CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. MuleSoft
  5. MuleSoft Certified Platform Architect - Level 1

Free MuleSoft Certified Platform Architect - Level 1 Exam Braindumps

Refer to the exhibit.

An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components.

What policy should be applied to all instances of APIs in the organization to most effecuvelyKestrict access to a specific group of internal users?

  1. Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users
  2. Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials
  3. Apply an IP whitelist policy; only the specific users' workstations will be in the whitelist
  4. Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server

Answer(s): A

Explanation:

Correct Answer: Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users.
*****************************************
>> IP Whitelisting does NOT fit for this purpose. Moreover, the users workstations may not necessarily have static IPs in the network.
>> OAuth 2.0 enforcement requires a client provider which isn't in the organizations system components.
>> It is not an effective approach to let every user create separate client credentials and configure those for their usage.
The effective way it to apply a basic authentication - LDAP policy and the internal Active Directory will be configured as the LDAP source for authenticating users.


Reference:

https://docs.mulesoft.com/api-manager/2.x/basic-authentication-ldap-concept



What is a best practice when building System APIs?

  1. Document the API using an easily consumable asset like a RAML definition
  2. Model all API resources and methods to closely mimic the operations of the backend system
  3. Build an Enterprise Data Model (Canonical Data Model) for each backend system and apply it to System APIs
  4. Expose to API clients all technical details of the API implementation's interaction wifch the backend system

Answer(s): B

Explanation:

Correct Answer: Model all API resources and methods to closely mimic the operations of the backend system.
*****************************************
>> There are NO fixed and straight best practices while opting data models for APIs. They are completly contextual and depends on number of factors. Based upon those factors, an enterprise can choose if they have to go with Enterprise Canonical Data Model or Bounded Context Model etc.
>> One should NEVER expose the technical details of API implementation to their API clients. Only

the API interface/ RAML is exposed to API clients.
>> It is true that the RAML definitions of APIs should be as detailed as possible and should reflect most of the documentation. However, just that is NOT enough to call your API as best documented API. There should be even more documentation on Anypoint Exchange with API Notebooks etc. to make and create a developer friendly API and repository..
>> The best practice always when creating System APIs is to create their API interfaces by modeling their resources and methods to closely reflect the operations and functionalities of that backend system.



What CANNOT be effectively enforced using an API policy in Anypoint Platform?

  1. Guarding against Denial of Service attacks
  2. Maintaining tamper-proof credentials between APIs
  3. Logging HTTP requests and responses
  4. Backend system overloading

Answer(s): A

Explanation:

Correct Answer: Guarding against Denial of Service attacks
*****************************************
>> Backend system overloading can be handled by enforcing "Spike Control Policy"
>> Logging HTTP requests and responses can be done by enforcing "Message Logging Policy"
>> Credentials can be tamper-proofed using "Security" and "Compliance" Policies
However, unfortunately, there is no proper way currently on Anypoint Platform to guard against DOS attacks.


Reference:

https://help.mulesoft.com/s/article/DDos-Dos-at



An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).
What best describes each modern API in relation to this new IT operating model?

  1. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation
  2. Each modem API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)
  3. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT D
  4. Each modern API must be REST and HTTP based

Answer(s): B

Explanation:

Correct Answers:
1. Each modern API must be treated like a product and designed for a particular target audience (for instance mobile app developers)
*****************************************






Post your Comments and Discuss MuleSoft MuleSoft Certified Platform Architect - Level 1 exam with other Community members:

Olympia commented on October 25, 2024
The free version is good but does not have all questions. However the PDF has double the amount of questions and very helpful to pass the exam.
Canada
upvote