Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. MuleSoft
  5. MCD-Level-2

MuleSoft MCD-Level-2 Exam Questions
MuleSoft Certified Developer - Level 2 (Mule 4) (Page 2 )

Updated On: 14-Mar-2026
Page 2 of 13
PDF with 60 Questions

The flow is invoicing a target API. The API's protocol is HTTPS. The TLS configuration in the HTTP Request Configuration global element is set to None. A web client submits a request to http:localhost:8081/vehicles.

If the certificate of the target API is signed by a certificate authority (CA), what is true about the HTTP Request operation when the flow executes?

  1. The HTTP Request operation will succeed if the CA'S certificate is present in the JRE's default keystore
  2. The HTTP Request operation will succeed if the CA's certificate is present in the JRE's default truststore.
  3. The HTTP Request operation will always succeed regardless of the CA
  4. The HTTP Request operation will always fail regardless of the CA

Answer(s): B

Explanation:

The HTTP Request operation will use the default truststore of the JRE to validate the certificate of the target API. If the CA's certificate is present in the truststore, the operation will succeed. Otherwise, it will fail with a handshake exception.


Reference:

https://docs.mulesoft.com/mule-runtime/4.3/tls- configuration#tls-default



When a client and server are exchanging messages during the mTLS handshake, what is being agreed on during the cipher suite exchange?

  1. A protocol
  2. The TLS version
  3. An encryption algorithm
  4. The Public key format

Answer(s): C

Explanation:

A cipher suite is a set of cryptographic algorithms that are used to secure the communication between a client and a server. A cipher suite consists of four components: a key exchange algorithm, an authentication algorithm, an encryption algorithm, and a message authentication code (MAC) algorithm. During the cipher suite exchange, the client and the server agree on which encryption algorithm to use for encrypting and decrypting the data.


Reference:

https://docs.mulesoft.com/mule-runtime/4.3/tls-configuration#cipher-suites



A custom policy needs to be developed to intercept all cutbound HTTP requests made by Mule applications.
Which XML element must be used to intercept outbound HTTP requests?

  1. It is not possible to intercept outgoing HTTP requests, only inbound requests
  2. http-policy:source
  3. htt-policy:operation
  4. http-policy:processor

Answer(s): D

Explanation:

The http-policy:processor element is used to intercept outbound HTTP requests made by Mule applications. It allows customizing the request before it is sent to the target API and modifying the response after it is received from the target API.


Reference:

https://docs.mulesoft.com/api- manager/2.x/policy-mule4-custom-policy#policy-xml-file



An API has been built to enable scheduling email provider. The front-end system does very little data entry validation, and problems have started to appear in the email that go to patients. A validate- customer'' flow is added validate the data.
What is he expected behavior of the `validate-customer'' flow?

  1. If only the email address Is invalid a VALIDATION.INVALID_EMAIL error is raised
  2. If the email address is invalid, processing continues to see if the appointment data and customer name are also invalid
  3. If the appointment date and customer name are invalid, a SCHEDULE:INVALID_APPOINTMENT_DATE error is raised
  4. If all of the values are invalid the last validation error is raised:SCHEDULE:INVALID_CUSTOMER_NAME

Answer(s): A

Explanation:

The validate-customer flow uses an until-successful scope to validate each field of the customer data. The until-successful scope executes its processors until they succeed or exhausts the maximum number of retries. If any processor fails, it raises an error and stops executing the remaining processors. Therefore, if only the email address is invalid, a VALIDATION.INVALID_EMAIL error is raised and the validation of appointment date and customer name is skipped.


Reference:

https://docs.mulesoft.com/mule-runtime/4.3/until-successful-scope



When implementing a synchronous API where the event source is an HTTP Listener, a developer needs to return the same correlation ID back to the caller in the HTTP response header.

How can this be achieved?

  1. Enable the auto-generate CorrelationID option when scaffolding the flow
  2. Enable the CorrelationID checkbox in the HTTP Listener configuration
  3. Configure a custom correlation policy
  4. NO action is needed as the correlation ID is returned to the caller in the response header by default

Answer(s): D

Explanation:

When implementing a synchronous API where the event source is an HTTP Listener, Mule automatically propagates some message attributes between flows via outbound and inbound properties. One of these attributes is correlation ID, which is returned to the caller in the response header by default as MULE_CORRELATION_ID.


Reference:

https://docs.mulesoft.com/mule- runtime/4.3/about-mule-message#message-attributes



Viewing page 2 of 13
Viewing questions 6 - 10 out of 60 questions



Post your Comments and Discuss MuleSoft MCD-Level-2 exam dumps with other Community members:

MCD-Level-2 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!