Free Access to Salesforce.MuleSoft-Platform-Architect-I.v2025-10-22.q61 with Valid Practice Test (Page 5)

Question 16

When could the API data model of a System API reasonably mimic the data model exposed by the corresponding backend system, with minimal improvements over the backend system's data model?

A.When there is an existing Enterprise Data Model widely used across the organization
B.When the System API can be assigned to a bounded context with a corresponding data model
C.When a pragmatic approach with only limited isolation from the backend system is deemed appropriate
D.When the corresponding backend system is expected to be replaced in the near future

Correct Answer: C

Correct Answer : When a pragmatic approach with only limited isolation from the backend system is deemed appropriate.
*****************************************
General guidance w.r.t choosing Data Models:
>> If an Enterprise Data Model is in use then the API data model of System APIs should make use of data types from that Enterprise Data Model and the corresponding API implementation should translate between these data types from the Enterprise Data Model and the native data model of the backend system.
>> If no Enterprise Data Model is in use then each System API should be assigned to a Bounded Context, the API data model of System APIs should make use of data types from the corresponding Bounded Context Data Model and the corresponding API implementation should translate between these data types from the Bounded Context Data Model and the native data model of the backend system. In this scenario, the data types in the Bounded Context Data Model are defined purely in terms of their business characteristics and are typically not related to the native data model of the backend system. In other words, the translation effort may be significant.
>> If no Enterprise Data Model is in use, and the definition of a clean Bounded Context Data Model is considered too much effort, then the API data model of System APIs should make use of data types that approximately mirror those from the backend system, same semantics and naming as backend system, lightly sanitized, expose all fields needed for the given System API's functionality, but not significantly more and making good use of REST conventions.
The latter approach, i.e., exposing in System APIs an API data model that basically mirrors that of the backend system, does not provide satisfactory isolation from backend systems through the System API tier on its own. In particular, it will typically not be possible to "swap out" a backend system without significantly changing all System APIs in front of that backend system and therefore the API implementations of all Process APIs that depend on those System APIs! This is so because it is not desirable to prolong the life of a previous backend system's data model in the form of the API data model of System APIs that now front a new backend system. The API data models of System APIs following this approach must therefore change when the backend system is replaced.
On the other hand:
>> It is a very pragmatic approach that adds comparatively little overhead over accessing the backend system directly
>> Isolates API clients from intricacies of the backend system outside the data model (protocol, authentication, connection pooling, network address, ...)
>> Allows the usual API policies to be applied to System APIs
>> Makes the API data model for interacting with the backend system explicit and visible, by exposing it in the RAML definitions of the System APIs
>> Further isolation from the backend system data model does occur in the API implementations of the Process API tier

Question 17

Refer to the exhibit.
What is the best way to decompose one end-to-end business process into a collaboration of Experience, Process, and System APIs?
A) Handle customizations for the end-user application at the Process API level rather than the Experience API level B) Allow System APIs to return data that is NOT currently required by the identified Process or Experience APIs C) Always use a tiered approach by creating exactly one API for each of the 3 layers (Experience, Process and System APIs) D) Use a Process API to orchestrate calls to multiple System APIs, but NOT to other Process APIs

A.Option A
B.Option B
C.Option C
D.Option D

Question 18

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

A.Shut out bad actors by using HTTPS mutual authentication for all API invocations
B.Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
C.Apply a Header injection and removal policy that detects the malicious data before it is used
D.Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Question 19

What do the API invocation metrics provided by Anypoint Platform provide?

A.ROI metrics from APIs that can be directly shared with business users
B.Measurements of the effectiveness of the application network based on the level of reuse
C.Data on past API invocations to help identify anomalies and usage patterns across various APIs
D.Proactive identification of likely future policy violations that exceed a given threat threshold

Question 20

The responses to some HTTP requests can be cached depending on the HTTP verb used in the request. According to the HTTP specification, for what HTTP verbs is this safe to do?

A.PUT, POST, DELETE
B.GET, HEAD, POST
C.GET, PUT, OPTIONS
D.GET, OPTIONS, HEAD

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File