MuleSoft Certified Platform Architect - Level 1

Question 1

True or False. We should always make sure that the APIs being designed and developed are self-servable even if it needs more man-day effort and resources.

A. FALSE
B. TRUE

Answer 1

Answer: B

Explanation:
Correct Answer: TRUE
*********
» As per MuleSoft proposed IT Operating Model, designing APIs and making sure that they are discoverable and
self-servable is VERY VERY IMPORTANT and decides the success of an API and its application network.

Question 2

What are 4 important Platform Capabilities offered by Anypoint Platform?

A . API Versioning, API Runtime Execution and Hosting, API Invocation, API Consumer Engagement
B . API Design and Development, API Runtime Execution and Hosting, API Versioning, API Deprecation
C . API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API
Consumer Engagement
D . API Design and Development, API Deprecation, API Versioning, API Consumer Engagement

Answer 2

Answer: C

Explanation:
Correct Answer: API Design and Development, API Runtime Execution and Hosting, API Operations and
Management, API Consumer Engagement
*********
» API Design and Development - Anypoint Studio, Anypoint Design Center, Anypoint Connectors
» API Runtime Execution and Hosting - Mule Runtimes, CloudHub, Runtime Services
» API Operations and Management - Anypoint API Manager, Anypoint Exchange
» API Consumer Management - API Contracts, Public Portals, Anypoint Exchange, API Notebooks

Question 3

What Anypoint Platform Capabilities listed below fall under APIs and API Invocations/Consumers category?

Select TWO

A . API Operations and Management
B . API Runtime Execution and Hosting
C . API Consumer Engagement
D . API Design and Development

Answer 3

Answer: B, D

Question 4

Select the correct Owner-Layer combinations from below options

A .
1. App Developers owns and focuses on Experience Layer APIs
2. Central IT owns and focuses on Process Layer APIs
3. LOB IT owns and focuses on System Layer APIs

B .
1. Central IT owns and focuses on Experience Layer APIs
2. LOB IT owns and focuses on Process Layer APIs
3. App Developers owns and focuses on System Layer APIs

C .
1. App Developers owns and focuses on Experience Layer APIs
2. LOB IT owns and focuses on Process Layer APIs
3. Central IT owns and focuses on System Layer APIs

Answer 4

Answer: C

Question 5

Which layer in the API-led connectivity focuses on unlocking key systems, legacy systems, data sources etc and exposes the functionality?

A . Experience Layer
B . Process Layer
C . System Layer

Answer 5

C

Question 6

A Mule application exposes an HTTPS endpoint and is deployed to three CloudHub workers that do not use static IP addresses. The Mule application expects a high volume of client requests in short time periods. What is the most cost-effective infrastructure component that should be used to serve the high volume of client requests?

A . A customer-hosted load balancer
B . The CloudHub shared load balancer
C . An API proxy
D . Runtime Manager autoscaling

Answer 6

Answer: B

Question 7

What are the major benefits of MuleSoft proposed IT Operating Model?

A .
1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Focus on creation of reusable assets first. Upon finishing creation of all the possible assets then inform the LOBs
in the organization to start using them

B .
1. Decrease the IT delivery gap
2. Meet various business demands by increasing the IT capacity and forming various IT departments
3. Make consumption of assets at the rate of production

C .
1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Make consumption of assets at the rate of production

Answer 7

Answer: C

Question 8

Which of the following best fits the definition of API-led connectivity?

A . API-led connectivity is not just an architecture or technology but also a way to organize people and processes for efficient IT delivery in the organization
B . API-led connectivity is a 3-layered architecture covering Experience, Process, and System layers
C . API-led connectivity is a technology that enabled us to implement Experience, Process, and System layer
based APIs

Answer 8

Answer: A

Question 9

A system API has a guaranteed SLA of 100 ms per request. The system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. An upstream process API invokes the system API and the main goal of this process API is to respond to client requests in the least possible time. In what order should the system APIs be invoked, and what changes should be made in order to speed up the response time for requests from the process API?

A . In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment, and ONLY use the first response
B . In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment using a scatter-gather configured with a timeout, and then merge the responses
C . Invoke the system API deployed to the primary environment, and if it fails, invoke the system API deployed to the DR environment
D . Invoke ONLY the system API deployed to the primary environment, and add timeout and retry logic to avoid
intermittent failures

Answer 9

Answer: A

Question 10

The application network is recomposable: it is built for change because it ‘bends but does not break’

A . TRUE
B . FALSE

Answer 10

Answer: A

Question 11

A company has created a successful enterprise data model (EDM). The company is committed to building an application network by adopting modern APIs as a core enabler of the company’s IT operating model. At what API tiers (experience, process, system) should the company require reusing the EDM when designing modern API data models?

A . At the experience and process tiers
B . At the experience and system tiers
C . At the process and system tiers
D . At the experience, process, and system tiers

Answer 11

Answer: C

Question 12

Due to a limitation in the backend system, a system API can only handle up to 500 requests per second. What is the best type of API policy to apply to the system API to avoid overloading the backend system?

A . Rate limiting
B . HTTP caching
C . Rate limiting - SLA based
D . Spike control

Answer 12

Answer: D

Question 13

A retail company with thousands of stores has an API to receive data about purchases and insert it into a single database. Each individual store sends a batch of purchase data to the API about every 30 minutes. The API implementation uses a database bulk insert command to submit all the purchase data to a database using a
custom JDBC driver provided by a data analytics solution provider. The API implementation is deployed to a single CloudHub worker. The JDBC driver processes the data into a set of several temporary disk files on the CloudHub worker, and then the data is sent to an analytics engine using a proprietary protocol. This process usually takes less than a few minutes. Sometimes a request fails. In this case, the logs show a message from the JDBC driver
indicating an out-of-file-space message. When the request is resubmitted, it is successful. What is the best way to
try to resolve this throughput issue?

A . se a CloudHub autoscaling policy to add CloudHub workers
B . Use a CloudHub autoscaling policy to increase the size of the CloudHub worker
C . Increase the size of the CloudHub worker(s)
D . Increase the number of CloudHub workers

Answer 13

Answer: D

Question 14

An API implementation returns three X-RateLimit-* HTTP response headers to a requesting API client. What type of information do these response headers indicate to the API client?

A . The error codes that result from throttling
B . A correlation ID that should be sent in the next request
C . The HTTP response size
D . The remaining capacity allowed by the API implementation

Answer 14

Answer: D

Question 15

An API has been updated in Anypoint exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the APIs public portal. The API endpoint does NOT change in the new version. How should the developer of an API client respond to this change?

A . The API producer should be requested to run the old version in parallel with the new one
B . The API producer should be contacted to understand the change to existing functionality
C . The API client code only needs to be changed if it needs to take advantage of the new features
D . The API clients need to update the code on their side and need to do full regression

Answer 15

Answer: C

Question 16

A company requires Mule applications deployed to CloudHub to be isolated between non-production and production environments. This is so Mule applications deployed to non-production environments can only access backend systems running in their customer-hosted non-production environment, and so Mule applications deployed to production environments can only access backend systems running in their customer-hosted production environment. How does MuleSoft recommend modifying Mule applications, configuring
environments, or changing infrastructure to support this type of per-environment isolation between Mule applications and backend systems?

A . Modify properties of Mule applications deployed to the production Anypoint Platform environments to prevent access from non-production Mule applications
B . Configure firewall rules in the infrastructure inside each customer-hosted environment so that only IP addresses from the corresponding Anypoint Platform environments are allowed to communicate with corresponding backend systems
C . Create non-production and production environments in different Anypoint Platform business groups
D . Create separate Anypoint VPCs for non-production and production environments, then configure connections to the backend systems in the corresponding customer-hosted environments

Answer 16

Answer: D

Question 17

An organization wants to make sure only known partners can invoke the organization’s APIs. To achieve this security goal, the organization wants to enforce a Client ID Enforcement policy in API Manager so that only registered partner applications can invoke the organization’s APIs. In what type of API implementation does
MuleSoft recommends adding an API proxy to enforce the Client ID Enforcement policy, rather than embedding the policy directly in the application’s JVM?

A . A Mule 3 application using APIkit
B . A Mule 3 or Mule 4 application modified with custom Java code
C . A Mule 4 application with an API specification
D . A Non-Mule application

Answer 17

Answer: D

Question 18

A company uses a hybrid Anypoint Platform deployment model that combines the EU control plane with customer-hosted Mule runtimes. After successfully testing a Mule API implementation in the Staging
environment, the Mule API implementation is set with environment-specific properties and must be promoted to the Production environment. What is a way that MuleSoft recommends configuring the Mule API implementation and automating its promotion to the Production environment?

A . Bundle properties files for each environment into the Mule API implementation’s deployable archive, then promote the Mule API implementation to the Production environment using Anypoint CLI or the Anypoint Platform REST APIsB.
B . Modify the Mule API implementation’s properties in the API Manager Properties tab, then promote the Mule API implementation to the Production environment using API Manager
C . Modify the Mule API implementation’s properties in Anypoint Exchange, then promote the Mule API implementation to the Production environment using Runtime Manager
D . Use an API policy to change properties in the Mule API implementation deployed to the Staging environment and another API policy to deploy the Mule API implementation to the Production environment

Answer 18

Answer: A

Question 19

A system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. A process API is a client to the system API and is being rate limited by the system API, with different limits in each of the environments. The system API’s DR environment provides only
20% of the rate limiting offered by the primary environment. What is the best API fault-tolerant invocation strategy to reduce overall errors in the process API, given these conditions and constraints?

A . Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke the system API deployed to the DR environment
B . Invoke the system API deployed to the primary environment; add retry logic to the process API to handle intermittent failures by invoking the system API deployed to the DR environment
C . In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment; add timeout and retry logic to the process API to avoid intermittent failures; add logic to the
process API to combine the results
D . Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke a copy of the process API deployed to the DR environment

Answer 19

Answer: A

Question 20

In which layer of API-led connectivity, does the business logic orchestration reside?

A . System Layer
B . Experience Layer
C . Process Layer

Answer 20

Answer: C

Question 21

Once an API Implementation is ready and the API is registered on API Manager, who should request the access to the API on Anypoint Exchange?

A . None
B . Both
C . API Client
D . API Consumer

Answer 21

Answer: D

Question 22

Traffic is routed through an API proxy to an API implementation. The API proxy is managed by API Manager and the API implementation is deployed to a CloudHub VPC using Runtime Manager. API policies have been applied to this API. In this deployment scenario, at what point are the API policies enforced on incoming API client requests?

A . At the API proxy
B . At the API implementation
C . At both the API proxy and the API implementation
D . At a MuleSoft-hosted load balancer

Answer 22

Answer: A

Question 23

An API client calls one method from an existing API implementation. The API implementation is later updated. What change to the API implementation would require the API client’s invocation logic to also be updated?

A . When the data type of the response is changed for the method called by the API client
B . When a new method is added to the resource used by the API client
C . When a new required field is added to the method called by the API client
D . When a child method is added to the method called by the API client

Answer 23

Answer: C

Question 24

An organization has created an API-led architecture that uses various API layers to integrate mobile clients with a backend system. The backend system consists of a number of specialized components and can be accessed via a REST API. The process and experience APIs share the same bounded-context model that is different from the
backend data model. What additional canonical models, bounded-context models, or anti-corruption layers are best added to this architecture to help process data consumed from the backend system?

A . Create a bounded-context model for every layer and overlap them when the boundary contexts overlap, letting API developers know about the differences between upstream and downstream data models
B . Create a canonical model that combines the backend and API-led models to simplify and unify data models, and minimize data transformations.
C . Create a bounded-context model for the system layer to closely match the backend data model, and add an anti-corruption layer to let the different bounded contexts cooperate across the system and process layers
D . Create an anti-corruption layer for every API to perform transformation for every data model to match each
other, and let data simply travel between APIs to avoid the complexity and overhead of building canonical models

Answer 24

Answer: C

Question 25

Which of the following sequence is correct?
A . API Client implementes logic to call an API&raquo_space; API Consumer requests access to API&raquo_space; API Implementation routes the request to&raquo_space; API
B . API Consumer requests access to API&raquo_space; API Client implementes logic to call an API&raquo_space; API routes the request to&raquo_space; API Implementation
C . API Consumer implementes logic to call an API&raquo_space; API Client requests access to API&raquo_space; API Implementation routes the request to&raquo_space; API
D . API Client implementes logic to call an API&raquo_space; API Consumer requests access to API&raquo_space; API routes the request to&raquo_space; API Implementation

Answer 25

Answer: B

Question 26

Which of the below, when used together, makes the IT Operational Model effective?

A . Create reusable assets, Do marketing on the created assets across the organization, and Arrange time to time LOB reviews to ensure assets are being consumed or not
B . Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics
C . Create reusable assets, and make them discoverable so that LOB teams can self-serve and browse the APIs

Answer 26

Answer: C

Question 27

A set of tests must be performed prior to deploying API implementations to a staging environment. Due to data
security and access restrictions, untested APIs cannot be granted access to the backend systems, so instead mocked data must be used for these tests. The amount of available mocked data and its contents is sufficient to entirely test the API implementations with no active connections to the backend systems. What type of tests should be used to incorporate this mocked data?

A . Integration tests
B . Performance tests
C . Functional tests (Blackbox)
D . Unit tests (Whitebox)

Answer 27

Answer: D

Question 28

A company wants to move its Mule API implementations into production as quickly as possible. To protect access to all Mule application data and metadata, the company requires that all Mule applications be deployed to the company’s customer-hosted infrastructure within the corporate firewall. What combination of runtime plane and control plane options meets these project lifecycle goals?

A . Manually provisioned customer-hosted runtime plane and customer-hosted control plane
B . MuleSoft-hosted runtime plane and customer-hosted control plane
C . Manually provisioned customer-hosted runtime plane and MuleSoft-hosted control plane
D . iPaaS provisioned customer-hosted runtime plane and MuleSoft-hosted control plane

Answer 28

Answer: A

Question 29

Version 3.0.1 of a REST API implementation represents time values in PST time using ISO 8601 hh:mm:ss format. The API implementation needs to be changed to instead represent time values in CEST time using ISO 8601 hh:mm:ss format. When following the semver.org semantic versioning specification, what version should be
assigned to the updated API implementation?

A . 3.0.2
B . 4.0.0
C . 3.1.0
D . 3.0.1

Answer 29

Answer: B

Question 30

What is the main change to the IT operating model that MuleSoft recommends to organizations to improve innovation and clock speed?

A . Drive consumption as much as production of assets; this enables developers to discover and reuse assets from other projects and encourages standardization
B . Expose assets using a Master Data Management (MDM) system; this standardizes projects and enables developers to quickly discover and reuse assets from other projects
C . Implement SOA for reusable APIs to focus on production over consumption; this standardizes on XML and WSDL formats to speed up decision making
D . Create a lean and agile organization that makes many small decisions everyday; this speeds up decision making and enables each line of business to take ownership of its projects

Answer 30

Answer: A

Question 31

An Anypoint Platform organization has been configured with an external identity provider (IdP) for identity management and client management. What credentials or token must be provided to Anypoint CLI to execute commands against the Anypoint Platform APIs?

A . The credentials provided by the IdP for identity management
B . The credentials provided by the IdP for client management
C . An OAuth 2.0 token generated using the credentials provided by the IdP for client management
D . An OAuth 2.0 token generated using the credentials provided by the IdP for identity management

Answer 31

Answer: A

Question 32

Say, there is a legacy CRM system called CRM-Z which is offering below functions:
1. Customer creation
2. Amend details of an existing customer
3. Retrieve details of a customer
4. Suspend a customer

A . Implement a system API named customerManagement which has all the functionalities wrapped in it as various operations/resources
B . Implement different system APIs named createCustomer, amendCustomer, retrieveCustomer and suspendCustomer as they are modular and has seperation of concerns
C . Implement different system APIs named createCustomerInCRMZ, amendCustomerInCRMZ, retrieveCustomerFromCRMZ and suspendCustomerInCRMZ as they are modular and has seperation of concerns

Answer 32

Answer: B

Question 33

An organization wants MuleSoft-hosted runtime plane features (such as HTTP load balancing, zero downtime, and horizontal and vertical scaling) in its Azure environment. What runtime plane minimizes the organization’s effort to achieve these features?

A . Anypoint Runtime Fabric
B . Anypoint Platform for Pivotal Cloud Foundry
C . CloudHub
D . A hybrid combination of customer-hosted and MuleSoft-hosted Mule runtimes

Answer 33

Answer: A

Question 34

A company has started to create an application network and is now planning to implement a Center for Enablement (C4E) organizational model. What key factor would lead the company to decide upon a federated rather than a centralized C4E?

A . When there are a large number of existing common assets shared by development teams
B . When various teams responsible for creating APIs are new to integration and hence need extensive training
C . When development is already organized into several independent initiatives or groups
D . When the majority of the applications in the application network are cloud based

Answer 34

Answer: C

Question 35

A retail company is using an Order API to accept new orders. The Order API uses a JMS queue to submit orders to a backend order management service. The normal load for orders is being handled using two (2) CloudHub workers, each configured with 0.2 vCore. The CPU load of each CloudHub worker normally runs well below 70%.
However, several times during the year the Order API gets four times (4x) the average number of orders. This causes the CloudHub worker CPU load to exceed 90% and the order submission time to exceed 30 seconds. The cause, however, is NOT the backend order management service, which still responds fast enough to meet the
response SLA for the Order API. What is the MOST resource-efficient way to configure the Mule application’s CloudHub deployment to help the company cope with this performance challenge?

A . Permanently increase the size of each of the two (2) CloudHub workers by at least four times (4x) to one (1) vCore
B . Use a vertical CloudHub autoscaling policy that triggers on CPU utilization greater than 70%
C . Permanently increase the number of CloudHub workers by four times (4x) to eight (8) CloudHub workers
D . Use a horizontal CloudHub autoscaling policy that triggers on CPU utilization greater than 70%

Answer 35

Answer: D

Question 36

A REST API is being designed to implement a Mule application.
What standard interface definition language can be used to define REST APIs?

A . Web Service Definition Language(WSDL)
B . OpenAPI Specification (OAS)
C . YAML
D . AsyncAPI Specification

Answer 36

Answer: B

Question 37

What Anypoint Connectors support transactions?
A . Database, JMS, VM
B . Database, 3MS, HTTP
C . Database, JMS, VM, SFTP
D . Database, VM, File

Answer 37

Answer: A

Question 38

What Mule application can have API policies applied by
Anypoint Platform to the endpoint exposed by that Mule application?

A) A Mule application that accepts requests over HTTP/1.x
B) A Mule application that accepts JSON requests over TCP but is NOT required to provide a response
C) A Mute application that accepts JSON requests over WebSocket
D) A Mule application that accepts gRPC requests over HTTP/2

Answer 38

Answer: A

Question 39

An API implementation is updated. When must the RAML definition of the API also be updated?
A . When the API implementation changes the structure of the request or response messages
B . When the API implementation changes from interacting with a legacy backend system deployed on-premises to a modern, cloud-based (SaaS) system
C . When the API implementation is migrated from an older to a newer version of the Mule runtime
D . When the API implementation is optimized to improve its average response time

Answer 39

Answer: A

Question 40

What is most likely NOT a characteristic of an integration test for a REST API implementation?
A . The test needs all source and/or target systems configured and accessible
B . The test runs immediately after the Mule application has been compiled and packaged
C . The test is triggered by an external HTTP request
D . The test prepares a known request payload and validates the response payload

Answer 40

Answer: B

Question 41

An organization uses one specific CloudHub (AWS) region for all CloudHub deployments. How are CloudHub workers assigned to availability zones (AZs) when the organization’s Mule applications are
deployed to CloudHub in that region?

A . Workers belonging to a given environment are assigned to the same AZ within that region
B . AZs are selected as part of the Mule application’s deployment configuration
C . Workers are randomly distributed across available AZs within that region
D . An AZ is randomly selected for a Mule application, and all the Mule application’s CloudHub workers are
assigned to that one AZ

Answer 41

Answer: D

Question 42

When could the API data model of a System API reasonably mimic the data model exposed by the corresponding backend system, with minimal improvements over the backend system’s data model?

A . When there is an existing Enterprise Data Model widely used across the organization
B . When the System API can be assigned to a bounded context with a corresponding data model
C . When a pragmatic approach with only limited isolation from the backend system is deemed appropriate
D . When the corresponding backend system is expected to be replaced in the near future

Answer 42

Answer: C

Question 43

Mule applications that implement a number of REST APIs are deployed to their own subnet that is inaccessible from outside the organization. External business partners need to access these APIs, which are only allowed to be invoked from a separate subnet dedicated to partners - called Partner-subnet. This subnet is accessible from the public internet, which allows these external partners to reach it. Anypoint Platform and Mule runtimes are already deployed in Partner-subnet. These Mule runtimes can already access the APIs.

What is the most resource-efficient solution to comply with these requirements, while having the least impact on other applications that are currently using the APIs?

A . Implement (or generate) an API proxy Mule application for each of the APIs, then deploy the API proxies to the
Mule runtimes
B . Redeploy the API implementations to the same servers running the Mule runtimes
C . Add an additional endpoint to each API for partner-enablement consumption
D . Duplicate the APIs as Mule applications, then deploy them to the Mule runtimes

Answer 43

Answer: A

Question 44

An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API’s public portal.

The API endpoint does NOT change in the new version.
How should the developer of an API client respond to this change?

A . The update should be identified as a project risk and full regression testing of the functionality that uses this
API should be run
B . The API producer should be contacted to understand the change to existing functionality
C . The API producer should be requested to run the old version in parallel with the new one
D . The API client code ONLY needs to be changed if it needs to take advantage of new features

Answer 44

Answer: D

Question 45

What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?

A . They must avoid using the Object Store as it depends on services deployed ONLY to the US East region
B . They must use a Jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ
C . They must te deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control
planes, with both planes in the same Jurisdiction
D . They must ensure ALL data is encrypted both in transit and at rest

Answer 45

Answer: C

Question 46

When must an API implementation be deployed to an Anypoint VPC?

A . When the API Implementation must invoke publicly exposed services that are deployed outside of CloudHub in a customer-managed AWS instance
B . When the API implementation must be accessible within a subnet of a restricted customer-hosted network that does not allow public access
C . When the API implementation must be deployed to a production AWS VPC using the Mule Maven plugin
D . When the API Implementation must write to a persistent Object Store

Answer 46

Answer: A

Question 47

An organization uses various cloud-based SaaS systems and multiple on-premises systems. The on-premises
systems are an important part of the organization’s application network and can only be accessed from within the
organization’s intranet.
What is the best way to configure and use Anypoint Platform to support integrations with both the cloud-based
SaaS systems and on-premises systems?

A) Use CloudHub-deployed Mule runtimes in an Anypoint VPC managed by Anypoint Platform Private Cloud
Edition control plane
B) Use CloudHub-deployed Mule runtimes in the shared worker cloud managed by the MuleSoft-hosted Anypoint
Platform control plane
C) Use an on-premises installation of Mule runtimes that are completely isolated with NO external network
access, managed by the Anypoint Platform Private Cloud Edition control plane
D) Use a combination of Cloud Hub-deployed and manually provisioned on-premises Mule runtimes managed by
the MuleSoft-hosted Anypoint Platform control plane

Answer 47

Answer: B

Question 48

How are an API implementation, API client, and API consumer combined to invoke and process an API?

A . The API consumer creates an API implementation, which receives API invocations from an API such that they are processed for an API client
B . The API client creates an API consumer, which receives API invocations from an API such that they are processed for an API implementation
C . The ApI consumer creates an API client, which sends API invocations to an API such that they are processed by
an API implementation
D . The ApI client creates an API consumer, which sends API invocations to an API such that they are processed by
an API implementation

Answer 48

Answer: C

Question 49

An API implementation is being designed that must invoke an Order API, which is known to repeatedly experience downtime.
For this reason, a fallback API is to be called when the Order API is unavailable.

What approach to designing the invocation of the fallback API provides the best resilience?

A . Search Anypoint Exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the Order API
B . Create a separate entry for the Order API in API Manager, and then invoke this API as a fallback API if the primary Order API is unavailable
C . Redirect client requests through an HTTP 307 Temporary Redirect status code to the fallback API whenever the Order API is unavailable
D . Set an option in the HTTP Requester component that invokes the Order API to instead invoke a fallback API whenever an HTTP 4xx or 5xx response status code is returned from the Order API

Answer 49

Answer: A

Question 50

An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.
The power relationship between Order API and Product API is one of ‘Customer/Supplier’, because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.

What strategy should be used to deal with the API data model of the Product API within the Order API?

A . Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model
B . Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API
C . Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API
D . Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API

Answer 50

Answer: C

Question 51

An organization is deploying its new implementation of the OrderStatus System API to multiple workers in CloudHub. This API fronts the organization’s on-premises Order Management System, which is accessed by the API implementation over an IPsec tunnel.
What type of error typically does NOT result in a service outage of the OrderStatus System API?

A . A CloudHub worker fails with an out-of-memory exception
B . API Manager has an extended outage during the initial deployment of the API implementation
C . The AWS region goes offline with a major network failure to the relevant AWS data centers
D . The Order Management System is Inaccessible due to a network outage in the organization’s on-premises data center

Answer 51

Answer: A

Question 52

What correctly characterizes unit tests of Mule applications?
A . They test the validity of input and output of source and target systems
B . They must be run in a unit testing environment with dedicated Mule runtimes for the environment
C . They must be triggered by an external client tool or event source
D . They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity

Answer 52

Answer: D

Question 53

What is a typical result of using a fine-grained rather than a coarse-grained API deployment model to implement a given business process?

A . A decrease in the number of connections within the application network supporting the business process
B . A higher number of discoverable API-related assets in the application network
C . A better response time for the end user as a result of the APIs being smaller in scope and complexity
D . An overall tower usage of resources because each fine-grained API consumes less resources

Answer 53

Answer: B

Question 54

An organization has implemented a Customer Address API to retrieve customer address information. This API has been deployed to multiple environments and has been configured to enforce client IDs everywhere. A developer is writing a client application to allow a user to update their address. The developer has found the
Customer Address API in Anypoint Exchange and wants to use it in their client application.

What step of gaining access to the API can be performed automatically by the Anypoint Platform?

A . Approve the client application request for the chosen SLA tier
B . Request access to the appropriate API Instances deployed to multiple environments using the client application’s credentials
C . Modify the client application to call the API using the client application’s credentials
D . Create a new application in Anypoint Exchange for requesting access to the API

Answer 54

Answer: A

Question 55

What is typically NOT a function of the APIs created within the framework called API-led connectivity?

A . They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
B . They allow for innovation at the user Interface level by consuming the underlying assets without being aware of how data Is being extracted from backend systems.
C . They reduce the dependency on the underlying backend systems by helping unlock data from backend systems In a reusable and consumable way.
D . They can compose data from various sources and combine them with orchestration logic to create higher level value.

Answer 55

Answer: A

Question 56

What Mule application deployment scenario requires using Anypoint Platform Private Cloud Edition or Anypoint Platform for Pivotal Cloud Foundry?

A . When it Is required to make ALL applications highly available across multiple data centers
B . When it is required that ALL APIs are private and NOT exposed to the public cloud
C . When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data
D . When ALL backend systems in the application network are deployed in the organization’s intranet

Answer 56

Answer: C

Question 57

What is true about automating interactions with Anypoint Platform using tools such as Anypoint Platform REST APIs, Anypoint CU, or the Mule Maven plugin?

A . Access to Anypoint Platform APIs and Anypoint CU can be controlled separately through the roles and permissions in Anypoint Platform, so that specific users can get access to Anypoint CLI white others get access to the platform APIs
B . Anypoint Platform APIs can ONLY automate interactions with CloudHub, while the Mule Maven plugin is required for deployment to customer-hosted Mule runtimes
C . By default, the Anypoint CLI and Mule Maven plugin are NOT included in the Mule runtime, so are NOT available to be used by deployed Mule applications
D . API policies can be applied to the Anypoint Platform APIs so that ONLY certain LOBs have access to specific functions

Answer 57

Answer: C

Question 58

A new upstream API Is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity.

The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms. If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet
the new upstream API’s desired SLA?

A . Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries
B . Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete
C . No timeout is possible to meet the upstream API’s desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API
D . Do not set a timeout; the Invocation of this API Is mandatory and so we must wait until it responds

Answer 58

Answer: B

Question 59

What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?

A . OAuth 2.0 access token enforcement
B . Client ID enforcement
C . JSON threat protection
D . IPwhitellst

Answer 59

Answer: D

Question 60

An organization makes a strategic decision to move towards an IT operating model that emphasizes the consumption of reusable IT assets using modern APIs (as defined by MuleSoft).

What best describes each modern API in relation to this new IT operating model?

A . Each modern API has its own software development lifecycle, which reduces the need for documentation and
automation
B . Each modem API must be treated like a product and designed for a particular target audience (for instance,
mobile app developers)
C . Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML
or JWT D
D . Each modern API must be REST and HTTP based

Answer 60

Answer: B

Question 61

What CANNOT be effectively enforced using an API policy in Anypoint Platform?

A . Guarding against Denial of Service attacks
B . Maintaining tamper-proof credentials between APIs
C . Logging HTTP requests and responses
D . Backend system overloading

Answer 61

Answer: A

Question 62

What is a best practice when building System APIs?

A . Document the API using an easily consumable asset like a RAML definition
B . Model all API resources and methods to closely mimic the operations of the backend system
C . Build an Enterprise Data Model (Canonical Data Model) for each backend system and apply it to System APIs
D . Expose to API clients all technical details of the API implementation’s interaction wifch the backend system

Answer 62

Answer: B

Question 63

Refer to the exhibit. An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have the budget for other system components.

What policy should be applied to all instances of APIs in the organization to most effecuvelyKestrict access to a specific group of internal users?

A . Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users
B . Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials
C . Apply an IP whitelist policy; only the specific users’ workstations will be in the whitelist
D . Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server

Answer 63

Answer: A

Question 64

A code-centric API documentation environment should allow API consumers to investigate and execute API client source code that demonstrates invoking one or more APIs as part of representative scenarios.

What is the most effective way to provide this type of code-centric API documentation environment using
Anypoint Platform?

A . Enable mocking services for each of the relevant APIs and expose them via their Anypoint Exchange entry
B . Ensure the APIs are well documented through their Anypoint Exchange entries and API Consoles and share
these pages with all API consumers
C . Create API Notebooks and include them in the relevant Anypoint Exchange entries
D . Make relevant APIs discoverable via an Anypoint Exchange entry

Answer 64

Answer: C

Question 65

An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?

A . Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
B . Use a spike control policy that limits the number of requests for each client application type
C . Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type
D . Use a rate-limiting policy and a client ID enforcement policy, each configured by the client application type

Answer 65

Answer: A

Question 66

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.

The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same
time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.

What out-of-the-box Anypoint Platform policy can address exposure to this threat?

A . Shut out bad actors by using HTTPS mutual authentication for all API invocations
B . Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
C . Apply a Header injection and removal policy that detects the malicious data before it is used
D . Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Answer 66

Answer: D

Question 67

How can the application of a rate limiting API policy be accurately reflected in the RAML definition of an API?

A . By refining the resource definitions by adding a description of the rate limiting policy behavior
B . By refining the request definitions by adding a remaining Requests query parameter with description, type, and example
C . By refining the response definitions by adding the out-of-the-box Anypoint Platform rate-limit-enforcement securityScheme with description, type, and example
D . By refining the response definitions by adding the x-ratelimit-* response headers with description, type, and
example

Answer 67

Answer: D

Question 68

What is the most performant out-of-the-box solution in Anypoint Platform to track transaction state in an asynchronously executing long-running process implemented as a Mule application deployed to multiple CloudHub workers?

A . Redis distributed cache
B . java.util.WeakHashMap
C . Persistent Object Store
D . File-based storage

Answer 68

C

Question 69

The responses to some HTTP requests can be cached depending on the HTTP verb used in the request. According to the HTTP specification, for what HTTP verbs is this safe to do?

A . PUT, POST, DELETE
B . GET, HEAD, POST
C . GET, PUT, OPTIONS
D . GET, OPTIONS, HEAD

Answer 69

Answer: D

Question 70

What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?

A . Single sign-on is required to sign in to Anypoint Platform
B . The application network must include System APIs that interact with the Identity Provider
C . To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens
issued by that same Identity Provider
D . APIs managed by Anypoint Platform must be protected by SAML 2.0 policies

Answer 70

Answer: C

Question 71

A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the AWS VPC. To what TCP port do API invocations to that Mule application need to be sent?

A . 443
B . 8081
C . 8091
D . 8082

Answer 71

Answer: D

Question 72

An API implementation is deployed to CloudHub. What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the end-to-end request processing of the API implementation?

A . When the API is invoked by an unrecognized API client
B . When a particular API client invokes the API too often within a given time period
C . When the response time of API invocations exceeds a threshold
D . When the API receives a very high number of API invocations

Answer 72

Answer: C

Question 73

What is true about where an API policy is defined in Anypoint Platform and how it is then applied to API
instances?

A . The API policy Is defined In Runtime Manager as part of the API deployment to a Mule runtime and then ONLY applied to the specific API Instance
B . The API policy Is defined In API Manager for a specific API Instance and then ONLY applied to the specific API instance
C . The API policy Is defined in API Manager and then automatically applied to ALL API instances
D . The API policy is defined in API Manager and then applied to ALL API instances in the specified environment

Answer 73

Answer: B

Question 74

What is the best way to decompose one end-to-end business process into a collaboration of Experience, Process,
and System APIs?

A) Handle customizations for the end-user application at the Process API level rather than the Experience API level
B) Allow System APIs to return data that is NOT currently required by the identified Process or Experience APIs
C) Always use a tiered approach by creating exactly one API for each of the 3 layers (Experience, Process and
System APIs)
D) Use a Process API to orchestrate calls to multiple System APIs, but NOT to other Process APIs

Answer 74

Answer: B

Question 75

When using CloudHub with the Shared Load Balancer, what is managed EXCLUSIVELY by the API implementation (the Mule application) and NOT by the Anypoint Platform?

A . The assignment of each HTTP request to a particular CloudHub worker
B . The logging configuration that enables log entries to be visible in Runtime Manager
C . The SSL certificates used by the API implementation to expose HTTPS endpoints
D . The number of DNS entries allocated to the API implementation

Answer 75

Answer: C

Question 76

What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?

A . A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design
B . The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
C . The FQDNs are determined by the application name, but can be modified by an administrator after deployment
D . The FQDNs are determined by both the application name and the Anypoint Platform organization

Answer 76

Answer: B

Question 77

Three business processes need to be implemented, and the implementations need to communicate with several different SaaS applications. These processes are owned by separate (siloed) LOBs and are mainly independent of each other, but do share a
few business entities. Each LOB has one development team and their own budget In this organizational context, what is the most effective approach to choose the API data models for the APIs that
will implement these business processes with minimal redundancy of the data models?

A) Build several Bounded Context Data Models that align with coherent parts of the business processes and the
definitions of associated business entities
B) Build distinct data models for each API to follow established micro-services and Agile API-centric practices
C) Build all API data models using XML schema to drive consistency and reuse across the organization
D) Build one centralized Canonical Data Model (Enterprise Data Model) that unifies all the data types from all
three business processes, ensuring the data model is consistent and non-redundant

Answer 77

Answer: A

Question 78

What is a valid API in the sense of API-led connectivity and application networks?

A) Java RMI over TCP
B) Java RMI over TCP
C) CORBA over HOP
D) XML over UDP

Answer 78

Answer: D

Question 79

A System API is designed to retrieve data from a backend system that has scalability challenges. What API policy can best safeguard the backend system?

A . IPwhitelist
B . SLA-based rate limiting
C . Auth 2 token enforcement
D . Client ID enforcement

Answer 79

Answer: B

Question 80

what is true when using customer-hosted Mule runtimes with the MuleSoft-hosted Anypoint Platform control plane (hybrid deployment)?
A . Anypoint Runtime Manager initiates a network connection to a Mule runtime in order to deploy Mule
applications
B . The MuleSoft-hosted Shared Load Balancer can be used to load balance API invocations to the Mule runtimes
C . API implementations can run successfully in customer-hosted Mule runtimes, even when they are unable to
communicate with the control plane
D . Anypoint Runtime Manager automatically ensures HA in the control plane by creating a new Mule runtime
instance in case of a node failure

Answer 80

Answer: C

Question 81

A RAML definition has been proposed for a new Promotions Process API, and has been published to Anypoint
Exchange. The Marketing Department, who will be an important consumer of the Promotions API, has important requirements and expectations that must be met.

What is the most effective way to use Anypoint Platform features to involve the Marketing Department in this early API design phase?

A) Ask the Marketing Department to interact with a mocking implementation of the API using the automatically generated API Console

B) Organize a design workshop with the DBAs of the Marketing Department in which the database schema of the Marketing IT systems is translated into RAML

C) Use Anypoint Studio to Implement the API as a Mule application, then deploy that API implementation to CloudHub and ask the Marketing Department to interact with it

D) Export an integration test suite from API designer and have the Marketing Department execute the tests In that suite to ensure they pass

Answer 81

Answer: A

Question 82

What should be ensured before sharing an API through a public Anypoint Exchange portal?

A . The visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility
B . The users needing access to the API should be added to the appropriate role in Anypoint Platform
C . The API should be functional with at least an initial implementation deployed and accessible for users to
interact with
D . The API should be secured using one of the supported authentication/authorization mechanisms to ensure
that data is not compromised

Answer 82

Answer: A

Question 83

What best explains the use of auto-discovery in API implementations?

A . It makes API Manager aware of API implementations and hence enables it to enforce policies
B . It enables Anypoint Studio to discover API definitions configured in Anypoint Platform
C . It enables Anypoint Exchange to discover assets and makes them available for reuse
D . It enables Anypoint Analytics to gain insight into the usage of APIs

Answer 83

Answer: A

Question 84

When designing an upstream API and its implementation, the development team has been advised to NOT set timeouts when invoking a downstream API, because that downstream API has no SLA that can be relied upon.

This is the only downstream API dependency of that upstream API.
Assume the downstream API runs uninterrupted without crashing. What is the impact of this advice?

A . An SLA for the upstream API CANNOT be provided
B . The invocation of the downstream API will run to completion without timing out
C . A default timeout of 500 ms will automatically be applied by the Mule runtime in which the upstream API implementation executes
D . A toad-dependent timeout of less than 1000 ms will be applied by the Mule runtime in which the downstream API implementation executes

Answer 84

Answer: A

Question 85

In an organization, the InfoSec team is investigating Anypoint Platform-related data traffic.

From where do most of the data available to Anypoint Platform for monitoring and alerting originate?

A . From the Mule runtime or the API implementation, depending on the deployment model
B . From various components of the Anypoint Platform, such as the Shared Load Balancer, VPC, and Mule runtimes
C . From the Mule runtime or the API Manager, depending on the type of data
D . From the Mule runtime irrespective of the deployment model

Answer 85

Answer: D

Question 86

A developer is building a client application to invoke an API deployed to the STAGING environment that is governed by a client ID enforcement policy.

What is required to successfully invoke the API?

A . The client ID and secret for the Anypoint Platform account owning the API in the STAGING environment
B . The client ID and secret for the Anypoint Platform account’s STAGING environment
C . The client ID and secret obtained from Anypoint Exchange for the API instance in the STAGING environment
D . A valid OAuth token obtained from Anypoint Platform and its associated client ID and secret

Answer 86

Answer: C

Question 87

Refer to the exhibit. An organization needs to enable access to their customer data from both a mobile app and a web application, which each need access to common fields as well as certain unique fields.
The data is available partially in a database and partially in a 3rd-party CRM system. What APIs should be created to best fit these design requirements?

A) A Process API that contains the data required by both the web and mobile apps, allowing these applications to invoke it directly and access the data they need thereby providing the flexibility to add more fields in the future without needing API changes
B) One set of APIs (Experience API, Process API, and System API) for the web app, and another set for the mobile app
C) Separate Experience APIs for the mobile and web app, but a common Process API that invokes separate System
APIs created for the database and CRM system
D) A common Experience API used by both the web and mobile apps, but separate Process APIs for the web and
mobile apps that interact with the database and the CRM System

Answer 87

Answer: C

Question 88

The implementation of a Process API must change.
What is a valid approach that minimizes the impact of this change on API clients?

A . Update the RAML definition of the current Process API and notify API client developers by sending them links to the updated RAML definition
B . Postpone changes until API consumers acknowledge they are ready to migrate to a new Process API or API version
C . Implement required changes to the Process API implementation so that whenever possible, the Process API’s RAML definition remains unchanged
D . Implement the Process API changes in a new API implementation, and have the old API implementation return
an HTTP status code 301 - Moved Permanently to inform API clients they should be calling the new API implementation

Answer 88

Answer: C

Question 89

An API implementation is deployed on a single worker on CloudHub and invoked by external API clients (outside of CloudHub). How can an alert be set up that is guaranteed to trigger AS SOON AS that API implementation stops responding to API invocations?

A . Implement a heartbeat/health check within the API and invoke it from outside the Anypoint Platform and alert when the heartbeat does not respond
B . Configure a ‘worker not responding’ alert in Anypoint Runtime Manager
C . Handle API invocation exceptions within the calling API client and raise an alert from that API client when the API Is Unavailable
D . Create an alert for when the API receives no requests within a specified time period

Answer 89

Answer: B

Question 90

What is true about the technology architecture of Anypoint VPCs?

A . The private IP address range of an Anypoint VPC is automatically chosen by CloudHub
B . Traffic between Mule applications deployed to an Anypoint VPC and on-premises systems can stay within a private network
C . Each CloudHub environment requires a separate Anypoint VPC
D . VPC peering can be used to link the underlying AWS VPC to an on-premises (non AWS) private network

Answer 90

Answer: B

Question 91

What do the API invocation metrics provided by Anypoint Platform provide?

A . ROI metrics from APIs that can be directly shared with business users
B . Measurements of the effectiveness of the application network based on the level of reuse
C . Data on past API invocations to help identify anomalies and usage patterns across various APIs
D . Proactive identification of likely future policy violations that exceed a given threat threshold

Answer 91

Answer: C

Question 92

What condition requires using a CloudHub Dedicated Load Balancer?

A . When cross-region load balancing is required between separate deployments of the same Mule application
B . When custom DNS names are required for API implementations deployed to customer-hosted Mule runtimes
C . When API invocations across multiple CloudHub workers must be load balanced
D . When server-side load-balanced TLS mutual authentication is required between API implementations and API clients

Answer 92

Answer: D

Question 93

An organization is implementing a Quote of the Day API that caches today’s quote.

What scenario can use the GoudHub Object Store via the Object Store connector to persist the cache’s state?

A . When there are three CloudHub deployments of the API implementation to three separate CloudHub regions that must share the cache state
B . When there are two CloudHub deployments of the API implementation by two Anypoint Platform business groups to the same CloudHub region that must share the cache state
C . When there is one deployment of the API implementation to CloudHub and anottV deployment to a customerhosted Mule runtime that must share the cache state
D . When there is one CloudHub deployment of the API implementation to three CloudHub workers that must
share the cache state

Answer 93

Answer: D

Question 94

What is a key performance indicator (KPI) that measures the success of a typical C4E that is immediately apparent in responses from the Anypoint Platform APIs?

A . The number of production outage incidents reported in the last 24 hours
B . The number of API implementations that have a publicly accessible HTTP endpoint and are being managed by Anypoint Platform
C . The fraction of API implementations deployed manually relative to those deployed using a CI/CD tool
D . The number of API specifications in RAML or OAS format published to Anypoint Exchange

Answer 94

Answer: D

Question 95

What API policy would LEAST likely be applied to a Process API?

A . Custom circuit breaker
B . Client ID enforcement
C . Rate limiting
D . JSON threat protection

Answer 95

Answer: D