Mulesoft MuleSoft Certified Platform Architect MCPA-LEVEL-1-MAINTENANCE Questions & Answers

• Question 41:

  An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).

  What best describes each modern API in relation to this new IT operating model?

  A. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation

  B. Each modem API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)

  C. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT D

  D. Each modern API must be REST and HTTP based

  Correct Answer: B

• Question 42:

  An API has been updated in Anypoint Exchange by its API producer from version 3.1.1 to 3.2.0 following accepted semantic versioning practices and the changes have been communicated via the API's public portal.

  The API endpoint does NOT change in the new version.

  How should the developer of an API client respond to this change?

  A. The update should be identified as a project risk and full regression testing of the functionality that uses this API should be run

  B. The API producer should be contacted to understand the change to existing functionality

  C. The API producer should be requested to run the old version in parallel with the new one

  D. The API client code ONLY needs to be changed if it needs to take advantage of new features

  Correct Answer: D

  Reference: https://docs.mulesoft.com/exchange/to-change-raml-version

• Question 43:

  Traffic is routed through an API proxy to an API implementation. The API proxy is managed by API Manager and the API implementation is deployed to a CloudHub VPC using Runtime Manager. API policies have been applied to this API. In this deployment scenario, at what point are the API policies enforced on incoming API client requests?

  A. At the API proxy

  B. At the API implementation

  C. At both the API proxy and the API implementation

  D. At a MuleSoft-hosted load balancer

  Correct Answer: A

  At the API proxy

  *****************************************

  >> API Policies can be enforced at two places in Mule platform. >> One - As an Embedded Policy enforcement in the same Mule Runtime where API implementation is running.

  >> Two - On an API Proxy sitting in front of the Mule Runtime where API implementation is running.

  >> As the deployment scenario in the question has API Proxy involved, the policies will be enforced at the API Proxy.

• Question 44:

  Refer to the exhibit.

  

  What is the best way to decompose one end-to-end business process into a collaboration of Experience, Process, and System APIs?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

  Allow System APIs to return data that is NOT currently required by the identified Process or Experience APIs.

  *****************************************

  >> All customizations for the end-user application should be handled in "Experience API" only. Not in Process API

  >> We should use tiered approach but NOT always by creating exactly one API for each of the 3 layers. Experience APIs might be one but Process APIs and System APIs are often more than one. System APIs for sure will be more than one

  all the time as they are the smallest modular APIs built in front of end systems. >> Process APIs can call System APIs as well as other Process APIs. There is no such anti-design pattern in API-Led connectivity saying Process APIs should

  not call other Process APIs.

  So, the right answer in the given set of options that makes sense as per API-Led connectivity principles is to allow System APIs to return data that is NOT currently required by the identified Process or Experience APIs. This way, some future

  Process APIs can make use of that data from System APIs and we need NOT touch the System layer APIs again and again.

  

• Question 45:

  A company wants to move its Mule API implementations into production as quickly as possible. To protect access to all Mule application data and metadata, the company requires that all Mule applications be deployed to the company's customer-hosted infrastructure within the corporate firewall. What combination of runtime plane and control plane options meets these project lifecycle goals?

  A. Manually provisioned customer-hosted runtime plane and customer-hosted control plane

  B. MuleSoft-hosted runtime plane and customer-hosted control plane

  C. Manually provisioned customer-hosted runtime plane and MuleSoft-hosted control plane

  D. iPaaS provisioned customer-hosted runtime plane and MuleSoft-hosted control plane

  Correct Answer: A

  Manually provisioned customer-hosted runtime plane and customer- hosted control plane

  *****************************************

  There are two key factors that are to be taken into consideration from the scenario given in the question.

  >> Company requires both data and metadata to be resided within the corporate firewall >> Company would like to go with customer-hosted infrastructure. Any deployment model that is to deal with the cloud directly or indirectly (Mulesofthosted or Customer's own cloud like Azure, AWS) will have to share atleast the metadata. Application data can be controlled inside firewall by having Mule Runtimes on customer hosted runtime plane. But if we go with Mulsoft-hosted/ Cloud-

  based control plane, the control plane required atleast some minimum level of metadata to be sent outside the corporate firewall.

  As the customer requirement is pretty clear about the data and metadata both to be within the corporate firewall, even though customer wants to move to production as quickly as possible, unfortunately due to the nature of their security

  requirements, they have no other option but to go with manually provisioned customer-hosted runtime plane and customer- hosted control plane.

• Question 46:

  Version 3.0.1 of a REST API implementation represents time values in PST time using ISO 8601 hh:mm:ss format. The API implementation needs to be changed to instead represent time values in CEST time using ISO 8601 hh:mm:ss format. When following the semver.org semantic versioning specification, what version should be assigned to the updated API implementation?

  A. 3.0.2

  B. 4.0.0

  C. 3.1.0

  D. 3.0.1

  Correct Answer: B

  4.0.0

  *****************************************

  As per semver.org semantic versioning specification:

  Given a version number MAJOR.MINOR.PATCH, increment the:

  -MAJOR version when you make incompatible API changes.

  -

  MINOR version when you add functionality in a backwards compatible manner.

  -

  PATCH version when you make backwards compatible bug fixes. As per the scenario given in the question, the API implementation is completely changing its behavior. Although the format of the time is still being maintained as hh:mm:ss

  and there is no change in schema w.r.t format, the API will start functioning different after this change as the times are going to come completely different. Example: Before the change, say, time is going as 09:00:00 representing the PST.

  Now on, after the change, the same time will go as 18:00:00 as Central European Summer Time is 9 hours ahead of Pacific Time.

  >> This may lead to some uncertain behavior on API clients depending on how they are handling the times in the API response. All the API clients need to be informed that the API functionality is going to change and will return in CEST

  format. So, this considered as a MAJOR change and the version of API for this new change would be 4.0.0

• Question 47:

  A system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. A process API is a client to the system API and is being rate limited by the system API, with different limits in each of the environments. The system API's DR environment provides only 20% of the rate limiting offered by the primary environment. What is the best API fault-tolerant invocation strategy to reduce overall errors in the process API, given these conditions and constraints?

  A. Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke the system API deployed to the DR environment

  B. Invoke the system API deployed to the primary environment; add retry logic to the process API to handle intermittent failures by invoking the system API deployed to the DR environment

  C. In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment; add timeout and retry logic to the process API to avoid intermittent failures; add logic to the process API to combine the results

  D. Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke a copy of the process API deployed to the DR environment

  Correct Answer: A

  Invoke the system API deployed to the primary environment; add timeout and retry logic to the process API to avoid intermittent failures; if it still fails, invoke the system API deployed to the DR environment

  *****************************************

  There is one important consideration to be noted in the question which is - System API in DR environment provides only 20% of the rate limiting offered by the primary environment. So, comparitively, very less calls will be allowed into the DR

  environment API opposed to its primary environment. With this in mind, lets analyse what is the right and best fault- tolerant invocation strategy.

  1.

  Invoking both the system APIs in parallel is definitely NOT a feasible approach because of the 20% limitation we have on DR environment. Calling in parallel every time would easily and quickly exhaust the rate limits on DR environment and may not give chance to genuine intermittent error scenarios to let in during the time of need.

  2.

  Another option given is suggesting to add timeout and retry logic to process API while invoking primary environment's system API. This is good so far. However, when all retries failed, the option is suggesting to invoke the copy of process API on DR environment which is not right or recommended. Only system API is the one to be considered for fallback and not the whole process API. Process APIs usually have lot of heavy orchestration calling many other APIs which we do not want to repeat again by calling DR's process API. So this option is NOT right.

  3.

  One more option given is suggesting to add the retry (no timeout) logic to process API to directly retry on DR environment's system API instead of retrying the primary environment system API first. This is not at all a proper fallback. A proper fallback should occur only after all retries are performed and exhausted on Primary environment first. But here, the option is suggesting to directly retry fallback API on first failure itself without trying main API. So, this option is NOT right too.

  This leaves us one option which is right and best fit.

  -Invoke the system API deployed to the primary environment

  -Add Timeout and Retry logic on it in process API

  - If it fails even after all retries, then invoke the system API deployed to the DR environment.

• Question 48:

  An Order API must be designed that contains significant amounts of integration logic and involves the invocation of the Product API.

  The power relationship between Order API and Product API is one of "Customer/Supplier", because the Product API is used heavily throughout the organization and is developed by a dedicated development team located in the office of the CTO.

  What strategy should be used to deal with the API data model of the Product API within the Order API?

  A. Convince the development team of the Product API to adopt the API data model of the Order API such that the integration logic of the Order API can work with one consistent internal data model

  B. Work with the API data types of the Product API directly when implementing the integration logic of the Order API such that the Order API uses the same (unchanged) data types as the Product API

  C. Implement an anti-corruption layer in the Order API that transforms the Product API data model into internal data types of the Order API

  D. Start an organization-wide data modeling initiative that will result in an Enterprise Data Model that will then be used in both the Product API and the Order API

  Correct Answer: C

  Convince the development team of the product API to adopt the API data model of the Order API such that integration logic of the Order API can work with one consistent internal data model

  *****************************************

  Key details to note from the given scenario:

  >> Power relationship between Order API and Product API is customer/supplier So, as per below rules of "Power Relationships", the caller (in this case Order API) would request for features to the called (Product API team) and the Product

  API team would need to accomodate those requests.

• Question 49:

  A Mule application exposes an HTTPS endpoint and is deployed to three CloudHub workers that do not use static IP addresses. The Mule application expects a high volume of client requests in short time periods. What is the most cost-effective infrastructure component that should be used to serve the high volume of client requests?

  A. A customer-hosted load balancer

  B. The CloudHub shared load balancer

  C. An API proxy

  D. Runtime Manager autoscaling

  Correct Answer: B

  The CloudHub shared load balancer

  *****************************************

  The scenario in this question can be split as below:

  >> There are 3 CloudHub workers (So, there are already good number of workers to handle high volume of requests)

  >> The workers are not using static IP addresses (So, one CANNOT use customer load- balancing solutions without static IPs)

  >> Looking for most cost-effective component to load balance the client requests among the workers.

  Based on the above details given in the scenario:

  >> Runtime autoscaling is NOT at all cost-effective as it incurs extra cost. Most over, there are already 3 workers running which is a good number. >> We cannot go for a customer-hosted load balancer as it is also NOT most cost-effective

  (needs custom load balancer to maintain and licensing) and same time the Mule App is not having Static IP Addresses which limits from going with custom load balancing. >> An API Proxy is irrelevant there as it has no role to play w.r.t

  handling high volumes or load balancing.

  So, the only right option to go with and fits the purpose of scenario being most cost- effective is - using a CloudHub Shared Load Balancer.

• Question 50:

  An API implementation is being designed that must invoke an Order API, which is known to repeatedly experience downtime.

  For this reason, a fallback API is to be called when the Order API is unavailable.

  What approach to designing the invocation of the fallback API provides the best resilience?

  A. Search Anypoint Exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the Order API

  B. Create a separate entry for the Order API in API Manager, and then invoke this API as a fallback API if the primary Order API is unavailable

  C. Redirect client requests through an HTTP 307 Temporary Redirect status code to the fallback API whenever the Order API is unavailable

  D. Set an option in the HTTP Requester component that invokes the Order API to instead invoke a fallback API whenever an HTTP 4xx or 5xx response status code is returned from the Order API

  Correct Answer: A

  Search Anypoint exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the order API *****************************************

  >> It is not ideal and good approach, until unless there is a pre-approved agreement with the API clients that they will receive a HTTP 3xx temporary redirect status code and they have to implement fallback logic their side to call another API.

  >> Creating separate entry of same Order API in API manager would just create an another instance of it on top of same API implementation. So, it does NO GOOD by using clone od same API as a fallback API. Fallback API should be

  ideally a different API implementation that is not same as primary one.

  >> There is NO option currently provided by Anypoint HTTP Connector that allows us to invoke a fallback API when we receive certain HTTP status codes in response. The only statement TRUE in the given options is to Search Anypoint

  exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the order API.