Salesforce MuleSoft Platform Architect I Salesforce Certified MuleSoft Platform Architect I Exam Practice Test

Page: 1 / 14
Total 152 questions

Want more questions? Get Premium Access.
()

Question 1

A Mule 4 API has been deployed to CloudHub and a Basic Authentication - Simple policy has been applied to all API methods and resources. However, the API is still accessible

by clients without using authentication.

How is this possible?

AThe APE Router component is pointing to the incorrect Exchange version of the APT

BThe Autodiscovery element is not present, in the deployed Mule application

CNo... for client applications have been created of this API

DOne of the application's CloudHub workers restarted

Answer : B

When a Basic Authentication policy is applied to an API on CloudHub but clients can still access the API without authentication, the likely cause is a missing Autodiscovery element. Here's how this affects API security:

Autodiscovery in MuleSoft:

The Autodiscovery element is essential for linking an API implementation deployed in CloudHub with its API instance defined in API Manager. This connection allows the policies applied in API Manager, such as Basic Authentication, to be enforced on the deployed API.

Why Option B is Correct:

Without Autodiscovery, the deployed application does not 'know' about the policies configured in API Manager, resulting in unrestricted access. Adding Autodiscovery enables the API to enforce the policies correctly.

of Incorrect Options:

Option A (incorrect Exchange version) would not cause bypassing of security policies.

Option C (missing client applications) does not impact authentication policy enforcement.

Option D (worker restart) is irrelevant to policy enforcement.

Reference Refer to MuleSoft documentation on Autodiscovery configuration and linking API Manager policies for additional information on setting up secure API policies.

Question 2

An existing Quoting API is defined in RAML and used by REST clients for interacting with the quoting engine. Currently there is a resource defined in the RAML that allows the creation of quotes; however, a new requirement was just received to allow for the updating of existing quotes.

Which two actions need to be taken to facilitate this change so it can be processed?

Choose 2 answers

AUpdate the API implementation to accommodate the new update request

BRemove the old client applications and create new client applications to account for the changes

CUpdate the RAML with new method details for the update request

DDeprecate existing versions of the API in Exchange

EAdd a new API policy to API Manager to allow access to the updated endpoint

Answer : A, C

To accommodate the new requirement of allowing updates to existing quotes, the following actions should be taken:

Update the RAML Definition (Option C):

The RAML specification defines the structure and behavior of the API. Adding a new method (such as PUT or PATCH) for updating quotes requires modifying the RAML to include this new endpoint. This ensures the API specification is up-to-date and accurately reflects the new functionality.

Update the API Implementation (Option A):

Once the RAML is updated, the backend API implementation must also be modified to handle the new update requests. This could involve adding logic to process and validate update requests, connect to necessary backend resources, and apply the changes to existing quotes.

of Incorrect Options:

Option B (removing and creating new clients) is unnecessary; client applications can remain as they are, with no need for complete replacement.

Option D (deprecating existing versions) may not be required if backward compatibility is maintained.

Option E (adding a new policy) does not facilitate functional changes and is unrelated to implementing the update feature.

Reference For more details on updating RAML definitions and API implementations, refer to MuleSoft's API Design documentation on RAML and RESTful API practices.

Question 3

An auto manufacturer has a mature CI/CD practice and wants to automate packaging and deployment of any Mule applications to various deployment targets, including CloudHub workers/replicas, customer-hosted Mule runtimes, and Anypoint Runtime Fabric.

Which MuleSoft-provided tool or component facilitates automating the packaging and deployment of Mule applications to various deployment targets as part of the company's

CI/CD practice?

AAnypoint Runtime Manager

BMule Maven plugin

CAnypoint Platform CLI

DAnypoint Platform REST APIs

Answer : B

For organizations with established CI/CD practices, the Mule Maven plugin is the recommended tool for automating packaging and deployment across multiple environments, including CloudHub, on-premise Mule runtimes, and Anypoint Runtime Fabric. Here's why:

Automation with Maven:

The Mule Maven plugin allows for CI/CD integration by supporting automated build and deployment processes. It is commonly used in CI/CD pipelines to handle application packaging and deployment directly through Maven commands, making it ideal for teams that want consistent deployment automation across different MuleSoft environments.

Supported Deployment Targets:

The Mule Maven plugin supports deployment to various targets, including CloudHub, Runtime Fabric, and on-premises servers, thus meeting the needs of environments with diverse deployment destinations.

Why Option B is Correct:

The Mule Maven plugin is specifically designed for CI/CD pipelines and integrates with Jenkins, GitLab, and other CI/CD tools to facilitate continuous deployment. It is the most efficient MuleSoft-provided tool for this purpose.

of Incorrect Options:

Option A (Anypoint Runtime Manager) provides deployment management but does not automate CI/CD processes.

Option C (Anypoint Platform CLI) can script deployments but lacks direct integration with CI/CD tools.

Option D (Anypoint Platform REST APIs) requires custom scripting for deployment, which can be more complex than using the Mule Maven plugin.

Reference For more details, refer to MuleSoft documentation on using the Mule Maven plugin for CI/CD.

Question 4

A manufacturing company has deployed an API implementation to CloudHub and has not configured it to be automatically restarted by CloudHub when the worker is

not responding.

Which statement is true when no API Client invokes that API implementation?

ANo alert on the API invocations and APT implementation can be raised

BAlerts on the APT invocation and API implementation can be raised

CNo alert on the API invocations is raised but alerts on the API implementation can be raised

DAlerts on the API invocations are raised but no alerts on the API implementation can be raised

Answer : C

When an API implementation is deployed on CloudHub without configuring automatic restarts in case of worker non-responsiveness, MuleSoft's monitoring and alerting behavior is as follows:

API Invocation Alerts:

If no clients are invoking the API, there will be no invocation alerts triggered, as alerts related to invocations depend on actual client requests.

Implementation-Level Alerts:

Even without invocation, CloudHub can still monitor the state of the API implementation. If the worker becomes unresponsive, an alert related to the API implementation's health or availability could still be raised.

Why Option C is Correct:

This option correctly identifies that no invocation-related alerts would be triggered in the absence of client requests, while implementation-level alerts could still be generated based on the worker's state.

Reference For additional information, check MuleSoft documentation on CloudHub monitoring and alert configurations to understand worker status alerts versus invocation alerts.

Question 5

The Line of Business (LoB) of an eCommerce company is requesting a process that sends automated notifications via email every time a new order is processed through the

customer's mobile application or through the internal company's web application. In the future, multiple notification channels may be added: for example, text messages and

push notifications.

What is the most effective API-led connectivity approach for the scenario described above?

ACreate one Experience API for the web application and one for the mobile application.
Create a Process API to orchestrate and retrieve the email template from = database.
Create a System API that sends the email using the Anypoint Connector for Email.
Create one Experience API for the web application and one for the mobile application.
Create a Process API to orchestrate and retrieve the email template from = database.
Create a System API that sends the email using the Anypoint Connector for Email.

BCreate one Experience API for the web application and one for the mobile application,
Create a Process API to orchestrate, retrieve the email template from a database, and send the email using the Anypoint Connector for Email.

CCreate Experience APIs for both the web application and mobile application.
Create a Process API ta orchestrate, retrieve the email template from e database, and send the email using the Anypoint Connector for Email.
\

DCreate Experience APIs for both the web application and mobile application.
(Create 3 Process API to orchestrate and retrieve the email template from 2 databese.
Create a System API that sends the email using the Anypoint Connector for Email.

Answer : A

In this scenario, the best approach to satisfy the API-led connectivity principles and support future scalability is:

Experience APIs:

Create separate Experience APIs for the web application and the mobile application. This allows each application to have an optimized interface, supporting different needs and potential differences in request/response structures or security configurations.

Process API:

A single Process API can be used to orchestrate the workflow, including retrieving the email template from a database and preparing the email content. By centralizing this logic in the Process layer, we can ensure it is reusable and easily adaptable for different notification channels in the future.

System API:

A System API specifically designed for sending emails (using the Anypoint Connector for Email) abstracts the email-sending functionality from the business logic. This approach ensures that the email-sending function is reusable and scalable, and it can easily be extended or modified if other notification channels (like SMS or push notifications) are added later.

Why Option A is Correct:

This structure aligns with API-led connectivity principles by separating concerns across Experience, Process, and System layers. It provides flexibility for future notification channels and isolates each layer's responsibility, making it easier to maintain and scale.

of Incorrect Options:

Option B lacks a separate System API for sending emails, which goes against the principle of isolating back-end functionality in System APIs.

Option C similarly lacks a dedicated System API, reducing flexibility and reusability.

Option D suggests creating multiple Process APIs for database retrieval, which adds unnecessary complexity and does not adhere to the single-orchestration principle typically followed in API-led design.

Reference

For further guidance on API-led connectivity and the responsibilities of each API layer, refer to MuleSoft's documentation on API-led architecture and design best practices.

Question 6

Which two statements are true about the technology architecture of an Anypoint Virtual Private Cloud (VPC)?

Choose 2 answers

APorts 8081 and 8082 are used

BCIDR blacks are used

CAnypoint VPC is responsible for load balancing the applications

DRound-robin load balancing is used to distribute client requests across different applications

EBy default, HTTP requests can be made from the public internet to workers at port 6091

Answer : B, E

An Anypoint Virtual Private Cloud (VPC) provides a secure and private networking environment for MuleSoft applications, using specific architectural elements:

CIDR Blocks:

Anypoint VPCs utilize CIDR blocks to define IP ranges, allowing organizations to control and segment the VPC's IP address space.

Port 6091 for HTTP Requests:

By default, HTTP requests can be made to workers on port 6091 from the public internet, providing an accessible entry point unless additional restrictions are applied.

of Correct Answers (B, E):

CIDR blocks enable IP range management for VPCs, and port 6091 is the default public entry port, which is part of Anypoint VPC's default settings.

of Incorrect Options:

Option A (Ports 8081 and 8082) is incorrect; these are not default public ports for Anypoint VPC.

Option C (responsible for load balancing) is incorrect as load balancing requires a separate Dedicated Load Balancer (DLB).

Option D (round-robin load balancing) applies to DLBs, not directly to VPCs.

Reference For more on VPC setup and networking, refer to MuleSoft documentation on VPC configurations and default port settings.

Question 7

Which statement is true about identity management and client management on Anypoint Platform?

AIf an external identity provider is configured, the SAML 2.0 bearer tokens issued by the identity provider cannot be used for invocations of the Anypoint Platform web APIs

BIf an external client provider is configured, it must be configured at the Anypoint Platform organization level and cannot be assigned to individual business groups and environments

CAnypoint Platform supports configuring one external identity provider

DBoth client management and identity management require an identity provider

Answer : C

Anypoint Platform allows organizations to integrate one external identity provider (IdP) for identity and access management (IAM), supporting SSO and centralized user authentication.

Identity Provider Limit:

Anypoint Platform supports configuring a single IdP for the organization, which can be used to authenticate all users across business groups and environments within that Anypoint organization.

of Correct Answer (C):

Configuring one IdP ensures centralized and secure identity management, aligned with MuleSoft's architecture.

of Incorrect Options:

Option A is incorrect because SAML 2.0 bearer tokens from external IdPs can indeed be used for invoking Anypoint Platform APIs.

Option B is incorrect as client providers can be assigned to specific business groups and environments.

Option D is incorrect since only identity management strictly requires an IdP; client management does not.

Reference For further details on identity management options, consult MuleSoft documentation on Anypoint Platform's IAM capabilities.