MCIA-Level-1 MuleSoft Certified Integration Architect - Level 1 Free Practice Exam Questions (2025 Updated)

Explanation

Correct answer is Federated Identity Management As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using one of the following single sign-on standards: OpenID Connect: End user identity verification by an authorization server including SSO SAML 2.0: Web-based authorization including cross-domain SSO Where as Client Management is where Anypoint Platform acts as a client provider by default, but you can also configure external client providers to authorize client applications. As an API owner, you can apply an OAuth 2.0 policy to authorize client applications that try to access your API. You need an OAuth 2.0 provider to use an OAuth 2.0 policy

To efficiently handle the invocation of vendor applications and retry requests that generate timeout errors, the most performant way is:

Scatter-Gather Scope: Use a Scatter-Gather scope to invoke each vendor application in parallel. This approach allows the API to send requests to both vendors simultaneously, reducing overall processing time.

Until-Successful Scope: Inside each route of the Scatter-Gather scope, use an Until-Successful scope to handle retries. The Until-Successful scope will retry the request in case of timeout errors until the request succeeds or the maximum retry limit is reached.

This combination ensures that the API can handle intermittent network issues efficiently while minimizing redundant transactions and maximizing performance.

References

MuleSoft Documentation on Scatter-Gather Scope

MuleSoft Documentation on Until-Successful Scope and Error Handling

Explanation

1 way SSL : The server presents its certificate to the client and the client adds it to its list of trusted certificate. And so, the client can talk to the server.

2-way SSL:  The same principle but both ways. i.e. both the client and the server has to establish trust between themselves using a trusted certificate. In this way of a digital handshake, the server needs to present a certificate to authenticate itself to client and client has to present its certificate to server.

* TLS is a cryptographic protocol that provides communications security for your Mule app.

* TLS offers many different ways of exchanging keys for authentication, encrypting data, and guaranteeing message integrity Keystores and Truststores Truststore and keystore contents differ depending on whether they are used for clients or servers:

For servers: the truststore contains certificates of the trusted clients, the keystore contains the private and public key of the server. For clients: the truststore contains certificates of the trusted servers, the keystore contains the private and public key of the client.

Adding both a keystore and a truststore to the configuration implements two-way TLS authentication also known as mutual authentication.

* in this case, correct answer is Support for TLS mutual (two-way) authentication with HTTP clients.

Explanation

V2 Rest API is recommended for on premise applications to access Object Store. It also comes with overhead of encryption and security of using rest api. With Object Store v2, the API call is localized to the same data center as the Runtime Manager app.

But in this case requirement is to access the OS of other mule application and not the same mule application.

You can configure a Mule app to use the Object Store REST API to store and retrieve values from an object store in another Mule app.

However, Object Store v2 is not designed for app-to-app communication.

https://docs.mulesoft.com/runtime-manager/dedicated-load-balancer-tutorial

Explanation

* Setting a transaction timeout for the Bitronix transaction manager

● Set the transaction timeout either

– In wrapper.conf

– In CloudHub in the Properties tab of the Mule application deployment

● The default is 60 secs. It is defined as

mule.bitronix.transactiontimeout = 120

* This property defines the timeout for each transaction created for this manager.

If the transaction has not terminated before the timeout expires it will be automatically rolled back.

---------------------------------------------------------------------------------------------------------------------

Additional Info around Transaction Management:

Bitronix is available as the XA transaction manager for Mule applications

● To use Bitronix, declare it as a global configuration element in the Mule application

● Each Mule runtime can have only one instance of a Bitronix transaction manager, which is shared by all Mule applications

● For customer-hosted deployments, define the XA transaction manager in a Mule domain

– Then share this global element among all Mule applications in the Mule runtime

Graphical user interface, table Description automatically generated with medium confidence

Explanation

In this scenario, both A & C will work, but A is better as it does not require repackage to the domain project at all.

Correct answer is Package the HTTPS Listener configuration in a Mule DOMAIN project, referencing it from all Mule applications that need to expose an HTTPS endpoint. Store the server-side certificate in a shared filesystem location in the Mule runtime’s classpath, OUTSIDE the Mule DOMAIN or any Mule APPLICATION.

What is Mule Domain Project?

* A Mule Domain Project is implemented to configure the resources that are shared among different projects. These resources can be used by all the projects associated with this domain. Mule applications can be associated with only one domain, but a domain can be associated with multiple projects. Shared resources allow multiple development teams to work in parallel using the same set of reusable connectors. Defining these connectors as shared resources at the domain level allows the team to: - Expose multiple services within the domain through the same port. - Share the connection to persistent storage. - Share services between apps through a well-defined interface. - Ensure consistency between apps upon any changes because the configuration is only set in one place.

* Use domains Project to share the same host and port among multiple projects. You can declare the http connector within a domain project and associate the domain project with other projects. Doing this also allows to control thread settings, keystore configurations, time outs for all the requests made within multiple applications. You may think that one can also achieve this by duplicating the http connector configuration across all the applications. But, doing this may pose a nightmare if you have to make a change and redeploy all the applications.

* If you use connector configuration in the domain and let all the applications use the new domain instead of a default domain, you will maintain only one copy of the http connector configuration. Any changes will require only the domain to the redeployed instead of all the applications.

You can start using domains in only three steps:

1) Create a Mule Domain project

2) Create the global connector configurations which needs to be shared across the applications inside the Mule Domain project

3) Modify the value of domain in mule-deploy.properties file of the applications

Graphical user interface Description automatically generated

Use a certificate defined in already deployed Mule domain Configure the certificate in the domain so that the API proxy HTTPS Listener references it, and then deploy the secure API proxy to the target Runtime Fabric, or on-premises target. (CloudHub is not supported with this approach because it does not support Mule domains.)

Explanation

JMX Management Java Management Extensions (JMX) is a simple and standard way to manage applications, devices, services, and other resources. JMX is dynamic, so you can use it to monitor and manage resources as they are created, installed, and implemented. You can also use JMX to monitor and manage the Java Virtual Machine (JVM). Each resource is instrumented by one or more Managed Beans, or MBeans. All MBeans are registered in an MBean Server. The JMX server agent consists of an MBean Server and a set of services for handling Mbeans. There are several agents provided with Mule for JMX support. The easiest way to configure JMX is to use the default JMX support agent. Log4J Agent The log4j agent exposes the configuration of the Log4J instance used by Mule for JMX management. You enable the Log4J agent using the element. It does not take any additional properties MuleSoft Reference: https://docs.mulesoft.com/mule-runtime/3.9/jmx-management

Explanation

* As per definition of API by Mulesoft , it is Application Programming Interface using HTTP-based protocols. Non-HTTP-based programmatic interfaces are not APIs.

* HTTP-based programmatic interfaces are APIs even if they don’t use REST or JSON. Hence implementation based on Java RMI, CORBA/IIOP, raw TCP/IP interfaces are not API's as they are not using HTTP.

* One more thing to note is FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption.

* Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods.

Considering the above points only correct option is

-XML over ActiveMQ

- XML over SFTP

- XML/REST over HTTPS

Explanation

Correct answer is Database polling continues Only HTTP requests sent to the remaining node continue to be accepted. Explanation : Architecture descripted in the question could be described as follows.When node 1 is down , DB polling will still continue via node 2 . Also requests which are coming directly to node 2 will also be accepted and processed in BAU fashion. Only thing that wont work is when requests are sent to Node 1 HTTP connector. The flaw with this architecture is HTTP clients are sending HTTP requests directly to individual cluster nodes. By default, clustering Mule runtime engines ensures high system availability. If a Mule runtime engine node becomes unavailable due to failure or planned downtime, another node in the cluster can assume the workload and continue to process existing events and messages

Diagram Description automatically generated

Explanation

* Mule High Availability Clustering provides basic failover capability for Mule. * When the primary Mule Runtime becomes unavailable, for example, because of a fatal JVM or hardware failure or it’s taken offline for maintenance, a backup Mule Runtime immediately becomes the primary node and resumes processing where the failed instance left off. * After a system administrator recovers a failed Mule Runtime server and puts it back online, that server automatically becomes the backup node. In this case, Alice, once up, will become backup ---------------------------------------------------------------------------------------------------------------------------------------------- Reference: https://docs.mulesoft.com/mule-runtime/4.3/hadr-guide So correct choice is : Files are polled form Bob node Bob is now the primary node

Anypoint Runtime Fabric is the appropriate choice for deploying Mule applications in an isolated Mule runtime within Docker containers on an Azure Kubernetes Service (AKS) infrastructure. This solution provides a containerized and orchestrated environment managed from the MuleSoft-hosted control plane. It enhances the availability, scalability, and robustness of Mule applications by allowing fine-grained control over deployments and providing built-in support for high availability and fault tolerance.

References:

Anypoint Runtime Fabric Overview

Deploying Mule Applications to Kubernetes

Explanation

As the question says that data needs to be sent across multiple sftp serves , we cannot use non-repeatable streams. The non-repeatable strategy disables repeatable streams, which enables you to read an input stream only once.

You cant use in memory storage because with 0.2 vcore you will get only 1 GB of heap memory. Hence application will error out for file more than 1 GB.

Hence the correct option is file base repeatable stream

If the size of the stream exceeds the maximum, a STREAM_MAXIMUM_SIZE_EXCEEDED error is raised.

Explanation

Mule 4 is built to:

•Minimize the need for custom code.

•Avoid the need for you to know or understand Java.

However, some advanced uses cases require integration with custom Java code, such as:

•Reuse of a library, such as a tax calculation library.

•Reuse of a canonical object model that is standard in the organization.

•Execution of custom logic using Java.

Mule ref doc : https://docs.mulesoft.com/java-module/1.2/

Anypoint Platform provides the productivity advantage of automatic API proxy generation. This feature enables developers to quickly create proxies for their APIs, which act as intermediaries that forward requests to the appropriate backend services. Automatic proxy generation simplifies the process of securing and managing APIs, allowing developers to enforce policies, monitor traffic, and analyze usage without having to manually configure these aspects.

References:

API Proxies on Anypoint Platform

Improving API Productivity with Anypoint Platform

After completing the build and test activities for a Mule application that implements a System API, the team should use Runtime Manager to both deploy and monitor the System API implementation. Runtime Manager is a component of Anypoint Platform that provides capabilities for deploying, managing, and monitoring Mule applications and APIs. It allows teams to manage applications and APIs across various environments, ensuring they operate correctly and efficiently.

References:

Anypoint Runtime Manager

Deploying and Managing Applications with Runtime Manager

In an HTTP/1.1-compliant web service, the class of HTTP response status codes that indicates successful client requests is the 2xx class. These status codes signify that the client's request was successfully received, understood, and accepted by the web service. Common 2xx status codes include:

200 OK: The request was successful.

201 Created: The request was successful and a new resource was created.

202 Accepted: The request has been accepted for processing, but the processing is not yet complete.

Other status code classes like 3xx (redirection), 4xx (client errors), and 5xx (server errors) indicate different types of responses and do not signify successful request processing.

References

IETF RFC 2616: HTTP/1.1 Specification

HTTP Status Code Definitions

Anypoint MQ is a cloud-based messaging service provided by MuleSoft, and it cannot be deployed on-premises. If there is a requirement for the messaging broker to be deployed on-premises, Anypoint MQ would not be suitable. Other considerations such as payload format (XML), encryption, and point-to-point messaging are supported by Anypoint MQ, but the deployment environment requirement is a critical constraint.

References

MuleSoft Anypoint MQ Documentation

Cloud vs. On-Premises Messaging Solutions