MCD-Level-2 MuleSoft Certified Developer - Level 2 (Mule 4) Questions and Answers

To propagate the order ID as the correlation ID across each message using Anypoint MQ, the developer should wrap all Anypoint MQ Publish operations within a With CorrelationID scope from the Tracing module, setting the correlation ID to the order ID. The With CorrelationID scope allows setting a custom correlation ID for any event that occurs within it. The Tracing module also enables distributed tracing across different Mule applications and services using Anypoint Monitoring. References: https://docs.mulesoft.com/tracing-module/1.0/tracing-module-reference#with-correlation-id-scope https://docs.mulesoft.com/tracing-module/1.0/tracing-module-concepts

To manually approve or reject request access when registering a client application with an existing API instance or API Group instance, it is required to configure the SLA tier for the application and have one of the following roles or permissions: Organization Administrator, API Manager Environment Administrator, or Manage Contracts permission. These roles or permissions allow managing client applications and contracts in API Manager. References: https://docs.mulesoft.com/api-manager/2.x/client-applications#managing-client-applications-and-contracts

Mutual TLS (mTLS) is an extension of TLS that requires both parties (client and server) to present their certificates to each other during the handshake process. This way, both parties can verify each other’s identity and establish a secure connection. The authentication of the server happens before the authentication of the client, as the server sends its certificate first and then requests the client’s certificate. References: https://docs.mulesoft.com/mule-runtime/4.3/tls-configuration#mutual-authentication

Based on the configuration below, when a HTTP request arrives at the Mule application’s endpoint, the execution order will be A1, B1, F1, B2, A2. This is because policies are executed before and after the API implementation flow according to their order attribute. Policy A has order 1, which means it is executed first before Policy B, which has order 2. The flow is executed after both policies are executed before the flow. Then, Policy B is executed after the flow before Policy A is executed after the flow. References: https://docs.mulesoft.com/api-manager/2.x/policies-policy-order

To communicate asynchronously between two APIs deployed to a two-node on-prem cluster, the developer can use the VM Connector if the two APIs use the same domain. The VM Connector allows passing messages between different Mule applications within a single Mule runtime instance or across different instances using shared memory or persistent storage. If two APIs are deployed under the same domain, they can share resources such as VM queues and communicate asynchronously using VM Connector operations. References: https://docs.mulesoft.com/mule-runtime/4.3/vm-connector https://docs.mulesoft.com/mule-runtime/4.3/shared-resources

The MuleSoft recommended method to encrypt sensitive property data is to use the Secure Properties Tool that comes with Anypoint Studio. This tool allows encrypting properties files with a secret key and then decrypting them at runtime using the same key. The encryption key and sensitive data should be different for each environment to ensure security and avoid accidental exposure of sensitive data. References: https://docs.mulesoft.com/mule-runtime/4.3/secure-configuration-properties

Based on the code snippet and MUnit test case below, when the MUnit test case is executed, the expected result is that the test case fails with an assertion error. This is because the assert-equals processor compares two values for equality, and fails if they are not equal. In this case, the expected value is ‘Hello World’, but the actual value returned by the implementation flow is ‘Hello Mule’. Therefore, the assertion fails and an error is thrown. References: https://docs.mulesoft.com/munit/2.3/assert-equals-processor

Based on the code snippet and schema.json file below, when testing using the API Kit console if no values are entered in client-secret, HTTP status code 403 (FORBIDDEN) is returned. This is because client-secret is defined as a required header parameter in schema.json file, which means that it must be present in every request. If no values are entered in client-secret, then it is equivalent to omitting this header parameter, which violates the schema and causes APIKit Router to return HTTP status code 403. References: https://docs.mulesoft.com/apikit/4.x/apikit-4-headers

To run a test locally without the policies applied, the developer should create a properties file specifically for local development and set the API instance ID to a value that is not used in API Manager. This way, the developer can use different configuration properties for different environments and avoid triggering API autodiscovery when running tests locally. API autodiscovery is a mechanism that associates an API implementation with its corresponding API specification and policies in API Manager based on its API instance ID. By setting this ID to a value that does not exist in API Manager, the developer can prevent API autodiscovery from finding and applying any policies to the local test. References: https://docs.mulesoft.com/api-manager/2.x/api-auto-discovery-new-concept#configuring-api-autodiscovery https://docs.mulesoft.com/mule-runtime/4.3/configuring-properties

To achieve a publish/subscribe model using Anypoint MQ, where each system receives the same gate change notification event, the developer should publish the gate change notification to an Anypoint MQ exchange, create different Anypoint MQ queues meant for each of the other subscribing systems, and bind the exchange with each of the queues. An exchange is a message routing agent that can send messages to different queues based on predefined criteria. By binding an exchange with multiple queues, each queue receives a copy of every message sent to that exchange. Therefore, each system can subscribe to its own queue and receive every gate change notification event. References: https://docs.mulesoft.com/anypoint-mq/3.x/anypoint-mq-exchanges

To configure a common-global-handler flow that can be reused across all of the organization’s deployed applications, the developer should create a Mule Plugin project, create a common-global-error-handler flow inside the plugin project, and use this plugin as a dependency in all Mule applications. This way, the developer can import the common-global-error-handler flow in any application that needs it and avoid duplicating the error handling logic. References: https://docs.mulesoft.com/mule-runtime/4.3/error-handling#global-error-handler

The Cache scope supports time to live (TTL) as a cache invalidation strategy without having to write any additional code. TTL specifies how long the cached response is valid before it expires and needs to be refreshed. The Cache scope also supports custom invalidation strategies using MEL or DataWeave expressions. References: https://docs.mulesoft.com/mule-runtime/4.3/cache-scope#cache_invalidation

Based on the exhibit below, if ‘Insecure’ is selected as part of the HTTP Listener configuration, the HTTP listener will only accept HTTP requests. This means that no TLS context will be configured for this listener and no encryption or authentication will be applied to incoming requests. The protocol attribute of this listener will be set to HTTP instead of HTTPS. References: https://docs.mulesoft.com/http-connector/1.6/http-listener-ref#insecure

The result of the Mule Maven Plugin configuration of the value of property its,keystorePassword in CloudHub 2.0 is that Runtime Manager masks the value. This means that Runtime Manager hides or obscures the value from anyone who views it in Runtime Manager or Anypoint Platform. References: https://docs.mulesoft.com/runtime-manager/runtime-manager-agent-for-mule4#properties-tab

The http-policy:processor element is used to intercept outbound HTTP requests made by Mule applications. It allows customizing the request before it is sent to the target API and modifying the response after it is received from the target API. References: https://docs.mulesoft.com/api-manager/2.x/policy-mule4-custom-policy#policy-xml-file