Mulesoft MCPA-Level-1 Exam Questions

An API client calls one method from an existing API implementation. The API
implementation is later updated. What change to the API implementation would require the API client's invocation logic to also be updated?

A.

When the data type of the response is changed for the method called by the API client

B.

When a new method is added to the resource used by the API client

C.

When a new required field is added to the method called by the API client

D.

When a child method is added to the method called by the API client

C.

When a new required field is added to the method called by the API client

Explanation: Explanation
Correct Answer: When a new required field is added to the method called by the API client
*****************************************
>> Generally, the logic on API clients need to be updated when the API contract breaks.
>> When a new method or a child method is added to an API , the API client does not
break as it can still continue to use its existing method. So these two options are out.
>> We are left for two more where "datatype of the response if changed" and "a new
required field is added".
>> Changing the datatype of the response does break the API contract. However, the
question is insisting on the "invocation" logic and not about the response handling logic.
The API client can still invoke the API successfully and receive the response but the
response will have a different datatype for some field.
>> Adding a new required field will break the API's invocation contract. When adding a new
required field, the API contract breaks the RAML or API spec agreement that the API
client/API consumer and API provider has between them. So this requires the API client
invocation logic to also be updated.

What correctly characterizes unit tests of Mule applications?

A.

They test the validity of input and output of source and target systems

B.

They must be run in a unit testing environment with dedicated Mule runtimes for the environment

C.

They must be triggered by an external client tool or event source

D.

They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity

D.

They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity

Explanation: Explanation
Correct Answer: They are typically written using MUnit to run in an embedded Mule runtime
that does not require external connectivity.
*****************************************
Below TWO are characteristics of Integration Tests but NOT unit tests:
>> They test the validity of input and output of source and target systems.
>> They must be triggered by an external client tool or event source.
It is NOT TRUE that Unit Tests must be run in a unit testing environment with dedicated
Mule runtimes for the environment.
MuleSoft offers MUnit for writing Unit Tests and they run in an embedded Mule Runtime
without needing any separate/ dedicated Runtimes to execute them. They also do NOT
need any external connectivity as MUnit supports mocking via stubs.
https://dzone.com/articles/munit-framework

An API is protected with a Client ID Enforcement policy and uses the default configuration. Access is requested for the client application to the API, and an approved contract now exists between the client application and the API. How can a consumer of this API avoid a 401 error "Unauthorized or invalid client application credentials"?

A. Send the obtained token as a header in every call

B. Send the obtained: client_id and client_secret in the request body

C. Send the obtained clent_id and clent_secret as URI parameters in every call

D. Send the obtained clent_id and client_secret in the header of every API Request call

C. Send the obtained clent_id and clent_secret as URI parameters in every call

Explanation:
When using the Client ID Enforcement policy with default settings, MuleSoft expects the client_id and client_secret to be provided in the URI parameters of each request. This policy is typically used to control and monitor access by validating that each request has valid credentials. Here’s how to avoid a 401 Unauthorized error:

URI Parameters Requirement:
Why Option C is Correct:
Explanation of Incorrect Options:

References:
For more details, consult MuleSoft’s documentation on Client ID Enforcement policies and expected request configurations

A business process is being implemented within an organization's application network. The architecture group proposes using a more coarse-grained application network design with relatively fewer APIs deployed to the application network compared to a more fine-grained design. Overall, which factor typically increases with a more coarse-grained design for this business process implementation and deployment compared with using a more finegrained design?

A. The complexity of each API implementation

B. The number of discoverable assets related to APIs deployed in the application network

C. The number of possible connections between API implementations in the application network

D. The usage of network infrastructure resources by the application network

A. The complexity of each API implementation

To minimize operation costs, a customer wants to use a CloudHub 1.0 solution. The customer's requirements are:

Separate resources with two Business groups
High-availability (HA) for all APIs
Route traffic via Dedicated load balancer (DLBs)
Separate environments into production and non-production

Which solution meets the customer's needs?

A. One production and one non-production Virtual Private Cloud (VPC).
Use availability zones to differentiate between Business groups.
Allocate maximum CIDR per VPCs to ensure HA across availability zones

B. One production and one non-production Virtual Private Cloud (VPC) per Business group.
Minimize CIDR aligning with projected application total.
Choose a MuleSoft CloudHub 1.0 region with multiple availability zones.
Deploy multiple workers for HA,

C. One production and one non-production Virtual Private Cloud (VPC) per Business group.
Minimize CIDR aligning with projected application total.
Divide availability zones during deployment of APIs for HA.

D. One production and one non-production Virtual Private Claud (VPC).
Configure subnet to differentiate between business groups.
Allocate maximum CIDR per VPCs to make it easier to add Child groups.
Span VPC to cover three availability zones.

B. One production and one non-production Virtual Private Cloud (VPC) per Business group.
Minimize CIDR aligning with projected application total.
Choose a MuleSoft CloudHub 1.0 region with multiple availability zones.
Deploy multiple workers for HA,

Refer to the exhibit.

Three business processes need to be implemented, and the implementations need to communicate with several different SaaS applications.
These processes are owned by separate (siloed) LOBs and are mainly independent of each other, but do share a few business entities. Each LOB has one development team and their own budget.
In this organizational context, what is the most effective approach to choose the API data models for the APIs that will implement these business processes with minimal redundancy of the data models?
A) Build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities.
B) Build distinct data models for each API to follow established micro-services and Agile API-centric practices
C) Build all API data models using XML schema to drive consistency and reuse across the organization
D) Build one centralized Canonical Data Model (Enterprise Data Model) that unifies all the data types from all three business processes, ensuring the data model is consistent and non-redundant

A. Option A

B. Option B

C. Option C

D. Option D

A. Option A

Explanation:

Correct Answer: Build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities.

The options w.r.t building API data models using XML schema/ Agile API-centric practices are irrelevant to the scenario given in the question. So these two are INVALID.
Building EDM (Enterprise Data Model) is not feasible or right fit for this scenario as the teams and LOBs work in silo and they all have different initiatives, budget etc.. Building EDM needs intensive coordination among all the team which evidently seems not possible in this scenario.

So, the right fit for this scenario is to build several Bounded Context Data Models that align with coherent parts of the business processes and the definitions of associated business entities.

A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the AWS VPC. To what TCP port do API invocations to that Mule application need to be sent?

A. 443

B. 8081

C. 8091

D. 8082

Explanation:
Correct Answer: 8082

8091 and 8092 ports are to be used when keeping your HTTP and HTTPS app private to the LOCAL VPC respectively.
Above TWO ports are not for Shared AWS VPC/ Shared Worker Cloud.
8081 is to be used when exposing your HTTP endpoint app to the internet through Shared LB
8082 is to be used when exposing your HTTPS endpoint app to the internet through Shared LB

So, API invocations should be sent to port 8082 when calling this HTTPS based app.

What Mule application can have API policies applied by
Anypoint Platform to the endpoint exposed by that Mule application?
A) A Mule application that accepts requests over HTTP/1.x

A.

Option A

B.

Option B

C.

Option C

D.

Option D

A.

Option A

Explanation: Explanation
Correct Answer: Option A
*****************************************
>> Anypoint API Manager and API policies are applicable to all types of HTTP/1.x APIs.
>> They are not applicable to WebSocket APIs, HTTP/2 APIs and gRPC APIs
Reference: https://docs.mulesoft.com/api-manager/2.x/using-policies