[02/Vitim/01]

Questions and Answers

Which type of API does Flow.BI provide?

Both REST API and SQL API (correct)

REST API

SQL API

Neither REST API nor SQL API

What is the basis of security for Flow.BI's API?

API keys (correct)

Neither user credentials nor API keys

Both user credentials and API keys

User credentials

Where can API keys be created in Flow.BI?

On the user's profile page (correct)

On the API documentation page

On the home screen

On the settings page

Flow.BI provides three API’s at the moment: REST API, SQL API, and GraphQL API.

False

Flow.BI's API security is not based on user credentials.

False

API keys in Flow.BI can only be created by administrators.

False

Match the following API's with their corresponding security type in Flow.BI:

REST API = User credentials SQL API = API keys GraphQL API = User profile JavaScript API = None of the above

Match the following API keys with the correct location where they are created in Flow.BI:

User API keys = REST API Admin API keys = GraphQL API

Match the following API types with their corresponding number in Flow.BI:

REST API = 1 SQL API = 2 GraphQL API = 3 JavaScript API = 4

Match the following API key usage scenarios with their descriptions:

Authentication = Used to authenticate a user, developer, or calling program to an API Authorization = Used to authorize a user, developer, or calling program to access specific resources or perform specific actions on an API Rate limiting = Used to limit the number of requests that a user, developer, or calling program can make to an API Usage tracking = Used to track the usage of an API by users, developers, and calling programs

Match the following API key security tips with their recommendations:

Keep your API keys secret = Do not share your API keys with anyone you do not trust Use strong API keys = API keys should be long and complex to make them difficult to guess or crack Rotate your API keys regularly = Reduce the risk of unauthorized access by regularly changing your API keys Monitor your API usage = Watch out for suspicious activity, such as a sudden increase in the number of requests from a particular user or IP address

Match the following API key characteristics with their definitions:

Unique identifier = A value that is different for each user, developer, or calling program Long strings of random characters = Typical format for API keys Generated by the API provider = Who is responsible for creating API keys Passed to the API in a variety of ways = Different methods of providing API keys to the API

Match the following API key usage scenarios with their explanations:

Authentication = Used to verify the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Prevents abuse of the API by limiting the number of requests that can be made within a certain time period Usage tracking = Provides information on how the API is being used, including who is using it and how often

Match the following API key best practices with their descriptions:

Keep your API keys secret = To prevent unauthorized access to your API Use strong API keys = To make it difficult for attackers to guess or crack the key Rotate your API keys regularly = To minimize the impact of a compromised key Monitor your API usage = To detect and respond to suspicious activity

Match the following API key security measures with their explanations:

Keeping API keys secret = Protects against unauthorized access Using strong API keys = Increases the difficulty of guessing or cracking the key Rotating API keys regularly = Reduces the risk of unauthorized access by changing the key Monitoring API usage = Helps to identify and respond to potential security issues

Match the following API key characteristics with their definitions:

Generated by the API provider = The entity responsible for creating the API key Long and complex = Desirable traits for an API key to make it difficult to guess or crack Passed to the API in a variety of ways = Different methods of providing the API key to the API Used for a variety of purposes = Authentication, authorization, rate limiting, and usage tracking

Match the following API key usage scenarios with their descriptions:

Authentication = The process of verifying the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Limits the number of requests that can be made to the API within a certain time period Usage tracking = Provides information on how the API is being used, including who is using it and how often

Match the following API key security measures with their explanations:

Keeping API keys secret = Prevents unauthorized access to the API Using strong API keys = Increases the security of the API by making it harder to guess or crack the key Rotating API keys regularly = Reduces the risk of unauthorized access by changing the key Monitoring API usage = Detects and responds to suspicious or abnormal activity

Match the following API key usage scenarios with their descriptions:

Authentication = Verifies the identity of the user, developer, or calling program Authorization = Determines what actions or resources the user, developer, or calling program is allowed to access Rate limiting = Prevents abuse of the API by limiting the number of requests that can be made Usage tracking = Provides information on how the API is being used

Which of the following is NOT a purpose of API keys?

Data encryption

What is the main function of API keys in API security?

To control access to APIs

How should API keys be kept to ensure security?

Rotated regularly

In what ways can API keys be passed to an API?

In the body of an HTTP request

What is the recommended length and complexity for API keys?

Long and complex

Who typically uses API keys to authenticate and authorize with an API?

Calling programs

What is one of the purposes of rate limiting with API keys?

To prevent unauthorized access

Why should API keys be kept secret and not shared with untrusted individuals?

To reduce the risk of unauthorized access

What can API keys be used to track?

API usage

What is an important part of API security that API keys help with?

Access control

API keys are used to authenticate and authorize a human user to an API.

False

API keys are typically generated by the API provider as long strings of random characters.

True

API keys can only be passed to the API in the header of an HTTP request.

False

API keys can be used for authentication, authorization, rate limiting, and usage tracking.

True

API keys are not important for API security.

False

It is not necessary to rotate API keys regularly to reduce the risk of unauthorized access.

False

Monitoring API usage is not necessary for API security.

False

API keys should be kept secret and shared with trusted individuals only.

True

API keys can be used to track the usage of an API by users, developers, and calling programs.

True

API keys can be used to access specific resources or perform specific actions on an API.

True