MCD-Level-2 MuleSoft Certified Developer - Level 2 (Mule 4) Free Practice Exam Questions (2025 Updated)

To implement a readiness endpoint to monitor all system APIs, the developer should create a dedicated endpoint that responds with the API status and reachability of the underlying systems. This way, the DevOps team can check if the system API is ready to receive requests and if it can communicate with its backend systems without errors. References:https://docs.mulesoft.com/mule-runtime/4.3/deployment-strategies#readiness-probes

To log all the errors raised by the VM Connector, the developer needs to add an async logger with the name ‘org.mule.extension.vm’ and the level ‘ERROR’ inside the appenders tag of the log4j2.xml file. This will enable logging all error-level events generated by the VM Connector to the console appender. References:https://docs.mulesoft.com/mule-runtime/4.3/logging-in-mule#configuring-custom-logging-settings

Mutual TLS (mTLS) is an extension of TLS that requires both parties (client and server) to present their certificates to each other during the handshake process. This way, both parties can verify each other’s identity and establish a secure connection. The authentication of the server happens before the authentication of the client, as the server sends its certificate first and then requests the client’s certificate. References:https://docs.mulesoft.com/mule-runtime/4.3/tls-configuration#mutual-authentication

The http-policy:processor element is used to intercept outbound HTTP requests made by Mule applications. It allows customizing the request before it is sent to the target API and modifying the response after it is received from the target API. References:https://docs.mulesoft.com/api-manager/2.x/policy-mule4-custom-policy#policy-xml-file

To run a test locally without the policies applied, the developer should create a properties file specifically for local development and set the API instance ID to a value that is not used in API Manager. This way, the developer can use different configuration properties for different environments and avoid triggering API autodiscovery when running tests locally. API autodiscovery is a mechanism that associates an API implementation with its corresponding API specification and policies in API Manager based on its API instance ID. By setting this ID to a value that does not exist in API Manager, the developer can prevent API autodiscovery from finding and applying any policies to the local test. References: https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept#configuring-api-autodiscovery https://docs.mulesoft.com/mule-runtime/4.3/configuring-properties

The Cache scope supports time to live (TTL) as a cache invalidation strategy without having to write any additional code. TTL specifies how long the cached response is valid before it expires and needs to be refreshed. The Cache scope also supports custom invalidation strategies using MEL or DataWeave expressions. References:https://docs.mulesoft.com/mule-runtime/4.3/cache-scope#cache_invalidation

To include a common application as a reusable module in all API implementations, the developer should add a Maven dependency in the POM file with jar as . This way, the developer can reuse Mule code from another application by packaging it as a JAR file and adding it as a dependency in the POM file of the API implementation. The classifier element specifies that it is a JAR file. References:https://docs.mulesoft.com/mule-runtime/4.3/mmp-concept#add-a-maven-dependency-to-the-pom-file

Based on the configuration below, when a HTTP request arrives at the Mule application’s endpoint, the execution order will be A1, B1, F1, B2, A2. This is because policies are executed before and after the API implementation flow according to their order attribute. Policy A has order 1, which means it is executed first before Policy B, which has order 2. The flow is executed after both policies are executed before the flow. Then, Policy B is executed after the flow before Policy A is executed after the flow. References:https://docs.mulesoft.com/api-manager/2.x/policies-policy-order

The result of accessing route C failure is Error,errorMessage,payload.failures[‘2’]. This is because a scatter-gather router returns an aggregated message that contains an array of results from each route and an array of failures from each route. The failures array contains error objects with information about each failed route execution. To access route C failure, which is the third route (index 2), the developer needs to use Error.errorMessage.payload.failures[‘2’] expression. References:https://docs.mulesoft.com/mule-runtime/4.3/scatter-gather-reference#scatter-gather-output

To enrich every log message with the order ID, the developer should use the Tracing module to set logging variables with a Mapped Diagnostic Context (MDC). The Tracing module allows adding custom key-value pairs to log messages using MDC variables. The developer can use Set Logging Variables operation to set the order ID as an MDC variable and then use it in any logger processor within the same thread or event. References:https://docs.mulesoft.com/tracing-module/1.0/tracing-module-reference#set-logging-variables

To configure a common-global-handler flow that can be reused across all of the organization’s deployed applications, the developer should create a Mule Plugin project, create a common-global-error-handler flow inside the plugin project, and use this plugin as a dependency in all Mule applications. This way, the developer can import the common-global-error-handler flow in any application that needs it and avoid duplicating the error handling logic. References:https://docs.mulesoft.com/mule-runtime/4.3/error-handling#global-error-handler

To encrypt the data before sending it to the backend application using PGP encryption, the application needs the public key from the backend service. PGP encryption uses a public-key cryptography system, which means that each party has a pair of keys: a public key and a private key. The public key is used to encrypt data, and the private key is used to decrypt data. Therefore, to encrypt data for a specific recipient (the backend service), the application needs to use the recipient’s public key. The recipient can then use its own private key to decrypt the data. References:https://docs.mulesoft.com/mule-runtime/4.3/cryptography-pgp

To create a new project that selects the correct API version and scaffolds the flows from the API specification, the developer should import a published API. This option allows importing an API specification that has been published to Anypoint Exchange or Design Center, and selecting a specific version of that API specification. The developer can also choose to scaffold flows based on that API specification. References:https://docs.mulesoft.com/apikit/4.x/apikit-4-new-project-task

The validate-customer flow uses an until-successful scope to validate each field of the customer data. The until-successful scope executes its processors until they succeed or exhausts the maximum number of retries. If any processor fails, it raises an error and stops executing the remaining processors. Therefore, if only the email address is invalid, a VALIDATION.INVALID_EMAIL error is raised and the validation of appointment date and customer name is skipped. References:https://docs.mulesoft.com/mule-runtime/4.3/until-successful-scope

To use the OAuth 2.0 Authorization Code grant type for authentication, the HTTP Connector configuration requires the following properties: token URL, authorization URL, client ID, client secret, and local callback URL. The token URL is the endpoint of the authorization server that provides access tokens. The authorization URL is the endpoint of the authorization server that initiates the user consent flow. The client ID and client secret are the credentials of the Mule application registered with the authorization server. The local callback URL is the endpoint of the Mule application that receives the authorization code from the authorization server. References:https://docs.mulesoft.com/http-connector/1.6/http-authentication#oauth-2-0

To package a custom policy using the HTTP Policy Transform Extension, the developer needs to create an XML template file and a YAML configuration file. The XML template file defines the policy logic using Mule components and placeholders for user-defined properties. The YAML configuration file defines the metadata of the policy, such as its name, description, category, parameters, and dependencies. References:https://docs.mulesoft.com/api-manager/2.x/http-policy-transform#packaging-the-policy

To ensure idempotent behavior within a Mule flow that contains a subflow with a Scatter-Gather scope, the developer should ensure an error-handling flow performs corrective actions to roll back all changes if any leg of the Scatter-Gather fails. Idempotency means that multiple identical requests have the same effect as a single request. Therefore, if one of the HTTP requests inside the Scatter-Gather fails, the error-handling flow should undo any changes made by other successful requests to ensure consistency and avoid partial updates. References: https://docs.mulesoft.com/mule-runtime/4.3/scatter-gather-concept https://docs.mulesoft.com/mule-runtime/4.3/error-handling