CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. MuleSoft
  5. MCIA-LEVEL-1-MAINTENANCE

Free MCIA-LEVEL-1-MAINTENANCE Exam Braindumps (page: 7)

Page 7 of 30
PDF with 116 Questions

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications. The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations. What out-of-the-box Anypoint Platform policy can address exposure to this threat?

  1. Apply a Header injection and removal policy that detects the malicious data before it is used
  2. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
  3. Shut out bad actors by using HTTPS mutual authentication for all API invocations
  4. Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Answer(s): D

Explanation:

We need to note few things about the scenario which will help us in reaching the correct solution.
Point 1 : The APIs are all publicly available and are associated with several mobile applications and web applications. This means Apply an IP blacklist policy is not viable option. as blacklisting IPs is limited to partial web traffic. It can't be useful for traffic from mobile application.
Point 2 : The organization does NOT want to use any authentication or compliance policies for these APIs. This means we can not apply HTTPS mutual authentication scheme. Header injection or removal will not help the purpose. By its nature, JSON is vulnerable to JavaScript injection. When you parse the JSON object, the malicious code inflicts its damages. An inordinate increase in the size and depth of the JSON payload can indicate injection. Applying the JSON threat protection policy can limit the size of your JSON payload and thwart recursive additions to the JSON hierarchy. Hence correct answer is Apply a JSON threat protection policy to all APIs to detect potential threat vectors



A new upstream API Is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity. The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms. If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet the new upstream API's desired SLA?

  1. Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete
  2. Do not set a timeout; the Invocation of this API Is mandatory and so we must wait until it responds
  3. Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries
  4. No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API

Answer(s): D

Explanation:

Before we answer this question , we need to understand what median (50th percentile) and 80th percentile means. If the 50th percentile (median) of a response time is 500ms that means that 50% of my transactions are either as fast or faster than 500ms. If the 90th percentile of the same transaction is at 1000ms it means that 90% are as fast or faster and only 10% are slower. Now as per upstream SLA , 99th percentile is 800 ms which means 99% of the incoming requests should have response time less than or equal to 800 ms. But as per one of the backend API , their 95th percentile is 1000 ms which means that backend API will take 1000 ms or less than that for 95% of. requests. As there are three API invocation from upstream API , we can not conclude a timeout that can be set to meet the desired SLA as backend SLA's do not support it.
Let see why other answers are not correct.
1) Do not set a timeout --> This can potentially violate SLA's of upstream API
2) Set a timeout of 100 ms; ---> This will not work as backend API has 100 ms as median meaning only 50% requests will be answered in this time and we will get timeout for 50% of the requests. Important thing to note here is, All APIs need to be executed sequentially, so if you get timeout in first API, there is no use of going to second and third API. As a service provider you wouldn't want to keep 50% of your consumers dissatisfied. So not the best option to go with. *To quote an example: Let's assume you have built an API to update customer contact details.

First API is fetching customer number based on login credentials

Second API is fetching Info in 1 table and returning unique key

Third API, using unique key provided in second API as primary key, updating remaining details

* Now consider, if API times out in first API and can't fetch customer number, in this case, it's

useless to call API 2 and 3 and that is why question mentions specifically that all APIs need to be executed sequentially.
3) Set a timeout of 50 ms --> Again not possible due to the same reason as above Hence correct answer is No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API



An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API's public portal. The API endpoint does NOT change in the new version. How should the developer of an API client respond to this change?

  1. The update should be identified as a project risk and full regression testing of the functionality
    that uses this API should be run.
  2. The API producer should be contacted to understand the change to existing functionality.
  3. The API producer should be requested to run the old version in parallel with the new one.
  4. The API client code ONLY needs to be changed if it needs to take advantage of new features.

Answer(s): D

Explanation:

* Semantic Versioning is a 3-component number in the format of X.Y.Z, where :
X stands for a major version.
Y stands for a minor version:
Z stands for a patch.
So, SemVer is of the form Major.Minor.Patch Coming to our question , minor version of the API has been changed which is backward compatible. Hence there is no change required on API client end. If they want to make use of new featured that have been added as a part of minor version change they may need to change code at their end. Hence correct answer is The API client code ONLY needs to be changed if it needs to take advantage of new features.



When designing an upstream API and its implementation, the development team has been advised to not set timeouts when invoking downstream API. Because the downstream API has no SLA that can be relied upon. This is the only donwstream API dependency of that upstream API. Assume the downstream API runs uninterrupted without crashing. What is the impact of this advice?

  1. The invocation of the downstream API will run to completion without timing out.
  2. An SLA for the upstream API CANNOT be provided.
  3. A default timeout of 500 ms will automatically be applied by the Mule runtime in which the upstream API implementation executes.
  4. A load-dependent timeout of less than 1000 ms will be applied by the Mule runtime in which the downstream API implementation executes.

Answer(s): B

Explanation:

An SLA for the upstream API CANNOT be provided.



Page 7 of 30



Post your Comments and Discuss MuleSoft MCIA-LEVEL-1-MAINTENANCE exam with other Community members:

baba commented on November 14, 2024
want to learn
Anonymous
upvote

Anand commented on November 14, 2024
Not bad at all. It covers all the exam topics and it provides some insight to the types of questions that you are going to see in real exam.
INDIA
upvote

Godlover commented on November 14, 2024
Very up to date. I passed my exams. I studied very well though. But the past questions was exceedingly helpful too. Just practice the questions as much as you can. As for me I practiced all, and repracticed about 350 questions again before the exams day.
Anonymous
upvote

LasNumber commented on November 14, 2024
This Are Very Useful Q's and A's. on exam some Questions wont come as they are but mostly will come as the are. Study to Know
Anonymous
upvote

Yeshwanth commented on November 14, 2024
Nice Questions and helpful for exam preparation.
Anonymous
upvote

Jenil Gandhi commented on November 14, 2024
Hi everyone could sone share the certification voucher for PD2.
INDIA
upvote

Nicole commented on November 13, 2024
I am working towards my exam. Finding these prep to be very useful
CANADA
upvote

Nicole commented on November 13, 2024
Very helpful
CANADA
upvote

Bianca commented on November 13, 2024
Consistent questions
Anonymous
upvote

Larry commented on November 13, 2024
Good content
Anonymous
upvote

Dipu commented on November 13, 2024
Great Source , i feel really good questions
Anonymous
upvote

Dipu commented on November 13, 2024
Nice questions
Anonymous
upvote

Nathaniel Okeke commented on November 13, 2024
nice way to practice for the exam
Anonymous
upvote

Ashwini commented on November 13, 2024
I would appreciate for resources you can provide
INDIA
upvote

Ganiyu Ogunlana commented on November 13, 2024
Great Insight into the exams
Anonymous
upvote

Vuyo commented on November 13, 2024
Very Helpful
Anonymous
upvote

Suleman khan commented on November 13, 2024
Huawei is my favourite I'm enjoying these questions
PAKISTAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

Eb'Oney commented on November 12, 2024
I think the answer here should be B. Split the Logged column by using at as the delimiter
UNITED STATES
upvote

Hadiza commented on November 12, 2024
useful for exam preparation
Anonymous
upvote

Hadiza commented on November 12, 2024
inspiring and educative
Anonymous
upvote

Hadiza commented on November 12, 2024
Highly resourceful
Anonymous
upvote

Naomie commented on November 12, 2024
Good material very helpful.
Anonymous
upvote

dodol commented on November 12, 2024
ok real exam
Anonymous
upvote

PA commented on November 11, 2024
This questions are valid in Canada. I passed the exam.
CANADA
upvote

JP commented on November 11, 2024
Très intéréssant pour valider son apprentissage
SWITZERLAND
upvote

JP commented on November 11, 2024
Good for exam preparation
SWITZERLAND
upvote

K.U commented on November 11, 2024
@Dane, Yes, questions are very similar to content of real exam. I managed to pass the test.
Anonymous
upvote

siva N commented on November 11, 2024
this absolutely make the test easy!!!
INDIA
upvote

Isadora Guimarães commented on November 10, 2024
Very good to study
UNITED STATES
upvote

Noah commented on November 10, 2024
Does this dump include the lab solution as well?
Anonymous
upvote

Cardo commented on November 10, 2024
Helpful explanations
Anonymous
upvote

Anonymous commented on November 10, 2024
Good ONE FOR mcd l2
INDIA
upvote

derar commented on November 10, 2024
The study material was very helpful
Anonymous
upvote