100%更新されたのはMuleSoft MCPA-Level-1限定版PDF問題集 [Q17-Q38]

Share

100%更新されたのはMuleSoft MCPA-Level-1限定版PDF問題集

有効な試験問題を試そうMCPA-Level-1には無料サイトで限定お試しチャンス


MuleSoft MCPA-Level-1 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 正しい目的のためにAnypointプラットフォームID管理とクライアント管理を選択します
  • 適切なAPIポリシーを選択して、API呼び出しに非機能的制約を適用します
トピック 2
  • 所有権、機能の焦点、変更率に応じてAPIをレイヤーに割り当てます
  • Center forEnablementの目的と役割を説明します
トピック 3
  • エンタープライズデータモデルまたはバウンドコンテキストデータモデルの使用を推奨します
  • C4Eの成功を測定するためにKPIを特定します
トピック 4
  • 対応するRAML定義で必要な変更を特定します
  • Anypointプラットフォームの機能と高レベルのコンポーネントを説明します
トピック 5
  • APIマネージャーによる管理に適しているまたは対応していないAPIおよびその他のリモートインターフェイスのタイプを特定します
  • IT配信のギャップを埋めるためのMuleSoftの提案を説明します

 

質問 17
What do the API invocation metrics provided by Anypoint Platform provide?

  • A. Proactive identification of likely future policy violations that exceed a given threat threshold
  • B. Measurements of the effectiveness of the application network based on the level of reuse
  • C. Data on past API invocations to help identify anomalies and usage patterns across various APIs
  • D. ROI metrics from APIs that can be directly shared with business users

正解: B

 

質問 18
Refer to the exhibit.

An organization uses one specific CloudHub (AWS) region for all CloudHub deployments.
How are CloudHub workers assigned to availability zones (AZs) when the organization's Mule applications are deployed to CloudHub in that region?

  • A. Workers are randomly distributed across available AZs within that region
  • B. Workers belonging to a given environment are assigned to the same AZ within that region
  • C. An AZ is randomly selected for a Mule application, and all the Mule application's CloudHub workers are assigned to that one AZ
  • D. AZs are selected as part of the Mule application's deployment configuration

正解: C

解説:
Correct answer: Workers are randomly distributed across available AZs within that region.
*****************************************
>> Currently, we only have control to choose which AWS Region to choose but there is no control at all using any configurations or deployment options to decide what Availability Zone (AZ) to assign to what worker.
>> There are NO fixed or implicit rules on platform too w.r.t assignment of AZ to workers based on environment or application.
>> They are completely assigned in random. However, cloudhub definitely ensures that HA is achieved by assigning the workers to more than on AZ so that all workers are not assigned to same AZ for same application.
Reference:

 

質問 19
Which layer in the API-led connectivity focuses on unlocking key systems, legacy systems, data sources etc and exposes the functionality?

  • A. Experience Layer
  • B. Process Layer
  • C. System Layer

正解: C

解説:
Correct answer: System Layer

The APIs used in an API-led approach to connectivity fall into three categories:
System APIs - these usually access the core systems of record and provide a means of insulating the user from the complexity or any changes to the underlying systems. Once built, many users, can access data without any need to learn the underlying systems and can reuse these APIs in multiple projects.
Process APIs - These APIs interact with and shape data within a single system or across systems (breaking down data silos) and are created here without a dependence on the source systems from which that data originates, as well as the target channels through which that data is delivered.
Experience APIs - Experience APIs are the means by which data can be reconfigured so that it is most easily consumed by its intended audience, all from a common data source, rather than setting up separate point-to-point integrations for each channel. An Experience API is usually created with API-first design principles where the API is designed for the specific user experience in mind.

 

質問 20
An API implementation is deployed to CloudHub.
What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the end-to-end request processing of the API implementation?

  • A. When the response time of API invocations exceeds a threshold
  • B. When the API receives a very high number of API invocations
  • C. When a particular API client invokes the API too often within a given time period
  • D. When the API is invoked by an unrecognized API client

正解: A

解説:
Correct answer: When the response time of API invocations exceeds a threshold
*****************************************
>> Alerts can be setup for all the given options using the default Anypoint Platform functionality
>> However, the question insists on an alert whose conditions depend on the end-to-end request processing of the API implementation.
>> Alert w.r.t "Response Times" is the only one which requires end-to-end request processing of API implementation in order to determine if the threshold is exceeded or not.

 

質問 21
How are an API implementation, API client, and API consumer combined to invoke and process an API?

  • A. The API client creates an API consumer, which receives API invocations from an API such that they are processed for an API implementation
  • B. The API consumer creates an API implementation, which receives API invocations from an API such that they are processed for an API client
  • C. The ApI client creates an API consumer, which sends API invocations to an API such that they are processed by an API implementation
  • D. The ApI consumer creates an API client, which sends API invocations to an API such that they are processed by an API implementation

正解: B

 

質問 22
A retail company with thousands of stores has an API to receive data about purchases and insert it into a single database. Each individual store sends a batch of purchase data to the API about every 30 minutes. The API implementation uses a database bulk insert command to submit all the purchase data to a database using a custom JDBC driver provided by a data analytics solution provider. The API implementation is deployed to a single CloudHub worker. The JDBC driver processes the data into a set of several temporary disk files on the CloudHub worker, and then the data is sent to an analytics engine using a proprietary protocol. This process usually takes less than a few minutes. Sometimes a request fails. In this case, the logs show a message from the JDBC driver indicating an out-of-file-space message. When the request is resubmitted, it is successful. What is the best way to try to resolve this throughput issue?

  • A. se a CloudHub autoscaling policy to add CloudHub workers
  • B. Increase the size of the CloudHub worker(s)
  • C. Increase the number of CloudHub workers
  • D. Use a CloudHub autoscaling policy to increase the size of the CloudHub worker

正解: C

解説:
Correct answer: Increase the size of the CloudHub worker(s)
*****************************************
The key details that we can take out from the given scenario are:
>> API implementation uses a database bulk insert command to submit all the purchase data to a database
>> JDBC driver processes the data into a set of several temporary disk files on the CloudHub worker
>> Sometimes a request fails and the logs show a message indicating an out-of-file-space message Based on above details:
>> Both auto-scaling options does NOT help because we cannot set auto-scaling rules based on error messages. Auto-scaling rules are kicked-off based on CPU/Memory usages and not due to some given error or disk space issues.
>> Increasing the number of CloudHub workers also does NOT help here because the reason for the failure is not due to performance aspects w.r.t CPU or Memory. It is due to disk-space.
>> Moreover, the API is doing bulk insert to submit the received batch data. Which means, all data is handled by ONE worker only at a time. So, the disk space issue should be tackled on "per worker" basis. Having multiple workers does not help as the batch may still fail on any worker when disk is out of space on that particular worker.
Therefore, the right way to deal this issue and resolve this is to increase the vCore size of the worker so that a new worker with more disk space will be provisioned.

 

質問 23
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

  • A. Shut out bad actors by using HTTPS mutual authentication for all API invocations
  • B. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
  • C. Apply a JSON threat protection policy to all APIs to detect potential threat vectors
  • D. Apply a Header injection and removal policy that detects the malicious data before it is used

正解: C

解説:
Correct answer: Apply a JSON threat protection policy to all APIs to detect potential threat vectors
*****************************************
>> Usually, if the APIs are designed and developed for specific consumers (known consumers/customers) then we would IP Whitelist the same to ensure that traffic only comes from them.
>> However, as this scenario states that the APIs are publicly available and being used by so many mobile and web applications, it is NOT possible to identify and blacklist all possible bad actors.
>> So, JSON threat protection policy is the best chance to prevent any bad JSON payloads from such bad actors.

 

質問 24
An API implementation is deployed on a single worker on CloudHub and invoked by external API clients (outside of CloudHub). How can an alert be set up that is guaranteed to trigger AS SOON AS that API implementation stops responding to API invocations?

  • A. Create an alert for when the API receives no requests within a specified time period
  • B. Implement a heartbeat/health check within the API and invoke it from outside the Anypoint Platform and alert when the heartbeat does not respond
  • C. Handle API invocation exceptions within the calling API client and raise an alert from that API client when the API Is unavailable
  • D. Configure a "worker not responding" alert in Anypoint Runtime Manager

正解: D

解説:
Correct answer: Configure a "Worker not responding" alert in Anypoint Runtime Manager.
*****************************************
>> All the options eventually helps to generate the alert required when the application stops responding.
>> However, handling exceptions within calling API and then raising alert from API client is inappropriate and silly. There could be many API clients invoking the API implementation and it is not ideal to have this setup consistently in all of them. Not a realistic way to do.
>> Implementing a health check/ heartbeat with in the API and calling from outside to detmine the health sounds OK but needs extra setup for it and same time there are very good chances of generating false alarms when there are any intermittent network issues between external tool calling the health check API on API implementation. The API implementation itself may not have any issues but due to some other factors some false alarms may go out.
>> Creating an alert in API Manager when the API receives no requests within a specified time period would actually generate realistic alerts but even here some false alarms may go out when there are genuinely no requests from API clients.
The best and right way to achieve this requirement is to setup an alert on Runtime Manager with a condition "Worker not responding". This would generate an alert AS SOON AS the workers become unresponsive.

 

質問 25
What is typically NOT a function of the APIs created within the framework called API-led connectivity?

  • A. They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
  • B. They can compose data from various sources and combine them with orchestration logic to create higher level value.
  • C. They allow for innovation at the user Interface level by consuming the underlying assets without being aware of how data Is being extracted from backend systems.
  • D. They reduce the dependency on the underlying backend systems by helping unlock data from backend systems In a reusable and consumable way.

正解: A

解説:
Correct answer: They provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
*****************************************
In API-led connectivity,
>> Experience APIs - allow for innovation at the user interface level by consuming the underlying assets without being aware of how data is being extracted from backend systems.
>> Process APIs - compose data from various sources and combine them with orchestration logic to create higher level value
>> System APIs - reduce the dependency on the underlying backend systems by helping unlock data from backend systems in a reusable and consumable way.
However, they NEVER promise that they provide an additional layer of resilience on top of the underlying backend system, thereby insulating clients from extended failure of these systems.
https://dzone.com/articles/api-led-connectivity-with-mule

 

質問 26
The responses to some HTTP requests can be cached depending on the HTTP verb used in the request.
According to the HTTP specification, for what HTTP verbs is this safe to do?

  • A. GET, PUT, OPTIONS
  • B. PUT, POST, DELETE
  • C. GET, HEAD, POST
  • D. GET, OPTIONS, HEAD

正解: D

解説:
Explanation
http://restcookbook.com/HTTP%20Methods/idempotency/

 

質問 27
A new upstream API Is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity.
The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms.
If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet the new upstream API's desired SLA?

  • A. Do not set a timeout; the Invocation of this API Is mandatory and so we must wait until it responds
  • B. No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API
  • C. Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries
  • D. Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete

正解: D

解説:
Correct answer: Set a timeout of 100ms; that leaves 400ms for other two downstream APIs to complete
*****************************************
Key details to take from the given scenario:
>> Upstream API's designed SLA is 500ms (median). Lets ignore maximum SLA response times.
>> This API calls 3 downstream APIs sequentially and all these are of similar complexity.
>> The first downstream API is offering median SLA of 100ms, 80th percentile: 500ms; 95th percentile: 1000ms.
Based on the above details:
>> We can rule out the option which is suggesting to set 50ms timeout. Because, if the median SLA itself being offered is 100ms then most of the calls are going to timeout and time gets wasted in retried them and eventually gets exhausted with all retries. Even if some retries gets successful, the remaining time wont leave enough room for 2nd and 3rd downstream APIs to respond within time.
>> The option suggesting to NOT set a timeout as the invocation of this API is mandatory and so we must wait until it responds is silly. As not setting time out would go against the good implementation pattern and moreover if the first API is not responding within its offered median SLA 100ms then most probably it would either respond in 500ms (80th percentile) or 1000ms (95th percentile). In BOTH cases, getting a successful response from 1st downstream API does NO GOOD because already by this time the Upstream API SLA of 500 ms is breached. There is no time left to call 2nd and 3rd downstream APIs.
>> It is NOT true that no timeout is possible to meet the upstream APIs desired SLA.
As 1st downstream API is offering its median SLA of 100ms, it means MOST of the time we would get the responses within that time. So, setting a timeout of 100ms would be ideal for MOST calls as it leaves enough room of 400ms for remaining 2 downstream API calls.

 

質問 28
When designing an upstream API and its implementation, the development team has been advised to NOT set timeouts when invoking a downstream API, because that downstream API has no SLA that can be relied upon.
This is the only downstream API dependency of that upstream API.

  • A. An SLA for the upstream API CANNOT be provided
  • B. A default timeout of 500 ms will automatically be applied by the Mule runtime in which the upstream API implementation executes
  • C. Assume the downstream API runs uninterrupted without crashing. What is the impact of this advice?
  • D. The invocation of the downstream API will run to completion without timing out
  • E. A toad-dependent timeout of less than 1000 ms will be applied by the Mule runtime in which the downstream API implementation executes

正解: D

 

質問 29
What best explains the use of auto-discovery in API implementations?

  • A. It makes API Manager aware of API implementations and hence enables it to enforce policies
  • B. It enables Anypoint Exchange to discover assets and makes them available for reuse
  • C. It enables Anypoint Studio to discover API definitions configured in Anypoint Platform
  • D. It enables Anypoint Analytics to gain insight into the usage of APIs

正解: A

解説:
Correct answer: It makes API Manager aware of API implementations and hence enables it to enforce policies.
*****************************************
>> API Autodiscovery is a mechanism that manages an API from API Manager by pairing the deployed application to an API created on the platform.
>> API Management includes tracking, enforcing policies if you apply any, and reporting API analytics.
>> Critical to the Autodiscovery process is identifying the API by providing the API name and version.
References:
https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept
https://docs.mulesoft.com/api-manager/1.x/api-auto-discovery
https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept

 

質問 30
What CANNOT be effectively enforced using an API policy in Anypoint Platform?

  • A. Guarding against Denial of Service attacks
  • B. Backend system overloading
  • C. Maintaining tamper-proof credentials between APIs
  • D. Logging HTTP requests and responses

正解: A

解説:
Correct answer: Guarding against Denial of Service attacks
*****************************************
>> Backend system overloading can be handled by enforcing "Spike Control Policy"
>> Logging HTTP requests and responses can be done by enforcing "Message Logging Policy"
>> Credentials can be tamper-proofed using "Security" and "Compliance" Policies However, unfortunately, there is no proper way currently on Anypoint Platform to guard against DOS attacks.

 

質問 31
What CANNOT be effectively enforced using an API policy in Anypoint Platform?

  • A. Guarding against Denial of Service attacks
  • B. Backend system overloading
  • C. Maintaining tamper-proof credentials between APIs
  • D. Logging HTTP requests and responses

正解: A

 

質問 32
What is true about the technology architecture of Anypoint VPCs?

  • A. The private IP address range of an Anypoint VPC is automatically chosen by CloudHub
  • B. VPC peering can be used to link the underlying AWS VPC to an on-premises (non AWS) private network
  • C. Each CloudHub environment requires a separate Anypoint VPC
  • D. Traffic between Mule applications deployed to an Anypoint VPC and on-premises systems can stay within a private network

正解: A

 

質問 33
A Mule application exposes an HTTPS endpoint and is deployed to the CloudHub Shared Worker Cloud. All traffic to that Mule application must stay inside the AWS VPC.
To what TCP port do API invocations to that Mule application need to be sent?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解: C

解説:
Correct answer: 8082
*****************************************
>> 8091 and 8092 ports are to be used when keeping your HTTP and HTTPS app private to the LOCAL VPC respectively.
>> Above TWO ports are not for Shared AWS VPC/ Shared Worker Cloud.
>> 8081 is to be used when exposing your HTTP endpoint app to the internet through Shared LB
>> 8082 is to be used when exposing your HTTPS endpoint app to the internet through Shared LB So, API invocations should be sent to port 8082 when calling this HTTPS based app.
References:
https://docs.mulesoft.com/runtime-manager/cloudhub-networking-guide
https://help.mulesoft.com/s/article/Configure-Cloudhub-Application-to-Send-a-HTTPS-Request-Directly-to-Another-Cloudhub-Application
https://help.mulesoft.com/s/question/0D52T00004mXXULSA4/multiple-http-listerners-on-cloudhub-one-with-port-9090

 

質問 34
An organization wants to make sure only known partners can invoke the organization's APIs. To achieve this security goal, the organization wants to enforce a Client ID Enforcement policy in API Manager so that only registered partner applications can invoke the organization's APIs. In what type of API implementation does MuleSoft recommend adding an API proxy to enforce the Client ID Enforcement policy, rather than embedding the policy directly in the application's JVM?

  • A. A Non-Mule application
  • B. A Mule 3 application using APIkit
  • C. A Mule 4 application with an API specification
  • D. A Mule 3 or Mule 4 application modified with custom Java code

正解: A

解説:
Correct answer: A Non-Mule application
*****************************************
>> All type of Mule applications (Mule 3/ Mule 4/ with APIkit/ with Custom Java Code etc) running on Mule Runtimes support the Embedded Policy Enforcement on them.
>> The only option that cannot have or does not support embedded policy enforcement and must have API Proxy is for Non-Mule Applications.
So, Non-Mule application is the right answer.

 

質問 35
The application network is recomposable: it is built for change because it "bends but does not break"

  • A. TRUE
  • B. FALSE

正解: A

解説:
*****************************************
>> Application Network is a disposable architecture.
>> Which means, it can be altered without disturbing entire architecture and its components.
>> It bends as per requirements or design changes but does not break

 

質問 36
A system API has a guaranteed SLA of 100 ms per request. The system API is deployed to a primary environment as well as to a disaster recovery (DR) environment, with different DNS names in each environment. An upstream process API invokes the system API and the main goal of this process API is to respond to client requests in the least possible time. In what order should the system APIs be invoked, and what changes should be made in order to speed up the response time for requests from the process API?

  • A. Invoke ONLY the system API deployed to the primary environment, and add timeout and retry logic to avoid intermittent failures
  • B. Invoke the system API deployed to the primary environment, and if it fails, invoke the system API deployed to the DR environment
  • C. In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment using a scatter-gather configured with a timeout, and then merge the responses
  • D. In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment, and ONLY use the first response

正解: D

解説:
Correct answer: In parallel, invoke the system API deployed to the primary environment and the system API deployed to the DR environment, and ONLY use the first response.
*****************************************
>> The API requirement in the given scenario is to respond in least possible time.
>> The option that is suggesting to first try the API in primary environment and then fallback to API in DR environment would result in successful response but NOT in least possible time. So, this is NOT a right choice of implementation for given requirement.
>> Another option that is suggesting to ONLY invoke API in primary environment and to add timeout and retries may also result in successful response upon retries but NOT in least possible time. So, this is also NOT a right choice of implementation for given requirement.
>> One more option that is suggesting to invoke API in primary environment and API in DR environment in parallel using Scatter-Gather would result in wrong API response as it would return merged results and moreover, Scatter-Gather does things in parallel which is true but still completes its scope only on finishing all routes inside it. So again, NOT a right choice of implementation for given requirement The Correct choice is to invoke the API in primary environment and the API in DR environment parallelly, and using ONLY the first response received from one of them.

 

質問 37
What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?

  • A. They must te deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control planes, with both planes in the same Jurisdiction
  • B. They must avoid using the Object Store as it depends on services deployed ONLY to the US East region
  • C. They must use a Jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ
  • D. They must ensure ALL data is encrypted both in transit and at rest

正解: A

 

質問 38
......

MuleSoft MCPA-Level-1公式認定ガイドPDF:https://jp.fast2test.com/MCPA-Level-1-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어