use a push model — the server sends HTTP POST requests to a registered callback URL when events occur. This is more efficient than polling (repeatedly checking for changes), reducing latency and unnecessary API calls.

  7. Question 7Using APIs

    What does HATEOAS (Hypermedia as the Engine of Application State) add to a REST API?

    AAuthentication mechanisms
    BLinks in API responses that guide clients to available next actions and related resources
    CDatabase connection pooling
    DAutomatic caching
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    HATEOAS includes hypermedia links in API responses that tell clients what actions are available and how to navigate the API. This makes APIs self-descriptive and loosely coupled — clients don't need hardcoded URLs.

  8. Question 8Using APIs

    Which HTTP status code range indicates client-side errors in a REST API?

    A1xx
    B4xx
    C2xx
    D3xx
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    4xx status codes indicate client errors: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 409 Conflict, 422 Unprocessable Entity, 429 Too Many Requests. 5xx codes indicate server errors; 2xx indicates success.

  9. Question 9Cisco Platforms

    Which Cisco security platform provides REST APIs for managing firewall rules, access policies, and intrusion detection?

    ACisco Meraki
    BCisco Firepower Management Center (FMC)
    CCisco Webex
    DCisco UCS
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco FMC provides REST APIs for programmatically managing Firepower Threat Defense (FTD) devices — creating/modifying access control policies, intrusion rules, network objects, NAT rules, and retrieving security event data.

  10. Question 10Using APIs

    What are key differences between REST and SOAP APIs?

    AREST uses XML exclusively; SOAP uses JSON
    BREST is lightweight using HTTP methods/JSON; SOAP is protocol-heavy using XML envelopes with strict typing
    CREST requires WSDL; SOAP does not
    DSOAP is stateless; REST is stateful
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    REST uses standard HTTP methods (GET/POST/PUT/DELETE) with flexible formats (JSON preferred). SOAP uses XML envelopes, WSDL contracts, and supports WS-Security, WS-ReliableMessaging. REST is simpler; SOAP is more enterprise/transactional.

  11. Question 11Using APIs

    What is the relationship between YANG models and RESTCONF/NETCONF APIs on network devices?

    AThey are unrelated technologies
    BYANG defines the data structure; RESTCONF and NETCONF provide the transport protocols to interact with YANG-modeled data
    CRESTCONF replaces YANG
    DYANG is only for monitoring, not configuration
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    YANG defines the data model (structure, constraints, types). NETCONF (XML/SSH) and RESTCONF (JSON or XML/HTTPS) are protocols that use YANG models to read/write configuration and operational data on network devices.

  12. Question 12Using APIs

    What is the purpose of API rate limiting?

    AImprove API response quality
    BPrevent abuse and ensure fair usage by limiting the number of requests per time period
    CEncrypt API data
    DManage API versions
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Rate limiting controls how many API requests a client can make within a time window, protecting the API from abuse, DDoS, and ensuring fair resource allocation across consumers.

  13. Question 13Using APIs

    What is pagination in API responses used for?

    ASorting results
    BBreaking large result sets into manageable pages to reduce response size and improve performance
    CFiltering duplicates
    DEncrypting responses
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Pagination splits large datasets into pages (using offset/limit or cursor-based approaches), reducing response payload size and server load while improving client performance.

  14. Question 14Using APIs

    What is the purpose of API pagination?

    ASpeed up APIs
    BReturn large result sets in smaller chunks (pages) to reduce response size, memory usage, and improve performance
    CEncrypt API data
    DVersion APIs
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Pagination divides large datasets into pages (offset/limit, cursor-based, or keyset), reducing response payload, server memory, and improving client-side rendering performance.

  15. Question 15Using APIs

    What is GraphQL and how does it differ from REST?

    AA database query language
    BA query language for APIs where clients specify exactly what data they need in a single request, reducing over/under-fetching vs REST
    CA graph database
    DA monitoring tool
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    GraphQL lets clients request exactly the data needed with typed schemas, solving REST's over-fetching (getting too much data) and under-fetching (needing multiple endpoints) problems.

  16. Question 16Using APIs

    What is API rate limiting and why is it important?

    ALimiting API features
    BControlling the number of API requests per time period to prevent abuse, ensure fair usage, and protect backend resources
    CLimiting API versions
    DLimiting response size
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Rate limiting caps requests per client per time window (e.g., 1000/hour), preventing DoS attacks, ensuring fair usage across clients, and protecting backend services from overload.

  17. Question 17Using APIs

    What is rate limiting in APIs?

    ASpeed up API calls
    BControlling the number of requests a client can make within a time window to prevent abuse and ensure fair usage
    CLimit data returned
    DLimit API features
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Rate limiting protects APIs: token bucket/sliding window algorithms, communicated via headers (X-RateLimit-Remaining, Retry-After). Prevents abuse, ensures fair usage, and protects backend resources.

  18. Question 18Application Deployment and Security

    How does a JSON Web Token (JWT) work for API authentication?

    AThe server stores session data for each JWT
    BA self-contained, digitally signed token carries claims (user info, permissions) that the server can verify without storing session state
    CJWT tokens never expire
    DJWT uses symmetric encryption only
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    JWT is a self-contained token with three parts: header (algorithm), payload (claims like user ID, roles, expiry), and signature. The server verifies the signature to authenticate requests without maintaining server-side session state.

  19. Question 19Software Development and Design

    What is the purpose of a REST API's idempotent methods?

    ASpeed up API responses
    BEnsure that making the same request multiple times produces the same result
    CEncrypt API traffic
    DAuthenticate users
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Idempotent methods (GET, PUT, DELETE) produce the same result regardless of how many times they're called, making APIs resilient to retries and network issues.

  20. Question 20Using APIs

    Which authentication mechanism uses tokens obtained after initial authentication to authorize subsequent API requests?

    ABasic Authentication
    BOAuth 2.0 Bearer Token
    CAPI Key in URL
    DClient Certificate
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    OAuth 2.0 Bearer Tokens are obtained through an authorization flow and included in subsequent API request headers, providing secure, scalable authentication without resending credentials.

  21. Question 21Using APIs

    Which data format is MOST commonly used for REST API request and response bodies?

    AXML
    BJSON
    CYAML
    DCSV
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    JSON is the de facto standard for REST APIs due to its lightweight structure, readability, native JavaScript support, and broad library support across all programming languages.

Key APIs Concepts for DEVCOR

restapigraphqlwebhookpaginationrate limitoauthtoken

DEVCOR APIs Exam Tips

Using APIs questions in DEVCOR are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: rest, api, graphql, webhook, pagination, rate limit.

What DEVCOR Expects

  • Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
  • APIs scenarios for DEVCOR are frequently mapped to Domain 2 (20%), so read the objective carefully before picking controls or architecture.
  • Expect multi-service scenarios where APIs interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and managed-service best practices.

High-Value APIs Concepts

  • Know the core APIs building blocks cold: rest, api, graphql, webhook.
  • Review the edge-case features and limits for pagination, rate limit; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how APIs pairs with Software Design, Cisco Platforms in real deployment patterns.
  • For DEVCOR, explain why the chosen APIs design meets reliability, security, and cost expectations better than the alternatives.

Common DEVCOR Traps

  • Watch for answers that partially solve the requirement but miss operational constraints.
  • Questions in Using APIs often include distractors that look correct for APIs but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two APIs implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Using APIs (20%) outcomes for DEVCOR?
  • Can you explain security and access boundaries for APIs without relying on default-open assumptions?
  • Can you describe how APIs integrates with Software Design and Cisco Platforms during failure, scaling, and monitoring events?

Exam Domains Covering APIs

Domain 2Using APIs20%

Related Resources

🎯 Free DEVCOR Mock Exam📝 Software Design Questions📝 Cisco Platforms Questions

More DEVCOR Study Resources

← DEVCOR Study Hub30-Day Study PlanFull Practice Exam