Q1 scenario · i01-secret-leak · weight 2 Junior developer on your customer’s team commits a PhotoRobot API key to their public GitHub repo. You discover it 3 hours later.
Source: I01 textbook §2 + §10.
Explanation: Revoke + rotate is the only safe recovery. Force-pushing or making the repo private doesn’t help — bots scrape public GitHub continuously and credentials harvested in the first minutes of exposure are already in attacker hands. Even if the key wasn’t used during the window, rotate as if it was. Audit the call log for unauthorized usage. Retrain developer.
Q2 scenario · i02-silent-failure · weight 2 Your webhook integration was working fine for 9 months. Then customer reports items aren’t reaching DAM. Investigation shows DAM started returning 500 for every webhook 5 weeks ago. PhotoRobot retried for ~24 hours per event, then stopped delivering. Subscription is in degraded state.
Source: I01 §8, I02 §8 + §12, B26 §10.
Explanation: Monitoring contract is the gate. This is the most-cited failure mode across the integrator track for a reason — it’s the most common root cause of multi-month silent integration rot. Recovery = reconciliation poll for the gap; structural fix = monitoring contract going forward.
Q3 multiple-choice · i02-receiver-sequence In what order does a correct webhook receiver process an incoming event?
Source: I02 textbook §3.
Explanation: Canonical 5-step sequence. Skipping any one creates a future incident. The order matters — signature verification BEFORE you trust the body; timestamp BEFORE dedup; dedup BEFORE side effect; ack BEFORE long processing.
Q4 scenario · i03-csv-duplicates · weight 2 Customer’s catalog ETL pushes the same Excel CSV to PhotoRobot every Friday. 6 months in, you discover 30 % of items are duplicated — same product, different SKU formats (RED-SHIRT-M, red_shirt_m, Red-Shirt-M).
Source: I03 textbook §3.
Explanation: Dedup is the integrator’s responsibility. PhotoRobot accepts SKUs as-provided. Without canonicalization + mapping table, identifier variants multiply into duplicate items. Fix structurally: canonicalization rule + mapping table + on_conflict: update for convergent re-imports.
Q5 multiple-choice · i01-rate-limit-pause PhotoRobot returns HTTP 429. Which header indicates the recommended retry pause?
Source: I01 textbook §5.
Explanation: Retry-After is the canonical HTTP header (per RFC) for “wait N seconds before retrying.” Always honor it; combine with exponential backoff + jitter for resilience.
Q6 scenario · i02-receiver-back-pressure · weight 2 Your webhook receiver is being overwhelmed by an unexpected spike in events. Queue depth growing, workers can’t drain.
Source: I02 textbook §12.
Explanation: 503 is the honest signal. PhotoRobot’s retry mechanism preserves events. 200 to “avoid retries” silently loses data. Let the retry mechanism do its job; scale your workers / queue depth as recovery.
Q7 scenario · cross-foundation-before-tech · weight 2 New customer engagement: 200 studios, ERP team wants real-time API sync, marketing wants DAM auto-publish, IT wants single sign-on, CTO wants “Industry 4.0 in 90 days.”
Source: B26 §8 + §10, I01 §8, I03 §3.
Explanation: Cross-module discipline. Same logic as cert exam Q47 — convert CTO 90-day deadline into structured inquiry. Foundation-first sequencing prevents the “all the tech, nothing got faster” failure pattern.
Q8 multiple-choice · i03-external-id What’s the role of external_id field on a PhotoRobot item?
Source: I03 textbook §5.
Explanation: external_id is the round-trip bridge. Without it, PhotoRobot webhook fires for an item but your handler can’t find the matching upstream record to update. Set it on every item created via integration.
Q9 scenario · i03-bulk-partial · weight 2 Bulk import returns HTTP 200, total 500, succeeded 487, failed 13. Your handler treats 200 as total success and moves on.
Source: I03 textbook §8.
Explanation: Partial success is normal in bulk imports. 200 = “request processed” not “all items succeeded.” Per-item parsing required.
Q10 multiple-choice · i02-replay-window What’s the recommended timestamp tolerance window for webhook replay protection?
Source: I02 textbook §6.
Explanation: 5-minute window balances replay defense against legitimate clock drift / network delay. Too short → spurious rejections during load spikes; too long → replay window remains attackable.
Q11 scenario · i04-no-ocr-api · weight 2 Customer’s product team wants OCR-extracted ingredient lists available “within seconds of capture” via API call from their content management system.
Source: I04 textbook §1.
Explanation: OCR has no API endpoint. Honest architecture: export-driven, not real-time-API-driven. Counter-proposal that achieves business value (CMS gets OCR text quickly) without claiming capability that doesn’t exist.
Q12 multiple-choice · i01-data-wrapper V2 list endpoints wrap response under which JSON key?
Source: I01 textbook §3.
Explanation: V2 envelope: { "data": [...], "meta": {...}, "links": {...} }. The biggest V1→V2 migration footgun — code reading response.id from V1 silently breaks on V2.
Q13 scenario · cross-monitoring-contract · weight 2 You’re inheriting an integration built 14 months ago by a developer who left the company. Customer reports it’s been working “mostly fine.” You audit and find: no error alerting, application logs rotated weekly so only last 7 days exist, no monitoring dashboard, no documented owner.
Source: I01 §8, I02 §8, B26 §10.
Explanation: Monitoring contract first. Without alerting + logs + named owner, you can’t safely change a single thing — you’d introduce regressions invisibly. Stabilize observability, then code-audit, then refactor.
Q14 multiple-choice · i03-discontinued Customer’s ERP marks SKU as “discontinued.” Right PhotoRobot action?
Source: I03 textbook §4.
Explanation: Archive ≠ hard-delete. Discontinued doesn’t mean destroy historical photos. Hard deletes need explicit operator authorization for rare legitimate cases (GDPR, created-in-error).
Q15 scenario · i02-idempotency-layers · weight 2 Customer reports duplicate DAM uploads after webhook retries. Your receiver dedups by event ID — yet duplicates appear.
Source: I02 textbook §5.
Explanation: Two layers of idempotency. Receiver dedup is layer 1 (event ID); side-effect idempotency is layer 2 (UPSERT, item-ID-keyed assets, downstream idempotency keys). Both required to fully prevent duplicates.
Q16 multiple-choice · b22-cloud-link-expiry PhotoRobot Cloud export link validity period?
Source: B22 textbook §8.
Explanation: 7 days from export completion. Confirm customer download within 5 days; re-export if approaching expiry.
Q17 scenario · cross-when-not-to-build · weight 2 Customer requests custom real-time OCR pipeline + auto-publish + auto-email team for every item. Volume: 10 items/day.
Source: Cert exam Q50 + I04 §1 + B26 §4.
Explanation: Three textbook signals at once. Right move: counter-propose simpler design that achieves actual business value. This is exactly what cert exam Q50 tested; refresh validates discipline carried forward.
Q18 multiple-choice · i01-jitter-rationale Why use jitter in exponential backoff for API retries?
Source: I01 textbook §5.
Explanation: Many clients with deterministic backoff = synchronized retry herd that re-triggers rate limits. Random jitter (e.g., Math.random() * 1000ms) spreads the herd across the recovery window.
Q19 scenario · i02-signature-failure · weight 2 Webhook receiver suddenly returning 401 Invalid Signature for every delivery. Secret hasn’t changed. Worked yesterday.
Source: I02 textbook §4 + §13.
Explanation: Raw body integrity is fragile. HMAC was computed over exact bytes PhotoRobot sent; any middleware that re-parses (normalizing whitespace, re-stringifying JSON) breaks verification. Most common: forgotten express.raw({ type: 'application/json' }) before express.json().
Q20 multiple-choice · i04-data-json-format OCR text in data.json is returned as:
Source: I04 textbook §4.
Explanation: Raw text arrays per frame. Structuring (ingredients, nutrition, allergens) is integrator’s parser work — regex / NER / LLM extraction.
Q21 scenario · b26-bottleneck-pattern · weight 2 Customer’s studio could shoot 30 % more items/day if more came in. Operators not at capacity. Downstream publishing fast.
Source: B26 textbook §4.
Explanation: Pattern A (upstream bottleneck). Each pattern has different stage targets. Misdiagnosing leads to wasted automation effort.
Q22 scenario · cross-occasional-failures · weight 2 6 months into a complex integration: customer reports occasional duplicate DAM uploads, sometimes items missing from e-commerce catalog, occasionally items in wrong project. No single thing is broken — everything works “most of the time.”
Source: Cert exam Q48 (cross-module foundation drift).
Explanation: Three canonical fix-points: canonicalization (input), idempotency (process), routing (output). Foundation drift produces “occasional” symptoms — works most of the time, fails under specific conditions. Cert + refresh both test this recognition.
Q23 multiple-choice · b26-monitoring-contract-4 A monitoring contract for a production integration minimally includes:
Source: B26 §10 + I01 §8 + I02 §8.
Explanation: 4-part operational agreement. Repeated across every integrator-track module for a reason — most-common production failure root cause is missing monitoring contract.
Q24 scenario · i01-secret-storage · weight 2 New team member asks: “where do I put the PhotoRobot API key for the new integration project?”
Source: I01 textbook §2.
Explanation: Secrets vault, server-side only. Standing rule for all credentials. Never in source code (Git history is forever); never logged (log aggregation leaks); never client-side (visible in dev tools).
Q25 scenario · cross-production-readiness · weight 2 Integration passes all unit tests + staging tests + customer acceptance. Ready to deploy to production.
Source: Cert exam Q49 + B26 §10 + I01 §8 + I02 §14.
Explanation: Repeated across cert exam Q49 + every integrator-track pre-deploy checklist. Tests validate the code at deploy time; monitoring contract validates the integration at every moment after. Single most important gate.
Ready to commit? You can review and change your answers before submitting. Once submitted, this attempt is final and we'll show you your score, correct answers, and explanations.
Submit final answers
