Chapter 35: Quiz — RESTful APIs and Modern Access Patterns

Conceptual Questions

Question 1

What is the primary advantage of z/OS Connect EE over building a custom REST API layer for exposing DB2 z/OS data?

A. z/OS Connect EE is faster than any custom implementation. B. z/OS Connect EE provides a declarative mapping between REST/JSON and DB2 stored procedures without requiring application code, leveraging z/OS security infrastructure (RACF) directly. C. z/OS Connect EE supports more programming languages than custom APIs. D. z/OS Connect EE automatically generates mobile applications.

Question 2

Why should API error responses never include raw DB2 SQLSTATE values or SQLCODE numbers?

A. SQLSTATE values are copyrighted by IBM and cannot be shared. B. Raw database error codes leak implementation details that could help attackers probe for vulnerabilities, and they are meaningless to API consumers. C. SQLSTATE values change between DB2 versions. D. JSON cannot represent numeric error codes.

Question 3

What is the N+1 query problem in the context of GraphQL over DB2?

A. A GraphQL query that requests N fields plus one aggregate. B. A pattern where resolving a list of N parent objects triggers N additional database queries to fetch related child objects, resulting in N+1 total queries. C. A query that joins N+1 tables. D. A limitation that GraphQL cannot query more than N+1 levels of nesting.

Question 4

In a Debezium DB2 CDC connector, what does the op field in a change event indicate?

A. The database operation type: c (create/insert), u (update), d (delete), r (read/snapshot). B. The operator who performed the change. C. The optimization level applied to the query. D. Whether the operation was committed or rolled back.

Question 5

Which Kafka topic design strategy ensures that all events for a single account are processed in order?

A. Create one topic per account. B. Partition topics by account ID so that all events for a given account go to the same partition. C. Use a single-partition topic for all events. D. Set the consumer group to "ordered" mode.

Question 6

In the CQRS (Command Query Responsibility Segregation) pattern with DB2, what is the role of the Kafka event stream?

A. It replaces DB2 as the primary data store. B. It propagates changes from the write-optimized DB2 instance to a read-optimized replica or alternate data store, enabling separation of write and read workloads. C. It provides backup for DB2 data. D. It handles authentication between the command and query services.

Question 7

Why is keyset pagination preferred over offset-based pagination for deep result sets in DB2-backed APIs?

A. Keyset pagination uses less memory in the client application. B. Offset-based pagination requires DB2 to scan and discard all rows before the offset, becoming slower as the offset increases. Keyset pagination uses an index efficiently regardless of depth. C. Keyset pagination supports sorting by multiple columns; offset does not. D. Keyset pagination is the only method that works with DB2.

Question 8

What is the "shared database" anti-pattern in microservices architecture?

A. Replicating the same data across multiple databases. B. Multiple microservices connecting directly to the same DB2 database and sharing tables, creating tight coupling that prevents independent deployment. C. Sharing database credentials across services. D. Using the same DB2 instance for production and testing.

Question 9

When configuring HikariCP connection pooling for a DB2-backed API handling 10,000 requests per minute with an average query time of 5ms, what is a reasonable starting pool size?

A. 1-2 connections (queries are fast) B. 5-10 connections (sufficient for the load) C. 100+ connections (one per concurrent request) D. 10,000 connections (one per request per minute)

Question 10

In the saga pattern for distributed transactions, what is a "compensating action"?

A. A database trigger that fires when a transaction fails. B. An action that semantically undoes a previous step in the saga. For example, if account creation succeeds but KYC verification fails, the compensating action deletes the created account. C. A secondary transaction that runs in parallel. D. A retry mechanism for failed API calls.

Practical Questions

Question 11

A developer writes this REST endpoint:

@GetMapping("/accounts")
public List<Account> getAllAccounts() {
    return jdbcTemplate.query(
        "SELECT * FROM MERIDIAN.ACCOUNTS", accountRowMapper);
}

What are at least three problems with this endpoint?

Question 12

You need to expose PROC_TRANSFER_FUNDS through z/OS Connect. The procedure has IN parameters (p_from_account, p_to_account, p_amount, p_description) and OUT parameters (p_txn_id, p_status_code, p_status_msg). Write the REST request body (JSON) and the expected response body (JSON) for a successful transfer of $500 from account 1001 to account 1002.

Question 13

A Kafka consumer for fraud detection processes transaction events. The consumer crashes and restarts. Given this event sequence: - Event A: $500 transfer (processed before crash) - Event B: $10,000 transfer (processing when crash occurred) - Event C: $200 transfer (not yet processed)

With enable.auto.commit = false and manual offset commit AFTER processing, which events will be reprocessed after restart? How would you prevent duplicate fraud alerts for Event B?

Answer Key

  1. B — z/OS Connect provides declarative REST-to-DB2 mapping with native RACF security.
  2. B — Raw error codes leak implementation details and are meaningless to consumers.
  3. B — N parent items trigger N additional queries for related children.
  4. Aop indicates the operation type: create, update, delete, or snapshot read.
  5. B — Partitioning by account ID ensures ordering within a partition.
  6. B — Kafka propagates changes from write to read stores in CQRS.
  7. B — Offset pagination degrades with depth; keyset uses indexes efficiently.
  8. B — Multiple services sharing tables creates coupling.
  9. B — At 5ms per query, each connection handles ~200 queries/sec; 10 connections handle ~120,000/min, well above 10,000/min. Over-provisioning wastes DB2 resources.
  10. B — A compensating action semantically undoes a previous step.
  11. Problems include: (1) no pagination — returns all rows, potentially millions; (2) SELECT * returns all columns including sensitive data; (3) no authentication or authorization; (4) no input filtering or query parameters; (5) no rate limiting.
  12. Request: {"fromAccount": 1001, "toAccount": 1002, "amount": 500.00, "description": "Monthly rent"}. Response: {"transactionId": 987654321, "status": 0, "message": "Transfer completed successfully"}.
  13. Events B and C will be reprocessed (offset was committed only through A). To prevent duplicate fraud alerts for Event B, use an idempotent processing pattern: check a processed_events table keyed by transaction ID before generating an alert. If the ID already exists, skip processing.