Real MuleSoft MCPA-Level-1-Maintenance Exam Dumps with Correct 81 Questions and Answers
Valid MCPA-Level-1-Maintenance Test Answers & MuleSoft MCPA-Level-1-Maintenance Exam PDF
NEW QUESTION # 16
True or False. We should always make sure that the APIs being designed and developed are self-servable even if it needs more man-day effort and resources.
- A. TRUE
- B. FALSE
Answer: A
Explanation:
TRUE
*****************************************
>> As per MuleSoft proposed IT Operating Model, designing APIs and making sure that they are discoverable and self-servable is VERY VERY IMPORTANT and decides the success of an API and its application network.
NEW QUESTION # 17
An organization has created an API-led architecture that uses various API layers to integrate mobile clients with a backend system. The backend system consists of a number of specialized components and can be accessed via a REST API. The process and experience APIs share the same bounded-context model that is different from the backend data model. What additional canonical models, bounded-context models, or anti-corruption layers are best added to this architecture to help process data consumed from the backend system?
- A. Create an anti-corruption layer for every API to perform transformation for every data model to match each other, and let data simply travel between APIs to avoid the complexity and overhead of building canonical models
- B. Create a bounded-context model for every layer and overlap them when the boundary contexts overlap, letting API developers know about the differences between upstream and downstream data models
- C. Create a canonical model that combines the backend and API-led models to simplify and unify data models, and minimize data transformations.
- D. Create a bounded-context model for the system layer to closely match the backend data model, and add an anti-corruption layer to let the different bounded contexts cooperate across the system and process layers
Answer: D
Explanation:
Create a bounded-context model for the system layer to closely match the backend data model, and add an anti-corruption layer to let the different bounded contexts cooperate across the system and process layers
*****************************************
>> Canonical models are not an option here as the organization has already put in efforts and created bounded-context models for Experience and Process APIs.
>> Anti-corruption layers for ALL APIs is unnecessary and invalid because it is mentioned that experience and process APIs share same bounded-context model. It is just the System layer APIs that need to choose their approach now.
>> So, having an anti-corruption layer just between the process and system layers will work well. Also to speed up the approach, system APIs can mimic the backend system data model.
NEW QUESTION # 18
Which of the below, when used together, makes the IT Operational Model effective?
- A. Create reusable assets, Do marketing on the created assets across organization, Arrange time to time LOB reviews to ensure assets are being consumed or not
- B. Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics
- C. Create resuable assets, make them discoverable so that LOB teams can self-serve and browse the APIs
Answer: C
Explanation:
Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics.
*****************************************
Diagram, arrow Description automatically generated
NEW QUESTION # 19
An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?
- A. Use a spike control policy that limits the number of requests for each client application type
- B. Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
- C. Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type
- D. Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type
Answer: B
Explanation:
Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier
based on its type.
*****************************************
>> SLA tiers will come into play whenever any limits to be imposed on APIs based on client type
NEW QUESTION # 20
An API implementation is updated. When must the RAML definition of the API also be updated?
- A. When the API implementation is migrated from an older to a newer version of the Mule runtime
- B. When the API implementation changes from interacting with a legacy backend system deployed on-premises to a modern, cloud-based (SaaS) system
- C. When the API implementation is optimized to improve its average response time
- D. When the API implementation changes the structure of the request or response messages
Answer: D
Explanation:
When the API implementation changes the structure of the request or response messages
*****************************************
>> RAML definition usually needs to be touched only when there are changes in the request/response schemas or in any traits on API.
>> It need not be modified for any internal changes in API implementation like performance tuning, backend system migrations etc..
NEW QUESTION # 21
What are 4 important Platform Capabilities offered by Anypoint Platform?
- A. API Design and Development, API Runtime Execution and Hosting, API Versioning, API Deprecation
- B. API Versioning, API Runtime Execution and Hosting, API Invocation, API Consumer Engagement
- C. API Design and Development, API Deprecation, API Versioning, API Consumer Engagement
- D. API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API Consumer Engagement
Answer: D
Explanation:
API Design and Development, API Runtime Execution and Hosting, API Operations and Management, API Consumer Engagement
*****************************************
>> API Design and Development - Anypoint Studio, Anypoint Design Center, Anypoint Connectors
>> API Runtime Execution and Hosting - Mule Runtimes, CloudHub, Runtime Services
>> API Operations and Management - Anypoint API Manager, Anypoint Exchange
>> API Consumer Management - API Contracts, Public Portals, Anypoint Exchange, API Notebooks
NEW QUESTION # 22
A company has created a successful enterprise data model (EDM). The company is committed to building an application network by adopting modern APIs as a core enabler of the company's IT operating model. At what API tiers (experience, process, system) should the company require reusing the EDM when designing modern API data models?
- A. At the experience, process, and system tiers
- B. At the process and system tiers
- C. At the experience and system tiers
- D. At the experience and process tiers
Answer: B
Explanation:
At the process and system tiers
*****************************************
>> Experience Layer APIs are modeled and designed exclusively for the end user's experience. So, the data models of experience layer vary based on the nature and type of such API consumer. For example, Mobile consumers will need light-weight data models to transfer with ease on the wire, where as web-based consumers will need detailed data models to render most of the info on web pages, so on. So, enterprise data models fit for the purpose of canonical models but not of good use for experience APIs.
>> That is why, EDMs should be used extensively in process and system tiers but NOT in experience tier.
NEW QUESTION # 23
Refer to the exhibit.
What is a valid API in the sense of API-led connectivity and application networks?
A) Java RMI over TCP
B) Java RMI over TCP
C) CORBA over HOP
D) XML over UDP
- A. Option B
- B. Option A
- C. Option C
- D. Option D
Answer: D
Explanation:
XML over HTTP
*****************************************
>> API-led connectivity and Application Networks urge to have the APIs on HTTP based protocols for building most effective APIs and networks on top of them.
>> The HTTP based APIs allow the platform to apply various varities of policies to address many NFRs
>> The HTTP based APIs also allow to implement many standard and effective implementation patterns that adhere to HTTP based w3c rules.
Bottom of Form
Top of Form
NEW QUESTION # 24
An API client calls one method from an existing API implementation. The API implementation is later updated. What change to the API implementation would require the API client's invocation logic to also be updated?
- A. When a new method is added to the resource used by the API client
- B. When a child method is added to the method called by the API client
- C. When a new required field is added to the method called by the API client
- D. When the data type of the response is changed for the method called by the API client
Answer: C
Explanation:
When a new required field is added to the method called by the API client
*****************************************
>> Generally, the logic on API clients need to be updated when the API contract breaks.
>> When a new method or a child method is added to an API , the API client does not break as it can still continue to use its existing method. So these two options are out.
>> We are left for two more where "datatype of the response if changed" and "a new required field is added".
>> Changing the datatype of the response does break the API contract. However, the question is insisting on the "invocation" logic and not about the response handling logic. The API client can still invoke the API successfully and receive the response but the response will have a different datatype for some field.
>> Adding a new required field will break the API's invocation contract. When adding a new required field, the API contract breaks the RAML or API spec agreement that the API client/API consumer and API provider has between them. So this requires the API client invocation logic to also be updated.
NEW QUESTION # 25
Once an API Implementation is ready and the API is registered on API Manager, who should request the access to the API on Anypoint Exchange?
- A. API Consumer
- B. None
- C. API Client
- D. Both
Answer: A
Explanation:
API Consumer
*****************************************
>> API clients are piece of code or programs that use the client credentials of API consumer but does not directly interact with Anypoint Exchange to get the access
>> API consumer is the one who should get registered and request access to API and then API client needs to use those client credentials to hit the APIs So, API consumer is the one who needs to request access on the API from Anypoint Exchange
NEW QUESTION # 26
What is typically NOT a function of the APIs created within the framework called API-led connectivity?
- A. They can compose data from various sources and combine them with orchestration logic to create higher level value.
- B. They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
- C. They allow for innovation at the user Interface level by consuming the underlying assets without being aware of how data Is being extracted from backend systems.
- D. They reduce the dependency on the underlying backend systems by helping unlock data from backend systems In a reusable and consumable way.
Answer: B
Explanation:
They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
*****************************************
In API-led connectivity,
>> Experience APIs - allow for innovation at the user interface level by consuming the underlying assets without being aware of how data is being extracted from backend systems.
>> Process APIs - compose data from various sources and combine them with orchestration logic to create higher level value
>> System APIs - reduce the dependency on the underlying backend systems by helping unlock data from backend systems in a reusable and consumable way.
However, they NEVER promise that they provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
https://dzone.com/articles/api-led-connectivity-with-mule
NEW QUESTION # 27
What CANNOT be effectively enforced using an API policy in Anypoint Platform?
- A. Logging HTTP requests and responses
- B. Guarding against Denial of Service attacks
- C. Maintaining tamper-proof credentials between APIs
- D. Backend system overloading
Answer: B
Explanation:
Guarding against Denial of Service attacks
*****************************************
>> Backend system overloading can be handled by enforcing "Spike Control Policy"
>> Logging HTTP requests and responses can be done by enforcing "Message Logging Policy"
>> Credentials can be tamper-proofed using "Security" and "Compliance" Policies However, unfortunately, there is no proper way currently on Anypoint Platform to guard against DOS attacks.
NEW QUESTION # 28
Due to a limitation in the backend system, a system API can only handle up to 500 requests per second. What is the best type of API policy to apply to the system API to avoid overloading the backend system?
- A. Spike control
- B. HTTP caching
- C. Rate limiting
- D. Rate limiting - SLA based
Answer: A
Explanation:
Spike control
*****************************************
>> First things first, HTTP Caching policy is for purposes different than avoiding the backend system from overloading. So this is OUT.
>> Rate Limiting and Throttling/ Spike Control policies are designed to limit API access, but have different intentions.
>> Rate limiting protects an API by applying a hard limit on its access.
>> Throttling/ Spike Control shapes API access by smoothing spikes in traffic.
That is why, Spike Control is the right option.
NEW QUESTION # 29
What is most likely NOT a characteristic of an integration test for a REST API implementation?
- A. The test is triggered by an external HTTP request
- B. The test prepares a known request payload and validates the response payload
- C. The test runs immediately after the Mule application has been compiled and packaged
- D. The test needs all source and/or target systems configured and accessible
Answer: C
Explanation:
The test runs immediately after the Mule application has been compiled and packaged
*****************************************
>> Integration tests are the last layer of tests we need to add to be fully covered.
>> These tests actually run against Mule running with your full configuration in place and are tested from external source as they work in PROD.
>> These tests exercise the application as a whole with actual transports enabled. So, external systems are affected when these tests run.
So, these tests do NOT run immediately after the Mule application has been compiled and packaged.
FYI... Unit Tests are the one that run immediately after the Mule application has been compiled and packaged.
NEW QUESTION # 30
An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API's public portal.
The API endpoint does NOT change in the new version.
How should the developer of an API client respond to this change?
- A. The update should be identified as a project risk and full regression testing of the functionality that uses this API should be run
- B. The API producer should be requested to run the old version in parallel with the new one
- C. The API producer should be contacted to understand the change to existing functionality
- D. The API client code ONLY needs to be changed if it needs to take advantage of new features
Answer: D
NEW QUESTION # 31
What is a best practice when building System APIs?
- A. Build an Enterprise Data Model (Canonical Data Model) for each backend system and apply it to System APIs
- B. Document the API using an easily consumable asset like a RAML definition
- C. Expose to API clients all technical details of the API implementation's interaction wifch the backend system
- D. Model all API resources and methods to closely mimic the operations of the backend system
Answer: D
Explanation:
Model all API resources and methods to closely mimic the operations of the backend system.
*****************************************
>> There are NO fixed and straight best practices while opting data models for APIs. They are completly contextual and depends on number of factors. Based upon those factors, an enterprise can choose if they have to go with Enterprise Canonical Data Model or Bounded Context Model etc.
>> One should NEVER expose the technical details of API implementation to their API clients. Only the API interface/ RAML is exposed to API clients.
>> It is true that the RAML definitions of APIs should be as detailed as possible and should reflect most of the documentation. However, just that is NOT enough to call your API as best documented API. There should be even more documentation on Anypoint Exchange with API Notebooks etc. to make and create a developer friendly API and repository..
>> The best practice always when creating System APIs is to create their API interfaces by modeling their resources and methods to closely reflect the operations and functionalities of that backend system.
NEW QUESTION # 32
What is a typical result of using a fine-grained rather than a coarse-grained API deployment model to implement a given business process?
- A. A decrease in the number of connections within the application network supporting the business process
- B. A higher number of discoverable API-related assets in the application network
- C. An overall tower usage of resources because each fine-grained API consumes less resources
- D. A better response time for the end user as a result of the APIs being smaller in scope and complexity
Answer: B
Explanation:
A higher number of discoverable API-related assets in the application network.
*****************************************
>> We do NOT get faster response times in fine-grained approach when compared to coarse-grained approach.
>> In fact, we get faster response times from a network having coarse-grained APIs compared to a network having fine-grained APIs model. The reasons are below.
Fine-grained approach:
1. will have more APIs compared to coarse-grained
2. So, more orchestration needs to be done to achieve a functionality in business process.
3. Which means, lots of API calls to be made. So, more connections will needs to be established. So, obviously more hops, more network i/o, more number of integration points compared to coarse-grained approach where fewer APIs with bulk functionality embedded in them.
4. That is why, because of all these extra hops and added latencies, fine-grained approach will have bit more response times compared to coarse-grained.
5. Not only added latencies and connections, there will be more resources used up in fine-grained approach due to more number of APIs.
That's why, fine-grained APIs are good in a way to expose more number of resuable assets in your network and make them discoverable. However, needs more maintenance, taking care of integration points, connections, resources with a little compromise w.r.t network hops and response times.
NEW QUESTION # 33
What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?
- A. JSON threat protection
- B. Client ID enforcement
- C. IPwhitellst
- D. OAuth 2.0 access token enforcement
Answer: C
Explanation:
IP whitelist
*****************************************
>> OAuth 2.0 access token and Client ID enforcement policies are VERY common to apply on Experience APIs as API consumers need to register and access the APIs using one of these mechanisms
>> JSON threat protection is also VERY common policy to apply on Experience APIs to prevent bad or suspicious payloads hitting the API implementations.
>> IP whitelisting policy is usually very common in Process and System APIs to only whitelist the IP range inside the local VPC. But also applied occassionally on some experience APIs where the End User/ API Consumers are FIXED.
>> When we know the API consumers upfront who are going to access certain Experience APIs, then we can request for static IPs from such consumers and whitelist them to prevent anyone else hitting the API.
However, the experience API given in the question/ scenario is intended to work with a consumer mobile phone or tablet application. Which means, there is no way we can know all possible IPs that are to be whitelisted as mobile phones and tablets can so many in number and any device in the city/state/country/globe.
So, It is very LEAST LIKELY to apply IP Whitelisting on such Experience APIs whose consumers are typically Mobile Phones or Tablets.
NEW QUESTION # 34
When must an API implementation be deployed to an Anypoint VPC?
- A. When the API implementation must be accessible within a subnet of a restricted customer-hosted network that does not allow public access
- B. When the API Implementation must invoke publicly exposed services that are deployed outside of CloudHub in a customer- managed AWS instance
- C. When the API Implementation must write to a persistent Object Store
- D. When the API implementation must be deployed to a production AWS VPC using the Mule Maven plugin
Answer: B
NEW QUESTION # 35
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?
- A. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
- B. Shut out bad actors by using HTTPS mutual authentication for all API invocations
- C. Apply a JSON threat protection policy to all APIs to detect potential threat vectors
- D. Apply a Header injection and removal policy that detects the malicious data before it is used
Answer: C
Explanation:
Apply a JSON threat protection policy to all APIs to detect potential threat vectors
*****************************************
>> Usually, if the APIs are designed and developed for specific consumers (known consumers/customers) then we would IP Whitelist the same to ensure that traffic only comes from them.
>> However, as this scenario states that the APIs are publicly available and being used by so many mobile and web applications, it is NOT possible to identify and blacklist all possible bad actors.
>> So, JSON threat protection policy is the best chance to prevent any bad JSON payloads from such bad actors.
NEW QUESTION # 36
An organization wants to make sure only known partners can invoke the organization's APIs. To achieve this security goal, the organization wants to enforce a Client ID Enforcement policy in API Manager so that only registered partner applications can invoke the organization's APIs. In what type of API implementation does MuleSoft recommend adding an API proxy to enforce the Client ID Enforcement policy, rather than embedding the policy directly in the application's JVM?
- A. A Mule 3 application using APIkit
- B. A Non-Mule application
- C. A Mule 4 application with an API specification
- D. A Mule 3 or Mule 4 application modified with custom Java code
Answer: B
Explanation:
A Non-Mule application
*****************************************
>> All type of Mule applications (Mule 3/ Mule 4/ with APIkit/ with Custom Java Code etc) running on Mule Runtimes support the Embedded Policy Enforcement on them.
>> The only option that cannot have or does not support embedded policy enforcement and must have API Proxy is for Non-Mule Applications.
So, Non-Mule application is the right answer.
NEW QUESTION # 37
......
MuleSoft Certified Platform Architect - Level 1 MAINTENANCE (MCPA-Level-1-Maintenance) exam is designed to validate the skills and knowledge of MuleSoft Certified Platform Architects who have already passed the MuleSoft Certified Platform Architect - Level 1 (MCPA-Level-1) exam. MCPA-Level-1-Maintenance exam is meant to ensure that MCPA-Level-1 certified professionals are keeping up with the latest technology and platform updates and are able to maintain MuleSoft implementations effectively.
MCPA-Level-1-Maintenance Exam Questions and Valid PMP Dumps PDF: https://braindumps.free4torrent.com/MCPA-Level-1-Maintenance-valid-dumps-torrent.html