Exam 350-601 topic 1 question 243 discussion

CorrectThese API methods enable you to manage session authentication: aaaLogin —Sent as a POST message, this method logs in a user and opens a session. The message body contains an aaa:User object with the name and password attributes, and the response contains a session token and cookie. If multiple AAA login domains are configured, you must prepend the user's name with apic: domain\\ . aaaRefresh —Sent as a GET message with no message body or as a POST message with the aaaLogin message body, this method resets the session timer. The response contains a new session token and cookie. aaaLogout —Sent as a POST message, this method logs out the user and closes the session. The message body contains an aaa:User object with the name attribute. The response contains an empty data structure. aaaListDomains —Sent as a GET message, this method returns a list of valid AAA login domains. You can send this message without logging in. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

B and E are the only ones that make sense. you can either login, or list domains.

I pick B & E because the user is not yet authenticated, so first is B (to retrieve domain list) and then is E (to login)

CE. Answered and explained in Pluralsight video.

for unauthentificated user

B and E

C and E

When a login message is accepted, the API returns a data structure that includes a session timeout period in seconds and a token that represents the session. The token is also returned as a cookie in the HTTP response header. To maintain your session, you must send login refresh messages to the API if no other messages are sent for a period longer than the session timeout period. The token changes each time that the session is refreshed. Answer is definitely C & E. aaalogin to login with username and password aaaRefresh along with aaaLogin to keep refreshing your session from timeout. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

session token and cookie are the key terms here C and E

Answer is B and C aaaRefresh and aaaListDomains The rest there is an explicit mention of requiring the message body containing object user. which implies some kind of user logged in is required.

Answer is B and C. There's no reason to do a POST to aaaLogin AFTER you've been authenticated like the question states. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

The right answer is B and D The aaaRefresh just resets the session timer, but aaaListDomains can be used to list login domains without logging in.