C1000-138 Free Sample Questions

A financial services company is using IBM API Connect to manage access to its core banking services. They have implemented a global policy to log all transaction requests for auditing. However, for a new 'Loan Application' API, they must prevent sensitive applicant data (e.g., social security number) from being written to the logs while still being passed to the backend system. The logging policy is a global post-request policy. What is the most effective way for the API developer to meet this requirement without altering the global policy?

A large enterprise has adopted IBM API Connect for multiple lines of business (LOBs), including Retail, Insurance, and Wealth Management. The enterprise architect's mandate is to provide each LOB with the ability to manage its own set of APIs, Products, developers, and a branded developer portal. However, a set of core 'Customer Profile' APIs, managed by a central IT team, must be made available for use by all LOBs in their respective Products. What is the most appropriate API Connect topology to fulfill these requirements?

An API developer is troubleshooting an OAuth2 authorization code flow. The client application successfully redirects the user to the authorization server, the user authenticates, but the subsequent token exchange request fails. The trace reveals the token endpoint returns an `invalid_grant` error. The developer confirms the authorization code is correct and has not expired. Which of the following is the most likely cause of this specific error in this context?

A developer is creating a user-defined policy that needs to access a secure configuration value, such as an external service's API key. To avoid hardcoding this secret in the policy's implementation (e.g., GatewayScript), the developer wants to use a property that can be set in the API assembly. How should the property be defined in the policy's YAML file to ensure it is treated as a password, meaning its value is obfuscated in the API Connect user interfaces?

A DevOps engineer needs to automate the deployment of API Products to different environments (Development, Staging, Production). Each environment has a different backend service URL for a specific API. Which combination of API Connect features should be used to manage these environment-specific URLs without modifying the OpenAPI definition for each deployment?

True or False: When an API Product is moved to the 'Deprecated' lifecycle state, any existing application subscriptions to its Plans are immediately disabled, and API calls will fail.

A developer is implementing a GraphQL API proxy in API Connect for a backend GraphQL service. The requirement is to prevent certain expensive or sensitive fields in the GraphQL schema from being queryable by consumers. Which API Connect feature should be used to achieve this without modifying the backend service?

A provider organization owner needs to configure mutual TLS (mTLS) for a specific Catalog. This requires the API Gateway to present its own certificate to backend services and to validate certificates presented by clients. Which TWO resources must be configured in the Cloud Manager or API Manager to enable this? (Select TWO).

A developer is using the `apic` toolkit CLI to work on an API project locally. Which command should be used to validate the project's YAML definition files against the OpenAPI specification and check for API Connect-specific errors without connecting to a management server?

An API Product Manager for an e-commerce company is analyzing API usage data. They notice that a key partner is frequently hitting the rate limit for the 'Product Search' API, leading to failed requests and potential lost sales. The manager wants to offer this partner a higher limit without affecting other consumers on the same Plan. What is the most direct way to achieve this?