[2022年02月02日] 合格させるMuleSoft MCPA-Level-1試験情報と無料練習テスト
MCPA-Level-1試験問題集PDF更新された問題集にはFast2test試験合格保証付き
質問 11
What is a key requirement when using an external Identity Provider for Client Management in Anypoint Platform?
- A. APIs managed by Anypoint Platform must be protected by SAML 2.0 policies
- B. To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
- C. Single sign-on is required to sign in to Anypoint Platform
- D. The application network must include System APIs that interact with the Identity Provider
正解: B
解説:
https://www.folkstalk.com/2019/11/mulesoft-integration-and-platform.html Explanation:
Correct answer: To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider
*****************************************
>> It is NOT necessary that single sign-on is required to sign in to Anypoint Platform because we are using an external Identity Provider for Client Management
>> It is NOT necessary that all APIs managed by Anypoint Platform must be protected by SAML 2.0 policies because we are using an external Identity Provider for Client Management
>> Not TRUE that the application network must include System APIs that interact with the Identity Provider because we are using an external Identity Provider for Client Management Only TRUE statement in the given options is - "To invoke OAuth 2.0-protected APIs managed by Anypoint Platform, API clients must submit access tokens issued by that same Identity Provider" References:
https://docs.mulesoft.com/api-manager/2.x/external-oauth-2.0-token-validation-policy
https://blogs.mulesoft.com/dev/api-dev/api-security-ways-to-authenticate-and-authorize/
質問 12
An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).
What best describes each modern API in relation to this new IT operating model?
- A. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT D
- B. Each modern API must be REST and HTTP based
- C. Each modem API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)
- D. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation
正解: C
解説:
Correct Answers:
1. Each modern API must be treated like a product and designed for a particular target audience (for instance mobile app developers)
*****************************************
質問 13
What Anypoint Connectors support transactions?
- A. Database, JMS, VM, SFTP
- B. Database, 3MS, HTTP
- C. Database, VM, File
- D. Database, JMS, VM
正解: D
質問 14
An organization is implementing a Quote of the Day API that caches today's quote.
- A. When there is one deployment of the API implementation to CloudHub and anottV deployment to a customer-hosted Mule runtime that must share the cache state
- B. When there is one CloudHub deployment of the API implementation to three CloudHub workers that must share the cache state
- C. When there are three CloudHub deployments of the API implementation to three separate CloudHub regions that must share the cache state
- D. What scenario can use the GoudHub Object Store via the Object Store connector to persist the cache's state?
- E. When there are two CloudHub deployments of the API implementation by two Anypoint Platform business groups to the same CloudHub region that must share the cache state
正解: E
質問 15
In an organization, the InfoSec team is investigating Anypoint Platform related data traffic.
From where does most of the data available to Anypoint Platform for monitoring and alerting originate?
- A. From the Mule runtime irrespective of the deployment model
- B. From the Mule runtime or the API implementation, depending on the deployment model
- C. From the Mule runtime or the API Manager, depending on the type of data
- D. From various components of Anypoint Platform, such as the Shared Load Balancer, VPC, and Mule runtimes
正解: A
解説:
Correct answer: From the Mule runtime irrespective of the deployment model
*****************************************
>> Monitoring and Alerting metrics are always originated from Mule Runtimes irrespective of the deployment model.
>> It may seems that some metrics (Runtime Manager) are originated from Mule Runtime and some are (API Invocations/ API Analytics) from API Manager. However, this is realistically NOT TRUE. The reason is, API manager is just a management tool for API instances but all policies upon applying on APIs eventually gets executed on Mule Runtimes only (Either Embedded or API Proxy).
>> Similarly all API Implementations also run on Mule Runtimes.
So, most of the day required for monitoring and alerts are originated fron Mule Runtimes only irrespective of whether the deployment model is MuleSoft-hosted or Customer-hosted or Hybrid.
質問 16
How are an API implementation, API client, and API consumer combined to invoke and process an API?
- A. The API client creates an API consumer, which receives API invocations from an API such that they are processed for an API implementation
- B. The ApI client creates an API consumer, which sends API invocations to an API such that they are processed by an API implementation
- C. The ApI consumer creates an API client, which sends API invocations to an API such that they are processed by an API implementation
- D. The API consumer creates an API implementation, which receives API invocations from an API such that they are processed for an API client
正解: D
質問 17
A company has started to create an application network and is now planning to implement a Center for Enablement (C4E) organizational model. What key factor would lead the company to decide upon a federated rather than a centralized C4E?
- A. When there are a large number of existing common assets shared by development teams
- B. When the majority of the applications in the application network are cloud based
- C. When development is already organized into several independent initiatives or groups
- D. When various teams responsible for creating APIs are new to integration and hence need extensive training
正解: C
解説:
Correct answer: When development is already organized into several independent initiatives or groups
*****************************************
>> It would require lot of process effort in an organization to have a single C4E team coordinating with multiple already organized development teams which are into several independent initiatives. A single C4E works well with different teams having at least a common initiative. So, in this scenario, federated C4E works well instead of centralized C4E.
質問 18
A new upstream API Is being designed to offer an SLA of 500 ms median and 800 ms maximum (99th percentile) response time. The corresponding API implementation needs to sequentially invoke 3 downstream APIs of very similar complexity.
The first of these downstream APIs offers the following SLA for its response time: median: 100 ms, 80th percentile: 500 ms, 95th percentile: 1000 ms.
If possible, how can a timeout be set in the upstream API for the invocation of the first downstream API to meet the new upstream API's desired SLA?
- A. No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API
- B. Set a timeout of 100 ms; that leaves 400 ms for the other two downstream APIs to complete
- C. Do not set a timeout; the Invocation of this API Is mandatory and so we must wait until it responds
- D. Set a timeout of 50 ms; this times out more invocations of that API but gives additional room for retries
正解: D
質問 19
Due to a limitation in the backend system, a system API can only handle up to 500 requests per second. What is the best type of API policy to apply to the system API to avoid overloading the backend system?
- A. Spike control
- B. HTTP caching
- C. Rate limiting - SLA based
- D. Rate limiting
正解: A
解説:
Correct answer: Spike control
*****************************************
>> First things first, HTTP Caching policy is for purposes different than avoiding the backend system from overloading. So this is OUT.
>> Rate Limiting and Throttling/ Spike Control policies are designed to limit API access, but have different intentions.
>> Rate limiting protects an API by applying a hard limit on its access.
>> Throttling/ Spike Control shapes API access by smoothing spikes in traffic.
That is why, Spike Control is the right option.
質問 20
Refer to the exhibit.
An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components.
What policy should be applied to all instances of APIs in the organization to most effectively restrict access to a specific group of internal users?
- A. Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials.
- B. Apply an IP whitelist policy; only the specific users' workstations will be in the whitelist.
- C. Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users.
- D. Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server.
正解: C
質問 21
What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?
- A. A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design
- B. The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
- C. The FQDNs are determined by the application name, but can be modified by an administrator after deployment
- D. The FQDNs are determined by both the application name and the Anypoint Platform organization
正解: B
質問 22
What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?
- A. A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design
- B. The FQDNs are determined by the application name, but can be modified by an administrator after deployment
- C. The FQDNs are determined by both the application name and the Anypoint Platform organization
- D. The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
正解: A
質問 23
When designing an upstream API and its implementation, the development team has been advised to NOT set timeouts when invoking a downstream API, because that downstream API has no SLA that can be relied upon. This is the only downstream API dependency of that upstream API.
Assume the downstream API runs uninterrupted without crashing. What is the impact of this advice?
- A. A default timeout of 500 ms will automatically be applied by the Mule runtime in which the upstream API implementation executes
- B. The invocation of the downstream API will run to completion without timing out
- C. An SLA for the upstream API CANNOT be provided
- D. A toad-dependent timeout of less than 1000 ms will be applied by the Mule runtime in which the downstream API implementation executes
正解: C
解説:
Correct answer: An SLA for the upstream API CANNOT be provided.
*****************************************
>> First thing first, the default HTTP response timeout for HTTP connector is 10000 ms (10 seconds). NOT 500 ms.
>> Mule runtime does NOT apply any such "load-dependent" timeouts. There is no such behavior currently in Mule.
>> As there is default 10000 ms time out for HTTP connector, we CANNOT always guarantee that the invocation of the downstream API will run to completion without timing out due to its unreliable SLA times. If the response time crosses 10 seconds then the request may time out.
The main impact due to this is that a proper SLA for the upstream API CANNOT be provided.
質問 24
An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).
What best describes each modern API in relation to this new IT operating model?
- A. Each modern API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)
- B. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT.
- C. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation.
- D. Each modern API must be REST and HTTP based.
正解: A
質問 25
An API implementation is being designed that must invoke an Order API, which is known to repeatedly experience downtime.
For this reason, a fallback API is to be called when the Order API is unavailable.
What approach to designing the invocation of the fallback API provides the best resilience?
- A. Create a separate entry for the Order API in API Manager, and then invoke this API as a fallback API if the primary Order API is unavailable
- B. Set an option in the HTTP Requester component that invokes the Order API to instead invoke a fallback API whenever an HTTP 4xx or 5xx response status code is returned from the Order API
- C. Redirect client requests through an HTTP 307 Temporary Redirect status code to the fallback API whenever the Order API is unavailable
- D. Search Anypoint Exchange for a suitable existing fallback API, and then implement invocations to this fallback API in addition to the Order API
正解: D
質問 26
What is most likely NOT a characteristic of an integration test for a REST API implementation?
- A. The test prepares a known request payload and validates the response payload
- B. The test needs all source and/or target systems configured and accessible
- C. The test runs immediately after the Mule application has been compiled and packaged
- D. The test is triggered by an external HTTP request
正解: C
解説:
Correct answer: The test runs immediately after the Mule application has been compiled and packaged
*****************************************
>> Integration tests are the last layer of tests we need to add to be fully covered.
>> These tests actually run against Mule running with your full configuration in place and are tested from external source as they work in PROD.
>> These tests exercise the application as a whole with actual transports enabled. So, external systems are affected when these tests run.
So, these tests do NOT run immediately after the Mule application has been compiled and packaged.
FYI... Unit Tests are the one that run immediately after the Mule application has been compiled and packaged.
質問 27
What best describes the Fully Qualified Domain Names (FQDNs), also known as DNS entries, created when a Mule application is deployed to the CloudHub Shared Worker Cloud?
- A. A fixed number of FQDNs are created, IRRESPECTIVE of the environment and VPC design
- B. The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
- C. The FQDNs are determined by the application name, but can be modified by an administrator after deployment
- D. The FQDNs are determined by both the application name and the Anypoint Platform organization
正解: B
解説:
Correct answer: The FQDNs are determined by the application name chosen, IRRESPECTIVE of the region
*****************************************
>> When deploying applications to Shared Worker Cloud, the FQDN are always determined by application name chosen.
>> It does NOT matter what region the app is being deployed to.
>> Although it is fact and true that the generated FQDN will have the region included in it (Ex: exp-salesorder-api.au-s1.cloudhub.io), it does NOT mean that the same name can be used when deploying to another CloudHub region.
>> Application name should be universally unique irrespective of Region and Organization and solely determines the FQDN for Shared Load Balancers.
質問 28
An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?
- A. Shut out bad actors by using HTTPS mutual authentication for all API invocations
- B. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
- C. Apply a Header injection and removal policy that detects the malicious data before it is used
- D. Apply a JSON threat protection policy to all APIs to detect potential threat vectors
正解: B
質問 29
What is true about API implementations when dealing with legal regulations that require all data processing to be performed within a certain jurisdiction (such as in the USA or the EU)?
- A. They must avoid using the Object Store as it depends on services deployed ONLY to the US East region
- B. They must use a Jurisdiction-local external messaging system such as Active MQ rather than Anypoint MQ
- C. They must ensure ALL data is encrypted both in transit and at rest
- D. They must te deployed to Anypoint Platform runtime planes that are managed by Anypoint Platform control planes, with both planes in the same Jurisdiction
正解: A
質問 30
What API policy would LEAST likely be applied to a Process API?
- A. Client ID enforcement
- B. JSON threat protection
- C. Rate limiting
- D. Custom circuit breaker
正解: D
質問 31
What is true about automating interactions with Anypoint Platform using tools such as Anypoint Platform REST APIs, Anypoint CLI, or the Mule Maven plugin?
- A. Access to Anypoint Platform APIs and Anypoint CLI can be controlled separately through the roles and permissions in Anypoint Platform, so that specific users can get access to Anypoint CLI while others get access to the platform APIs.
- B. By default, the Anypoint CLI and Mule Maven plugin are NOT included in the Mule runtime, so are NOT available to be used by deployed Mule applications.
- C. API policies can be applied to the Anypoint Platform APIs so that ONLY certain LOBs have access to specific functions.
- D. Anypoint Platform APIs can ONLY automate interactions with CloudHub, while the Mule Maven plugin is required for deployment to customer-hosted Mule runtimes
正解: B
質問 32
......
あなたを合格させるMuleSoft試験にはMCPA-Level-1試験問題集:https://jp.fast2test.com/MCPA-Level-1-premium-file.html