MCPA – Level 1: MuleSoft Certified Platform Architect Topic 2
Question #: 24
Topic #: 1
An API implementation is deployed to CloudHub.
What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the end-to-end request processing of the
API implementation?
A. When the API is invoked by an unrecognized API client
B. When a particular API client invokes the API too often within a given time period
C. When the response time of API invocations exceeds a threshold
D. When the API receives a very high number of API invocations
Selected Answer: C
Question #: 28
Topic #: 1
What is the most performant out-of-the-box solution in Anypoint Platform to track transaction state in an asynchronously executing long-running process implemented as a Mule application deployed to multiple CloudHub workers?
A. Redis distributed cache
B. java.util.WeakHashMap
C. Persistent Object Store
D. File-based storage
Selected Answer: C
Question #: 18
Topic #: 1
Refer to the exhibit.
What is a valid API in the sense of API-led connectivity and application networks?
A. Java RMI over TCP
B. XML over HTTP
C. CORBA over II׀׀
D. XML over UDP
Selected Answer: B
Question #: 16
Topic #: 1
Refer to the exhibit.
What is true when using customer-hosted Mule runtimes with the MuleSoft-hosted Anypoint Platform control plane (hybrid deployment)?
A. Anypoint Runtime Manager initiates a network connection to a Mule runtime in order to deploy Mule applications.
B. The MuleSoft-hosted Shared Load Balancer can be used to load balance API invocations to the Mule runtimes.
C. API implementations can run successfully in customer-hosted Mule runtimes, even when they are unable to communicate with the control plane.
D. Anypoint Runtime Manager automatically ensures HA in the control plane by creating a new Mule runtime instance in case of a node failure.
Selected Answer: C
Question #: 15
Topic #: 1
Refer to the exhibit.
A RAML definition has been proposed for a new Promotions Process API, and has been published to Anypoint Exchange.
The Marketing Department, who will be an important consumer of the Promotions API, has important requirements and expectations that must be met.
What is the most effective way to use Anypoint Platform features to involve the Marketing Department in this early API design phase?
A. Ask the Marketing Department to interact with a mocking implementation of the API using the automatically generated API Console.
B. Organize a design workshop with the DBAs of the Marketing Department in which the database schema of the Marketing IT systems is translated into RAML.
C. Use Anypoint Studio to implement the API as a Mule application, then deploy that API implementation to CloudHub and ask the Marketing Department to interact with it.
D. Export an integration test suite from API designer and have the Marketing Department execute the tests in that suite to ensure they pass.
Selected Answer: A
Question #: 14
Topic #: 1
What should be ensured before sharing an API through a public Anypoint Exchange portal?
A. The visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility.
B. The users needing access to the API should be added to the appropriate role in Anypoint Platform.
C. The API should be functional with at least an initial implementation deployed and accessible for users to interact with.
D. The API should be secured using one of the supported authentication/authorization mechanisms to ensure that data is not compromised.
Selected Answer: A
Question #: 3
Topic #: 1
An organization is implementing a Quote of the Day API that caches today’s quote.
What scenario can use the CloudHub Object Store via the Object Store connector to persist the cache’s state?
A. When there are three CloudHub deployments of the API implementation to three separate CloudHub regions that must share the cache state.
B. When there are two CloudHub deployments of the API implementation by two Anypoint Platform business groups to the same CloudHub region that must share the cache state.
C. When there is one deployment of the API implementation to CloudHub and another deployment to a customer-hosted Mule runtime that must share the cache state.
D. When there is one CloudHub deployment of the API implementation to three CloudHub workers that must share the cache state.
Selected Answer: D
Question #: 58
Topic #: 1
What Mule application can have API policies applied by Anypoint Platform to the endpoint exposed by that Mule application?
A. A Mule application that accepts requests over HTTP/1x.
B. A Mule application that accepts JSON requests over TCP but is NOT required to provide a response.
C. A Mule application that accepts JSON requests over WebSocket.
D. A Mule application that accepts gRPC requests over HTTP/2
Selected Answer: A
Question #: 6
Topic #: 1
What is true about the technology architecture of Anypoint VPCs?
A. The private IP address range of an Anypoint VPC is automatically chosen by CloudHub.
B. Traffic between Mule applications deployed to an Anypoint VPC and on-premises systems can stay within a private network.
C. Each CloudHub environment requires a separate Anypoint VPC.
D. VPC peering can be used to link the underlying AWS VPC to an on-premises (non AWS) private network.
Selected Answer: B
Question #: 44
Topic #: 1
What correctly characterizes unit tests of Mule applications?
A. They test the validity of input and output of source and target systems.
B. They must be run in a unit testing environment with dedicated Mule runtimes for the environment.
C. They must be triggered by an external client tool or event source.
D. They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity.
Selected Answer: D
Question #: 56
Topic #: 1
What is most likely NOT a characteristic of an integration test for a REST API implementation?
A. The test needs all source and/or target systems configured and accessible.
B. The test runs immediately after the Mule application has been compiled and packaged.
C. The test is triggered by an external HTTP request.
D. The test prepares a known request payload and validates the response payload.
Selected Answer: B
Question #: 55
Topic #: 1
Refer to the exhibit.
An organization uses one specific CloudHub (AWS) region for all CloudHub deployments.
How are CloudHub workers assigned to availability zones (AZs) when the organization’s Mule applications are deployed to CloudHub in that region?
A. Workers belonging to a given environment are assigned to the same AZ within that region.
B. AZs are selected as part of the Mule application’s deployment configuration.
C. Workers are randomly distributed across available AZs within that region.
D. An AZ is randomly selected for a Mule application, and all the Mule application’s CloudHub workers are assigned to that one AZ.
Selected Answer: C
Question #: 54
Topic #: 1
When could the API data model of a System API reasonably mimic the data model exposed by the corresponding backend system, with minimal improvements over the backend system’s data model?
A. When there is an existing Enterprise Data Model widely used across the organization.
B. When the System API can be assigned to a bounded context with a corresponding data model.
C. When a pragmatic approach with only limited isolation from the backend system is deemed appropriate.
D. When the corresponding backend system is expected to be replaced in the near future.
Selected Answer: C
Question #: 53
Topic #: 1
Mule applications that implement a number of REST APIs are deployed to their own subnet that is inaccessible from outside the organization.
External business-partners need to access these APIs, which are only allowed to be invoked from a separate subnet dedicated to partners – called Partner-subnet.
This subnet is accessible from the public internet, which allows these external partners to reach it.
Anypoint Platform and Mule runtimes are already deployed in Partner-subnet. These Mule runtimes can already access the APIs.
What is the most resource-efficient solution to comply with these requirements, while having the least impact on other applications that are currently using the
APIs?
A. Implement (or generate) an API proxy Mule application for each of the APIs, then deploy the API proxies to the Mule runtimes.
B. Redeploy the API implementations to the same servers running the Mule runtimes.
C. Add an additional endpoint to each API for partner-enablement consumption.
D. Duplicate the APIs as Mule applications, then deploy them to the Mule runtimes.
Selected Answer: A
Question #: 52
Topic #: 1
An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API’s public portal.
The API endpoint does NOT change in the new version.
How should the developer of an API client respond to this change?
A. The update should be identified as a project risk and full regression testing of the functionality that uses this API should be run.
B. The API producer should be contacted to understand the change to existing functionality.
C. The API producer should be requested to run the old version in parallel with the new one.
D. The API client code ONLY needs to be changed if it needs to take advantage of new features.
Selected Answer: D
Question #: 51
Topic #: 1
What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?
A. They must avoid using the Object Store as it depends on services deployed ONLY to the US East region.
B. They must use a jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ.
C. They must be deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control planes, with both planes in the same jurisdiction.
D. They must ensure ALL data is encrypted both in transit and at rest.
Selected Answer: C
Question #: 50
Topic #: 1
When must an API implementation be deployed to an Anypoint VPC?
A. When the API implementation must invoke publicly exposed services that are deployed outside of CloudHub in a customer-managed AWS instance.
B. When the API implementation must be accessible within a subnet of a restricted customer-hosted network that does not allow public access.
C. When the API implementation must be deployed to a production AWS VPC using the Mule Maven plugin
D. When the API implementation must write to a persistent Object Store
Selected Answer: B
Question #: 49
Topic #: 1
An organization uses various cloud-based SaaS systems and multiple on-premises systems. The on-premises systems are an important part of the organization’s application network and can only be accessed from within the organization’s intranet.
What is the best way to configure and use Anypoint Platform to support integrations with both the cloud-based SaaS systems and on-premises systems?
A. Use CloudHub-deployed Mule runtimes in an Anypoint VPC managed by Anypoint Platform Private Cloud Edition control plane.
B. Use CloudHub-deployed Mule runtimes in the shared worker cloud managed by the MuleSoft-hosted Anypoint Platform control plane.
C. Use an on-premises installation of Mule runtimes that are completely isolated with NO external network access, managed by the Anypoint Platform Private Cloud Edition control plane.
D. Use a combination of CloudHub-deployed and manually provisioned on-premises Mule runtimes managed by the MuleSoft-hosted Anypoint Platform control plane.
Selected Answer: D
Question #: 48
Topic #: 1
How are an API implementation, API client, and API consumer combined to invoke and process an API?
A. The API consumer creates an API implementation, which receives API invocations from an API such that they are processed for an API client.
B. The API client creates an API consumer, which receives API invocations from an API such that they are processed for an API implementation.
C. The API consumer creates an API client, which sends API invocations to an API such that they are processed by an API implementation.
D. The API client creates an API consumer, which sends API invocations to an API such that they are processed by an API implementation.
Selected Answer: C
Question #: 47
Topic #: 1
An API implementation is being designed that must invoke an Order API, which is known to repeatedly experience downtime.
For this reason, a fallback API is to be called when the Order API is unavailable.
What approach to designing the invocation of the fallback API provides the best resilience?
A. Search Anypoint Exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the Order API.
B. Create a separate entry for the Order API in API Manager, and then invoke this API as a fallback API if the primary Order API is unavailable.
C. Redirect client requests through an HTTP 307 Temporary Redirect status code to the fallback API whenever the Order API is unavailable.
D. Set an option in the HTTP Requester component that invokes the Order API to instead invoke a fallback API whenever an HTTP 4xx or 5xx response status code is returned from the Order API.
Selected Answer: A
Question #: 45
Topic #: 1
An organization is deploying their new implementation of the OrderStatus System API to multiple workers in CloudHub. This API fronts the organization’s on- premises Order Management System, which is accessed by the API implementation over an IPsec tunnel.
What type of error typically does NOT result in a service outage of the OrderStatus System API?
A. A CloudHub worker fails with an out-of-memory exception.
B. API Manager has an extended outage during the initial deployment of the API implementation.
C. The AWS region goes offline with a major network failure to the relevant AWS data centers.
D. The Order Management System is inaccessible due to a network outage in the organization’s on-premises data center.
Selected Answer: A
Question #: 43
Topic #: 1
What is a typical result of using a fine-grained rather than a coarse-grained API deployment model to implement a given business process?
A. A decrease in the number of connections within the application network supporting the business process.
B. A higher number of discoverable API-related assets in the application network.
C. A better response time for the end user as a result of the APIs being smaller in scope and complexity.
D. An overall lower usage of resources because each fine-grained API consumes less resources.
Selected Answer: B
Question #: 42
Topic #: 1
An organization has implemented a Customer Address API to retrieve customer address information. This API has been deployed to multiple environments and has been configured to enforce client IDs everywhere.
A developer is writing a client application to allow a user to update their address. The developer has found the Customer Address API in Anypoint Exchange and wants to use it in their client application.
What step of gaining access to the API can be performed automatically by Anypoint Platform?
A. Approve the client application request for the chosen SLA tier.
B. Request access to the appropriate API instances deployed to multiple environments using the client application’s credentials.
C. Modify the client application to call the API using the client application’s credentials.
D. Create a new application in Anypoint Exchange for requesting access to the API.
Selected Answer: A
Question #: 41
Topic #: 1
What is typically NOT a function of the APIs created within the framework called API-led connectivity?
A. They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
B. They allow for innovation at the user interface level by consuming the underlying assets without being aware of how data is being extracted from backend systems.
C. They reduce the dependency on the underlying backend systems by helping unlock data from backend systems in a reusable and consumable way.
D. They can compose data from various sources and combine them with orchestration logic to create higher level value
Selected Answer: A
Question #: 40
Topic #: 1
What Mule application deployment scenario requires using Anypoint Platform Private Cloud Edition or Anypoint Platform for Pivotal Cloud Foundry?
A. When it is required to make ALL applications highly available across multiple data centers.
B. When it is required that ALL APIs are private and NOT exposed to the public cloud.
C. When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data.
D. When ALL backend systems in the application network are deployed in the organization’s intranet.
Selected Answer: C
Question #: 39
Topic #: 1
What is true about automating interactions with Anypoint Platform using tools such as Anypoint Platform REST APIs, Anypoint CLI, or the Mule Maven plugin?
A. Access to Anypoint Platform APIs and Anypoint CLI can be controlled separately through the roles and permissions in Anypoint Platform, so that specific users can get access to Anypoint CLI while others get access to the platform APIs.
B. Anypoint Platform APIs can ONLY automate interactions with CloudHub, while the Mule Maven plugin is required for deployment to customer-hosted Mule runtimes
C. ׀’y default, the Anypoint CLI and Mule Maven plugin are NOT included in the Mule runtime, so are NOT available to be used by deployed Mule applications.
D. API policies can be applied to the Anypoint Platform APIs so that ONLY certain LOBs have access to specific functions.
Selected Answer: C
Question #: 36
Topic #: 1
An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).
What best describes each modern API in relation to this new IT operating model?
A. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation.
B. Each modern API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)
C. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT.
D. Each modern API must be REST and HTTP based.
Selected Answer: B
Question #: 33
Topic #: 1
Refer to the exhibit.
An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components.
What policy should be applied to all instances of APIs in the organization to most effectively restrict access to a specific group of internal users?
A. Apply a basic authentication – LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users.
B. Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials.
C. Apply an IP whitelist policy; only the specific users’ workstations will be in the whitelist.
D. Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server.
Selected Answer: A
Question #: 31
Topic #: 1
An API experiences a high rate of client requests (TPS) with small message payloads.
How can usage limits be imposed on the API based on the type of client application?
A. Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type.
B. Use a spike control policy that limits the number of requests for each client application type.
C. Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type.
D. Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type.
Selected Answer: A
Question #: 30
Topic #: 1
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?
A. Shut out bad actors by using HTTPS mutual authentication for all API invocations.
B. Apply an IP blacklist policy to all APIs; the blacklist will include all bad actors.
C. Apply a Header injection and removal policy that detects the malicious data before it is used.
D. Apply a JSON threat protection policy to all APIs to detect potential threat vectors.
Selected Answer: D
