Refer to the exhibit. An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/MuleSoft_MCPA-Level-1/page_35_img_2.jpg What policy should be applied to all instances of APIs in the organization to most effecuvelyKestrict access to a specific group of internal users?

Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials

Apply an IP whitelist policy; only the specific users' workstations will be in the whitelist

Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server

View MCPA-Level-1 Exam Questions

Filter by Domain

View Mode

Question 11

Q: 11

A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the AWS VPC. To what TCP port do API invocations to that Mule application need to be sent?

Options

Discussion

No comments yet. Be the first to comment.

Be respectful. No spam.

Correct Answer:

Explanation

Correct Answer: 8082

*****************************************

>> 8091 and 8092 ports are to be used when keeping your HTTP and HTTPS app private to the LOCAL

VPC respectively.

>> Above TWO ports are not for Shared AWS VPC/ Shared Worker Cloud.

>> 8081 is to be used when exposing your HTTP endpoint app to the internet through Shared LB

>> 8082 is to be used when exposing your HTTPS endpoint app to the internet through Shared LB

So, API invocations should be sent to port 8082 when calling this HTTPS based app.

References

https://docs.mulesoft.com/runtime-manager/cloudhub-networking-guide

https://help.mulesoft.com/s/article/Configure-Cloudhub-Application-to-Send-a-HTTPS-RequestDirectly-to-Another-Cloudhub-Application

https://help.mulesoft.com/s/question/0D52T00004mXXULSA4/multiple-http-listerners-oncloudhub-one-with-port-9090

Question 12

Q: 12

What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?

Options

Discussion

No comments yet. Be the first to comment.

Be respectful. No spam.

Correct Answer:

C https://www.folkstalk.com/2019/11/mulesoft-integration-and-platform.html

Explanation

Correct Answer: To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must

submit access tokens issued by that same Identity Provider

*****************************************

>> It is NOT necessary that single sign-on is required to sign in to Anypoint Platform because we are

using an external Identity Provider for Client Management

>> It is NOT necessary that all APIs managed by Anypoint Platform must be protected by SAML 2.0

policies because we are using an external Identity Provider for Client Management

>> Not TRUE that the application network must include System APIs that interact with the Identity

Provider because we are using an external Identity Provider for Client Management

Only TRUE statement in the given options is - "To invoke OAuth 2.0-protected APIs managed by

Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider"

References

https://docs.mulesoft.com/api-manager/2.x/external-oauth-2.0-token-validation-policy

https://blogs.mulesoft.com/dev/api-dev/api-security-ways-to-authenticate-and-authorize/

Question 13

Q: 13

What is true about where an API policy is defined in Anypoint Platform and how it is then applied to API instances?

Options

Discussion

No comments yet. Be the first to comment.

Be respectful. No spam.

Correct Answer:

Explanation

Correct Answer: The API policy is defined in API Manager for a specific API instance, and then ONLY

applied to the specific API instance.

*****************************************

>> Once our API specifications are ready and published to Exchange, we need to visit API Manager

and register an API instance for each API.

>> API Manager is the place where management of API aspects takes place like addressing NFRs by

enforcing policies on them.

>> We can create multiple instances for a same API and manage them differently for different

purposes.

>> One instance can have a set of API policies applied and another instance of same API can have

different set of policies applied for some other purpose.

>> These APIs and their instances are defined PER environment basis. So, one need to manage them

seperately in each environment.

>> We can ensure that same configuration of API instances (SLAs, Policies etc..) gets promoted when

promoting to higher environments using platform feature. But this is optional only. Still one can

change them per environment basis if they have to.

>> Runtime Manager is the place to manage API Implementations and their Mule Runtimes but NOT

APIs itself. Though API policies gets executed in Mule Runtimes, We CANNOT enforce API policies in

Runtime Manager. We would need to do that via API Manager only for a cherry picked instance in an

environment.

So, based on these facts, right statement in the given choices is - "The API policy is defined in API

Manager for a specific API instance, and then ONLY applied to the specific API instance".

Reference: https://docs.mulesoft.com/api-manager/2.x/latest-overview-concept

Question 14

Q: 14

Refer to the exhibit. An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components.

What policy should be applied to all instances of APIs in the organization to most effecuvelyKestrict access to a specific group of internal users?

Options

Discussion

No comments yet. Be the first to comment.

Be respectful. No spam.

Correct Answer:

Explanation

Correct Answer: Apply a basic authentication - LDAP policy; the internal Active Directory will be

configured as the LDAP source for authenticating users.

*****************************************

>> IP Whitelisting does NOT fit for this purpose. Moreover, the users workstations may not

necessarily have static IPs in the network.

>> OAuth 2.0 enforcement requires a client provider which isn't in the organizations system

components.

>> It is not an effective approach to let every user create separate client credentials and configure

those for their usage.

The effective way it to apply a basic authentication - LDAP policy and the internal Active Directory

will be configured as the LDAP source for authenticating users.

Reference: https://docs.mulesoft.com/api-manager/2.x/basic-authentication-ldap-concept

Question 15

Q: 15

A System API is designed to retrieve data from a backend system that has scalability challenges. What API policy can best safeguard the backend system?

Options

Discussion

No comments yet. Be the first to comment.

Be respectful. No spam.

Correct Answer:

Explanation

Correct Answer: SLA-based rate limiting

*****************************************

>> Client Id enforement policy is a "Compliance" related NFR and does not help in maintaining the

"Quality of Service (QoS)". It CANNOT and NOT meant for protecting the backend systems from

scalability challenges.

>> IP Whitelisting and OAuth 2.0 token enforcement are "Security" related NFRs and again does not

help in maintaining the "Quality of Service (QoS)". They CANNOT and are NOT meant for protecting

the backend systems from scalability challenges.

Rate Limiting, Rate Limiting-SLA, Throttling, Spike Control are the policies that are "Quality of Service

(QOS)" related NFRs and are meant to help in protecting the backend systems from getting

overloaded.

https://dzone.com/articles/how-to-secure-apis

Question 11 of 20 · Page 2 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE