New 2024 MCPA-Level-1-Maintenance Dumps for MuleSoft Certified Platform Architect Certified Exam Questions & Answer [Q18-Q42]

NO.18 A system API has a guaranteed SLA of 100 ms per request. The system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. An upstream process API invokes the system API and the main goal of this process API is to respond to client requests in the least possible time. In what order should the system APIs be invoked, and what changes should be made in order to speed up the response time for requests from the process API?

In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment, and ONLY use the first response

In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment using a scatter-gather configured with a timeout, and then merge the responses

Invoke the system API deployed to the primary environment, and if it fails, invoke the system API deployed to the DR environment

Invoke ONLY the system API deployed to the primary environment, and add timeout and retry logic to avoid intermittent failures

NO.19 What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?

Single sign-on is required to sign in to Anypoint Platform

The application network must include System APIs that interact with the Identity Provider

To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider

APIs managed by Anypoint Platform must be protected by SAML 2.0 policies

NO.20 An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.
The power relationship between Order API and Product API is one of “Customer/Supplier”, because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.
What strategy should be used to deal with the API data model of the Product API within the Order API?

Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model

Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API

Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API

Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API

NO.21 An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

Shut out bad actors by using HTTPS mutual authentication for all API invocations

Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors

Apply a Header injection and removal policy that detects the malicious data before it is used

Apply a JSON threat protection policy to all APIs to detect potential threat vectors

NO.22 An API implementation is deployed to CloudHub.
What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the end-to-end request processing of the API implementation?

When the API is invoked by an unrecognized API client

When a particular API client invokes the API too often within a given time period

When the response time of API invocations exceeds a threshold

When the API receives a very high number of API invocations

NO.23 What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?

They must avoid using the Object Store as it depends on services deployed ONLY to the US East region

They must use a Jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ

They must te deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control planes, with both planes in the same Jurisdiction

They must ensure ALL data is encrypted both in transit and at rest

NO.24 The application network is recomposable: it is built for change because it “bends but does not break”

TRUE

FALSE

NO.25 Which of the following sequence is correct?

API Client implementes logic to call an API >> API Consumer requests access to API >> API Implementation routes the request to >> API

API Consumer requests access to API >> API Client implementes logic to call an API >> API routes the request to >> API Implementation

API Consumer implementes logic to call an API >> API Client requests access to API >> API Implementation routes the request to >> API

API Client implementes logic to call an API >> API Consumer requests access to API >> API routes the request to >> API Implementation

NO.26 When using CloudHub with the Shared Load Balancer, what is managed EXCLUSIVELY by the API implementation (the Mule application) and NOT by Anypoint Platform?

The assignment of each HTTP request to a particular CloudHub worker

The logging configuration that enables log entries to be visible in Runtime Manager

The SSL certificates used by the API implementation to expose HTTPS endpoints

The number of DNS entries allocated to the API implementation

NO.27 What Anypoint Connectors support transactions?

Database, JMS, VM

Database, 3MS, HTTP

Database, JMS, VM, SFTP

Database, VM, File

NO.28 An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API’s public portal.
The API endpoint does NOT change in the new version.
How should the developer of an API client respond to this change?

The update should be identified as a project risk and full regression testing of the functionality that uses this API should be run

The API producer should be contacted to understand the change to existing functionality

The API producer should be requested to run the old version in parallel with the new one

The API client code ONLY needs to be changed if it needs to take advantage of new features

NO.29 Version 3.0.1 of a REST API implementation represents time values in PST time using ISO 8601 hh:mm:ss format. The API implementation needs to be changed to instead represent time values in CEST time using ISO
8601 hh:mm:ss format. When following the semver.org semantic versioning specification, what version should be assigned to the updated API implementation?

3.0.2

4.0.0

3.1.0

3.0.1

NO.30 In which layer of API-led connectivity, does the business logic orchestration reside?

System Layer

Experience Layer

Process Layer

NO.31 The responses to some HTTP requests can be cached depending on the HTTP verb used in the request.
According to the HTTP specification, for what HTTP verbs is this safe to do?

PUT, POST, DELETE

GET, HEAD, POST

GET, PUT, OPTIONS

GET, OPTIONS, HEAD

NO.32 An API implementation is being designed that must invoke an Order API, which is known to repeatedly experience downtime.
For this reason, a fallback API is to be called when the Order API is unavailable.
What approach to designing the invocation of the fallback API provides the best resilience?

Search Anypoint Exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the Order API

Create a separate entry for the Order API in API Manager, and then invoke this API as a fallback API if the primary Order API is unavailable

Redirect client requests through an HTTP 307 Temporary Redirect status code to the fallback API whenever the Order API is unavailable

Set an option in the HTTP Requester component that invokes the Order API to instead invoke a fallback API whenever an HTTP 4xx or 5xx response status code is returned from the Order API

NO.33 A Mule application exposes an HTTPS endpoint and is deployed to three CloudHub workers that do not use static IP addresses. The Mule application expects a high volume of client requests in short time periods. What is the most cost-effective infrastructure component that should be used to serve the high volume of client requests?

A customer-hosted load balancer

The CloudHub shared load balancer

An API proxy

Runtime Manager autoscaling

NO.34 An organization has implemented a Customer Address API to retrieve customer address information. This API has been deployed to multiple environments and has been configured to enforce client IDs everywhere.
A developer is writing a client application to allow a user to update their address. The developer has found the Customer Address API in Anypoint Exchange and wants to use it in their client application.
What step of gaining access to the API can be performed automatically by Anypoint Platform?

Approve the client application request for the chosen SLA tier

Request access to the appropriate API Instances deployed to multiple environments using the client application’s credentials

Modify the client application to call the API using the client application’s credentials

Create a new application in Anypoint Exchange for requesting access to the API

NO.35 What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?

A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design

The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region

The FQDNs are determined by the application name, but can be modified by an administrator after deployment

The FQDNs are determined by both the application name and the Anypoint Platform organization

NO.36 What Anypoint Platform Capabilities listed below fall under APIs and API Invocations/Consumers category?
Select TWO.

API Operations and Management

API Runtime Execution and Hosting

API Consumer Engagement

API Design and Development

NO.37 What is true about automating interactions with Anypoint Platform using tools such as Anypoint Platform REST APIs, Anypoint CU, or the Mule Maven plugin?

Access to Anypoint Platform APIs and Anypoint CU can be controlled separately through the roles and permissions in Anypoint Platform, so that specific users can get access to Anypoint CLI white others get access to the platform APIs

Anypoint Platform APIs can ONLY automate interactions with CloudHub, while the Mule Maven plugin is required for deployment to customer-hosted Mule runtimes

By default, the Anypoint CLI and Mule Maven plugin are NOT included in the Mule runtime, so are NOT available to be used by deployed Mule applications

API policies can be applied to the Anypoint Platform APIs so that ONLY certain LOBs have access to specific functions

NO.38 A system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. A process API is a client to the system API and is being rate limited by the system API, with different limits in each of the environments. The system API’s DR environment provides only 20% of the rate limiting offered by the primary environment. What is the best API fault-tolerant invocation strategy to reduce overall errors in the process API, given these conditions and constraints?

Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke the system API deployed to the DR environment

Invoke the system API deployed to the primary environment; add retry logic to the process API to handle intermittent failures by invoking the system API deployed to the DR environment

In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment; add timeout and retry logic to the process API to avoid intermittent failures; add logic to the process API to combine the results

Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke a copy of the process API deployed to the DR environment

Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke the system API deployed to the DR environment
*****************************************
There is one important consideration to be noted in the question which is – System API in DR environment provides only 20% of the rate limiting offered by the primary environment. So, comparitively, very less calls will be allowed into the DR environment API opposed to its primary environment. With this in mind, lets analyse what is the right and best fault-tolerant invocation strategy.
1. Invoking both the system APIs in parallel is definitely NOT a feasible approach because of the 20% limitation we have on DR environment. Calling in parallel every time would easily and quickly exhaust the rate limits on DR environment and may not give chance to genuine intermittent error scenarios to let in during the time of need.
2. Another option given is suggesting to add timeout and retry logic to process API while invoking primary environment’s system API. This is good so far. However, when all retries failed, the option is suggesting to invoke the copy of process API on DR environment which is not right or recommended. Only system API is the one to be considered for fallback and not the whole process API. Process APIs usually have lot of heavy orchestration calling many other APIs which we do not want to repeat again by calling DR’s process API. So this option is NOT right.
3. One more option given is suggesting to add the retry (no timeout) logic to process API to directly retry on DR environment’s system API instead of retrying the primary environment system API first. This is not at all a proper fallback. A proper fallback should occur only after all retries are performed and exhausted on Primary environment first. But here, the option is suggesting to directly retry fallback API on first failure itself without trying main API. So, this option is NOT right too.
This leaves us one option which is right and best fit.
– Invoke the system API deployed to the primary environment
– Add Timeout and Retry logic on it in process API
– If it fails even after all retries, then invoke the system API deployed to the DR environment.

NO.39 What are 4 important Platform Capabilities offered by Anypoint Platform?

API Versioning, API Runtime Execution and Hosting, API Invocation, API Consumer Engagement

API Design and Development, API Runtime Execution and Hosting, API Versioning, API Deprecation

API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API Consumer Engagement

API Design and Development, API Deprecation, API Versioning, API Consumer Engagement

NO.40 A code-centric API documentation environment should allow API consumers to investigate and execute API client source code that demonstrates invoking one or more APIs as part of representative scenarios.
What is the most effective way to provide this type of code-centric API documentation environment using Anypoint Platform?

Enable mocking services for each of the relevant APIs and expose them via their Anypoint Exchange entry

Ensure the APIs are well documented through their Anypoint Exchange entries and API Consoles and share these pages with all API consumers

Create API Notebooks and include them in the relevant Anypoint Exchange entries

Make relevant APIs discoverable via an Anypoint Exchange entry

NO.41 Select the correct Owner-Layer combinations from below options

1. App Developers owns and focuses on Experience Layer APIs
2. Central IT owns and focuses on Process Layer APIs
3. LOB IT owns and focuses on System Layer APIs

1. Central IT owns and focuses on Experience Layer APIs
2. LOB IT owns and focuses on Process Layer APIs
3. App Developers owns and focuses on System Layer APIs

1. App Developers owns and focuses on Experience Layer APIs
2. LOB IT owns and focuses on Process Layer APIs
3. Central IT owns and focuses on System Layer APIs

NO.42 Which of the below, when used together, makes the IT Operational Model effective?

Create reusable assets, Do marketing on the created assets across organization, Arrange time to time LOB reviews to ensure assets are being consumed or not

Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics

Create resuable assets, make them discoverable so that LOB teams can self-serve and browse the APIs