New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Exam - Topic 2 Question 26 Discussion

Actual exam question for Salesforce's Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) exam
Question #: 26
Topic #: 2
[All Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions]

A Mule 4 API has been deployed to CloudHub and a Basic Authentication - Simple policy has been applied to all API methods and resources. However, the API is still accessible

by clients without using authentication.

How is this possible?

Show Suggested Answer Hide Answer
Suggested Answer: B

When a Basic Authentication policy is applied to an API on CloudHub but clients can still access the API without authentication, the likely cause is a missing Autodiscovery element. Here's how this affects API security:

Autodiscovery in MuleSoft:

The Autodiscovery element is essential for linking an API implementation deployed in CloudHub with its API instance defined in API Manager. This connection allows the policies applied in API Manager, such as Basic Authentication, to be enforced on the deployed API.

Why Option B is Correct:

Without Autodiscovery, the deployed application does not 'know' about the policies configured in API Manager, resulting in unrestricted access. Adding Autodiscovery enables the API to enforce the policies correctly.

of Incorrect Options:

Option A (incorrect Exchange version) would not cause bypassing of security policies.

Option C (missing client applications) does not impact authentication policy enforcement.

Option D (worker restart) is irrelevant to policy enforcement.

Reference Refer to MuleSoft documentation on Autodiscovery configuration and linking API Manager policies for additional information on setting up secure API policies.


by Barrett at Mar 08, 2025, 01:43 PM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified MuleSoft Platform Architect (Mule-Arch-201) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Virgina
2 months ago
No way it's option C, clients need to be registered for access.
upvoted 0 times
...
Winfred
3 months ago
Agreed, that could definitely cause the API to be open.
upvoted 0 times
...
Jerrod
3 months ago
I think it's option B, missing Autodiscovery is a common issue.
upvoted 0 times
...
Rebeca
3 months ago
Option D doesn't make sense, a worker restart shouldn't affect auth.
upvoted 0 times
...
Brande
3 months ago
Wait, how can clients access it without authentication? That's weird!
upvoted 0 times
...
Gianna
3 months ago
I vaguely recall that if a CloudHub worker restarts, it might cause temporary access issues, but I don't think that's the main reason for this problem.
upvoted 0 times
...
Providencia
4 months ago
I'm a bit confused about the options, but I feel like if no client applications were created, it shouldn't affect the authentication policy directly.
upvoted 0 times
...
Paz
4 months ago
I think I came across a practice question that mentioned the APE Router and its connection to the Exchange version. Could that be related to why the API is still accessible?
upvoted 0 times
...
Tammara
4 months ago
I remember something about the Autodiscovery element being crucial for API security, but I'm not entirely sure if it's the only reason for this issue.
upvoted 0 times
...
Cassie
4 months ago
Hmm, no client applications have been created for this API? That seems like a strange scenario. I'll need to consider the implications of that and how it might relate to the authentication problem.
upvoted 0 times
...
Eliz
4 months ago
Interesting. The question mentions the Autodiscovery element, so I wonder if that could be the issue. Maybe it's not properly configured, or there's some other problem with it. I'll need to think that through.
upvoted 0 times
...
Cyndy
5 months ago
Ah, I think I've got an idea. If the APE Router component is pointing to the wrong Exchange version, that could potentially bypass the authentication policy. I'll make sure to double-check that in my answer.
upvoted 0 times
...
Dorcas
5 months ago
Okay, let me see here. The question says the API has a Basic Authentication - Simple policy applied, so that should be enforcing authentication. I'm a bit confused as to how it could still be accessible without it.
upvoted 0 times
...
Dean
5 months ago
Hmm, this is a tricky one. I'll need to carefully review the details of the question and think through the possible reasons why the API might still be accessible without authentication.
upvoted 0 times
...
Rhea
11 months ago
Maybe one of the CloudHub workers restarted causing the authentication to fail.
upvoted 0 times
...
Raylene
12 months ago
This is a classic case of 'if it's not broke, don't fix it' gone wrong. I bet someone left the API wide open as a 'temporary' solution and forgot to secure it. *shakes head*
upvoted 0 times
Anjelica
10 months ago
A: Yeah, someone probably overlooked that during deployment.
upvoted 0 times
...
Oneida
11 months ago
B: That could be the reason why the API is still accessible without authentication.
upvoted 0 times
...
Doretha
11 months ago
A: The Autodiscovery element is not present, in the deployed Mule application
upvoted 0 times
...
...
Dottie
12 months ago
I agree with Tayna, that could be the reason why authentication is not working.
upvoted 0 times
...
Bok
12 months ago
I don't think the APE Router component or the Autodiscovery element are the issue here. The most likely explanation is that no client applications have been created, so the API is still open to the public. C is my pick.
upvoted 0 times
...
Tayna
12 months ago
I think the issue might be with the Autodiscovery element missing.
upvoted 0 times
...
Sue
12 months ago
Hmm, this is a tricky one. I'm leaning towards D - one of the CloudHub workers restarted, which could have caused the authentication to stop working.
upvoted 0 times
Cecil
11 months ago
C: I believe it's possible that no client applications have been created for this API.
upvoted 0 times
...
Annmarie
11 months ago
B: Maybe the APE Router component is pointing to the incorrect Exchange version of the API.
upvoted 0 times
...
Kanisha
11 months ago
A: I think it could be because the Autodiscovery element is missing in the deployed Mule application.
upvoted 0 times
...
...
Alpha
12 months ago
Wait, the API is still accessible without authentication? That's a big security risk! I'm pretty sure the correct answer is C - no client applications have been created for this API.
upvoted 0 times
Hermila
11 months ago
We should definitely create client applications to secure the API access.
upvoted 0 times
...
Belen
11 months ago
I don't think so, I believe it's because no client applications have been created for this API.
upvoted 0 times
...
Gilberto
11 months ago
But what about the Autodiscovery element? Could that be the problem?
upvoted 0 times
...
Stephen
11 months ago
I think the issue is with the client applications not being created for this API.
upvoted 0 times
...
...

Save Cancel