Question 1

Which core feature of the Ping Identity Platform allows organizations to consolidate multiple identity sources into a single, unified view for applications?

Accepted Answer

PingDirectory

Answer

PingRemote

Answer

PingTunnel

Answer

PingShield

Question 2

In the context of Ping Identity's orchestration capabilities, which feature allows administrators to design automated, visual workflows for user journeys such as registration and authentication?

Accepted Answer

PingOne DaVinci

Answer

PingOne Gatekeeper

Answer

PingOne FlowMaster

Answer

PingOne Architect

Question 3

Which specific component of the Ping Identity suite acts as a high-performance federation server, providing secure Single Sign-On (SSO) and identity provider capabilities for both on-premises and cloud applications?

Accepted Answer

PingFederate

Answer

PingConnect

Answer

PingSafe

Answer

PingVault

Question 4

Which Ping Identity feature is specifically designed to provide API security and protect against threats by monitoring traffic and applying AI-driven behavioral analysis?

Accepted Answer

PingIntelligence for APIs

Answer

PingFirewall

Answer

PingMonitor

Answer

PingAPI Gateway

Question 5

Which specific Ping Identity capability focuses on the Zero Trust principle by continuously evaluating risk signals such as device posture, user behavior, and network location during an active session?

Accepted Answer

PingOne Risk

Answer

PingOne Barrier

Answer

PingOne Storage

Answer

PingOne Static

Question 6

Which component of the Ping Identity portfolio is primarily responsible for managing centralized access control policies and protecting web-based applications and APIs via a high-performance proxy or agent?

Accepted Answer

PingAccess

Answer

PingShield

Answer

PingGuardian

Answer

PingGate

Question 7

Which specific protocol does the Ping Identity platform primarily utilize to facilitate secure authorization and delegated access for modern mobile and web applications?

Accepted Answer

OAuth 2.0

Answer

SMTP

Answer

FTP

Answer

IMAP

Question 8

Which specific authentication feature in the Ping Identity suite provides multi-factor authentication (MFA) capabilities to enhance security during the user login process?

Accepted Answer

PingID

Answer

PingSecure

Answer

PingVerify

Answer

PingAuth

Question 9

Which specific capability of the Ping Identity platform allows organizations to verify the identity of a user by scanning government-issued documents and performing facial recognition during the onboarding process?

Accepted Answer

PingOne Verify

Answer

PingOne Biometrics

Answer

PingOne Scanner

Answer

PingOne Passport

Question 10

Which specific deployment model offered by Ping Identity allows for a hybrid approach where organizations can manage their identity infrastructure in their own private cloud or data center while still leveraging cloud-based services?

Accepted Answer

PingOne Cloud Gateway

Answer

PingOne VPN

Answer

PingOne Direct Connect

Answer

PingOne Static Bridge

Question 11

In the architecture of PingGateway (formerly PingFederate Identity Gateway), what is the primary role of the "Handler" component?

Accepted Answer

To process a request and produce a response, often by acting as a client to a downstream protected application

Answer

To intercept incoming requests and perform initial decryption of TLS traffic only

Answer

To store user session data in a persistent relational database for long-term auditing

Answer

To define the static routing table used by the underlying operating system

Question 12

Which PingGateway configuration object is used to modify a request or response as it passes through the gateway, such as adding a header or validating a token?

Accepted Answer

Filters

Answer

Routers

Answer

Scripts

Answer

Heap Objects

Question 13

In PingGateway, what is the purpose of the 'config.json' file located in the instance directory?

Accepted Answer

To define the heap objects, global settings, and the main entry point for the gateway's configuration

Answer

To act as a temporary cache for storing OAuth2 access tokens

Answer

To store the individual usernames and passwords for all administrative users

Answer

To serve as the primary log file for recording HTTP error status codes

Question 14

In the context of PingGateway, what is the role of the "Exchange" object during the lifecycle of an HTTP request?

Accepted Answer

It serves as a container that holds both the Request and Response objects as they move through the chain.

Answer

It is a specific database table used to store synchronized user attributes.

Answer

It is a protocol used exclusively for communication between PingGateway and PingDirectory.

Answer

It represents a hardware load balancer that distributes traffic across multiple gateway instances.

Question 15

When configuring PingGateway to protect an application, which component is used to determine which route should be applied to an incoming HTTP request based on its URI or other conditions?

Accepted Answer

Router

Answer

KeyManager

Answer

ThrottlingFilter

Answer

Sequence

Question 16

In PingGateway, what is the default name of the field in the 'heap' that identifies the first object to process an incoming request?

Accepted Answer

handler

Answer

trigger

Answer

entrypoint

Answer

gatewayChain

Question 17

Which component in PingGateway is specifically designed to allow the execution of custom Groovy or JavaScript logic within the request or response processing flow?

Accepted Answer

ScriptableFilter

Answer

StaticResponseFilter

Answer

ExpressionHandler

Answer

DynamicRouter

Question 18

In PingGateway, what is the specific function of a "Chain" object within the configuration memory heap?

Accepted Answer

To link one or more filters to a single handler for sequential execution

Answer

To synchronize user attributes between different LDAP directories

Answer

To encrypt the communication between the gateway and the identity provider

Answer

To provide a failover mechanism for high availability of the web server

Question 19

In PingGateway, which specialized filter is primarily used to ensure that a user has a valid session with an Identity Provider (IdP) before allowing access to a protected resource?

Accepted Answer

SingleSignOnFilter

Answer

SqlFilter

Answer

AssignmentFilter

Answer

CaptureFilter

Question 20

In PingGateway, what is the specific purpose of the 'secrets' object within the heap configuration?

Accepted Answer

To provide a unified way to manage and retrieve sensitive data such as passwords, certificates, and cryptographic keys.

Answer

To automatically generate new RSA keys every time the gateway reboots.

Answer

To store the clear-text passwords for all end-users in a local cache.

Answer

To obscure the URI paths of protected applications in the routing table.

Question 21

An enterprise is looking to implement a Zero Trust architecture where a legacy web application, which only understands Header-based authentication, needs to be protected. The application is hosted in a private data center, and the organization uses PingFederate as their OIDC Provider. Which PingGateway (formerly IG) configuration scenario is MOST appropriate to bridge this gap?

Accepted Answer

Acting as a Reverse Proxy with an OAuth2ClientFilter and a HeaderFilter to inject identity attributes.

Answer

Setting up PingGateway as a DNS Load Balancer that redirects all unauthenticated traffic to a LDAP login page.

Answer

Configuring PingGateway as a SAML Identity Provider to directly issue assertions to the legacy application.

Answer

Using PingGateway in 'Agentless Mode' where the application itself makes a REST call to PingGateway via a sidecar API.

Question 22

A financial services company needs to protect a high-value API that currently lacks rate limiting and is vulnerable to credential stuffing. They want to ensure that only requests with a valid Scoped Access Token are allowed, while also limiting each client to

100

requests per minute. Which PingGateway architectural component and filter combination should be deployed to satisfy this requirement?

Accepted Answer

A Route configured with an OAuth2RSFilter and a ThrottlingFilter.

Answer

An AssignmentFilter configured to check the HTTP Referer header against a whitelist.

Answer

A Route using a StaticResponseFilter combined with a SqlStoreFilter for session tracking.

Answer

A PolicyEnforcementFilter paired with a ScriptableFilter to manually parse JWT signatures.

Question 23

An organization wants to implement 'Identity Mapping' where PingGateway intercepts a request containing an OIDC ID Token, but the back-end microservice requires a proprietary 'Legacy-Token' generated by a specific internal web service. Which PingGateway sequence is best suited to handle this scenario?

Accepted Answer

Use an OAuth2ClientFilter to validate the OIDC token, followed by a ScriptableFilter or EntityExtractFilter to call the internal service and exchange the identity details for the Legacy-Token.

Answer

Configure a CrossDomainSingleSignOnFilter to automatically sync cookies between the Gateway and the proprietary internal service.

Answer

Deploy a StaticResponseFilter that returns a

100

redirect to the Legacy-Token issuer for every incoming API call.

Answer

Use a simple HeaderFilter to pass the OIDC ID Token directly to the microservice and let the microservice handle the conversion.

Question 24

A developer needs to configure PingGateway to protect a legacy backend that does not support TLS. To ensure end-to-end security, PingGateway must receive traffic over HTTPS, validate an OpenID Connect session, and then terminate TLS before forwarding the request over a secure internal network segment. If the backend response contains absolute URLs with 'http', which PingGateway feature should be used to ensure the client receives 'https' links?

Accepted Answer

The ReverseProxyContext and the Post-processing tracking through a SwitchFilter or LocationHeaderFilter.

Answer

The ExpressionAttributesFilter using a

100

to rewrite the body payload of every database query.

Answer

The ClientHandler configured with 'allowHttp': false to force the backend to upgrade its protocol automatically.

Answer

The MetadataFilter configured to overwrite the JVM default SSL context for all outbound socket connections.

Question 25

An organization is deploying PingGateway to protect a set of microservices. They require that every incoming request must be inspected for a specific custom HTTP header 'X-Transaction-ID'. If the header is missing, PingGateway should automatically generate a unique

100

and inject it into the request before it reaches the protected microservice. Which configuration approach is most efficient?

Accepted Answer

Using a ScriptableFilter to check for the header existence and an AssignmentFilter to populate the context with a generated value.

Answer

Deploying a HeaderFilter with a hardcoded value that overrides any existing client-provided 'X-Transaction-ID' to ensure consistency.

Answer

Configuring a RiotFilter to block all traffic that does not originate from a known static IP address.

Answer

Using a CaptureFilter to log the error to a file and then terminating the connection with a

100

error.

Question 26

A global retailer uses PingGateway to protect an image-processing API. They want to prevent 'Over-Posting' attacks by ensuring that any incoming POST request with a 'Content-Length' exceeding

100

bytes (5 MB) is rejected immediately at the gateway level. Which PingGateway configuration is the most appropriate to enforce this security policy?

Accepted Answer

Defining a 'maxSize' property within the 'ClientHandler' or using a 'Condition' in the Route to check 'request.entity.size'.

Answer

Setting the 'Heap' memory limit of the PingGateway JVM to exactly

100

MB to force a crash on large uploads.

Answer

Using a 'JdbcFilter' to query a database for the allowed file size of that specific user.

Answer

Configuring a 'TeeFilter' to copy the stream to a secondary 'Size-Checker' microservice for validation.

Question 27

An organization is migrating to a hybrid cloud model and uses PingGateway to protect a legacy web application. The application requires a user's group memberships to be sent via a custom HTTP header named 'X-User-Roles'. However, the incoming OAuth 2.0 Access Token from PingFederate does not contain these groups. How should PingGateway be configured to retrieve and provide this missing data?

Accepted Answer

Configure a UserInfoFilter or a ScriptableFilter to call the Identity Provider's UserInfo endpoint or a Directory Service using the Access Token to resolve the groups.

Answer

Configure a ThrottlingFilter to delay the request until the backend application can perform its own LDAP lookup.

Answer

Enable the 'Auto-Fill' property in the ReverseProxyContext to automatically guess the user groups based on the IP address.

Answer

Use a HeaderFilter to statically map the Access Token string itself to the 'X-User-Roles' header.

Question 28

An organization needs to implement a 'Canary Deployment' strategy where

100

of incoming traffic is routed to a new version of a protected API (v2) while the remaining

90%

continues to use the stable version (v1). Both versions require the same OAuth 2.0 validation. How should PingGateway be configured to achieve this based on traffic probability?

Accepted Answer

Define a Route using a 'Condition' with a script or a weighted 'SwitchFilter' to resolve to different target Handlers based on a random distribution.

Answer

Configure a 'ThrottlingFilter' on the v2 endpoint to reject

100

of all incoming connections with a 503 error.

Answer

Deploy two separate PingGateway instances on different physical servers and use a round-robin DNS entry.

Answer

Use a 'HeaderFilter' to manually flag every tenth request with a 'Is-Canary' header that the backend must interpret.

Question 29

A healthcare provider needs to implement Step-up Authentication. Users initially log in to a portal using a username and password. However, when the user tries to access the '/patient-records' path, PingGateway must detect if the current session has a sufficiently high 'Authentication Context Class Reference' (acr). If not, PingGateway should redirect the user back to the OIDC Provider (PingFederate) to perform Multi-Factor Authentication (MFA). Which filter is primarily responsible for performing this conditional check and redirect?

Accepted Answer

The OAuth2ClientFilter configured with an 'acr_values' requirement in its authentication logic.

Answer

A CaptureFilter designed to log the user out and clear all browser cookies immediately.

Answer

A HeaderFilter configured to append a 'MFA-Required' string to the request URI.

Answer

A StaticResponseFilter that returns a

100

Forbidden error and prevents any further interaction.

Question 30

An organization wants to implement 'Request Shadowing' for a critical API protected by PingGateway. The goal is to send a copy of every production request to a new analytics engine for testing without affecting the response time or behavior of the primary backend. Which PingGateway filter should be utilized to perform this asynchronous request mirroring?

Accepted Answer

The TeeFilter

Answer

The SwitchFilter

Answer

The DispatchHandler

Answer

The CrossDomainSingleSignOnFilter

Related quizzes

Related quizzes