Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Exam Questions Instant Access

Question 1

What should be ensured before sharing an API through a public Anypoint Exchange portal?

AThe visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility

BThe users needing access to the API should be added to the appropriate role in Anypoint Platform

CThe API should be functional with at least an initial implementation deployed and accessible for users to interact with

DThe API should be secured using one of the supported authentication/authorization mechanisms to ensure that data is not compromised

Answer : A

Correct Answe r: The visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility.

*****************************************

https://docs.mulesoft.com/exchange/to-share-api-asset-to-portal

Question 2

A customer has an ELA contract with MuleSoft. An API deployed to CloudHub is consistently experiencing performance issues. Based on the root cause analysis, it is

determined that autoscaling needs to be applied.

How can this be achieved?

AConfigure a policy so that when the number of HTTP requests reaches a certain threshold the number of workers/replicas increases (horizontal scaling)

BConfigure two separate policies: When CPU and memory reach certain threshold, increase the worker/replica type (vertical sealing) and the number of workers/replicas (horizontal sealing)

CConfigure a policy based on CPU usage so that CloudHub auto-adjusts the number of workers/replicas (horizontal scaling)

DConfigure a policy so that when the response time reaches a certain threshold the worker/replica type increases (vertical scaling)

Answer : C

In MuleSoft CloudHub, autoscaling is essential to managing application load efficiently. CloudHub supports horizontal scaling based on CPU usage, which is well-suited to applications experiencing variable demand and needing responsive resource allocation.

Autoscaling on CloudHub:

Horizontal scaling increases the number of workers in response to CPU usage thresholds, allowing the application to handle higher loads dynamically. This approach improves performance without downtime or manual intervention.

Why Option C is Correct:

Setting up autoscaling based on CPU usage aligns with MuleSoft's best practices for scalable and responsive applications on CloudHub, particularly in an environment with fluctuating load patterns.

Option C correctly leverages CloudHub's autoscaling features based on resource metrics, which are part of CloudHub's managed scaling solutions.

of Incorrect Options:

Option A (based on HTTP request thresholds) and Option B (separate policies for CPU and memory) do not represent CloudHub's recommended scaling practices.

Option D suggests vertical scaling based on response time, which is not how CloudHub handles autoscaling.

Reference For more on CloudHub's autoscaling configuration, refer to MuleSoft documentation on CloudHub autoscaling policies.

Question 3

A business process is being implemented within an organization's application network. The architecture group proposes using a more coarse-grained application

network design with relatively fewer APIs deployed to the application network compared to a more fine-grained design.

Overall, which factor typically increases with a more coarse-grained design for this business process implementation and deployment compared with using a more fine-grained

design?

AThe complexity of each API implementation

BThe number of discoverable assets related to APIs deployed in the application network

CThe number of possible connections between API implementations in the application network

DThe usage of network infrastructure resources by the application network

Answer : A

Understanding Coarse-Grained vs. Fine-Grained API Design:

A coarse-grained design consolidates multiple operations within a single API, leading to fewer APIs but with more complex implementations. Conversely, a fine-grained design breaks down functionalities into smaller, more specific APIs, resulting in simpler implementations but a larger number of APIs.

Evaluating the Options:

Option A (Correct Answer): With a coarse-grained design, each API handles more functionalities, increasing the complexity of each API implementation as it needs to manage more use cases and logic.

Option B: A coarse-grained design typically reduces the number of APIs, so fewer discoverable assets are available.

Option C: Fewer APIs generally mean fewer connections between them in the application network.

Option D: Network infrastructure usage may actually decrease with fewer APIs, as there are fewer calls between APIs.

Conclusion:

Option A is the correct answer, as the complexity of each API implementation increases in a coarse-grained design due to the consolidation of multiple functionalities into single APIs.

Refer to MuleSoft's documentation on API design principles and best practices for coarse-grained vs. fine-grained API implementation.

Question 4

What is the most performant out-of-the-box solution in Anypoint Platform to track transaction state in an asynchronously executing long-running process implemented as a Mule application deployed to multiple CloudHub workers?

ARedis distributed cache

Bjava.util.WeakHashMap

CPersistent Object Store

DFile-based storage

Answer : C

Correct Answe r: Persistent Object Store

*****************************************

>> Redis distributed cache is performant but NOT out-of-the-box solution in Anypoint Platform

>> File-storage is neither performant nor out-of-the-box solution in Anypoint Platform

>> java.util.WeakHashMap needs a completely custom implementation of cache from scratch using Java code and is limited to the JVM where it is running. Which means the state in the cache is not worker aware when running on multiple workers. This type of cache is local to the worker. So, this is neither out-of-the-box nor worker-aware among multiple workers on cloudhub. https://www.baeldung.com/java-weakhashmap

>> Persistent Object Store is an out-of-the-box solution provided by Anypoint Platform which is performant as well as worker aware among multiple workers running on CloudHub. https://docs.mulesoft.com/object-store/

So, Persistent Object Store is the right answer.

Question 5

The asset version 2.0.0 of the Order API is successfully published in Exchange and configured in API Manager with the Autodiscovery API ID correctly linked to the

API implementation, A new GET method is added to the existing API specification, and after updates, the asset version of the Order API is 2.0.1,

What happens to the Autodiscovery API ID when the new asset version is updated in API Manager?

AThe API ID changes, but no changes are needed to the API implementation for the new asset version in the API Autediscovery global element because the API ID is automatically updated

BThe APL ID changes, so the API implementation must be updated with the latest API ID for the new asset version in the API Autodiscovery global element

CThe APLID does not change, so no changes to the APT implementation are needed for the new asset version in the API Autodiscovery global element

DThe APL ID does not change, but the API implementation must be updated in the AP] Autodiscovery global element to indicate the new asset version 2.0.4

Answer : C

Understanding API Autodiscovery in MuleSoft:

API Autodiscovery links an API implementation in Anypoint Platform with its configuration in API Manager. This is controlled by the API ID which is set in the API Autodiscovery element in the Mule application.

The API ID remains consistent across minor updates to the API asset version in Exchange (e.g., from 2.0.0 to 2.0.1) as long as it is the same API.

Effect of Asset Version Update on API Autodiscovery:

When the asset version is updated (e.g., from 2.0.0 to 2.0.1), the API ID remains the same. Therefore, no changes are needed in the Autodiscovery configuration within the Mule application. The Autodiscovery will continue to link the API implementation to the latest version in API Manager.

Evaluating the Options:

Option A: Incorrect, as the API ID does not automatically change with minor asset version updates.

Option B: Incorrect, as the API ID remains the same, so no update is needed in the API implementation.

Option C (Correct Answer): The API ID does not change, so no changes are necessary in the API implementation for the new asset version.

Option D: Incorrect, as there is no need to update the API implementation in the Autodiscovery global element for minor version changes.

Conclusion:

Option C is the correct answer, as the API ID remains unchanged with minor version updates, and no changes are needed in the API Autodiscovery configuration.

Refer to MuleSoft documentation on API Autodiscovery and version management for more details.

Question 6

An IT Security Compliance Auditor is assessing which nonfunctional requirements (NFRs) are already being implemented to meet security measures.

* The Web API has Rate-Limiting SLA

* Basic Authentication - LDAP

* JSON Threat Protection

* TP Allowlist policies applied

Which two NFRs-are enforced?

AThe API invocations are coming from a known subnet range

BUsername/password supported to validate login credentials

CSensitive data is masked to prevent compromising critical information

DThe API is protected against XML invocation attacks

EPerformance expectations are to be allowed up to 1,000 requests per second

Answer : A, B

Understanding Nonfunctional Requirements (NFRs):

The NFRs in this context are related to security measures implemented for the Web API, such as rate limiting, LDAP-based authentication, JSON threat protection, and IP allowlist policies.

Evaluating the Options:

Option A (Correct Answer): The IP allowlist policy restricts access to known subnets, ensuring that API invocations come from a defined range of IPs.

Option B (Correct Answer): Basic Authentication with LDAP enforces a username/password validation, satisfying an NFR for identity verification.

Option C: Masking sensitive data is not part of the listed NFRs, as none of the mentioned policies address data masking.

Option D: XML threat protection is not mentioned, so this option is incorrect.

Option E: While rate-limiting implies performance control, it does not directly enforce a specific performance expectation.

Conclusion:

Options A and B are correct as they directly address the implemented security measures related to IP range restrictions and username/password authentication.

Refer to MuleSoft's documentation on API security policies for details on LDAP, rate limiting, and allowlist policies.

Question 7

A System API is designed to retrieve data from a backend system that has scalability challenges. What API policy can best safeguard the backend system?

AIPwhitelist

BSLA-based rate limiting

CAuth 2 token enforcement

DClient ID enforcement

Answer : B

Correct Answe r: SLA-based rate limiting

*****************************************

>> Client Id enforement policy is a 'Compliance' related NFR and does not help in maintaining the 'Quality of Service (QoS)'. It CANNOT and NOT meant for protecting the backend systems from scalability challenges.

>> IP Whitelisting and OAuth 2.0 token enforcement are 'Security' related NFRs and again does not help in maintaining the 'Quality of Service (QoS)'. They CANNOT and are NOT meant for protecting the backend systems from scalability challenges.

Rate Limiting, Rate Limiting-SLA, Throttling, Spike Control are the policies that are 'Quality of Service (QOS)' related NFRs and are meant to help in protecting the backend systems from getting overloaded.

https://dzone.com/articles/how-to-secure-apis