What requires configuration of both a key store and a trust store for an HTTP Listener?

1. A. Support for TLS mutual (two-way) authentication with HTTP clients
2. B. Encryption of requests to both subdomains and API resource endpoints fhttPs://aDi.customer.com/ and https://customer.com/api)
3. C. Encryption of both HTTP request and HTTP response bodies for all HTTP clients
4. D. Encryption of both HTTP request header and HTTP request body for all HTTP clients

Correct Answer: A

A new Mule application has been deployed through Runtime Manager to CloudHub 1.0 using a CI/CD pipeline with sensitive properties set as cleartext. The Runtime Manager Administrator opened a high priority incident ticket about this violation of their security requirements indicating these sensitive properties values must not be stored or visible in Runtime Manager but should be changeable in Runtime Manager by Administrators with proper permissions.
How can the Mule application be deployed while safely hiding the sensitive properties?

1. A. Add an ArrayList of all the sensitive properties?? names in the mule-artifact.json file of the application
2. B. Add encrypted versions of the sensitive properties as global configuration properties in the Mule application
3. C. Add a new wrapper.java.additional.xx parameter for each sensitive property in the wrapper.conf file used by the CI/CD pipeline scripts
4. D. Create a variable for each sensitive property and declare them as hidden in the CI/CD pipeline scripts

Correct Answer: B

According to MuleSoft, which major benefit does a Center for Enablement (C4E) provide for an enterprise and its lines of business?

1. A. Enabling Edge security between the lines of business and public devices
2. B. Centralizing project management across the lines of business
3. C. Centrally managing return on investment (ROI) reporting from lines of business to leadership
4. D. Accelerating self-service by the lines of business

Correct Answer: D

An organization needs to enable access to their customer data from both a mobile app and a web application, which each need access to common fields as well as certain unique fields. The data is available partially in a database and partially in a 3rd-party CRM system. What APIs should be created to best fit these design requirements?

1. A. A Process API that contains the data required by both the web and mobile apps, allowing these applications to invoke it directly and access the data they need thereby providing the flexibility to add more fields in the future without needing API changes.
2. B. One set of APIs (Experience API, Process API, and System API) for the web app, and another set for the mobile app.
3. C. Separate Experience APIs for the mobile and web app, but a common Process API that invokes separate System APIs created for the database and CRM system
4. D. A common Experience API used by both the web and mobile apps, but separate Process APIs for the web and mobile apps that interact with the database and the CRM System.

Correct Answer: C

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications. The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations. What out-of-the-box Anypoint Platform policy can address exposure to this threat?

1. A. Apply a Header injection and removal policy that detects the malicious data before it is used
2. B. Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
3. C. Shut out bad actors by using HTTPS mutual authentication for all API invocations
4. D. Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Correct Answer: D