Salesforce MuleSoft-Integration-Architect-I Exam With Confidence Using Practice Dumps

To hide sensitive data exchanged between API consumers and API implementations while allowing the conversion of tokenized fields back to their original values for other API requests or responses, the best approach is to use tokenization. This involves:

Tokenization Format: Create a tokenization format that will be used to apply a tokenization policy in the API gateway. This format ensures that sensitive fields in message payloads are replaced with tokenized values that maintain a similar format, making them less recognizable as sensitive data.

Tokenization Policy: Apply a tokenization policy in the API gateway that replaces sensitive data with tokenized values.

Detokenization Policy: Apply a corresponding detokenization policy in the API gateway to convert tokenized values back to their original values when required by other APIs.

This method does not require recoding the API implementations and ensures that sensitive data is protected while still being accessible in its original form when necessary.

References

MuleSoft Documentation on Tokenization Policies

API Gateway Security Best Practices

Explanation

* Object Store and VM Store is used for sharing data inter or intra mule applications in same setup. Can't be used with external Business Partner

* Also File connector will not be useful as the two companies currently have no shared IT infrastructure. It's specific for local use.

* Correct answer is SFTP connector. The SFTP Connector implements a secure file transport channel so that your Mule application can exchange files with external resources. SFTP uses the SSH security protocol to transfer messages. You can implement the SFTP endpoint as an inbound endpoint with a one-way exchange pattern, or as an outbound endpoint configured for either a one-way or request-response exchange pattern.

Explanation

We need to note few things about the scenario which will help us in reaching the correct solution.

Point 1 : The APIs are all publicly available and are associated with several mobile applications and web applications. This means Apply an IP blacklist policy is not viable option. as blacklisting IPs is limited to partial web traffic. It can't be useful for traffic from mobile application

Point 2 : The organization does NOT want to use any authentication or compliance policies for these APIs. This means we can not apply HTTPS mutual authentication scheme.

Header injection or removal will not help the purpose.

By its nature, JSON is vulnerable to JavaScript injection. When you parse the JSON object, the malicious code inflicts its damages. An inordinate increase in the size and depth of the JSON payload can indicate injection. Applying the JSON threat protection policy can limit the size of your JSON payload and thwart recursive additions to the JSON hierarchy.

Hence correct answer is Apply a JSON threat protection policy to all APIs to detect potential threat vectors