MuleSoft-Platform-Architect-I Exam Info and Free Practice Test All-in-One Exam Guide Nov-2024
Pass Salesforce MuleSoft-Platform-Architect-I Actual Free Exam Q&As Updated Dump Nov 10, 2024
Salesforce MuleSoft-Platform-Architect-I Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 24
What are the major benefits of MuleSoft proposed IT Operating Model?
- A. 1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Make consumption of assets at the rate of production - B. 1. Decrease the IT delivery gap
2. Meet various business demands by increasing the IT capacity and forming various IT departments
3. Make consumption of assets at the rate of production - C. 1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Focus on creation of reusable assets first. Upon finishing creation of all the possible assets then inform the LOBs in the organization to start using them
Answer: A
Explanation:
Correct Answer :
1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Make consumption of assets at the rate of production.
*****************************************
Reference:
NEW QUESTION # 25
What CANNOT be effectively enforced using an API policy in Anypoint Platform?
- A. Maintaining tamper-proof credentials between APIs
- B. Backend system overloading
- C. Guarding against Denial of Service attacks
- D. Logging HTTP requests and responses
Answer: C
Explanation:
Correct Answer : Guarding against Denial of Service attacks
*****************************************
>> Backend system overloading can be handled by enforcing "Spike Control Policy"
>> Logging HTTP requests and responses can be done by enforcing "Message Logging Policy"
>> Credentials can be tamper-proofed using "Security" and "Compliance" Policies However, unfortunately, there is no proper way currently on Anypoint Platform to guard against DOS attacks.
NEW QUESTION # 26
Due to a limitation in the backend system, a system API can only handle up to 500 requests per second. What is the best type of API policy to apply to the system API to avoid overloading the backend system?
- A. Spike control
- B. Rate limiting
- C. Rate limiting - SLA based
- D. HTTP caching
Answer: A
Explanation:
Correct Answer : Spike control
*****************************************
>> First things first, HTTP Caching policy is for purposes different than avoiding the backend system from overloading. So this is OUT.
>> Rate Limiting and Throttling/ Spike Control policies are designed to limit API access, but have different intentions.
>> Rate limiting protects an API by applying a hard limit on its access.
>> Throttling/ Spike Control shapes API access by smoothing spikes in traffic.
That is why, Spike Control is the right option.
NEW QUESTION # 27
What are 4 important Platform Capabilities offered by Anypoint Platform?
- A. API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API Consumer Engagement
- B. API Design and Development, API Runtime Execution and Hosting, API Versioning, API Deprecation
- C. API Versioning, API Runtime Execution and Hosting, API Invocation, API Consumer Engagement
- D. API Design and Development, API Deprecation, API Versioning, API Consumer Engagement
Answer: A
Explanation:
Correct Answer : API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API Consumer Engagement
*****************************************
>> API Design and Development - Anypoint Studio, Anypoint Design Center, Anypoint Connectors
>> API Runtime Execution and Hosting - Mule Runtimes, CloudHub, Runtime Services
>> API Operations and Management - Anypoint API Manager, Anypoint Exchange
>> API Consumer Management - API Contracts, Public Portals, Anypoint Exchange, API Notebooks
NEW QUESTION # 28
What is a key performance indicator (KPI) that measures the success of a typical C4E that is immediately apparent in responses from the Anypoint Platform APIs?
- A. The number of API specifications in RAML or OAS format published to Anypoint Exchange
- B. The fraction of API implementations deployed manually relative to those deployed using a CI/CD tool
- C. The number of production outage incidents reported in the last 24 hours
- D. The number of API implementations that have a publicly accessible HTTP endpoint and are being managed by Anypoint Platform
Answer: A
Explanation:
Correct Answer : The number of API specifications in RAML or OAS format published to Anypoint Exchange
*****************************************
>> The success of C4E always depends on their contribution to the number of reusable assets that they have helped to build and publish to Anypoint Exchange.
>> It is NOT due to any factors w.r.t # of outages, Manual vs CI/CD deployments or Publicly accessible HTTP endpoints
>> Anypoint Platform APIs helps us to quickly run and get the number of published RAML/OAS assets to Anypoint Exchange. This clearly depicts how successful a C4E team is based on number of returned assets in the response.
NEW QUESTION # 29
A Mule application exposes an HTTPS endpoint and is deployed to three CloudHub workers that do not use static IP addresses. The Mule application expects a high volume of client requests in short time periods. What is the most cost-effective infrastructure component that should be used to serve the high volume of client requests?
- A. The CloudHub shared load balancer
- B. An API proxy
- C. Runtime Manager autoscaling
- D. A customer-hosted load balancer
Answer: A
Explanation:
Correct Answer : The CloudHub shared load balancer
*****************************************
The scenario in this question can be split as below:
>> There are 3 CloudHub workers (So, there are already good number of workers to handle high volume of requests)
>> The workers are not using static IP addresses (So, one CANNOT use customer load-balancing solutions without static IPs)
>> Looking for most cost-effective component to load balance the client requests among the workers.
Based on the above details given in the scenario:
>> Runtime autoscaling is NOT at all cost-effective as it incurs extra cost. Most over, there are already 3 workers running which is a good number.
>> We cannot go for a customer-hosted load balancer as it is also NOT most cost-effective (needs custom load balancer to maintain and licensing) and same time the Mule App is not having Static IP Addresses which limits from going with custom load balancing.
>> An API Proxy is irrelevant there as it has no role to play w.r.t handling high volumes or load balancing.
So, the only right option to go with and fits the purpose of scenario being most cost-effective is - using a CloudHub Shared Load Balancer.
NEW QUESTION # 30
The responses to some HTTP requests can be cached depending on the HTTP verb used in the request. According to the HTTP specification, for what HTTP verbs is this safe to do?
- A. GET, PUT, OPTIONS
- B. GET, HEAD, POST
- C. GET, OPTIONS, HEAD
- D. PUT, POST, DELETE
Answer: C
Explanation:
Correct Answer : GET, OPTIONS, HEAD
http://restcookbook.com/HTTP%20Methods/idempotency/
NEW QUESTION # 31
An organization wants MuleSoft-hosted runtime plane features (such as HTTP load balancing, zero downtime, and horizontal and vertical scaling) in its Azure environment. What runtime plane minimizes the organization's effort to achieve these features?
- A. A hybrid combination of customer-hosted and MuleSoft-hosted Mule runtimes
- B. CloudHub
- C. Anypoint Platform for Pivotal Cloud Foundry
- D. Anypoint Runtime Fabric
Answer: D
Explanation:
Correct Answer : Anypoint Runtime Fabric
*****************************************
>> When a customer is already having an Azure environment, It is not at all an ideal approach to go with hybrid model having some Mule Runtimes hosted on Azure and some on MuleSoft. This is unnecessary and useless.
>> CloudHub is a Mulesoft-hosted Runtime plane and is on AWS. We cannot customize to point CloudHub to customer's Azure environment.
>> Anypoint Platform for Pivotal Cloud Foundry is specifically for infrastructure provided by Pivotal Cloud Foundry
>> Anypoint Runtime Fabric is right answer as it is a container service that automates the deployment and orchestration of Mule applications and API gateways. Runtime Fabric runs within a customer-managed infrastructure on AWS, Azure, virtual machines (VMs), and bare-metal servers.
-Some of the capabilities of Anypoint Runtime Fabric include:
-Isolation between applications by running a separate Mule runtime per application.
-Ability to run multiple versions of Mule runtime on the same set of resources.
-Scaling applications across multiple replicas.
-Automated application fail-over.
-Application management with Anypoint Runtime Manager.
NEW QUESTION # 32
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?
- A. Apply a Header injection and removal policy that detects the malicious data before it is used
- B. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
- C. Apply a JSON threat protection policy to all APIs to detect potential threat vectors
- D. Shut out bad actors by using HTTPS mutual authentication for all API invocations
Answer: C
Explanation:
Correct Answer : Apply a JSON threat protection policy to all APIs to detect potential threat vectors
*****************************************
>> Usually, if the APIs are designed and developed for specific consumers (known consumers/customers) then we would IP Whitelist the same to ensure that traffic only comes from them.
>> However, as this scenario states that the APIs are publicly available and being used by so many mobile and web applications, it is NOT possible to identify and blacklist all possible bad actors.
>> So, JSON threat protection policy is the best chance to prevent any bad JSON payloads from such bad actors.
NEW QUESTION # 33
Say, there is a legacy CRM system called CRM-Z which is offering below functions:
1. Customer creation
2. Amend details of an existing customer
3. Retrieve details of a customer
4. Suspend a customer
- A. Implement a system API named customerManagement which has all the functionalities wrapped in it as various operations/resources
- B. Implement different system APIs named createCustomer, amendCustomer, retrieveCustomer and suspendCustomer as they are modular and has seperation of concerns
- C. Implement different system APIs named createCustomerInCRMZ, amendCustomerInCRMZ, retrieveCustomerFromCRMZ and suspendCustomerInCRMZ as they are modular and has seperation of concerns
Answer: B
Explanation:
Correct Answer : Implement different system APIs named createCustomer, amendCustomer, retrieveCustomer and suspendCustomer as they are modular and has seperation of concerns
*****************************************
>> It is quite normal to have a single API and different Verb + Resource combinations. However, this fits well for an Experience API or a Process API but not a best architecture style for System APIs. So, option with just one customerManagement API is not the best choice here.
>> The option with APIs in createCustomerInCRMZ format is next close choice w.r.t modularization and less maintenance but the naming of APIs is directly coupled with the legacy system. A better foreseen approach would be to name your APIs by abstracting the backend system names as it allows seamless replacement/migration of any backend system anytime. So, this is not the correct choice too.
>> createCustomer, amendCustomer, retrieveCustomer and suspendCustomer is the right approach and is the best fit compared to other options as they are both modular and same time got the names decoupled from backend system and it has covered all requirements a System API needs.
NEW QUESTION # 34
An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.
The power relationship between Order API and Product API is one of "Customer/Supplier", because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.
What strategy should be used to deal with the API data model of the Product API within the Order API?
- A. Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API
- B. Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API
- C. Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API
- D. Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model
Answer: C
Explanation:
Correct Answer : Convince the development team of the product API to adopt the API data model of the Order API such that integration logic of the Order API can work with one consistent internal data model
*****************************************
Key details to note from the given scenario:
>> Power relationship between Order API and Product API is customer/supplier So, as per below rules of "Power Relationships", the caller (in this case Order API) would request for features to the called (Product API team) and the Product API team would need to accomodate those requests.
NEW QUESTION # 35
Which of the below, when used together, makes the IT Operational Model effective?
- A. Create reusable assets, Do marketing on the created assets across organization, Arrange time to time LOB reviews to ensure assets are being consumed or not
- B. Create resuable assets, make them discoverable so that LOB teams can self-serve and browse the APIs
- C. Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics
Answer: B
Explanation:
Correct Answer : Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics.
*****************************************
NEW QUESTION # 36
Which of the following sequence is correct?
- A. API Consumer requests access to API >> API Client implementes logic to call an API >> API routes the request to >> API Implementation
- B. API Client implementes logic to call an API >> API Consumer requests access to API >> API routes the request to >> API Implementation
- C. API Client implementes logic to call an API >> API Consumer requests access to API >> API Implementation routes the request to >> API
- D. API Consumer implementes logic to call an API >> API Client requests access to API >> API Implementation routes the request to >> API
Answer: A
Explanation:
Correct Answer : API Consumer requests access to API >> API Client implementes logic to call an API >> API routes the request to >> API Implementation
*****************************************
>> API consumer does not implement any logic to invoke APIs. It is just a role. So, the option stating "API Consumer implementes logic to call an API" is INVALID.
>> API Implementation does not route any requests. It is a final piece of logic where functionality of target systems is exposed. So, the requests should be routed to the API implementation by some other entity. So, the options stating "API Implementation routes the request to >> API" is INVALID
>> The statements in one of the options are correct but sequence is wrong. The sequence is given as "API Client implementes logic to call an API >> API Consumer requests access to API >> API routes the request to >> API Implementation". Here, the statements in the options are VALID but sequence is WRONG.
>> Right option and sequence is the one where API consumer first requests access to API on Anypoint Exchange and obtains client credentials. API client then writes logic to call an API by using the access client credentials requested by API consumer and the requests will be routed to API implementation via the API which is managed by API Manager.
NEW QUESTION # 37
What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?
- A. Single sign-on is required to sign in to Anypoint Platform
- B. The application network must include System APIs that interact with the Identity Provider
- C. To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
- D. APIs managed by Anypoint Platform must be protected by SAML 2.0 policies
Answer: C
Explanation:
https://www.folkstalk.com/2019/11/mulesoft-integration-and-platform.html Correct Answer : To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
*****************************************
>> It is NOT necessary that single sign-on is required to sign in to Anypoint Platform because we are using an external Identity Provider for Client Management
>> It is NOT necessary that all APIs managed by Anypoint Platform must be protected by SAML 2.0 policies because we are using an external Identity Provider for Client Management
>> Not TRUE that the application network must include System APIs that interact with the Identity Provider because we are using an external Identity Provider for Client Management Only TRUE statement in the given options is - "To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider" Reference:
https://docs.mulesoft.com/api-manager/2.x/external-oauth-2.0-token-validation-policy
https://blogs.mulesoft.com/dev/api-dev/api-security-ways-to-authenticate-and-authorize/
NEW QUESTION # 38
An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?
- A. Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type
- B. Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type
- C. Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
- D. Use a spike control policy that limits the number of requests for each client application type
Answer: C
Explanation:
Correct Answer : Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type.
*****************************************
>> SLA tiers will come into play whenever any limits to be imposed on APIs based on client type
NEW QUESTION # 39
What best explains the use of auto-discovery in API implementations?
- A. It enables Anypoint Analytics to gain insight into the usage of APIs
- B. It makes API Manager aware of API implementations and hence enables it to enforce policies
- C. It enables Anypoint Exchange to discover assets and makes them available for reuse
- D. It enables Anypoint Studio to discover API definitions configured in Anypoint Platform
Answer: B
Explanation:
Correct Answer : It makes API Manager aware of API implementations and hence enables it to enforce policies.
*****************************************
>> API Autodiscovery is a mechanism that manages an API from API Manager by pairing the deployed application to an API created on the platform.
>> API Management includes tracking, enforcing policies if you apply any, and reporting API analytics.
>> Critical to the Autodiscovery process is identifying the API by providing the API name and version.
Reference:
https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept
https://docs.mulesoft.com/api-manager/1.x/api-auto-discovery
https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept
NEW QUESTION # 40
Question 10: Skipped
An API implementation returns three X-RateLimit-* HTTP response headers to a requesting API client. What type of information do these response headers indicate to the API client?
- A. A correlation ID that should be sent in the next request
- B. The HTTP response size
- C. The remaining capacity allowed by the API implementation
- D. The error codes that result from throttling
Answer: C
Explanation:
Correct Answer : The remaining capacity allowed by the API implementation.
*****************************************
>> Reference: https://docs.mulesoft.com/api-manager/2.x/rate-limiting-and-throttling-sla-based-policies#response-headers
NEW QUESTION # 41
......
Online Questions - Valid Practice MuleSoft-Platform-Architect-I Exam Dumps Test Questions: https://www.passleadervce.com/Salesforce-MuleSoft/reliable-MuleSoft-Platform-Architect-I-exam-learning-guide.html
Latest MuleSoft-Platform-Architect-I Actual Free Exam Updated 97 Questions: https://drive.google.com/open?id=1zLwhRGW2Kmpz5SMa1Rfr3HdkgggW1iFE