Home/google/Free Google Apigee-API-Engineer Actual Exam Questions/Question 3

Free Google Apigee-API-Engineer Actual Exam Questions - Question 3 Discussion

Question No. 3

Which features are supported in the OAulhV2 policy'? Select all that are correct. Choose 3 answers

Select all that apply, then reveal solution.

Osama E.

2026-02-20

D imo, B is out since OAuthV2 policies generally don’t deal with storing external tokens—that’s more of a separate system function. Between A, C, and D, I pick C and D easily because credential checks and setting different expirations are standard. A also fits because customizing tokens with extra attributes feels like a common extension point. So A, C, and D seem like the solid picks regardless of which OAuthV2 variant you consider.

Ash K.

2026-02-14

Not B, because OAuthV2 policies typically don't handle external token storage directly. A and D are common for token customization and expiration control, while C fits with validating credentials during password grants.

Peter H.

2026-02-13

It’s definitely not B because storing external tokens usually isn't part of OAuthV2 policy features. Between A, C, and D, A makes sense for customizing tokens to carry extra info, and C fits since password grant requires credential checks. D is typical too, with refresh and access token expirations differing to improve security. So I’d stick with A, C, and D as the correct answers here.

Hassan K.

2026-02-05

D, since refresh and access tokens usually have different expiry times.

Hassan K.

2026-02-02

Probably B is out since storing external tokens isn’t standard for OAuthV2. So A, C, and D still seem the best picks based on typical token customization and expiration features.

Marco K.

2026-01-28

It’s A, C, and D for me. Custom attributes on tokens (A) seem like a handy feature to include, especially for more control over token content. Credential validation (C) is pretty much a given when you’re using the password grant type since the server has to check the user’s creds. And different expirations (D) for access and refresh tokens are standard practice to balance security and usability. B feels off because storing external tokens isn’t usually part of what OAuthV2 policies handle directly; that’s more about token management or federation outside the policy scope.

Michael M.

2026-01-26

Maybe D makes sense because access and refresh tokens often have separate lifetimes. I’m also thinking C fits since password grants typically require validating credentials. A could be right too, as customizing token attributes is pretty common for flexibility. B seems unlikely because storing external tokens isn’t usually handled by OAuth policies themselves but by other components or middleware. So, my pick would be A, C, and D.

Jason M.

2026-01-19

B/C/D? I don’t think storing external tokens (B) fits typical OAuthV2 policy features, but credential validation (C) and different expirations (D) seem standard. Not sure about custom attributes (A) here.

Jason M.

2026-01-14

I think A, C, and D are correct since OAuthV2 policies usually allow custom attributes, validate creds on password grant, and set different token expirations. B sounds off for me.