Salesforce MuleSoft-Platform-Architect-I Based on Real Exam Environment

Understanding Nonfunctional Requirements (NFRs):

The NFRs in this context are related to security measures implemented for the Web API, such as rate limiting, LDAP-based authentication, JSON threat protection, and IP allowlist policies.

Evaluating the Options:

Option A (Correct Answer): The IP allowlist policy restricts access to known subnets, ensuring that API invocations come from a defined range of IPs.

Option B (Correct Answer): Basic Authentication with LDAP enforces a username/password validation, satisfying an NFR for identity verification.

Option C: Masking sensitive data is not part of the listed NFRs, as none of the mentioned policies address data masking.

Option D: XML threat protection is not mentioned, so this option is incorrect.

Option E: While rate-limiting implies performance control, it does not directly enforce a specific performance expectation.

Conclusion:

Options A and B are correct as they directly address the implemented security measures related to IP range restrictions and username/password authentication.

Refer to MuleSoft's documentation on API security policies for details on LDAP, rate limiting, and allowlist policies.

Explanation

Correct Answer: When there is one CloudHub deployment of the API implementation to three CloudHub workers that must share the cache state.

*****************************************

Key details in the scenario:

>> Use the CloudHub Object Store via the Object Store connector

Considering above details:

>> CloudHub Object Stores have one-to-one relationship with CloudHub Mule Applications.

>> We CANNOT use an application's CloudHub Object Store to be shared among multiple Mule applications running in different Regions or Business Groups or Customer-hosted Mule Runtimes by using Object Store connector.

>> If it is really necessary and very badly needed, then Anypoint Platform supports a way by allowing access to CloudHub Object Store of another application using Object Store REST API. But NOT using Object Store connector.

So, the only scenario where we can use the CloudHub Object Store via the Object Store connector to persist the cache’s state is when there is one CloudHub deployment of the API implementation to multiple CloudHub workers that must share the cache state.

When using CloudHub 1.0’s Shared Load Balancer (SLB) for a Mule application configured with HTTPS in an Anypoint VPC, specific ports must be configured for the application to correctly route incoming traffic:

Port Requirement for SLB:

The CloudHub Shared Load Balancer for HTTPS traffic requires that applications listen on port 8092 for secure (HTTPS) communication. This port is reserved specifically for SSL traffic when using SLB with Anypoint VPCs.

Why Option B is Correct:

Setting the HTTP Listener's connector configuration to 8092 aligns with CloudHub requirements for HTTPS via the Shared Load Balancer.

Explanation of Incorrect Options:

Option A (8082) is used for non-HTTPS (HTTP) traffic.

Option C (80) and Option D (443) are standard web ports but are not applicable within CloudHub SLB’s internal configuration for VPC routing.

ReferencesFor more information on the Shared Load Balancer port configurations, refer to MuleSoft’s documentation on CloudHub and VPC load balancer requirements​.

Explanation

Correct Answer: API implementations can run successfully in customer-hosted Mule runtimes, even when they are unable to communicate with the control plane.

*****************************************

>> We CANNOT use Shared Load balancer to load balance APIs on customer hosted runtimes

>> For Hybrid deployment models, the on-premises are first connected to Runtime Manager using Runtime Manager agent. So, the connection is initiated first from On-premises to Runtime Manager. Then all control can be done from Runtime Manager.

>> Anypoint Runtime Manager CANNOT ensure automatic HA. Clusters/Server Groups etc should be configured before hand.

Only TRUE statement in the given choices is, API implementations can run successfully in customer-hosted Mule runtimes, even when they are unable to communicate with the control plane. There are several references below to justify this statement.

References:

019

============================

============================