MuleSoft Certified Platform Architect – Level 1 — Question 4

An organization has several APIs that accept JSON data over HTTP POST. The APIs are all publicly available and are associated with several mobile applications and web applications.
The organization does NOT want to use any authentication or compliance policies for these APIs, but at the same time, is worried that some bad actor could send payloads that could somehow compromise the applications or servers running the API implementations.
What out-of-the-box Anypoint Platform policy can address exposure to this threat?

Answer options

• A. Shut out bad actors by using HTTPS mutual authentication for all API invocations.
• B. Apply an IP blacklist policy to all APIs; the blacklist will include all bad actors.
• C. Apply a Header injection and removal policy that detects the malicious data before it is used.
• D. Apply a JSON threat protection policy to all APIs to detect potential threat vectors.

Correct answer: D

Explanation

The correct answer is D because the JSON threat protection policy specifically aims to detect and mitigate potential threats within JSON payloads, making it suitable for the scenario described. Options A and B involve authentication and access control measures, which the organization explicitly wants to avoid. Option C, while related to data security, does not specifically address the unique vulnerabilities associated with JSON data.