MuleSoft Certified Integration Architect – Level 1 — Question 48

Mule applications need to be deployed to CloudHub so they can access on-premises database systems. These systems store sensitive and hence tightly protected data, so are not accessible over the internet.
What network architecture supports this requirement?

Answer options

• A. An Anypoint VPC connected to the on-premises network using an IPsec tunnel or AWS DirectConnect, plus matching firewall rules in the VPC and on- premises network
• B. Relocation of the database systems to a DMZ in the on-premises network, with Mule applications deployed to the CloudHub Shared Worker Cloud connecting only to the DMZ
• C. An Anypoint VPC with one Dedicated Load Balancer fronting each on-premises database system, plus matching IP whitelisting in the load balancer and firewall rules in the VPC and on-premises network
• D. Static IP addresses for the Mule applications deployed to the CloudHub Shared Worker Cloud, plus matching firewall rules and IP whitelisting in the on- premises network

Correct answer: A

Explanation

Option A is correct because it establishes a secure connection between the Anypoint VPC and the on-premises network using an IPsec tunnel or AWS DirectConnect, ensuring safe access to sensitive data. The other options either do not provide secure access (B), do not effectively manage traffic (C), or rely solely on static IPs which may not be secure enough (D).