Exam4Training

What out-of-the-box Anypoint Platform policy can address exposure to this threat?

exams

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications. The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.

What out-of-the-box Anypoint Platform policy can address exposure to this threat?
A . Apply a Header injection and removal policy that detects the malicious data before it is used
B . Apply an IP blacklist policy to all APIs; the blacklist will Include all bad actors
C . Shut out bad actors by using HTTPS mutual authentication for all API invocations
D . Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Answer: D

Explanation:

We need to note few things about the scenario which will help us in reaching the correct solution. Point 1: The APIs are all publicly available and are associated with several mobile applications and web applications. This means Apply an IP blacklist policy is not viable option. as blacklisting IPs is limited to partial web traffic. It can’t be useful for traffic from mobile application

Point 2: The organization does NOT want to use any authentication or compliance policies for these

APIs. This means we can not apply HTTPS mutual authentication scheme.

Header injection or removal will not help the purpose.

By its nature, JSON is vulnerable to JavaScript injection. When you parse the JSON object, the malicious code inflicts its damages. An inordinate increase in the size and depth of the JSON payload can indicate injection. Applying the JSON threat protection policy can limit the size of your JSON payload and thwart recursive additions to the JSON hierarchy.

Hence correct answer is Apply a JSON threat protection policy to all APIs to detect potential threat vectors

Latest MuleSoft Integration Architect I Dumps Valid Version with 244 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download MuleSoft Integration Architect I PDF     MuleSoft Integration Architect I Questions Online Training
Exit mobile version