Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 350-901

Cisco 350-901 Exam Questions
Developing Applications using Cisco Core Platforms and APIs (DEVCOR) (Page 14 )

Updated On: 6-Apr-2026
Page 14 of 78
PDF with 507 Questions

Which security approach should be used for developing a REST API?

  1. Add an API key to each URL string.
  2. Use custom security relevant HTTP response codes.
  3. Utilize CORS headers.
  4. Utilize TLS for end-to-end encryption.

Answer(s): D



Refer to the exhibit. The application follows a containerized microservices architecture that has one container per microservice. The microservices communicate with each other by using REST APIs. The double-headed arrows in the diagram display chains of synchronous HTTP calls needed for a single user request.

Which action ensures the resilience of the application in the scope of a single user request?

  1. Implement retries with exponential backoff during HTTP API calls.
  2. Set up multiple instances of each microservice in active/active mode by using the Orchestrator.
  3. Redesign the application to be separated into these three layers: Presentation, API, and Data.
  4. Create two virtual machines that each host an instance of the application and set up a cluster.

Answer(s): A



DRAG DROP (Drag and Drop is not supported)
Drag and drop the steps on the left into the order on the right for an end-user to access an OAuth2 protectedresource using the 'Authorization Code Grant' flow.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



In the three-legged OAuth2 authorization workflow, which entity grants access to a protected resource?

  1. resource owner
  2. client
  3. resource server
  4. authorization server

Answer(s): A


Reference:

https://developer.orange.com/tech_guide/3-legged-oauth/



What are two steps in the OAuth2 protocol flow? (Choose two.)

  1. The user is authenticated by the authorization server and granted an access token.
  2. The user’s original credentials are validated by the resource server and authorization is granted.
  3. The user indirectly requests authorization through the authorization server.
  4. The user requests an access token by authentication and authorization grant presentation.
  5. The user requests the protected resource from the resource server using the original credentials.

Answer(s): C,E


Reference:

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2



Viewing page 14 of 78
Viewing questions 66 - 70 out of 507 questions


350-901 Exam Discussions & Posts (Share your experience with others)

AI Tutor AI Tutor 👋 I’m here to help!