MCPA – Level 1: MuleSoft Certified Platform Architect Topic 1
Question #: 35
Topic #: 1
What CANNOT be effectively enforced using an API policy in Anypoint Platform?
A. Guarding against Denial of Service attacks
B. Maintaining tamper-proof credentials between APIs
C. Logging HTTP requests and responses
D. Backend system overloading
Selected Answer: A
Question #: 25
Topic #: 1
A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the
AWS VPC.
To what TCP port do API invocations to that Mule application need to be sent?
A. 443
B. 8081
C. 8091
D. 8092
Selected Answer: D
Question #: 57
Topic #: 1
An API implementation is updated. When must the RAML definition of the API also be updated?
A. When the API implementation changes the structure of the request or response messages.
B. When the API implementation changes from interacting with a legacy backend system deployed on-premises to a modern, cloud-based (SaaS) system.
C. When the API implementation is migrated from an older to a newer version of the Mule runtime.
D. When the API implementation is optimized to improve its average response time.
Selected Answer: A
Question #: 34
Topic #: 1
What is a best practice when building System APIs?
A. Document the API using an easily consumable asset like a RAML definition
B. Model all API resources and methods to closely mimic the operations of the backend system
C. Build an Enterprise Data Model (Canonical Data Model) for each backend system and apply it to System APIs
D. Expose to API clients all technical details of the API implementation’s interaction with the backend system
Selected Answer: A
Question #: 27
Topic #: 1
The responses to some HTTP requests can be cached depending on the HTTP verb used in the request.
According to the HTTP specification, for what HTTP verbs is this safe to do?
A. PUT, POST, DELETE
B. GET, HEAD, POST
C. GET, PUT, OPTIONS
D. GET, OPTIONS, HEAD
Selected Answer: D
Question #: 38
Topic #: 1
A new upstream API is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity.
The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms.
If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet the new upstream API’s desired SLA?
A. Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries.
B. Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete.
C. No timeout is possible to meet the upstream API’s desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API.
D. Do not set a timeout; the invocation of this API is mandatory and so we must wait until it responds.
Selected Answer: C
Question #: 21
Topic #: 1
When using CloudHub with the Shared Load Balancer, what is managed EXCLUSIVELY by the API implementation (the Mule application) and NOT by Anypoint
Platform?
A. The assignment of each HTTP request to a particular CloudHub worker
B. The logging configuration that enables log entries to be visible in Runtime Manager
C. The SSL certificates used by the API implementation to expose HTTPS endpoints
D. The number of DNS entries allocated to the API implementation
Selected Answer: C
Question #: 5
Topic #: 1
What do the API invocation metrics provided by Anypoint Platform provide?
A. ROI metrics from APIs that can be directly shared with business users
B. Measurements of the effectiveness of the application network based on the level of reuse
C. Data on past API invocations to help identify anomalies and usage patterns across various APIs
D. Proactive identification of likely future policy violations that exceed a given threat threshold
Selected Answer: C
Question #: 35
Topic #: 1
What CANNOT be effectively enforced using an API policy in Anypoint Platform?
A. Guarding against Denial of Service attacks
B. Maintaining tamper-proof credentials between APIs
C. Logging HTTP requests and responses
D. Backend system overloading
Selected Answer: A
Question #: 25
Topic #: 1
A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the
AWS VPC.
To what TCP port do API invocations to that Mule application need to be sent?
A. 443
B. 8081
C. 8091
D. 8092
Selected Answer: D
Question #: 57
Topic #: 1
An API implementation is updated. When must the RAML definition of the API also be updated?
A. When the API implementation changes the structure of the request or response messages.
B. When the API implementation changes from interacting with a legacy backend system deployed on-premises to a modern, cloud-based (SaaS) system.
C. When the API implementation is migrated from an older to a newer version of the Mule runtime.
D. When the API implementation is optimized to improve its average response time.
Selected Answer: A
Question #: 34
Topic #: 1
What is a best practice when building System APIs?
A. Document the API using an easily consumable asset like a RAML definition
B. Model all API resources and methods to closely mimic the operations of the backend system
C. Build an Enterprise Data Model (Canonical Data Model) for each backend system and apply it to System APIs
D. Expose to API clients all technical details of the API implementation’s interaction with the backend system
Selected Answer: A
Question #: 27
Topic #: 1
The responses to some HTTP requests can be cached depending on the HTTP verb used in the request.
According to the HTTP specification, for what HTTP verbs is this safe to do?
A. PUT, POST, DELETE
B. GET, HEAD, POST
C. GET, PUT, OPTIONS
D. GET, OPTIONS, HEAD
Selected Answer: D
Question #: 7
Topic #: 1
An API implementation is deployed on a single worker on CloudHub and invoked by external API clients (outside of CloudHub).
How can an alert be set up that is guaranteed to trigger AS SOON AS that API implementation stops responding to API invocations?
A. Implement a heartbeat/health check within the API and invoke it from outside the Anypoint Platform and alert when the heartbeat does not respond.
B. Configure a ג€worker not respondingג€ alert in Anypoint Runtime Manager.
C. Handle API invocation exceptions within the calling API client and raise an alert from that API client when the API is unavailable.
D. Create an alert for when the API receives no requests within a specified time period.
Selected Answer: A
Question #: 32
Topic #: 1
A code-centric API documentation environment should allow API consumers to investigate and execute API client source code that demonstrates invoking one or more APIs as part of representative scenarios.
What is the most effective way to provide this type of code-centric API documentation environment using Anypoint Platform?
A. Enable mocking services for each of the relevant APIs and expose them via their Anypoint Exchange entry
B. Ensure the APIs are well documented through their Anypoint Exchange entries and API Consoles and share these pages with all API consumers
C. Create API Notebooks and include them in the relevant Anypoint Exchange entries
D. Make relevant APIs discoverable via an Anypoint Exchange entry
Selected Answer: C
Question #: 26
Topic #: 1
What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?
A. Single sign-on is required to sign in to Anypoint Platform
B. The application network must include System APIs that interact with the Identity Provider
C. To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
D. APIs managed by Anypoint Platform must be protected by SAML 2.0 policies
Selected Answer: C
Question #: 20
Topic #: 1
What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub
Shared Worker Cloud?
A. A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design
B. The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
C. The FQDNs are determined by the application name, but can be modified by an administrator after deployment
D. The FQDNs are determined by both the application name and the Anypoint Platform organization
Selected Answer: A
Question #: 1
Topic #: 1
What API policy would LEAST likely be applied to a Process API?
A. Custom circuit breaker
B. Client ID enforcement
C. Rate limiting
D. JSON threat protection
Selected Answer: C
Question #: 4
Topic #: 1
What condition requires using a CloudHub Dedicated Load Balancer?
A. When cross-region load balancing is required between separate deployments of the same Mule application
B. When custom DNS names are required for API implementations deployed to customer-hosted Mule runtimes
C. When API invocations across multiple CloudHub workers must be load balanced
D. When server-side load-balanced TLS mutual authentication is required between API implementations and API clients
Selected Answer: C
Question #: 17
Topic #: 1
A System API is designed to retrieve data from a backend system that has scalability challenges.
What API policy can best safeguard the backend system?
A. IP whitelist
B. SLA-based rate limiting
C. OAuth 2 token enforcement
D. Client ID enforcement
Selected Answer: B
Question #: 46
Topic #: 1
An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.
The power relationship between Order API and Product API is one of `Customer/Supplier`, because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.
What strategy should be used to deal with the API data model of the Product API within the Order API?
A. Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model.
B. Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API.
C. Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API.
D. Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API.
Selected Answer: C
Question #: 37
Topic #: 1
What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?
A. OAuth 2.0 access token enforcement
B. Client ID enforcement
C. JSON threat protection
D. IP whitelist
Selected Answer: D
Question #: 23
Topic #: 1
What is true about where an API policy is defined in Anypoint Platform and how it is then applied to API instances?
A. The API policy is defined in Runtime Manager as part of the API deployment to a Mule runtime, and then ONLY applied to the specific API instance.
B. The API policy is defined in API Manager for a specific API instance, and then ONLY applied to the specific API instance.
C. The API policy is defined in API Manager and then automatically applied to ALL API instances.
D. The API policy is defined in API Manager, and then applied to ALL API instances in the specified environment.
Selected Answer: B
Question #: 2
Topic #: 1
What is a key performance indicator (KPI) that measures the success of a typical C4E that is immediately apparent in responses from the Anypoint Platform APIs?
A. The number of production outage incidents reported in the last 24 hours
B. The number of API implementations that have a publicly accessible HTTP endpoint and are being managed by Anypoint Platform
C. The fraction of API implementations deployed manually relative to those deployed using a CI/CD tool
D. The number of API specifications in RAML or OAS format published to Anypoint Exchange
Selected Answer: D
Question #: 22
Topic #: 1
Refer to the exhibit.
What is the best way to decompose one end-to-end business process into a collaboration of Experience, Process, and of System APIs?
A. Handle customizations for the end-user application at the Process API level rather than the Experience API level.
B. Allow System APIs to return data that is NOT currently required by the identified Process or Experience APIs.
C. Always use a tiered approach by creating exactly one API for each of the 3 layers (Experience, Process and System APIs).
D. Use a Process API to orchestrate calls to multiple System APIs, but NOT to other Process APIs.
Selected Answer: A
