Salesforce Certified MuleSoft Platform Architect I (MCPA) - Practice Questions & Exam Prep

A retail organization is designing an application network using API-led connectivity. A mobile app needs aggregated order, inventory, and loyalty data for a customer dashboard. According to the layered API model, where should this channel-specific aggregation logic be placed?

• A. In a System API in front of each backend system
• B. In an Experience API tailored to the mobile channel
• C. In a Process API that orchestrates and aggregates the three sources
• D. Directly in the mobile client to avoid extra hops

Correct: C

Cross-system orchestration and aggregation belong in the Process layer, which composes data from multiple System APIs independently of any one channel. System APIs only unlock a single backend (A). Experience APIs reshape an existing Process/System response for one consumer channel but should not own multi-system orchestration (B). Pushing aggregation into the client couples it to backend details and breaks reuse (D).

An architect must guarantee that only registered client applications can call a set of APIs, and that each client's call volume is capped per its SLA tier. The enforcement must happen without changing the API implementation code. What is the best approach on Anypoint Platform?

• A. Add custom HTTP header checks inside each Mule application's flow
• B. Apply a Client ID Enforcement policy plus an SLA-based Rate Limiting policy in API Manager
• C. Put a single shared API key in a property file deployed with each app
• D. Rely on the CloudHub Dedicated Load Balancer to throttle by IP address

Correct: B

API Manager policies enforce identity and quotas at the gateway, decoupled from implementation code: Client ID Enforcement validates registered client credentials, and an SLA-tier Rate Limiting (or Rate Limiting - SLA) policy caps volume per tier. Coding checks into each flow (A) violates the no-code-change requirement and is not centrally governed. A shared key (C) cannot distinguish clients or tiers. A DLB throttles by network attributes, not by client identity or SLA tier (D).

A company wants new API implementations to automatically receive a baseline security policy the moment they are deployed, across all of a given environment, with no manual step per API. Which Anypoint Platform capability satisfies this?

• A. Manually applying the policy in API Manager per API instance
• B. An automated policy configured at the environment level
• C. A RAML trait shared via Anypoint Exchange
• D. A CloudHub property that toggles the policy on startup

Correct: B

Automated policies are defined once at the environment level and applied automatically to matching API instances as they are deployed, which is exactly the zero-manual-step, environment-wide requirement. Manual per-API application (A) does not scale and is not automatic. A RAML trait documents an interface contract but enforces nothing at runtime (C). A startup property cannot apply a managed API Manager policy (D).