Get Latest Mar-2022 Conduct effective penetration tests using ExamPrepAway MCPA-Level-1 [Q16-Q40]

Share

Get Latest [Mar-2022] Conduct effective penetration tests using ExamPrepAway MCPA-Level-1

Penetration testers simulate MCPA-Level-1 exam PDF


MuleSoft MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Exam Certified Professional salary

The average salary of a MuleSoft MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Exam Certified Expert in:

  • India. - 14,00,327 INR
  • Europe - 70,500 EURO
  • England - 75,000 POUND
  • United State - 100,200 USD

How much MuleSoft MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Exam Cost

The price of the MuleSoft MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 exam is USD 375.

 

NEW QUESTION 16
When could the API data model of a System API reasonably mimic the data model exposed by the corresponding backend system, with minimal improvements over the backend system's data model?

  • A. When the System API can be assigned to a bounded context with a corresponding data model
  • B. When there is an existing Enterprise Data Model widely used across the organization
  • C. When a pragmatic approach with only limited isolation from the backend system is deemed appropriate
  • D. When the corresponding backend system is expected to be replaced in the near future

Answer: C

Explanation:
Correct answer: When a pragmatic approach with only limited isolation from the backend system is deemed appropriate.
*****************************************
General guidance w.r.t choosing Data Models:
>> If an Enterprise Data Model is in use then the API data model of System APIs should make use of data types from that Enterprise Data Model and the corresponding API implementation should translate between these data types from the Enterprise Data Model and the native data model of the backend system.
>> If no Enterprise Data Model is in use then each System API should be assigned to a Bounded Context, the API data model of System APIs should make use of data types from the corresponding Bounded Context Data Model and the corresponding API implementation should translate between these data types from the Bounded Context Data Model and the native data model of the backend system. In this scenario, the data types in the Bounded Context Data Model are defined purely in terms of their business characteristics and are typically not related to the native data model of the backend system. In other words, the translation effort may be significant.
>> If no Enterprise Data Model is in use, and the definition of a clean Bounded Context Data Model is considered too much effort, then the API data model of System APIs should make use of data types that approximately mirror those from the backend system, same semantics and naming as backend system, lightly sanitized, expose all fields needed for the given System API's functionality, but not significantly more and making good use of REST conventions.
The latter approach, i.e., exposing in System APIs an API data model that basically mirrors that of the backend system, does not provide satisfactory isolation from backend systems through the System API tier on its own. In particular, it will typically not be possible to "swap out" a backend system without significantly changing all System APIs in front of that backend system and therefore the API implementations of all Process APIs that depend on those System APIs! This is so because it is not desirable to prolong the life of a previous backend system's data model in the form of the API data model of System APIs that now front a new backend system. The API data models of System APIs following this approach must therefore change when the backend system is replaced.
On the other hand:
>> It is a very pragmatic approach that adds comparatively little overhead over accessing the backend system directly
>> Isolates API clients from intricacies of the backend system outside the data model (protocol, authentication, connection pooling, network address, ...)
>> Allows the usual API policies to be applied to System APIs
>> Makes the API data model for interacting with the backend system explicit and visible, by exposing it in the RAML definitions of the System APIs
>> Further isolation from the backend system data model does occur in the API implementations of the Process API tier

 

NEW QUESTION 17
What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?

  • A. The application network must include System APIs that interact with the Identity Provider
  • B. To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
  • C. Single sign-on is required to sign in to Anypoint Platform
  • D. APIs managed by Anypoint Platform must be protected by SAML 2.0 policies

Answer: D

 

NEW QUESTION 18
Version 3.0.1 of a REST API implementation represents time values in PST time using ISO 8601 hh:mm:ss format. The API implementation needs to be changed to instead represent time values in CEST time using ISO 8601 hh:mm:ss format. When following the semver.org semantic versioning specification, what version should be assigned to the updated API implementation?

  • A. 4.0.0
  • B. 3.0.2
  • C. 3.1.0
  • D. 3.0.1

Answer: A

Explanation:
Correct answer: 4.0.0
*****************************************
As per semver.org semantic versioning specification:
Given a version number MAJOR.MINOR.PATCH, increment the:
- MAJOR version when you make incompatible API changes.
- MINOR version when you add functionality in a backwards compatible manner.
- PATCH version when you make backwards compatible bug fixes.
As per the scenario given in the question, the API implementation is completely changing its behavior. Although the format of the time is still being maintained as hh:mm:ss and there is no change in schema w.r.t format, the API will start functioning different after this change as the times are going to come completely different.
Example: Before the change, say, time is going as 09:00:00 representing the PST. Now on, after the change, the same time will go as 18:00:00 as Central European Summer Time is 9 hours ahead of Pacific Time.
>> This may lead to some uncertain behavior on API clients depending on how they are handling the times in the API response. All the API clients need to be informed that the API functionality is going to change and will return in CEST format. So, this considered as a MAJOR change and the version of API for this new change would be 4.0.0

 

NEW QUESTION 19
An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?

  • A. Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
  • B. Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type
  • C. Use a spike control policy that limits the number of requests for each client application type
  • D. Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type

Answer: A

 

NEW QUESTION 20
A retail company is using an Order API to accept new orders. The Order API uses a JMS queue to submit orders to a backend order management service. The normal load for orders is being handled using two (2) CloudHub workers, each configured with 0.2 vCore. The CPU load of each CloudHub worker normally runs well below 70%. However, several times during the year the Order API gets four times (4x) the average number of orders. This causes the CloudHub worker CPU load to exceed 90% and the order submission time to exceed 30 seconds. The cause, however, is NOT the backend order management service, which still responds fast enough to meet the response SLA for the Order API. What is the MOST resource-efficient way to configure the Mule application's CloudHub deployment to help the company cope with this performance challenge?

  • A. Permanently increase the number of CloudHub workers by four times (4x) to eight (8) CloudHub workers
  • B. Use a horizontal CloudHub autoscaling policy that triggers on CPU utilization greater than 70%
  • C. Use a vertical CloudHub autoscaling policy that triggers on CPU utilization greater than 70%
  • D. Permanently increase the size of each of the two (2) CloudHub workers by at least four times (4x) to one (1) vCore

Answer: B

Explanation:
Correct answer: Use a horizontal CloudHub autoscaling policy that triggers on CPU utilization greater than 70%
*****************************************
The scenario in the question is very clearly stating that the usual traffic in the year is pretty well handled by the existing worker configuration with CPU running well below 70%. The problem occurs only "sometimes" occasionally when there is spike in the number of orders coming in.
So, based on above, We neither need to permanently increase the size of each worker nor need to permanently increase the number of workers. This is unnecessary as other than those "occasional" times the resources are idle and wasted.
We have two options left now. Either to use horizontal Cloudhub autoscaling policy to automatically increase the number of workers or to use vertical Cloudhub autoscaling policy to automatically increase the vCore size of each worker.
Here, we need to take two things into consideration:
1. CPU
2. Order Submission Rate to JMS Queue
>> From CPU perspective, both the options (horizontal and vertical scaling) solves the issue. Both helps to bring down the usage below 90%.
>> However, If we go with Vertical Scaling, then from Order Submission Rate perspective, as the application is still being load balanced with two workers only, there may not be much improvement in the incoming request processing rate and order submission rate to JMS queue. The throughput would be same as before. Only CPU utilization comes down.
>> But, if we go with Horizontal Scaling, it will spawn new workers and adds extra hand to increase the throughput as more workers are being load balanced now. This way we can address both CPU and Order Submission rate.
Hence, Horizontal CloudHub Autoscaling policy is the right and best answer.

 

NEW QUESTION 21
Refer to the exhibit.

Three business processes need to be implemented, and the implementations need to communicate with several different SaaS applications.
These processes are owned by separate (siloed) LOBs and are mainly independent of each other, but do share a few business entities. Each LOB has one development team and their own budget In this organizational context, what is the most effective approach to choose the API data models for the APIs that will implement these business processes with minimal redundancy of the data models?
A) Build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities

B) Build distinct data models for each API to follow established micro-services and Agile API-centric practices

C) Build all API data models using XML schema to drive consistency and reuse across the organization

D) Build one centralized Canonical Data Model (Enterprise Data Model) that unifies all the data types from all three business processes, ensuring the data model is consistent and non-redundant

  • A. Option D
  • B. Option C
  • C. Option B
  • D. Option A

Answer: D

Explanation:
Correct answer: Build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities.
*****************************************
>> The options w.r.t building API data models using XML schema/ Agile API-centric practices are irrelevant to the scenario given in the question. So these two are INVALID.
>> Building EDM (Enterprise Data Model) is not feasible or right fit for this scenario as the teams and LOBs work in silo and they all have different initiatives, budget etc.. Building EDM needs intensive coordination among all the team which evidently seems not possible in this scenario.
So, the right fit for this scenario is to build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities.

 

NEW QUESTION 22
What condition requires using a CloudHub Dedicated Load Balancer?

  • A. When cross-region load balancing is required between separate deployments of the same Mule application
  • B. When API invocations across multiple CloudHub workers must be load balanced
  • C. When custom DNS names are required for API implementations deployed to customer-hosted Mule runtimes
  • D. When server-side load-balanced TLS mutual authentication is required between API implementations and API clients

Answer: D

 

NEW QUESTION 23
What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?

  • A. They must use a Jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ
  • B. They must ensure ALL data is encrypted both in transit and at rest
  • C. They must te deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control planes, with both planes in the same Jurisdiction
  • D. They must avoid using the Object Store as it depends on services deployed ONLY to the US East region

Answer: C

 

NEW QUESTION 24
What Mule application deployment scenario requires using Anypoint Platform Private Cloud Edition or Anypoint Platform for Pivotal Cloud Foundry?

  • A. When it is required that ALL APIs are private and NOT exposed to the public cloud
  • B. When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data
  • C. When it Is required to make ALL applications highly available across multiple data centers
  • D. When ALL backend systems in the application network are deployed in the organization's intranet

Answer: B

Explanation:
Correct answer: When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data.
*****************************************
We need NOT require to use Anypoint Platform PCE or PCF for the below. So these options are OUT.
>> We can make ALL applications highly available across multiple data centers using CloudHub too.
>> We can use Anypoint VPN and tunneling from CloudHub to connect to ALL backend systems in the application network that are deployed in the organization's intranet.
>> We can use Anypoint VPC and Firewall Rules to make ALL APIs private and NOT exposed to the public cloud.
Only valid reason in the given options that requires to use Anypoint Platform PCE/ PCF is - When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data.

 

NEW QUESTION 25
Refer to the exhibit.

What is a valid API in the sense of API-led connectivity and application networks?

  • A. XML over UDP
  • B. XML over HTTP
  • C. CORBA over IIOP
  • D. Java RMI over TCP

Answer: B

 

NEW QUESTION 26
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

  • A. Apply a Header injection and removal policy that detects the malicious data before it is used
  • B. Shut out bad actors by using HTTPS mutual authentication for all API invocations
  • C. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
  • D. Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Answer: D

Explanation:
Correct answer: Apply a JSON threat protection policy to all APIs to detect potential threat vectors
*****************************************
>> Usually, if the APIs are designed and developed for specific consumers (known consumers/customers) then we would IP Whitelist the same to ensure that traffic only comes from them.
>> However, as this scenario states that the APIs are publicly available and being used by so many mobile and web applications, it is NOT possible to identify and blacklist all possible bad actors.
>> So, JSON threat protection policy is the best chance to prevent any bad JSON payloads from such bad actors.

 

NEW QUESTION 27
What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?

  • A. The application network must include System APIs that interact with the Identity Provider
  • B. To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
  • C. Single sign-on is required to sign in to Anypoint Platform
  • D. APIs managed by Anypoint Platform must be protected by SAML 2.0 policies

Answer: B

Explanation:
Explanation/Reference: https://www.folkstalk.com/2019/11/mulesoft-integration-and-platform.html

 

NEW QUESTION 28
What Mule application deployment scenario requires using Anypoint Platform Private Cloud Edition or Anypoint Platform for Pivotal Cloud Foundry?

  • A. When it is required that ALL APIs are private and NOT exposed to the public cloud
  • B. When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data
  • C. When ALL backend systems in the application network are deployed in the organization's intranet
  • D. When it Is required to make ALL applications highly available across multiple data centers

Answer: C

 

NEW QUESTION 29
What CANNOT be effectively enforced using an API policy in Anypoint Platform?

  • A. Backend system overloading
  • B. Guarding against Denial of Service attacks
  • C. Maintaining tamper-proof credentials between APIs
  • D. Logging HTTP requests and responses

Answer: D

 

NEW QUESTION 30
The implementation of a Process API must change.
What is a valid approach that minimizes the impact of this change on API clients?

  • A. Implement required changes to the Process API implementation so that, whenever possible, the Process API's RAML definition remains unchanged.
  • B. Postpone changes until API consumers acknowledge they are ready to migrate to a new Process API or API version.
  • C. Update the RAML definition of the current Process API and notify API client developers by sending them links to the updated RAML definition.
  • D. Implement the Process API changes in a new API implementation, and have the old API implementation return an HTTP status code 301 - Moved Permanentlyto inform API clients they should be calling the new API implementation.

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 31
In an organization, the InfoSec team is investigating Anypoint Platform related data traffic.
From where does most of the data available to Anypoint Platform for monitoring and alerting originate?

  • A. From various components of Anypoint Platform, such as the Shared Load Balancer, VPC, and Mule runtimes
  • B. From the Mule runtime irrespective of the deployment model
  • C. From the Mule runtime or the API implementation, depending on the deployment model
  • D. From the Mule runtime or the API Manager, depending on the type of data

Answer: A

 

NEW QUESTION 32
Refer to the exhibit.

A RAML definition has been proposed for a new Promotions Process API, and has been published to Anypoint Exchange.
The Marketing Department, who will be an important consumer of the Promotions API, has important requirements and expectations that must be met.
What is the most effective way to use Anypoint Platform features to involve the Marketing Department in this early API design phase?
A) Ask the Marketing Department to interact with a mocking implementation of the API using the automatically generated API Console

B) Organize a design workshop with the DBAs of the Marketing Department in which the database schema of the Marketing IT systems is translated into RAML

C) Use Anypoint Studio to Implement the API as a Mule application, then deploy that API implementation to CloudHub and ask the Marketing Department to interact with it

D) Export an integration test suite from API designer and have the Marketing Department execute the tests In that suite to ensure they pass

  • A. Option C
  • B. Option B
  • C. Option A
  • D. Option D

Answer: D

 

NEW QUESTION 33
An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?

  • A. Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
  • B. Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type
  • C. Use a spike control policy that limits the number of requests for each client application type
  • D. Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type

Answer: A

Explanation:
Correct answer: Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type.
*****************************************
>> SLA tiers will come into play whenever any limits to be imposed on APIs based on client type

 

NEW QUESTION 34
An organization uses various cloud-based SaaS systems and multiple on-premises systems. The on-premises systems are an important part of the organization's application network and can only be accessed from within the organization's intranet.
What is the best way to configure and use Anypoint Platform to support integrations with both the cloud-based SaaS systems and on-premises systems?
A) Use CloudHub-deployed Mule runtimes in an Anypoint VPC managed by Anypoint Platform Private Cloud Edition control plane

B) Use CloudHub-deployed Mule runtimes in the shared worker cloud managed by the MuleSoft-hosted Anypoint Platform control plane

C) Use an on-premises installation of Mule runtimes that are completely isolated with NO external network access, managed by the Anypoint Platform Private Cloud Edition control plane

D) Use a combination of Cloud Hub-deployed and manually provisioned on-premises Mule runtimes managed by the MuleSoft-hosted Anypoint Platform control plane

  • A. Option B
  • B. Option D
  • C. Option C
  • D. Option A

Answer: A

 

NEW QUESTION 35
What is true about the technology architecture of Anypoint VPCs?

  • A. VPC peering can be used to link the underlying AWS VPC to an on-premises (non AWS) private network
  • B. The private IP address range of an Anypoint VPC is automatically chosen by CloudHub
  • C. Each CloudHub environment requires a separate Anypoint VPC
  • D. Traffic between Mule applications deployed to an Anypoint VPC and on-premises systems can stay within a private network

Answer: D

Explanation:
Explanation
https://docs.mulesoft.com/runtime-manager/vpc-connectivity-methods-concept

 

NEW QUESTION 36
An organization uses various cloud-based SaaS systems and multiple on-premises systems. The on-premises systems are an important part of the organization's application network and can only be accessed from within the organization's intranet.
What is the best way to configure and use Anypoint Platform to support integrations with both the cloud-based SaaS systems and on-premises systems?
A) Use CloudHub-deployed Mule runtimes in an Anypoint VPC managed by Anypoint Platform Private Cloud Edition control plane

B) Use CloudHub-deployed Mule runtimes in the shared worker cloud managed by the MuleSoft-hosted Anypoint Platform control plane

C) Use an on-premises installation of Mule runtimes that are completely isolated with NO external network access, managed by the Anypoint Platform Private Cloud Edition control plane

D) Use a combination of Cloud Hub-deployed and manually provisioned on-premises Mule runtimes managed by the MuleSoft-hosted Anypoint Platform control plane

  • A. Option B
  • B. Option D
  • C. Option C
  • D. Option A

Answer: A

Explanation:
Correct answer: Use a combination of CloudHub-deployed and manually provisioned on-premises Mule runtimes managed by the MuleSoft-hosted Platform control plane.
*****************************************
Key details to be taken from the given scenario:
>> Organization uses BOTH cloud-based and on-premises systems
>> On-premises systems can only be accessed from within the organization's intranet Let us evaluate the given choices based on above key details:
>> CloudHub-deployed Mule runtimes can ONLY be controlled using MuleSoft-hosted control plane. We CANNOT use Private Cloud Edition's control plane to control CloudHub Mule Runtimes. So, option suggesting this is INVALID
>> Using CloudHub-deployed Mule runtimes in the shared worker cloud managed by the MuleSoft-hosted Anypoint Platform is completely IRRELEVANT to given scenario and silly choice. So, option suggesting this is INVALID
>> Using an on-premises installation of Mule runtimes that are completely isolated with NO external network access, managed by the Anypoint Platform Private Cloud Edition control plane would work for On-premises integrations. However, with NO external access, integrations cannot be done to SaaS-based apps. Moreover CloudHub-hosted apps are best-fit for integrating with SaaS-based applications. So, option suggesting this is BEST WAY.
The best way to configure and use Anypoint Platform to support these mixed/hybrid integrations is to use a combination of CloudHub-deployed and manually provisioned on-premises Mule runtimes managed by the MuleSoft-hosted Platform control plane.

 

NEW QUESTION 37
An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.
The power relationship between Order API and Product API is one of "Customer/Supplier", because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.
What strategy should be used to deal with the API data model of the Product API within the Order API?

  • A. Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API
  • B. Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API
  • C. Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API
  • D. Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model

Answer: A

 

NEW QUESTION 38
An API implementation is deployed to CloudHub.
What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the end-to-end request processing of the API implementation?

  • A. When the API receives a very high number of API invocations
  • B. When a particular API client invokes the API too often within a given time period
  • C. When the API is invoked by an unrecognized API client
  • D. When the response time of API invocations exceeds a threshold

Answer: B

 

NEW QUESTION 39
What correctly characterizes unit tests of Mule applications?

  • A. They must be triggered by an external client tool or event source
  • B. They must be run in a unit testing environment with dedicated Mule runtimes for the environment
  • C. They test the validity of input and output of source and target systems
  • D. They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity

Answer: B

Explanation:
Explanation
https://dzone.com/articles/munit-framework

 

NEW QUESTION 40
......

Tested Material Used To MCPA-Level-1 Test Engine: https://www.examprepaway.com/MuleSoft/braindumps.MCPA-Level-1.ete.file.html