Study Guide Version 1.1

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

PROPRIETARY AND CONFIDENTIAL INFORMATION

© 2017 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized use, copying or distribution. All names of individuals or of companies referenced herein are fictitious names used for instructional purposes only. Any similarity to any real persons or businesses is purely coincidental. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. These Materials are for your informational purposes only, and do not form any type of warranty. The use of any software or product referenced in the Materials is governed by the end user’s applicable license agreement. CA is the manufacturer of these Materials. Provided with “Restricted Rights.”

Copyright

Areas for Study

Exam Information

Exam Objectives

Exam Questions

Exam Security

c

Register for Exam

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

The Exam Experience Professional Exam DetailsYou can register to take an online proctored exam from your home or office using Kryterion’s Online Proctoring (OLP) Services, or you can take an on-site proctored exam at a Kryterion testing center. If you choose to take an online proctored exam, you will need Internet access, an external web camera, and a computer that meets specific hardware and software requirements.

For answers to frequently asked questions about registering for exams, locations, on-site and virtual proctoring, OLP equipment requirements, cancellation and re-scheduling policies and more, read our FAQs at http://www.ca.com/us/education/accreditations/certifications/certification-faq.aspx.CA employees may also go here for more

information: https://one.ca.com/education/certification

▪ Product release: Major release listed in the title; Includes subsequent point releases

▪ Recertification: There is no annual requirement to recertify for the same release of a product. For each major product release, an updated exam will be available for recertification.

▪ Number of items = 50▪ Item types = Multiple choice, including multiple response

questions▪ Time to complete test: 90 minutes▪ Passing score is 70%▪ Attempts Permitted: You may register for your first retake

immediately. For subsequent retakes you are required to wait at least thirty (30) calendar days from the date of your last attempt. Read the online FAQs for details.

Exam Information

IndexThe CA Technologies Certification Program is designed to measure your skills, knowledge, and expertise in managing, administering, installing, configuring and implementing select CA Technologies products for complete and optimized IT solutions. With CA certifications, management teams will have peace of mind that knowledgeable professionals are handling their CA Technologies applications.

Proctored by a third party vendor, KryterionOnline, CA Technologies certifications objectively validate the competencies of a project team –whether that team is your in-house staff, CA Technologies Professional Services, or a CA Technologies partner.

The aim of this document is to help you prepare for the CA API Management Proven Implementation Professional 2018 Exam. Make sure that you familiarize yourself with the content areas tested. Your best path to success is to attend the exam prep course(s).

You may also find it helpful to review the product documentation at https://docops.ca.com/home and to participate in CA Global User Community forums at https://communities.ca.com.

The experience gained from taking courses and using the product will help you: • Gain a comprehensive understanding of the product or solution • Increase the likelihood of passing the exam on your first attempt

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Only qualified candidates who demonstrate competency by successfully passing the CA Technologies certification exam will be awarded certification credentials. Prospective certification candidates are encouraged to prepare for the exam using the Exam Study Guide and other materials available on the Certification from CA Technologies website.

To safeguard the integrity of the certification program, CA Technologies requires all candidates to behave in an ethical manner and to comply with the rules of the third-party test center for on-site proctoring and on-line proctoring. The validity of the certification program depends on the exam content remaining secure and undisclosed to other potential certification candidates. CA Technologies will not tolerate cheating, fraud, or misconduct, which includes but is not limited to the following:

• Obtaining, whether through purchase or otherwise acquiring, unauthorized exam preparation materials from any non-CA website • Obtaining, whether through purchase or otherwise acquiring, unauthorized exam questions from any non-CA website, including brain

dump websites • Acquiring or attempting to acquire exam questions through online communities, chat rooms, screen capture software, forums, and

social networking sites • Acquiring or attempting to acquire exam content through CA Subject Matter Experts, CA Support Staff, or CA Certified Professionals • Using or attempting to use a proxy to sit for the exam in your place • Taking or attempting to take an exam for someone else • Receiving or giving assistance during an exam • Sharing exam questions or answers with a potential certification candidate • Violating testing center rules • Falsifying a diploma or score report • Using a CA Technologies certification logo or credential to which you are not entitled

CA Technologies reserves the right to take any actions it deems reasonably appropriate in the case of suspected misconduct or violation of the terms of the Non-Disclosure Agreement, including, but not limited to, cancelling an exam result, revoking exam or certification status, terminating use of the Designation, requiring a candidate to retake an exam, banning a candidate from the certification program, and reporting misconduct to the candidate’s employer. CA Technologies considers cheating a serious offense that warrants disciplinary action, up to and including termination of employment.

Exam Security

Index

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Search the CA Education Portal for latest courses, as they may not have been available at the time of this document posting: ▪ Partners & Customers look here: http://education.ca.com▪ Employees look here: https://learn.ca.com/

For documentation, Communities, and more visit: https://docops.ca.com/homeRegister for the exam here: www.webassessor.com/catechnologies/index.html

Areas of Study

Index

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c Best Practices

Experience Prior Knowledge

wiki.ca.com

support.ca.com

developer.ca.com

Use Cases & ScenariosPractical Application of Course Concepts

communities.ca.com

Register for Exam

youtube.com/catechnologies

docops.ca.com

Dynamic Lab CourseCA API Gateway v9.x: Foundations 200 40AGW2001S9.5 hours

Instructor Led CourseCA API Gateway v9.x: Foundations 20040AGW2001116 hours

OR

Dynamic Lab CourseCA API Developer Portal v3.0: Foundations 20004LSV2015S7 hours

Instructor Led CourseCA API Developer Portal v3.0: Foundations 20004LSV201518 hours

OR

eLearning CourseCA Mobile API Gateway 4.x Foundations 20040MAG200602 hours

Additional Resources (eLearning courses):

CA API Developer Portal r3.1: New Features 200 40DPL200101 hour

CA Live API Creator r2.x: Foundations 200 40API201802 hours

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

Exam Objectives

Exam objectives as they map to related courseware and the body of knowledge, including percentage of exam devoted to topics.

c

Register for Exam

Exam Objectives Related Content Exam FocusUnderstanding the Virtual Appliance 40AGW2001S or 40AGW20011 CA API Gateway v9.x: Foundations 200

CA API Gateway Virtual Appliance Architecture• Understand the Architecture of the CA API Gateway Implementation• Physically Install the Open Virtual Appliance onto an Existing Infrastructure

6%

Setting Up and Configuring CA API Gateway 40AGW2001S or 40AGW20011 CA API Gateway v9.x: Foundations 200 Setup and Configuration of CA API Gateway • Configure the Primary Gateway Node• Configure the Secondary Gateway Node• Configure Database Components and Replication• Install the Policy Manager and License the GatewayDocumentation and Field ExperienceAuto-provisioning

10%

Managing APIs Using Policies and Assertions 40AGW2001S or 40AGW20011 CA API Gateway v9.x: Foundations 200 Manage APIs Using Policies and Assertions • Publish the Voonair Airlines Platinum Event SOAP API• Add Policy Fragments and ClusterWide PropertiesDocumentation and Field ExperienceCluster-Wide Properties and Gateway Node SettingsPolicy Assertions and Dynamic RoutingWS-SecurityRoute via HTTP(S)SSL and TLS TransportFirewallsListen Ports and Protocols

22%

Publishing REST APIs and Performing Administrative Tasks

40AGW2001S or 40AGW20011 CA API Gateway v9.x: Foundations 200 Publish REST APIs and Perform Administrative Tasks• Publish the Voonair Airlines Toronto Destination REST API• Advanced Logging and Auditing Techniques• Common Gateway Administrative TasksDocumentation and Field ExperienceInstalling Solution KitsBypass Auditing When the Database is Full

10%

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Exam Objectives Related Content Exam FocusUnderstanding Advanced Assertions and Security Enablement

40AGW2001S or 40AGW20011 CA API Gateway v9.x: Foundations 200 Implement Advanced Assertions and Security Enablement• Limit Access and Throughput to a Resource• Add Threat Protection Assertions• Apply the Validate XML Schema Assertion• Apply the JSON Transformation AssertionDocumentation and Field ExperienceInternal Services

10%

Managing the Installation of CA Mobile API Gateway

40MAG20060 CA Mobile API Gateway 4.x Foundations 200Manage the Installation of CA Mobile API Gateway• List the CA Mobile API Gateway Prerequisites• Install the CA OAuth Toolkit• Install CA Mobile API Gateway• Perform required Post‐Installation TasksDocumentation and Field ExperienceNetwork ZonesOAuth Manager

12%

Using CA Mobile API Gateway Tools 40MAG20060 CA Mobile API Gateway 4.x Foundations 200Practice Using CA Mobile API Gateway Tools

2%

Analyzing Mobile SDK Authentication and Authorization

40MAG20060 CA Mobile API Gateway 4.x Foundations 200Analyze Mobile SDK Authentication and Authorization

4%

Configuring CA Mobile App Service Policies 40MAG20060 CA Mobile API Gateway 4.x Foundations 200Configure CA Mobile App Service Policies

2%

Understanding Advanced Solutions and Integrations

40MAG20060 CA Mobile API Gateway 4.x Foundations 200Summarize Advanced Solutions and Integrations

4%

Installing and Configuring CA API Developer Portal

04LSV2015S or 04LSV20151 CA API Developer Portal v3.0: Foundations 200Install and Configure CA API Developer Portal

4%

Understanding CA API Developer Portal Internal Roles and Tasks

04LSV2015S or 04LSV20151 CA API Developer Portal v3.0: Foundations 200CA API Developer Portal Internal Roles and Tasks• Execute Administrative and API Owner Tasks• Execute Business Manager and Account Manager Tasks• Use the Web Administrator Account to Rebrand the Portal

6%

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Exam Objectives Related Content Exam FocusUnderstanding CA API Developer Portal External Roles and Tasks

04LSV2015S or 04LSV20151 CA API Developer Portal v3.0: Foundations 200CA API Developer Portal External Roles and Tasks• Using the API Explorer• API Groups• Monetizing APIs

6%

Understanding CA Live API Creator Documentation and Field ExperienceDescribe CA Live API Creator

2%

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

Sample Certification Exam Questions

These sample questions are very similar to the questions in the actual exam. Some questions may include several correct options.

c

Register for Exam

Questions Options

Question 1The CA API Gateway virtual appliance is delivered as an open virtual appliance (OVA) file. What does the OVA file contain? (Choose three)

A. VMware PlayerB. A 64-bit Linux OSC. SQL Server 2014 ExpressD. A MySQL enterprise databaseE. The latest Java Development Kit (JDK)

Question 2Examples of CA API Gateway form factors include: (Choose three)

A. a physical appliance. B. a 32-bit Linux OS packaged VM.C. a Windows OS packaged physical appliance.D. a virtual appliance running under the Azure cloud platform.E. a 64-bit virtual appliance in open virtual appliance (OVA) format.

Question 3Which statements about Gateway clusters and replication are TRUE? (Choose two)

A. Peered MySQL database units become master and slave to each other, an arrangementthat is also known as master-master replication.

B. No more than two MySQL database servers may be configured for replication in aGateway cluster regardless of the number of Gateway processing nodes.

C. The maximum number of MySQL database servers you can configure for replication in aGateway cluster is an even "peered" number proportional to the number of Gatewayprocessing nodes in that cluster.

D. The load balancer in Gateway clusters provides failover detection by assessing whether aprocessing node on the network is "alive." Setting the detection frequency to 3 to 5seconds can provide rapid failure detection that most Gateway clusters can handle.

Question 4Which statements about Gateway cluster system requirements and configuration are TRUE? (Choose two)

A. Only ONE node in the Gateway cluster must be installed and configured with a MySQLdatabase with a known root user name and password.

B. Policy and configuration setting changes are automatically propagated to each clusternode asynchronously within 5 seconds of the change in the Policy Manager.

C. A Gateway cluster is NOT assigned a host name and IP address in the load balancer if each component Gateway (making up the cluster) is assigned its own IP address andhost name.

D. Each Gateway being assigned the role of a node in the cluster must possess its own IPaddress and host name in addition to the configuration within the load balancer. Thecluster itself is also assigned a host name and IP address.

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Questions Options

Question 5When you publish a web service using the Policy Manager, you use the Publish Web API wizard to publish an API and:

A. RESTful proxies only. B. non-SOAP applications.C. existing WSDL documents.D. web services that require the generation of a new WSDL document.

Question 6Which statements about included policy fragments are TRUE? (Choose two)

A. Policy fragments have their own revision history. B. Policy fragments may include other policy fragments.C. Changes to a policy fragment only take effect when the parent policy is saved and

activated. D. There are two types of policy fragments: Global policy fragments and Included policy

fragments.

Question 7Which statements about policies and policy creation are TRUE? (Choose two)

A. Policy validation feedback cannot be disabled.B. Included policy fragments will cause an increase to the numbering hierarchy by adding

a decimal place.C. To aid in the migration of policies, the creator has the option of specifying the policy

GUID at policy creation time.D. The first assertion in a policy is always numbered 2 because there is an implicit All

Assertions Must Evaluate to True assertion at the root of every policy.

Question 8Which statements about policy revision history are TRUE? (Choose three)

A. Policies with a comment are never overwritten.B. Each policy will always have one version that is marked active.C. Policies with a comment do not count toward the stored revisions maximum.D. The policyVersioning.maxRevisions cluster-wide property can be used to set the

maximum number of stored revisions.

Question 9Which statements about the measurement of assertion latency are TRUE? (Choose two)

A. Latency measurement is automatically enabled when you run the Service Debugger.B. Capturing assertion latency can affect the outcome of the At Least One Assertion Must

Evaluate to True assertion.C. You must indicate that the latency is "required" by referencing either the

${assertion.latency.ms} or ${assertion.latency.s} variables in the next assertion. D. The Gateway is always recording latency for internal performance optimization

purposes, so there is little additional overhead in adding the measurement of assertionlatency into a policy.

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Questions Options

Question 10You are required to authenticate a user through HTTP Basic Authentication and to ensure that the user is a member of at least one of three different groups. Which assertion or sequence of assertions should you use?

A. Require HTTP Basic Credentials, specifying the list of groups as attributes of theassertion

B. Three separate Authenticate User or Group assertions inside an At Least One AssertionMust Evaluate to True folder

C. Require HTTP Basic Credentials and three separate Authenticate User or Groupassertions inside an At Least One Assertion Must Evaluate to True folder

D. Three separate Authenticate User or Group assertions inside an At Least One AssertionMust Evaluate to True folder and the Require HTTP Basic Credentials assertion

Question 11Folders are useful for organizing your services and policies. Which statements about folders are TRUE? (Choose two)

A. Only a user with the administrator role can create folders. B. The Update <foldername> Folder role provides the ability to read the update services or

policies within the folder. C. The Manage <foldername> Folder role allows a user to create, read, update, and delete

services or policies within the folder. D. Folders can be placed into zones, which will enable a user with the corresponding

Manage X Zone role to manage folders that are in the X zone.

Question 12Which statements about audit sink properties are TRUE? (Choose two)

A. Every audit event is run through an audit sink policy.B. You must create a separate audit sink policy for each audit sink.C. Disabling the audit sink policy will prevent audit messages from being stored.D. An audit sink policy can be deleted only when first disabled in the Audit Sink Properties.

Question 13When you build a RESTful policy, you can use an assertion that can take a single-valued input and convert it to a multi-valued context variable that can be accessed later in the policy. Which assertion enables you to do this?

A. Join Variable B. Split Variable C. Look up Context VariableD. Manipulate Multivalued Variable

Question 14When you create an external audit store for the Gateway, which factors should you consider? (Choose three)

A. You generally need to modify the system-generated policy for JDBC audit sinks.B. When creating a custom audit sink, you are free to configure the lookup policy as

necessary.C. The Configure External Audit Store Wizard can be used to create an external JDBC audit

store.D. The Gateway cannot simultaneously record to the internal database and to an external

source.E. You can configure a special audit lookup policy to look up audit records in an external

audit store.

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Questions Options

Question 15Why might you use an Evaluate Request XPath assertion? (Choose two)

A. To validate an X.509 certificate context variableB. To break a policy into different paths for different types of operationsC. To help provide preferential routing to unique customers with special considerationsD. To check that HTML form fields appear a minimum number of times or do not appear

more than once

Question 16In which circumstance do you typically use the Gateway Migration Utility (GMU)?

A. When you need to clone an entire GatewayB. When you need to migrate policies, services, or entitiesC. When you need to migrate system files such as system.properties or host.propertiesD. When you need to configure Command Line Policy Migration Tool (CMT) mappings

using a web browser interface

Question 17All OAuth Toolkit (OTK) features are implemented using policies in the Policy Manager. With the Policy Manager, you can customize specific policies. What are some examples of customization? (Choose two)

A. Adding new client keysB. Changing token lifetimesC. Configuring trusted applications groupsD. Updating policies to support Oracle database

Question 18Before you install the CA Mobile API Gateway (MAG), it is important to understand the network zones you will use. Your implementation will use an Internal zone and a DMZ zone. The zones appear in the Policy Manager. The DMZ zone contains external-facing endpoints and handles user requests coming from the SDK. What is this zone responsible for? (Choose three)

A. MAG ManagerB. OAuth test clientsC. Mobile Single Sign-On (Mobile SSO) protocolsD. Touchless login using quick response (QR) codes

Question 19CA Mobile Developer Console (MDC) enables you to: (Choose three)

A. download and view platform-related resources.B. manage scopes to provide limited access to protected resources.C. automatically generate API catalog entries with all published APIs.D. create public or confidential client applications for different platforms.E. collaborate with other developers by using different MDC instances to access a

common CA Mobile Access Gateway (MAG) instance.

Question 20Which feature characterizes the CA Mobile API Gateway (MAG) enterprise browser?

A. It displays a trusted group of enterprise-approved applications on a device.B. It enables API developers to grant or deny access to protected APIs based on the

physical location of the application user.C. It displays a list of WebSocket clients and servers that CA API Gateway can

communicate with for inbound and outbound messages.D. It enables developers to configure the MAG to communicate with the Apple Push

Notification (APN) service and the Apple Feedback service.

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Answers

Question 1 = B, D, and E Question 2 = A, D, and EQuestion 3 = A and BQuestion 4 = BQuestion 5 = BQuestion 6 = A and BQuestion 7 = B and DQuestion 8 = A, C, and DQuestion 9 = B and CQuestion 10 = CQuestion 11 = C and DQuestion 12 = A and DQuestion 13 = BQuestion 14 = B, C, and EQuestion 15 = B and CQuestion 16 = BQuestion 17 = B and DQuestion 18 = A, C, and DQuestion 19 = A, B and DQuestion 20 = A

Index

CA API Management Proven Implementation Professional 2018 Exam (CAT-561)

© 2017 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Register for the Exams

To register and pay for any of the Proven Implementation Professional certification exams, visit our third party testing

partner, Kryterion Online.

Each exam attempt costs $150. Payment and vouchers are only accepted during registration and scheduling on the third party website.

We are not able to process payment for Proven Implementation Professional exams on the LMS Training Portal.