1. B
The Startup class in ASP.NET Core serves two primary functions through its ConfigureServices and Configure methods. It configures the dependency injection container by registering services and sets up the middleware pipeline that processes HTTP requests. This centralized configuration approach allows developers to define how the application handles requests, manages dependencies, and processes data throughout its lifecycle.

2. B
The ConfigureServices method is specifically designed to register services with the built-in dependency injection container in ASP.NET Core. This method is called by the runtime before the Configure method and allows developers to add services such as database contexts, repositories, authentication schemes, and custom services that can be injected into controllers and other components throughout the application.

3. C
ASP.NET Core Web API applications run on port 5000 by default when executed locally using the dotnet run command. This default configuration can be found in the launchSettings.json file and can be modified according to specific requirements. For HTTPS, the default port is 5001. Understanding default port configurations is essential for local development and debugging.

4. B
The [ApiController] attribute is specifically designed for Web API controllers and enables several API-specific behaviors automatically. These include automatic model validation, binding source parameter inference, and problem details for error responses. This attribute simplifies API development by reducing boilerplate code and enforcing best practices for RESTful services.

5. C
The GET HTTP verb is the standard method for retrieving data from a Web API according to RESTful principles. GET requests should be idempotent and safe, meaning they should not modify server state and multiple identical requests should produce the same result. This verb is used for read operations and is the most commonly used HTTP method in Web APIs.

6. C
The Ok() method returns an HTTP 200 status code along with the specified data in the response body. This is the standard response for successful GET requests and indicates that the request was processed successfully and the server is returning the requested information. The method is type-safe and allows for strongly typed responses.

7. A
Model binding is the process that converts HTTP request data from various sources such as route values, query strings, and request bodies into strongly typed CLR objects. This automatic conversion simplifies controller code by eliminating the need to manually parse and convert request data, while also enabling validation and providing type safety throughout the application.

8. C
The [FromBody] attribute explicitly tells the model binder to deserialize the request body content into the parameter object. This is essential when accepting complex objects or JSON payloads in POST or PUT requests. The attribute ensures that the data is read from the HTTP request body rather than from query strings or route parameters.

9. B
API versioning is best implemented using either URL path segments or query string parameters, allowing multiple versions to coexist while maintaining backward compatibility. This approach enables gradual migration of clients to newer versions and provides clear version identification in API calls. Common patterns include using routes like api/v1/products or query parameters like api/products?version=1.

10. B
The routing middleware is responsible for matching incoming HTTP requests to the appropriate endpoints and controller actions based on defined route patterns. It examines the request URL and HTTP verb to determine which controller action should handle the request. This middleware must be registered in the pipeline using app.UseRouting() before endpoint execution.

11. B
Dependency injection promotes loose coupling between components by inverting the control of dependency creation. Instead of classes creating their dependencies directly, they receive them through constructor injection or other means. This pattern improves testability by allowing easy substitution of mock objects, enhances maintainability by reducing tight coupling, and supports the single responsibility principle.

12. A
The IMiddleware interface provides a factory-based approach to creating middleware components in ASP.NET Core. Implementing this interface requires defining the InvokeAsync method which contains the middleware logic. This approach enables dependency injection for middleware and allows for better lifecycle management compared to convention-based middleware.

13. B
ASP.NET Core 3.0 introduced System.Text.Json as the default JSON serialization library, replacing Newtonsoft.Json. This new library offers improved performance and reduced memory allocation while maintaining most common serialization scenarios. However, Newtonsoft.Json can still be added separately for applications requiring its advanced features.

14. B
HTTP status code 201 (Created) is the appropriate response when a new resource has been successfully created on the server. This status code is typically returned from POST requests and should include a Location header containing the URI of the newly created resource. This follows RESTful conventions and provides clients with information about where to find the new resource.

15. B
The [Route] attribute defines the URL pattern or template for accessing controller actions. It can be applied at both controller and action levels, supporting route parameters, constraints, and hierarchical routing structures. This attribute provides flexibility in designing clean, intuitive API endpoints that follow RESTful conventions.

16. B
The Configure method in the Startup class is where the HTTP request pipeline is built by adding middleware components in a specific order. Each piece of middleware can process requests, perform operations, and pass control to the next component. The order of middleware registration is critical as it determines the sequence in which requests are processed.

17. B
Implementing pagination using query parameters for page number and page size is the standard RESTful approach. This method allows clients to request specific subsets of data efficiently, reduces payload sizes, and improves application performance. Parameters like pageNumber and pageSize enable clients to control the amount of data retrieved while the server handles the actual data retrieval logic.

18. B
Custom exception middleware provides a centralized, consistent approach to handling errors across the entire application. This middleware can catch unhandled exceptions, log them appropriately, and return standardized error responses to clients. Implementing this at the middleware level ensures all exceptions are handled uniformly without requiring try-catch blocks in every controller action.

19. B
Data Transfer Objects serve as a contract between the API and its clients, defining exactly what data is exposed. They decouple the internal domain models from external representations, allow for data shaping and transformation, prevent over-posting vulnerabilities, and enable versioning without affecting internal structures. DTOs provide a clean separation between the API layer and business logic.

20. C
JWT Bearer authentication is the industry standard for securing Web APIs with token-based authentication. JWTs are self-contained tokens that can include claims about the user and are verified using digital signatures. This approach is stateless, scalable, and works well with modern single-page applications and mobile clients, eliminating the need for server-side session management.

21. B
IActionResult provides flexibility in returning different types of responses from controller actions. It allows methods to return various HTTP status codes along with data, such as Ok(), BadRequest(), NotFound(), or Created(). This abstraction enables clean code while supporting multiple response scenarios without changing the method signature.

22. C
The PUT HTTP verb is used for updating an entire resource in RESTful APIs. PUT requests should be idempotent, meaning multiple identical requests should have the same effect as a single request. When using PUT, clients typically send the complete updated resource representation, and the server replaces the existing resource entirely with the new data.

23. B
Model validation ensures that incoming data conforms to defined rules and constraints before processing. ASP.NET Core automatically validates models decorated with validation attributes and populates the ModelState with any errors. This prevents invalid data from reaching business logic, improves data integrity, and provides consistent error responses to clients.

24. C
The [FromRoute] attribute explicitly indicates that a parameter’s value should be bound from the URL route template. While ASP.NET Core can often infer this automatically, using the attribute makes the intent clear and ensures correct binding behavior. This is particularly useful when route parameter names differ from method parameter names.

25. B
Content negotiation is the process where the server selects the most appropriate response format based on the client’s Accept header. This mechanism allows APIs to support multiple formats such as JSON and XML while serving the format preferred by each client. ASP.NET Core handles content negotiation automatically through formatters.

26. B
The UseCors() middleware enables Cross-Origin Resource Sharing, which is essential for allowing web applications from different origins to access the API. CORS must be properly configured with policies that specify allowed origins, methods, and headers. This middleware should be placed before UseRouting() in the pipeline to ensure proper request handling.

27. B
Action filters provide hooks into the MVC action execution pipeline, allowing code to run before or after action methods execute. They are useful for implementing cross-cutting concerns like logging, caching, validation, and exception handling. Filters can be applied at the action, controller, or global level to affect different scopes of the application.

28. C
HTTP status code 204 (No Content) indicates that the request was successful but the response intentionally contains no body content. This is commonly used for DELETE operations or PUT operations where the client already has the updated representation. It confirms success while minimizing bandwidth usage.

29. B
The IFormFile interface is the recommended approach for handling file uploads in ASP.NET Core. It provides access to uploaded files through multipart form data requests and includes properties for file size, content type, and stream access. This approach is memory-efficient for large files and integrates seamlessly with model binding.

30. C
The [JsonIgnore] attribute from System.Text.Json (or Newtonsoft.Json) instructs the serializer to skip a property during both serialization and deserialization. This is useful for excluding sensitive data, computed properties, or internal implementation details from API responses. The attribute provides fine-grained control over which properties are exposed through the API without modifying the underlying model structure.

31. B
Response caching stores copies of responses and serves them for subsequent identical requests, significantly improving performance and reducing server load. It works by examining cache headers and storing responses in memory or distributed caches. Proper cache configuration considers factors like cache duration, validation, and cache key generation.

32. B
Swagger and OpenAPI specifications provide automated, interactive API documentation. These tools generate documentation directly from code using attributes and XML comments, creating a living documentation that stays synchronized with the actual API implementation. The Swagger UI provides an interactive interface for testing endpoints.

33. B
The Problem Details specification (RFC 7807) provides a standardized, machine-readable format for communicating error information in HTTP APIs. When the [ApiController] attribute is applied, ASP.NET Core automatically returns problem details for validation errors and other error scenarios. This consistent format includes properties like type, title, status, detail, and instance, making it easier for clients to parse and handle errors uniformly across different APIs.

34. A
The UseStaticFiles() middleware enables the serving of static files such as images, CSS, JavaScript, and other content from the wwwroot folder. This middleware should be placed early in the request pipeline to allow static file requests to be handled efficiently without passing through unnecessary middleware. While Web APIs typically focus on data, this middleware is useful when serving documentation, images, or client applications.

35. B
The async and await keywords enable asynchronous programming in ASP.NET Core, allowing operations like database queries and HTTP calls to execute without blocking threads. This improves application scalability by freeing threads to handle other requests while waiting for I/O operations to complete, resulting in better resource utilization and responsiveness.

36. B
Implementing API key authentication requires creating custom authentication middleware or authentication handlers that validate keys typically passed in request headers like X-API-Key. This approach allows for centralized validation logic, proper integration with the ASP.NET Core authentication system, and support for authorization policies. Keys should never be embedded in URLs as they can be logged or cached, and request bodies are inappropriate for authentication credentials.