Exam MCPA - Level 1 All QuestionsBrowse all questions from this exam
Question 1

What API policy would LEAST likely be applied to a Process API?

    Correct Answer: D

    A Process API is designed to orchestrate and integrate various systems and services. It is usually not exposed directly to external consumers, making security policies such as JSON threat protection less critical. JSON threat protection is more relevant for Experience APIs, which are exposed directly to end-users and need to handle potential threats from various sources. Custom circuit breakers, client ID enforcement, and rate limiting are more relevant for maintaining the reliability and scalability of the Process API.

Discussion
ChrisC41Option: D

D. JSON threat protection

AndreDiasOption: C

And why not C (Rate Limiting)? Since we are talking about a Process API, that can be consumed by several Experience APIs and even other Process APIs, I believe we don't want to reject any request if a certain limit is achieved. In resume, in my point of view a Process API should always be available and not with a limited access to.

Lambert_Lambert_ty___

You can have SLA-based rate limiting ot set priorities among different experience APIs. Also, rate limiting might be based on the performance of system APIs or back end systems.

Outdoor25Option: D

Should be D. JSON threat protection is usually needed for Experience APIs.

cabide

then that is why A is the LEAST needed

Pavan_NagineniOption: D

Yes Anshwer should be D as JSON threat protection is usually needed on Exp APIs that can least ranked on Process APIs

Sparks1Option: D

Ans should be D, option A doesnt even exists in Policy

Mentor123Option: C

There is no hard and fast rule to apply fix policy to fix layer of API in API-Led connectivity approach. It totally depends on your Organization and the consumer of Experience APIs. But Yes There are couple of recommendation given by MuleSoft team. Let me cite for you. For Exp API IP Whitelisting TLS Mutual (Either through DLB) SLA Based Policy i.e Rate Limiting XML/JSON Threat protection Client Id Enforcement OAuth based Policy JWT based For Process API: SLA Based Rate Limiting to apply Quality of Service for Selected tier IP Whitelisting Rate Limiting Spike Control If you are directly exposing the process API to consumer you can go ahead with the same policy like Experience API

Mentor123Option: D

There is no hard and fast rule to apply fix policy to fix layer of API in API-Led connectivity approach. It totally depends on your Organization and the consumer of Experience APIs. But Yes There are couple of recommendation given by MuleSoft team. Let me cite for you. For Exp API IP Whitelisting TLS Mutual (Either through DLB) SLA Based Policy i.e Rate Limiting XML/JSON Threat protection Client Id Enforcement OAuth based Policy JWT based For Process API: SLA Based Rate Limiting to apply Quality of Service for Selected tier IP Whitelisting Rate Limiting Spike Control If you are directly exposing the process API to consumer you can go ahead with the same policy like Experience API Answer D

calazansOption: D

D. JSON threat protection

AB317Option: D

Answer: D