QUESTION: 13

What is the most performant out-of-the-box solution in Anypoint Platform to track transaction state in an asynchronously executing long-running process implemented as a Mule application deployed to multiple CloudHub workers?

Redis distributed cache
java.util.WeakHashMap
Persistent Object Store
File-based storage

Answer(s): C

Explanation:

Correct Answer: Persistent Object Store
*****************************************
>> Redis distributed cache is performant but NOT out-of-the-box solution in Anypoint Platform >> File-storage is neither performant nor out-of-the-box solution in Anypoint Platform >> java.util.WeakHashMap needs a completely custom implementation of cache from scratch using Java code and is limited to the JVM where it is running. Which means the state in the cache is not worker aware when running on multiple workers. This type of cache is local to the worker. So, this is neither out-of-the-box nor worker-aware among multiple workers on cloudhub.
https://www.baeldung.com/java-weakhashmap
>> Persistent Object Store is an out-of-the-box solution provided by Anypoint Platform which is performant as well as worker aware among multiple workers running on CloudHub.
https://docs.mulesoft.com/object-store/
So, Persistent Object Store is the right answer.

Reveal Solution Next Question

QUESTION: 14

How can the application of a rate limiting API policy be accurately reflected in the RAML definition of an API?

By refining the resource definitions by adding a description of the rate limiting policy behavior
By refining the request definitions by adding a remaining Requests query parameter with description, type, and example
By refining the response definitions by adding the out-of-the-box Anypoint Platform rate-limit- enforcement securityScheme with description, type, and example
By refining the response definitions by adding the x-ratelimit-* response headers with description, type, and example

Answer(s): D

Explanation:

Correct Answer: By refining the response definitions by adding the x-ratelimit-* response headers with description, type, and example
*****************************************

Reference:

https://docs.mulesoft.com/api-manager/2.x/rate-limiting-and-throttling#response-headers https://docs.mulesoft.com/api-manager/2.x/rate-limiting-and-throttling-sla-based- policies#response-headers

Reveal Solution Next Question

QUESTION: 15

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications. The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

Shut out bad actors by using HTTPS mutual authentication for all API invocations
Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
Apply a Header injection and removal policy that detects the malicious data before it is used
Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Answer(s): D

Explanation:

Correct Answer: Apply a JSON threat protection policy to all APIs to detect potential threat vectors
*****************************************
>> Usually, if the APIs are designed and developed for specific consumers (known consumers/customers) then we would IP Whitelist the same to ensure that traffic only comes from them.
>> However, as this scenario states that the APIs are publicly available and being used by so many mobile and web applications, it is NOT possible to identify and blacklist all possible bad actors.

>> So, JSON threat protection policy is the best chance to prevent any bad JSON payloads from such bad actors.

Reveal Solution Next Question

QUESTION: 16

An API experiences a high rate of client requests (TPS) vwth small message paytoads. How can usage limits be imposed on the API based on the type of client application?

Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type
Use a spike control policy that limits the number of requests for each client application type
Use a cross-origin resource sharing (CORS) policy to limit resource sharing between client applications, configured by the client application type
Use a rate limiting policy and a client ID enforcement policy, each configured by the client application type

Answer(s): A

Explanation:

Correct Answer: Use an SLA-based rate limiting policy and assign a client application to a matching SLA tier based on its type.
*****************************************
>> SLA tiers will come into play whenever any limits to be imposed on APIs based on client type

Reference:

https://docs.mulesoft.com/api-manager/2.x/rate-limiting-and-throttling-sla-based- policies

Reveal Solution Next Question

Free MCPA-LEVEL-1-MAINTENANCE Exam Braindumps (page: 4)

QUESTION: 13

Explanation:

QUESTION: 14

Explanation:

Reference:

QUESTION: 15

Explanation:

QUESTION: 16

Explanation:

Reference: