• ホーム
  • ブログ
  • [2026年更新]Mule-Arch-201.PDFの問題回答PDFサンプル問題現実的 [Q54-Q79]

[2026年更新]Mule-Arch-201.PDFの問題回答PDFサンプル問題現実的 [Q54-Q79]

Share

[2026年更新]Mule-Arch-201.PDFの問題回答PDFサンプル問題現実的

Salesforce Mule-Arch-201問題集PDFはまもなく最高のベストスコア

質問 # 54
What Mule application deployment scenario requires using Anypoint Platform Private Cloud Edition or Anypoint Platform for Pivotal Cloud Foundry?

  • A. When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data
  • B. When ALL backend systems in the application network are deployed in the organization's intranet
  • C. When it is required that ALL APIs are private and NOT exposed to the public cloud
  • D. When it Is required to make ALL applications highly available across multiple data centers

正解:A

解説:
Correct Answe r: When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data.
*****************************************
We need NOT require to use Anypoint Platform PCE or PCF for the below. So these options are OUT.
>> We can make ALL applications highly available across multiple data centers using CloudHub too.
>> We can use Anypoint VPN and tunneling from CloudHub to connect to ALL backend systems in the application network that are deployed in the organization's intranet.
>> We can use Anypoint VPC and Firewall Rules to make ALL APIs private and NOT exposed to the public cloud.
Only valid reason in the given options that requires to use Anypoint Platform PCE/ PCF is - When regulatory requirements mandate on-premises processing of EVERY data item, including meta-data.


質問 # 55
A client has several applications running on the Salesforce service cloud. The business requirement for integration is to get daily data changes from Account and Case Objects. Data needs to be moved to the client's private cloud AWS DynamoDB instance as a single JSON and the business foresees only wanting five attributes from the Account object, which has 219 attributes (some custom) and eight attributes from the Case Object.
What design should be used to support the API/ Application data model?

  • A. Create separate entities for Account with five attributes and Case with eight attributes in SAPI, which are combined by the PAPI to provide JSON output containing 13 attributes.
  • B. Start implementing an Enterprise Data Model by defining enterprise Account and Case Objects and implement SAPI and DynamoDB tables based on the Enterprise Data Model,
  • C. Create separate entities for Account and Case Objects by mimicking all the attributes in SAPI, which are combined by the PAPI and filtered to provide JSON output containing 13 attributes.
  • D. Request client's AWS project team to replicate all the attributes and create Account and Case JSON table in DynamoDB. Then create separate entities for Account and Case Objects by mimicking all the attributes in SAPI to transfer ISON data to DynamoD for respective Objects

正解:A

解説:
Understanding the Requirements:
The business needs to transfer daily data changes from the Salesforce Account and Case objects to AWS DynamoDB in a single JSON format.
Only a subset of attributes (5 from Account and 8 from Case) is required, so it is not necessary to include all 219 attributes of the Account object.
Design Approach:
A System API (SAPI) should be created for each Salesforce object (Account and Case), exposing only the required fields (5 attributes for Account and 8 for Case).
A Process API (PAPI) can be used to aggregate and transform the data from these SAPIs, combining the 13 selected attributes from Account and Case into a single JSON structure for DynamoDB.
Evaluating the Options:
Option A: Mimicking all attributes in the SAPI is inefficient and unnecessary, as only 13 attributes are required.
Option B: Replicating all attributes in DynamoDB is excessive and would result in higher storage and processing costs, which is unnecessary given the requirement for only a subset of attributes.
Option C: Implementing an Enterprise Data Model could be useful in broader data management but is not required here, as the focus is on a lightweight integration.
Option D (Correct Answer): Creating separate entities in SAPI for Account and Case with only the required attributes and using the PAPI to aggregate them into a single JSON is the most efficient and meets the requirements effectively.
Conclusion:
Option D is the best choice as it provides a lightweight, efficient design that meets the requirements by transferring only the necessary attributes and minimizing resource use.
Refer to MuleSoft's best practices for API-led connectivity and data modeling to structure SAPIs and PAPIs efficiently.


質問 # 56
An API implementation is deployed to CloudHub.
What conditions can be alerted on using the default Anypoint Platform functionality, where the alert conditions depend on the API invocations to an API implementation?

  • A. When the APL invecations originate from a geography different than the API
  • B. When the API invocations are not over-a- secure TLS/SSL communication channel
  • C. When the number of API invocations are below a threshold
  • D. When the API invocations are sent directly to the internal DNS record of the API implementation

正解:C

解説:
Default Alert Capabilities in Anypoint Platform:
Anypoint Platform provides out-of-the-box alerting capabilities for monitoring API invocation conditions, including setting thresholds for the number of invocations.
Alerts can be configured for conditions such as high or low traffic (invocations exceeding or falling below a defined threshold).
Evaluating the Options:
Option A: Anypoint Platform does not provide direct alerting based on DNS records.
Option B: Anypoint Platform does not provide default alerts based on whether invocations use TLS/SSL; this would require custom configuration.
Option C: Geolocation-based alerting is not natively supported in Anypoint Platform.
Option D (Correct Answer): Alerts based on API invocation thresholds (e.g., invocations falling below a set threshold) are supported and can be configured as part of the default Anypoint alerting functionality.
Conclusion:
Option D is correct, as Anypoint Platform allows configuring alerts based on the number of API invocations falling below or exceeding a threshold.
Refer to MuleSoft's documentation on Anypoint Monitoring and alert configurations for more details.


質問 # 57
What are the major benefits of MuleSoft proposed IT Operating Model?

  • A. 1. Decrease the IT delivery gap
    2. Meet various business demands without increasing the IT capacity
    3. Make consumption of assets at the rate of production
  • B. 1. Decrease the IT delivery gap
    2. Meet various business demands by increasing the IT capacity and forming various IT departments
    3. Make consumption of assets at the rate of production
  • C. 1. Decrease the IT delivery gap
    2. Meet various business demands without increasing the IT capacity
    3. Focus on creation of reusable assets first. Upon finishing creation of all the possible assets then inform the LOBs in the organization to start using them

正解:A

解説:
Correct Answe r:
1. Decrease the IT delivery gap
2. Meet various business demands without increasing the IT capacity
3. Make consumption of assets at the rate of production.
*****************************************


質問 # 58
Refer to the exhibit. An organization is running a Mule standalone runtime and has configured Active Directory as the Anypoint Platform external Identity Provider. The organization does not have budget for other system components.
What policy should be applied to all instances of APIs in the organization to most effecuvelyKestrict access to a specific group of internal users?

  • A. Apply an IP whitelist policy; only the specific users' workstations will be in the whitelist
  • B. Apply an OAuth 2.0 access token enforcement policy; the internal Active Directory will be configured as the OAuth server
  • C. Apply a client ID enforcement policy; the specific group of users will configure their client applications to use their specific client credentials
  • D. Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users

正解:D

解説:
Correct Answe r: Apply a basic authentication - LDAP policy; the internal Active Directory will be configured as the LDAP source for authenticating users.
*****************************************
>> IP Whitelisting does NOT fit for this purpose. Moreover, the users workstations may not necessarily have static IPs in the network.
>> OAuth 2.0 enforcement requires a client provider which isn't in the organizations system components.
>> It is not an effective approach to let every user create separate client credentials and configure those for their usage.
The effective way it to apply a basic authentication - LDAP policy and the internal Active Directory will be configured as the LDAP source for authenticating users.


質問 # 59
What Anypoint Platform Capabilities listed below fall under APIs and API Invocations/Consumers category? Select TWO.

  • A. API Consumer Engagement
  • B. API Runtime Execution and Hosting
  • C. API Operations and Management
  • D. API Design and Development

正解:D

解説:
Correct Answers: API Design and Development and API Runtime Execution and Hosting
*****************************************
>> API Design and Development - Anypoint Studio, Anypoint Design Center, Anypoint Connectors
>> API Runtime Execution and Hosting - Mule Runtimes, CloudHub, Runtime Services
>> API Operations and Management - Anypoint API Manager, Anypoint Exchange

Correct Answers: API Operations and Management and API Consumer Engagement
*****************************************
>> API Design and Development - Anypoint Studio, Anypoint Design Center, Anypoint Connectors
>> API Runtime Execution and Hosting - Mule Runtimes, CloudHub, Runtime Services
>> API Operations and Management - Anypoint API Manager, Anypoint Exchange
>> API Consumer Management - API Contracts, Public Portals, Anypoint Exchange, API Notebooks

Bottom of Form
Top of Form


質問 # 60
What should be ensured before sharing an API through a public Anypoint Exchange portal?

  • A. The API should be secured using one of the supported authentication/authorization mechanisms to ensure that data is not compromised
  • B. The API should be functional with at least an initial implementation deployed and accessible for users to interact with
  • C. The visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility
  • D. The users needing access to the API should be added to the appropriate role in Anypoint Platform

正解:C

解説:
Correct Answe r: The visibility level of the API instances of that API that need to be publicly accessible should be set to public visibility.
*****************************************
Reference:
https://docs.mulesoft.com/exchange/to-share-api-asset-to-portal


質問 # 61
An auto manufacturer has a mature CI/CD practice and wants to automate packaging and deployment of any Mule applications to various deployment targets, including CloudHub workers/replicas, customer-hosted Mule runtimes, and Anypoint Runtime Fabric.
Which MuleSoft-provided tool or component facilitates automating the packaging and deployment of Mule applications to various deployment targets as part of the company's CI/CD practice?

  • A. Mule Maven plugin
  • B. Anypoint Platform CLI
  • C. Anypoint Runtime Manager
  • D. Anypoint Platform REST APIs

正解:A

解説:
For organizations with established CI/CD practices, the Mule Maven plugin is the recommended tool for automating packaging and deployment across multiple environments, including CloudHub, on-premise Mule runtimes, and Anypoint Runtime Fabric. Here's why:
Automation with Maven:
The Mule Maven plugin allows for CI/CD integration by supporting automated build and deployment processes. It is commonly used in CI/CD pipelines to handle application packaging and deployment directly through Maven commands, making it ideal for teams that want consistent deployment automation across different MuleSoft environments.
Supported Deployment Targets:
The Mule Maven plugin supports deployment to various targets, including CloudHub, Runtime Fabric, and on-premises servers, thus meeting the needs of environments with diverse deployment destinations.
Why Option B is Correct:
The Mule Maven plugin is specifically designed for CI/CD pipelines and integrates with Jenkins, GitLab, and other CI/CD tools to facilitate continuous deployment. It is the most efficient MuleSoft-provided tool for this purpose.
of Incorrect Options:
Option A (Anypoint Runtime Manager) provides deployment management but does not automate CI/CD processes.
Option C (Anypoint Platform CLI) can script deployments but lacks direct integration with CI/CD tools.
Option D (Anypoint Platform REST APIs) requires custom scripting for deployment, which can be more complex than using the Mule Maven plugin.
Reference
For more details, refer to MuleSoft documentation on using the Mule Maven plugin for CI/CD.


質問 # 62
An API implementation is updated. When must the RAML definition of the API also be updated?

  • A. When the API implementation changes the structure of the request or response messages
  • B. When the API implementation is optimized to improve its average response time
  • C. When the API implementation is migrated from an older to a newer version of the Mule runtime
  • D. When the API implementation changes from interacting with a legacy backend system deployed on-premises to a modern, cloud-based (SaaS) system

正解:A

解説:
Correct Answe r: When the API implementation changes the structure of the request or response messages
*****************************************
>> RAML definition usually needs to be touched only when there are changes in the request/response schemas or in any traits on API.
>> It need not be modified for any internal changes in API implementation like performance tuning, backend system migrations etc..


質問 # 63
When should idempotency be taken into account?

  • A. When sending concurrent update requests for the same entity
  • B. When making requests to update currently locked entities
  • C. When preventing duplicate processing from multiple sent requests
  • D. When storing the results of s previous request for use in response to subsequent requests

正解:C

解説:
Understanding Idempotency:
Idempotency is a concept in APIs where an operation can be performed multiple times without changing the result beyond the initial application. This is particularly important for operations that may be repeated due to network retries or client errors.
When to Consider Idempotency:
Idempotency should be taken into account when there is a risk of duplicate processing due to multiple requests being sent (e.g., retries or errors). This ensures that repeated requests do not result in unintended side effects, such as creating multiple records or processing the same transaction more than once.
Evaluating the Options:
Option A: While locked entities may need special handling, this is not directly related to idempotency.
Option B: Storing results for future responses could be useful but does not relate to idempotent operations.
Option C: Concurrent requests for the same entity might require handling for conflicts, but this scenario is better suited for transaction management or concurrency control.
Option D (Correct Answer): Preventing duplicate processing from multiple requests is a key reason to implement idempotency, ensuring that repeat requests have no adverse effects.
Conclusion:
Option D is the correct answer as idempotency is specifically used to handle scenarios where duplicate requests might be sent, preventing unintended processing.
Refer to MuleSoft's documentation on best practices for idempotency in API design for more details.


質問 # 64
A customer has an ELA contract with MuleSoft. An API deployed to CloudHub is consistently experiencing performance issues. Based on the root cause analysis, it is determined that autoscaling needs to be applied.
How can this be achieved?

  • A. Configure two separate policies: When CPU and memory reach certain threshold, increase the worker/replica type (vertical sealing) and the number of workers/replicas (horizontal sealing)
  • B. Configure a policy so that when the number of HTTP requests reaches a certain threshold the number of workers/replicas increases (horizontal scaling)
  • C. Configure a policy based on CPU usage so that CloudHub auto-adjusts the number of workers/replicas (horizontal scaling)
  • D. Configure a policy so that when the response time reaches a certain threshold the worker/replica type increases (vertical scaling)

正解:C

解説:
In MuleSoft CloudHub, autoscaling is essential to managing application load efficiently. CloudHub supports horizontal scaling based on CPU usage, which is well-suited to applications experiencing variable demand and needing responsive resource allocation.
Autoscaling on CloudHub:
Horizontal scaling increases the number of workers in response to CPU usage thresholds, allowing the application to handle higher loads dynamically. This approach improves performance without downtime or manual intervention.
Why Option C is Correct:
Setting up autoscaling based on CPU usage aligns with MuleSoft's best practices for scalable and responsive applications on CloudHub, particularly in an environment with fluctuating load patterns.
Option C correctly leverages CloudHub's autoscaling features based on resource metrics, which are part of CloudHub's managed scaling solutions.
of Incorrect Options:
Option A (based on HTTP request thresholds) and Option B (separate policies for CPU and memory) do not represent CloudHub's recommended scaling practices.
Option D suggests vertical scaling based on response time, which is not how CloudHub handles autoscaling.
Reference
For more on CloudHub's autoscaling configuration, refer to MuleSoft documentation on CloudHub autoscaling policies.


質問 # 65
A Platform Architect inherits a legacy monolithic SOAP-based web service that performs a number of tasks, including showing all policies belonging to a client. The service connects to two back-end systems - a life-insurance administration system and a general-insurance administration system - and then queries for insurance policy information within each system, aggregates the results, and presents a SOAP-based response to a user interface (UI).
The architect wants to break up the monolithic web service to follow API-led conventions.
Which part of the service should be put into the process layer?

  • A. Authenticating and maintaining connections to each of the back-end administration systems
  • B. Querying the data from the administration systems
  • C. Presenting the SOAP-based response to the UI
  • D. Combining the insurance policy information from the administration systems

正解:D


質問 # 66
A code-centric API documentation environment should allow API consumers to investigate and execute API client source code that demonstrates invoking one or more APIs as part of representative scenarios.
What is the most effective way to provide this type of code-centric API documentation environment using Anypoint Platform?

  • A. Make relevant APIs discoverable via an Anypoint Exchange entry
  • B. Create API Notebooks and include them in the relevant Anypoint Exchange entries
  • C. Enable mocking services for each of the relevant APIs and expose them via their Anypoint Exchange entry
  • D. Ensure the APIs are well documented through their Anypoint Exchange entries and API Consoles and share these pages with all API consumers

正解:B

解説:
Correct Answe r: Create API Notebooks and Include them in the relevant Anypoint exchange entries
*****************************************
>> API Notebooks are the one on Anypoint Platform that enable us to provide code-centric API documentation Reference:
Bottom of Form
Top of Form


質問 # 67
An organization makes a strategic decision to move towards an IT operating model that emphasizes consumption of reusable IT assets using modern APIs (as defined by MuleSoft).
What best describes each modern API in relation to this new IT operating model?

  • A. Each modern API must be easy to consume, so should avoid complex authentication mechanisms such as SAML or JWT D
  • B. Each modem API must be treated like a product and designed for a particular target audience (for instance, mobile app developers)
  • C. Each modern API has its own software development lifecycle, which reduces the need for documentation and automation
  • D. Each modern API must be REST and HTTP based

正解:B

解説:
Correct Answers:
1. Each modern API must be treated like a product and designed for a particular target audience (for instance mobile app developers)
*****************************************

Bottom of Form
Top of Form


質問 # 68
Which statement is true about Spike Control policy and Rate Limiting policy?

  • A. To protect Experience APIs by limiting resource consumption, Rate Limiting policy must be applied
  • B. All requests are rejected after the limit is reached in Rate Limiting policy, whereas the requests are queued in Spike Control policy after the limit is reached
  • C. In a clustered environment, the Rate Limiting.and Spike Control policies are applied to each node in the cluster
  • D. In order to apply Rate Limiting and Spike Control policies, a contract to bind client application and API is needed for both

正解:C

解説:
Understanding Spike Control and Rate Limiting Policies:
Spike Control Policy: Limits the number of requests processed by the API in a short time to handle sudden bursts of traffic. It does not queue requests but rejects any request that exceeds the allowed burst rate.
Rate Limiting Policy: Sets a limit on the number of requests that an API can handle within a given timeframe. Once the limit is reached, additional requests are rejected.
Evaluating the Options:
Option A: Incorrect. In both Spike Control and Rate Limiting policies, requests are rejected once the limit is reached. Spike Control does not queue requests; it only controls the burst rate by rejecting excessive requests.
Option B (Correct Answer): In a clustered environment, each node independently enforces the Rate Limiting and Spike Control policies, meaning that the limits apply to each node separately. This ensures that each node can control its own resource usage independently within the cluster.
Option C: This is partially correct, as Rate Limiting is often used to protect Experience APIs, but Spike Control could also be useful in limiting resource consumption under high burst conditions.
Option D: Incorrect. Although a contract is required to enforce client-specific policies, Rate Limiting and Spike Control do not require a contract to function for general traffic control.
Conclusion:
Option B is the correct answer because, in a clustered environment, Rate Limiting and Spike Control policies apply separately to each node, helping each instance to manage its own load.
For more information, refer to MuleSoft's documentation on applying Rate Limiting and Spike Control policies in a clustered environment.


質問 # 69
Which statement is true about identity management and client management on Anypoint Platform?

  • A. Anypoint Platform supports configuring one external identity provider
  • B. If an external client provider is configured, it must be configured at the Anypoint Platform organization level and cannot be assigned to individual business groups and environments
  • C. If an external identity provider is configured, the SAML 2.0 bearer tokens issued by the identity provider cannot be used for invocations of the Anypoint Platform web APIs
  • D. Both client management and identity management require an identity provider

正解:A

解説:
Anypoint Platform allows organizations to integrate one external identity provider (IdP) for identity and access management (IAM), supporting SSO and centralized user authentication.
Identity Provider Limit:
Anypoint Platform supports configuring a single IdP for the organization, which can be used to authenticate all users across business groups and environments within that Anypoint organization.
of Correct Answer (C):
Configuring one IdP ensures centralized and secure identity management, aligned with MuleSoft's architecture.
of Incorrect Options:
Option A is incorrect because SAML 2.0 bearer tokens from external IdPs can indeed be used for invoking Anypoint Platform APIs.
Option B is incorrect as client providers can be assigned to specific business groups and environments.
Option D is incorrect since only identity management strictly requires an IdP; client management does not.
Reference
For further details on identity management options, consult MuleSoft documentation on Anypoint Platform's IAM capabilities.


質問 # 70
Refer to the exhibits.

Which architectural constraint is compatible with the API-led connectivity architectural style?

  • A. Always use a tiered approach by creating exactly one API for each of the three layers (Experience, Process, and System)
  • B. Handle customizations for the end-user application at the Process layer rather than at the Experience layer
  • C. Allow System APIs to return data that is not currently required by the identified Process or Experience APIs
  • D. Use a Process API to-orchestrate calls to multiple System APIs but not to other Process APIs:

正解:D

解説:
Understanding API-led Connectivity Layers:
In MuleSoft's API-led connectivity approach, APIs are categorized into three layers:
Experience Layer: This layer is responsible for providing data to the end-user applications and is often customized to meet the needs of different user interfaces.
Process Layer: This layer is used to orchestrate and combine data from multiple System APIs. It acts as a mediator and business logic layer without directly interacting with the backend systems.
System Layer: This layer provides direct access to the backend systems (e.g., databases, ERPs) and is usually focused on exposing atomic data operations.
Evaluating the Architectural Constraints:
Option A: Always using a strict tiered approach by creating exactly one API per layer is not necessarily an architectural constraint of API-led connectivity. While a layered approach is recommended, it is common to have multiple APIs in each layer as needed for different functionalities.
Option B (Correct Answer): In API-led connectivity, Process APIs are generally responsible for orchestrating calls to System APIs and should not call other Process APIs. This maintains a clear separation of concerns, ensuring that Process APIs aggregate data from System APIs only and provide it to Experience APIs.
Option C: System APIs are generally designed to provide only the necessary data to meet current business requirements. Allowing them to return extra data that is not needed by Process or Experience APIs is not a best practice, as it can lead to inefficiencies.
Option D: Customizations specific to end-user applications are typically handled at the Experience Layer rather than the Process Layer, as the Experience Layer is intended to tailor the data to fit the needs of each specific client or front-end application.
Conclusion:
Option B is the correct answer as it aligns with the API-led connectivity principles. In this architectural style, Process APIs should orchestrate System APIs but should avoid interacting with other Process APIs to keep a clear separation of responsibilities across the layers.
For additional details, refer to MuleSoft documentation on API-led connectivity best practices, particularly around the roles of each layer in API orchestration and data handling.


質問 # 71
To minimize operation costs, a customer wants to use a CloudHub 1.0 solution. The customer's requirements are:
* Separate resources with two Business groups
* High-availability (HA) for all APIs
* Route traffic via Dedicated load balancer (DLBs)
* Separate environments into production and non-production
Which solution meets the customer's needs?

  • A. One production and one non-production Virtual Private Cloud (VPC).
    Use availability zones to differentiate between Business groups.
    Allocate maximum CIDR per VPCs to ensure HA across availability zones
  • B. One production and one non-production Virtual Private Cloud (VPC) per Business group.
    Minimize CIDR aligning with projected application total.
    Choose a MuleSoft CloudHub 1.0 region with multiple availability zones.
    Deploy multiple workers for HA,
  • C. One production and one non-production Virtual Private Cloud (VPC) per Business group.
    Minimize CIDR aligning with projected application total.
    Divide availability zones during deployment of APIs for HA.
  • D. One production and one non-production Virtual Private Claud (VPC).
    Configure subnet to differentiate between business groups.
    Allocate maximum CIDR per VPCs to make it easier to add Child groups.
    Span VPC to cover three availability zones.

正解:B

解説:
Understanding the Requirements:
Business Groups: The solution must support two business groups, which typically require separate VPCs for logical separation.
High Availability (HA): Requires deploying resources across multiple availability zones.
Dedicated Load Balancer (DLB): Traffic should be routed via DLBs, which operate within VPCs on CloudHub.
Separate Environments: There needs to be separation between production and non-production environments.
Evaluating the Options:
Option A: Using a single production and non-production VPC and differentiating business groups via availability zones is not ideal as it does not provide full separation for each business group, and using maximum CIDR allocation is wasteful.
Option B (Correct Answer): Creating separate production and non-production VPCs per business group with minimized CIDR blocks, multiple availability zones, and multiple workers per application for HA meets all requirements effectively.
Option C: While this option separates VPCs per business group, it does not fully address the requirement for HA across availability zones by specifying multi-zone deployment only during API deployment, which may not guarantee redundancy.
Option D: Configuring subnets to differentiate business groups within a single production and non-production VPC does not fully separate the business groups, which is a requirement.
Conclusion:
Option B is the best choice as it meets the requirements for high availability, business group separation, and cost efficiency by using minimized CIDR allocations and deploying multiple workers across availability zones.
For further reference, refer to MuleSoft's documentation on VPC configuration and high availability deployment strategies.


質問 # 72
An organization is deploying their new implementation of the OrderStatus System API to multiple workers in CloudHub. This API fronts the organization's on-premises Order Management System, which is accessed by the API implementation over an IPsec tunnel.
What type of error typically does NOT result in a service outage of the OrderStatus System API?

  • A. API Manager has an extended outage during the initial deployment of the API implementation
  • B. The AWS region goes offline with a major network failure to the relevant AWS data centers
  • C. A CloudHub worker fails with an out-of-memory exception
  • D. The Order Management System is Inaccessible due to a network outage in the organization's on-premises data center

正解:C

解説:
Correct Answe r: A CloudHub worker fails with an out-of-memory exception.
*****************************************
>> An AWS Region itself going down will definitely result in an outage as it does not matter how many workers are assigned to the Mule App as all of those in that region will go down. This is a complete downtime and outage.
>> Extended outage of API manager during initial deployment of API implementation will of course cause issues in proper application startup itself as the API Autodiscovery might fail or API policy templates and polices may not be downloaded to embed at the time of applicaiton startup etc... there are many reasons that could cause issues.
>> A network outage onpremises would of course cause the Order Management System not accessible and it does not matter how many workers are assigned to the app they all will fail and cause outage for sure.
The only option that does NOT result in a service outage is if a cloudhub worker fails with an out-of-memory exception. Even if a worker fails and goes down, there are still other workers to handle the requests and keep the API UP and Running. So, this is the right answer.


質問 # 73
An organization has built an application network following the API-led connectivity approach recommended by MuleSoft. To protect the application network against attacks from malicious external API clients, the organization plans to apply JSON Threat Protection policies.
To which API-led connectivity layer should the JSON Threat Protection policies most commonly be applied?

  • A. System layer
  • B. Experience layer
  • C. Process layer
  • D. All layers

正解:B

解説:
Understanding JSON Threat Protection Policies:
JSON Threat Protection policies are used to protect APIs from attacks that exploit JSON payloads, such as oversized payloads, deeply nested objects, and excessive array elements. This helps prevent Denial of Service (DoS) attacks and other malicious payload-related threats.
These policies are typically applied to safeguard APIs that are directly exposed to external clients, where the risk of receiving malicious payloads is highest.
API-led Connectivity Layers:
Experience Layer: This layer is designed to expose APIs to end-users or external API clients, often acting as the interface that interacts with users or applications.
Process Layer: This layer is used for orchestration and aggregation of data from various System APIs, typically operating within a trusted environment and not directly exposed to external clients.
System Layer: This layer provides access to backend systems and databases, often within the organization's secure environment and not directly accessible to external clients.
Evaluating the Options:
Option A (All layers): While JSON Threat Protection can technically be applied to all layers, it is most commonly applied at the Experience layer, where APIs are exposed to external traffic and are more vulnerable to attacks.
Option B (System layer): The System layer is generally not exposed to external clients directly, so JSON Threat Protection is less critical here.
Option C (Process layer): Similar to the System layer, the Process layer is typically internal and not exposed directly to external clients, so JSON Threat Protection is less commonly applied.
Option D (Correct Answer): The Experience layer is the correct answer because it is the layer that directly interacts with external clients, making it the primary target for malicious payloads. Applying JSON Threat Protection here effectively protects the application network from external threats.
Conclusion:
Option D is the correct answer, as the Experience layer is the most common layer for applying JSON Threat Protection policies to protect against external attacks.
For further reference, consult MuleSoft's documentation on API security policies and best practices for securing APIs at the Experience layer.


質問 # 74
What is a key performance indicator (KPI) that measures the success of a typical C4E that is immediately apparent in responses from the Anypoint Platform APIs?

  • A. The number of production outage incidents reported in the last 24 hours
  • B. The number of API specifications in RAML or OAS format published to Anypoint Exchange
  • C. The number of API implementations that have a publicly accessible HTTP endpoint and are being managed by Anypoint Platform
  • D. The fraction of API implementations deployed manually relative to those deployed using a CI/CD tool

正解:B

解説:
Correct Answe r: The number of API specifications in RAML or OAS format published to Anypoint Exchange
*****************************************
>> The success of C4E always depends on their contribution to the number of reusable assets that they have helped to build and publish to Anypoint Exchange.
>> It is NOT due to any factors w.r.t # of outages, Manual vs CI/CD deployments or Publicly accessible HTTP endpoints
>> Anypoint Platform APIs helps us to quickly run and get the number of published RAML/OAS assets to Anypoint Exchange. This clearly depicts how successful a C4E team is based on number of returned assets in the response.


質問 # 75
Question 10: Skipped
An API implementation returns three X-RateLimit-* HTTP response headers to a requesting API client. What type of information do these response headers indicate to the API client?

  • A. The remaining capacity allowed by the API implementation
  • B. The HTTP response size
  • C. The error codes that result from throttling
  • D. A correlation ID that should be sent in the next request

正解:A

解説:
Correct Answe r: The remaining capacity allowed by the API implementation.
*****************************************
>> Reference: https://docs.mulesoft.com/api-manager/2.x/rate-limiting-and-throttling-sla-based-policies#response-headers


質問 # 76
A company deploys Mule applications with default configurations through Runtime Manager to customer-hosted Mule runtimes. Each Mule application is an API implementation that exposes RESTful interfaces to API clients. The Mule runtimes are managed by the MuleSoft-hosted control plane. The payload is never used by any Logger components.
When an API client sends an HTTP request to a customer-hosted Mule application, which metadata or data (payload) is pushed to the MuleSoft-hosted control plane?

  • A. No data
  • B. Only the data
  • C. Only the metadata
  • D. The data and metadata

正解:C

解説:
Understanding the Data Flow Between Mule Runtimes and Control Plane:
When Mule applications are deployed on customer-hosted Mule runtimes, the MuleSoft-hosted control plane (Anypoint Platform) can monitor and manage these applications. However, due to data privacy and security, the control plane only collects specific types of information.
Typically, only metadata about the request and response (such as headers, status codes, and timestamps) is sent to the MuleSoft-hosted control plane. The actual payload data is not transmitted unless explicitly configured, ensuring that sensitive data remains within the customer's network.
Evaluating the Options:
Option A (Only the data): This is incorrect because the payload data itself is not automatically sent to the control plane in default configurations.
Option B (No data): This is incorrect as well; while the payload is not sent, metadata is still collected and sent to the control plane.
Option C (The data and metadata): This option is incorrect because data (payload) is not transmitted to the control plane by default.
Option D (Correct Answer): Only the metadata is sent to the MuleSoft-hosted control plane by default, aligning with MuleSoft's design to prioritize security and data privacy for customer-hosted runtimes.
Conclusion:
Option D is the correct answer, as by default, only metadata is sent to the MuleSoft-hosted control plane, and not the payload. This configuration is designed to protect sensitive data from being exposed outside the customer's hosted environment.
For more details, refer to MuleSoft's documentation on telemetry data collected in customer-hosted Mule runtimes and the MuleSoft control plane.


質問 # 77
What correctly characterizes unit tests of Mule applications?

  • A. They must be triggered by an external client tool or event source
  • B. They must be run in a unit testing environment with dedicated Mule runtimes for the environment
  • C. They test the validity of input and output of source and target systems
  • D. They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity

正解:D

解説:
Correct Answe r: They are typically written using MUnit to run in an embedded Mule runtime that does not require external connectivity.
*****************************************
Below TWO are characteristics of Integration Tests but NOT unit tests:
>> They test the validity of input and output of source and target systems.
>> They must be triggered by an external client tool or event source.
It is NOT TRUE that Unit Tests must be run in a unit testing environment with dedicated Mule runtimes for the environment.
MuleSoft offers MUnit for writing Unit Tests and they run in an embedded Mule Runtime without needing any separate/ dedicated Runtimes to execute them. They also do NOT need any external connectivity as MUnit supports mocking via stubs.
https://dzone.com/articles/munit-framework


質問 # 78
A Platform Architect inherits a legacy monolithic SOAP-based web service that performs a number of tasks, including showing all policies belonging to a client. The service connects to two back-end systems - a life-insurance administration system and a general-insurance administration system - and then queries for insurance policy information within each system, aggregates the results, and presents a SOAP-based response to a user interface (UI).
The architect wants to break up the monolithic web service to follow API-led conventions.
Which part of the service should be put into the process layer?

  • A. Authenticating and maintaining connections to each of the back-end administration systems
  • B. Querying the data from the administration systems
  • C. Presenting the SOAP-based response to the UI
  • D. Combining the insurance policy information from the administration systems

正解:D

解説:
In the API-led connectivity approach, each layer (System, Process, and Experience) has a distinct purpose:
System APIs: These APIs connect directly to backend systems to expose and unlock data in a standardized way.
Process APIs: These are responsible for orchestrating and processing data across different systems, combining information where needed.
Experience APIs: These are designed for specific user interfaces or applications, often transforming data formats to fit the needs of each consumer application.
Why Option A is Correct:
Process APIs are designed to combine data from multiple systems, which aligns with the function of aggregating policy information from both the life and general insurance systems. This aggregation logic would ideally reside in the Process layer, separating data retrieval from data orchestration.
Moving this functionality to the Process layer enables reusability and modularity, as other Experience APIs or services could also leverage the combined policy data if needed.
of Incorrect Options:
Option B (Presenting the SOAP-based response) would be managed by the Experience layer, as this layer adapts data formats for specific interfaces.
Option C (Authenticating and maintaining backend connections) would typically be handled within the System layer, where backend integration and security handling occurs.
Option D (Querying data) is the function of System APIs, which access the backend systems directly and expose the raw data without additional processing.
Reference
For further details on API-led architecture and the roles of each layer, refer to MuleSoft's documentation on API-led connectivity and API layers.


質問 # 79
......

Mule-Arch-201試験問題集(2026年最新のPDF問題集)現実的なMule-Arch-201テストエンジン:https://www.passtest.jp/Salesforce/Mule-Arch-201-shiken.html

Salesforce MuleSoft Mule-Arch-201試験と認証テストエンジン:https://drive.google.com/open?id=1UMkhuFPGGRMx5kopPUtcAcbBZBwA6S7R

関するブログ

もっと
Mule-Arch-201 無料問題集