New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Exam - Topic 1 Question 33 Discussion

Actual exam question for Salesforce's Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) exam
Question #: 33
Topic #: 1
[All Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions]

An organization has built an application network following the API-led connectivity approach recommended by MuleSoft. To protect the application network against

attacks from malicious external API clients, the organization plans to apply JSON Threat Protection policies.

To which API-led connectivity layer should the JSON Threat Protection policies most commonly be applied?

Show Suggested Answer Hide Answer
Suggested Answer: D

Understanding JSON Threat Protection Policies:

JSON Threat Protection policies are used to protect APIs from attacks that exploit JSON payloads, such as oversized payloads, deeply nested objects, and excessive array elements. This helps prevent Denial of Service (DoS) attacks and other malicious payload-related threats.

These policies are typically applied to safeguard APIs that are directly exposed to external clients, where the risk of receiving malicious payloads is highest.

API-led Connectivity Layers:

Experience Layer: This layer is designed to expose APIs to end-users or external API clients, often acting as the interface that interacts with users or applications.

Process Layer: This layer is used for orchestration and aggregation of data from various System APIs, typically operating within a trusted environment and not directly exposed to external clients.

System Layer: This layer provides access to backend systems and databases, often within the organization's secure environment and not directly accessible to external clients.

Evaluating the Options:

Option A (All layers): While JSON Threat Protection can technically be applied to all layers, it is most commonly applied at the Experience layer, where APIs are exposed to external traffic and are more vulnerable to attacks.

Option B (System layer): The System layer is generally not exposed to external clients directly, so JSON Threat Protection is less critical here.

Option C (Process layer): Similar to the System layer, the Process layer is typically internal and not exposed directly to external clients, so JSON Threat Protection is less commonly applied.

Option D (Correct Answer): The Experience layer is the correct answer because it is the layer that directly interacts with external clients, making it the primary target for malicious payloads. Applying JSON Threat Protection here effectively protects the application network from external threats.

Conclusion:

Option D is the correct answer, as the Experience layer is the most common layer for applying JSON Threat Protection policies to protect against external attacks.

For further reference, consult MuleSoft's documentation on API security policies and best practices for securing APIs at the Experience layer.


by Danica at Aug 04, 2025, 10:27 PM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gail
2 months ago
I agree with Deonna, the Experience layer is key for user-facing APIs.
upvoted 0 times
...
Milly
2 months ago
Wait, can you really apply it to all layers? That seems excessive.
upvoted 0 times
...
Bulah
2 months ago
I think it’s more relevant for the System layer.
upvoted 0 times
...
Deonna
3 months ago
Definitely should be applied at the Experience layer.
upvoted 0 times
...
Arlean
3 months ago
All layers make sense for comprehensive protection!
upvoted 0 times
...
Brynn
3 months ago
I feel like the Experience layer is the best option, but I could see an argument for applying it to all layers to be extra safe.
upvoted 0 times
...
Grover
3 months ago
I practiced a similar question, and I believe the System layer is more about backend services, so it might not be the right choice for JSON protection.
upvoted 0 times
...
Elden
4 months ago
I'm not entirely sure, but I remember something about the Process layer being important for handling data. Maybe that's where the policies should go?
upvoted 0 times
...
Mirta
4 months ago
I think the JSON Threat Protection policies should be applied at the Experience layer since that's where external clients interact with the APIs.
upvoted 0 times
...
Julian
4 months ago
Hmm, I'm not entirely sure about this one. I'll need to review the details of the API-led connectivity layers and think about where the JSON Threat Protection policies would be most effective. I don't want to just guess, so I'll take my time and try to reason through it carefully.
upvoted 0 times
...
Ora
4 months ago
I've got a good feeling about this one. Based on my understanding of the API-led connectivity approach, the JSON Threat Protection policies would most commonly be applied at the Experience layer. That's where the external API clients would be interacting with the application network, so it makes sense to have the security measures there.
upvoted 0 times
...
Ardella
4 months ago
I'm a bit confused on this one. The question mentions "protecting the application network against attacks from malicious external API clients," so I'm not sure if the System layer is the right answer. Maybe the Process layer would be better for handling that kind of security concern?
upvoted 0 times
...
Glennis
5 months ago
Okay, let's see. The question is asking about which layer the JSON Threat Protection policies should be applied to. I'm thinking the System layer might be the best option, since that's where the APIs are exposed to external clients.
upvoted 0 times
...
France
5 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the different layers of the API-led connectivity approach and where JSON Threat Protection policies would be most commonly applied.
upvoted 0 times
...
Nina
5 months ago
I think the JSON Threat Protection policies should be applied to all layers.
upvoted 0 times
...
Florencia
5 months ago
Wait, is this a trick question? What if the answer is E) Unicorn layer? You know, the secret layer only accessible by mythical creatures.
upvoted 0 times
Dacia
1 month ago
I’d go with the system layer. It’s where the core logic lives.
upvoted 0 times
...
Lawana
2 months ago
I’m leaning towards the process layer. Seems like a good fit.
upvoted 0 times
...
Lorean
2 months ago
Haha, unicorn layer sounds fun! But seriously, I think it's the experience layer.
upvoted 0 times
...
Elli
3 months ago
All layers could make sense too. Better safe than sorry!
upvoted 0 times
...
...
Tegan
7 months ago
A) All layers, obviously! Why not just protect the whole thing, you know? Safety first, that's my motto!
upvoted 0 times
...
Nathan
7 months ago
Definitely B) System layer. That's where the security stuff goes, right? Gotta keep those pesky hackers out!
upvoted 0 times
Frederick
5 months ago
Yes, you're right! The System layer is where security measures are typically implemented.
upvoted 0 times
...
...
Kimberely
7 months ago
Hmm, I'm not sure about this one. Maybe C) Process layer? Isn't that where the business logic is handled?
upvoted 0 times
...
Jesse
7 months ago
I think the correct answer is B) System layer. The JSON Threat Protection policies are usually applied at the system layer to protect the API endpoints from external attacks.
upvoted 0 times
...

Save Cancel