• Home
  • Articles
  • [Jul 31, 2023] Prepare For The MCPA-Level-1-Maintenance Question Papers In Advance [Q23-Q41]

[Jul 31, 2023] Prepare For The MCPA-Level-1-Maintenance Question Papers In Advance [Q23-Q41]

Share

[Jul 31, 2023] Prepare For The MCPA-Level-1-Maintenance Question Papers In Advance

MCPA-Level-1-Maintenance PDF Dumps Real 2023 Recently Updated Questions

NEW QUESTION # 23
The responses to some HTTP requests can be cached depending on the HTTP verb used in the request.
According to the HTTP specification, for what HTTP verbs is this safe to do?

  • A. GET, OPTIONS, HEAD
  • B. GET, HEAD, POST
  • C. PUT, POST, DELETE
  • D. GET, PUT, OPTIONS

Answer: A

Explanation:
GET, OPTIONS, HEAD

http://restcookbook.com/HTTP%20Methods/idempotency/


NEW QUESTION # 24
A retail company with thousands of stores has an API to receive data about purchases and insert it into a single database. Each individual store sends a batch of purchase data to the API about every 30 minutes. The API implementation uses a database bulk insert command to submit all the purchase data to a database using a custom JDBC driver provided by a data analytics solution provider. The API implementation is deployed to a single CloudHub worker. The JDBC driver processes the data into a set of several temporary disk files on the CloudHub worker, and then the data is sent to an analytics engine using a proprietary protocol. This process usually takes less than a few minutes. Sometimes a request fails. In this case, the logs show a message from the JDBC driver indicating an out-of-file-space message. When the request is resubmitted, it is successful.
What is the best way to try to resolve this throughput issue?

  • A. Increase the size of the CloudHub worker(s)
  • B. Use a CloudHub autoscaling policy to increase the size of the CloudHub worker
  • C. se a CloudHub autoscaling policy to add CloudHub workers
  • D. Increase the number of CloudHub workers

Answer: D

Explanation:
Increase the size of the CloudHub worker(s)
*****************************************
The key details that we can take out from the given scenario are:
>> API implementation uses a database bulk insert command to submit all the purchase data to a database
>> JDBC driver processes the data into a set of several temporary disk files on the CloudHub worker
>> Sometimes a request fails and the logs show a message indicating an out-of-file-space message Based on above details:
>> Both auto-scaling options does NOT help because we cannot set auto-scaling rules based on error messages. Auto-scaling rules are kicked-off based on CPU/Memory usages and not due to some given error or disk space issues.
>> Increasing the number of CloudHub workers also does NOT help here because the reason for the failure is not due to performance aspects w.r.t CPU or Memory. It is due to disk-space.
>> Moreover, the API is doing bulk insert to submit the received batch data. Which means, all data is handled by ONE worker only at a time. So, the disk space issue should be tackled on "per worker" basis. Having multiple workers does not help as the batch may still fail on any worker when disk is out of space on that particular worker.
Therefore, the right way to deal this issue and resolve this is to increase the vCore size of the worker so that a new worker with more disk space will be provisioned.


NEW QUESTION # 25
When using CloudHub with the Shared Load Balancer, what is managed EXCLUSIVELY by the API implementation (the Mule application) and NOT by Anypoint Platform?

  • A. The number of DNS entries allocated to the API implementation
  • B. The assignment of each HTTP request to a particular CloudHub worker
  • C. The SSL certificates used by the API implementation to expose HTTPS endpoints
  • D. The logging configuration that enables log entries to be visible in Runtime Manager

Answer: C

Explanation:
The SSL certificates used by the API implementation to expose HTTPS endpoints
*****************************************
>> The assignment of each HTTP request to a particular CloudHub worker is taken care by Anypoint Platform itself. We need not manage it explicitly in the API implementation and in fact we CANNOT manage it in the API implementation.
>> The logging configuration that enables log entries to be visible in Runtime Manager is ALWAYS managed in the API implementation and NOT just for SLB. So this is not something we do EXCLUSIVELY when using SLB.
>> We DO NOT manage the number of DNS entries allocated to the API implementation inside the code.
Anypoint Platform takes care of this.
It is the SSL certificates used by the API implementation to expose HTTPS endpoints that is to be managed EXCLUSIVELY by the API implementation. Anypoint Platform does NOT do this when using SLBs.


NEW QUESTION # 26
What correctly characterizes unit tests of Mule applications?

  • A. They must be run in a unit testing environment with dedicated Mule runtimes for the environment
  • B. They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity
  • C. They must be triggered by an external client tool or event source
  • D. They test the validity of input and output of source and target systems

Answer: B

Explanation:
They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity.
*****************************************
Below TWO are characteristics of Integration Tests but NOT unit tests:
>> They test the validity of input and output of source and target systems.
>> They must be triggered by an external client tool or event source.
It is NOT TRUE that Unit Tests must be run in a unit testing environment with dedicated Mule runtimes for the environment.
MuleSoft offers MUnit for writing Unit Tests and they run in an embedded Mule Runtime without needing any separate/ dedicated Runtimes to execute them. They also do NOT need any external connectivity as MUnit supports mocking via stubs.
https://dzone.com/articles/munit-framework


NEW QUESTION # 27
A new upstream API Is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity.
The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms.
If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet the new upstream API's desired SLA?

  • A. Do not set a timeout; the Invocation of this API Is mandatory and so we must wait until it responds
  • B. Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries
  • C. No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API
  • D. Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete

Answer: D

Explanation:
Set a timeout of 100ms; that leaves 400ms for other two downstream APIs to complete
*****************************************
Key details to take from the given scenario:
>> Upstream API's designed SLA is 500ms (median). Lets ignore maximum SLA response times.
>> This API calls 3 downstream APIs sequentially and all these are of similar complexity.
>> The first downstream API is offering median SLA of 100ms, 80th percentile: 500ms; 95th percentile:
1000ms.
Based on the above details:
>> We can rule out the option which is suggesting to set 50ms timeout. Because, if the median SLA itself being offered is 100ms then most of the calls are going to timeout and time gets wasted in retried them and eventually gets exhausted with all retries. Even if some retries gets successful, the remaining time wont leave enough room for 2nd and 3rd downstream APIs to respond within time.
>> The option suggesting to NOT set a timeout as the invocation of this API is mandatory and so we must wait until it responds is silly. As not setting time out would go against the good implementation pattern and moreover if the first API is not responding within its offered median SLA 100ms then most probably it would either respond in 500ms (80th percentile) or 1000ms (95th percentile). In BOTH cases, getting a successful response from 1st downstream API does NO GOOD because already by this time the Upstream API SLA of
500 ms is breached. There is no time left to call 2nd and 3rd downstream APIs.
>> It is NOT true that no timeout is possible to meet the upstream APIs desired SLA.
As 1st downstream API is offering its median SLA of 100ms, it means MOST of the time we would get the responses within that time. So, setting a timeout of 100ms would be ideal for MOST calls as it leaves enough room of 400ms for remaining 2 downstream API calls.


NEW QUESTION # 28
What Anypoint Connectors support transactions?

  • A. Database, 3MS, HTTP
  • B. Database, VM, File
  • C. Database, JMS, VM, SFTP
  • D. Database, JMS, VM

Answer: D


NEW QUESTION # 29
Say, there is a legacy CRM system called CRM-Z which is offering below functions:
1. Customer creation
2. Amend details of an existing customer
3. Retrieve details of a customer
4. Suspend a customer

  • A. Implement different system APIs named createCustomer, amendCustomer, retrieveCustomer and suspendCustomer as they are modular and has seperation of concerns
  • B. Implement different system APIs named createCustomerInCRMZ, amendCustomerInCRMZ, retrieveCustomerFromCRMZ and suspendCustomerInCRMZ as they are modular and has seperation of concerns
  • C. Implement a system API named customerManagement which has all the functionalities wrapped in it as various operations/resources

Answer: A

Explanation:
Implement different system APIs named createCustomer, amendCustomer, retrieveCustomer
and suspendCustomer as they are modular and has seperation of concerns
*****************************************
>> It is quite normal to have a single API and different Verb + Resource combinations. However, this fits well for an Experience API or a Process API but not a best architecture style for System APIs. So, option with just one customerManagement API is not the best choice here.
>> The option with APIs in createCustomerInCRMZ format is next close choice w.r.t modularization and less maintenance but the naming of APIs is directly coupled with the legacy system. A better foreseen approach would be to name your APIs by abstracting the backend system names as it allows seamless replacement/migration of any backend system anytime. So, this is not the correct choice too.
>> createCustomer, amendCustomer, retrieveCustomer and suspendCustomer is the right approach and is the best fit compared to other options as they are both modular and same time got the names decoupled from backend system and it has covered all requirements a System API needs.


NEW QUESTION # 30
What CANNOT be effectively enforced using an API policy in Anypoint Platform?

  • A. Backend system overloading
  • B. Maintaining tamper-proof credentials between APIs
  • C. Guarding against Denial of Service attacks
  • D. Logging HTTP requests and responses

Answer: C

Explanation:
Guarding against Denial of Service attacks
*****************************************
>> Backend system overloading can be handled by enforcing "Spike Control Policy"
>> Logging HTTP requests and responses can be done by enforcing "Message Logging Policy"
>> Credentials can be tamper-proofed using "Security" and "Compliance" Policies However, unfortunately, there is no proper way currently on Anypoint Platform to guard against DOS attacks.


NEW QUESTION # 31
A REST API is being designed to implement a Mule application.
What standard interface definition language can be used to define REST APIs?

  • A. OpenAPI Specification (OAS)
  • B. YAML
  • C. AsyncAPI Specification
  • D. Web Service Definition Language(WSDL)

Answer: A


NEW QUESTION # 32
A company has started to create an application network and is now planning to implement a Center for Enablement (C4E) organizational model. What key factor would lead the company to decide upon a federated rather than a centralized C4E?

  • A. When there are a large number of existing common assets shared by development teams
  • B. When various teams responsible for creating APIs are new to integration and hence need extensive training
  • C. When development is already organized into several independent initiatives or groups
  • D. When the majority of the applications in the application network are cloud based

Answer: C

Explanation:
When development is already organized into several independent initiatives or groups
*****************************************
>> It would require lot of process effort in an organization to have a single C4E team coordinating with multiple already organized development teams which are into several independent initiatives. A single C4E works well with different teams having at least a common initiative. So, in this scenario, federated C4E works well instead of centralized C4E.


NEW QUESTION # 33
Due to a limitation in the backend system, a system API can only handle up to 500 requests per second. What is the best type of API policy to apply to the system API to avoid overloading the backend system?

  • A. HTTP caching
  • B. Rate limiting - SLA based
  • C. Spike control
  • D. Rate limiting

Answer: C

Explanation:
Spike control
*****************************************
>> First things first, HTTP Caching policy is for purposes different than avoiding the backend system from overloading. So this is OUT.
>> Rate Limiting and Throttling/ Spike Control policies are designed to limit API access, but have different intentions.
>> Rate limiting protects an API by applying a hard limit on its access.
>> Throttling/ Spike Control shapes API access by smoothing spikes in traffic.
That is why, Spike Control is the right option.


NEW QUESTION # 34
Which of the below, when used together, makes the IT Operational Model effective?

  • A. Create resuable assets, make them discoverable so that LOB teams can self-serve and browse the APIs
  • B. Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics
  • C. Create reusable assets, Do marketing on the created assets across organization, Arrange time to time LOB reviews to ensure assets are being consumed or not

Answer: A

Explanation:
Create reusable assets, Make them discoverable so that LOB teams can self-serve and browse the APIs, Get active feedback and usage metrics.
*****************************************
Diagram, arrow Description automatically generated


NEW QUESTION # 35
A System API is designed to retrieve data from a backend system that has scalability challenges. What API policy can best safeguard the backend system?

  • A. IPwhitelist
  • B. SLA-based rate limiting
  • C. Auth 2 token enforcement
  • D. Client ID enforcement

Answer: B

Explanation:
SLA-based rate limiting
*****************************************
>> Client Id enforement policy is a "Compliance" related NFR and does not help in maintaining the "Quality of Service (QoS)". It CANNOT and NOT meant for protecting the backend systems from scalability challenges.
>> IP Whitelisting and OAuth 2.0 token enforcement are "Security" related NFRs and again does not help in maintaining the "Quality of Service (QoS)". They CANNOT and are NOT meant for protecting the backend systems from scalability challenges.
Rate Limiting, Rate Limiting-SLA, Throttling, Spike Control are the policies that are "Quality of Service (QOS)" related NFRs and are meant to help in protecting the backend systems from getting overloaded.
https://dzone.com/articles/how-to-secure-apis


NEW QUESTION # 36
What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?

  • A. The FQDNs are determined by the application name, but can be modified by an administrator after deployment
  • B. The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
  • C. The FQDNs are determined by both the application name and the Anypoint Platform organization
  • D. A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design

Answer: B

Explanation:
The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
*****************************************
>> When deploying applications to Shared Worker Cloud, the FQDN are always determined by application name chosen.
>> It does NOT matter what region the app is being deployed to.
>> Although it is fact and true that the generated FQDN will have the region included in it (Ex:
exp-salesorder-api.au-s1.cloudhub.io), it does NOT mean that the same name can be used when deploying to another CloudHub region.
>> Application name should be universally unique irrespective of Region and Organization and solely determines the FQDN for Shared Load Balancers.


NEW QUESTION # 37
What is a typical result of using a fine-grained rather than a coarse-grained API deployment model to implement a given business process?

  • A. A higher number of discoverable API-related assets in the application network
  • B. A decrease in the number of connections within the application network supporting the business process
  • C. A better response time for the end user as a result of the APIs being smaller in scope and complexity
  • D. An overall tower usage of resources because each fine-grained API consumes less resources

Answer: A

Explanation:
A higher number of discoverable API-related assets in the application network.
*****************************************
>> We do NOT get faster response times in fine-grained approach when compared to coarse-grained approach.
>> In fact, we get faster response times from a network having coarse-grained APIs compared to a network having fine-grained APIs model. The reasons are below.
Fine-grained approach:
1. will have more APIs compared to coarse-grained
2. So, more orchestration needs to be done to achieve a functionality in business process.
3. Which means, lots of API calls to be made. So, more connections will needs to be established. So, obviously more hops, more network i/o, more number of integration points compared to coarse-grained approach where fewer APIs with bulk functionality embedded in them.
4. That is why, because of all these extra hops and added latencies, fine-grained approach will have bit more response times compared to coarse-grained.
5. Not only added latencies and connections, there will be more resources used up in fine-grained approach due to more number of APIs.
That's why, fine-grained APIs are good in a way to expose more number of resuable assets in your network and make them discoverable. However, needs more maintenance, taking care of integration points, connections, resources with a little compromise w.r.t network hops and response times.


NEW QUESTION # 38
The application network is recomposable: it is built for change because it "bends but does not break"

  • A. TRUE
  • B. FALSE

Answer: A

Explanation:
Explanation
*****************************************
>> Application Network is a disposable architecture.
>> Which means, it can be altered without disturbing entire architecture and its components.
>> It bends as per requirements or design changes but does not break


NEW QUESTION # 39
What API policy would be LEAST LIKELY used when designing an Experience API that is intended to work with a consumer mobile phone or tablet application?

  • A. JSON threat protection
  • B. IPwhitellst
  • C. OAuth 2.0 access token enforcement
  • D. Client ID enforcement

Answer: B

Explanation:
IP whitelist
*****************************************
>> OAuth 2.0 access token and Client ID enforcement policies are VERY common to apply on Experience APIs as API consumers need to register and access the APIs using one of these mechanisms
>> JSON threat protection is also VERY common policy to apply on Experience APIs to prevent bad or suspicious payloads hitting the API implementations.
>> IP whitelisting policy is usually very common in Process and System APIs to only whitelist the IP range inside the local VPC. But also applied occassionally on some experience APIs where the End User/ API Consumers are FIXED.
>> When we know the API consumers upfront who are going to access certain Experience APIs, then we can request for static IPs from such consumers and whitelist them to prevent anyone else hitting the API.
However, the experience API given in the question/ scenario is intended to work with a consumer mobile phone or tablet application. Which means, there is no way we can know all possible IPs that are to be whitelisted as mobile phones and tablets can so many in number and any device in the city/state/country/globe.
So, It is very LEAST LIKELY to apply IP Whitelisting on such Experience APIs whose consumers are typically Mobile Phones or Tablets.


NEW QUESTION # 40
A company requires Mule applications deployed to CloudHub to be isolated between non-production and production environments. This is so Mule applications deployed to non-production environments can only access backend systems running in their customer-hosted non-production environment, and so Mule applications deployed to production environments can only access backend systems running in their customer-hosted production environment. How does MuleSoft recommend modifying Mule applications, configuring environments, or changing infrastructure to support this type of per-environment isolation between Mule applications and backend systems?

  • A. Create non-production and production environments in different Anypoint Platform business groups
  • B. Create separate Anypoint VPCs for non-production and production environments, then configure connections to the backend systems in the corresponding customer-hosted environments
  • C. Modify properties of Mule applications deployed to the production Anypoint Platform environments to prevent access from non-production Mule applications
  • D. Configure firewall rules in the infrastructure inside each customer-hosted environment so that only IP addresses from the corresponding Anypoint Platform environments are allowed to communicate with corresponding backend systems

Answer: B

Explanation:
Create separate Anypoint VPCs for non-production and production environments, then configure connections to the backend systems in the corresponding customer-hosted environments.
*****************************************
>> Creating different Business Groups does NOT make any difference w.r.t accessing the non-prod and prod customer-hosted environments. Still they will be accessing from both Business Groups unless process network restrictions are put in place.
>> We need to modify or couple the Mule Application Implementations with the environment. In fact, we should never implements application coupled with environments by binding them in the properties. Only basic things like endpoint URL etc should be bundled in properties but not environment level access restrictions.
>> IP addresses on CloudHub are dynamic until unless a special static addresses are assigned. So it is not possible to setup firewall rules in customer-hosted infrastrcture. More over, even if static IP addresses are assigned, there could be 100s of applications running on cloudhub and setting up rules for all of them would be a hectic task, non-maintainable and definitely got a good practice.
>> The best practice recommended ), is to have your Anypoint VPCs
seperated for Prod and Non-Prod and perform the VPC peering or VPN tunneling for these Anypoint VPCs to respective Prod and Non-Prod customer-hosted environment networks.


NEW QUESTION # 41
......

MCPA-Level-1-Maintenance Dumps and Practice Test (81 Exam Questions): https://www.vce4plus.com/MuleSoft/MCPA-Level-1-Maintenance-valid-vce-dumps.html

Related Articles

more
MuleSoft MCPA-Level-1-Maintenance Certification Practice Exam