Salesforce-MuleSoft-Platform-Architect Practice Test
Salesforce Spring 25 Release 152 Questions
A large lending company has developed an API to unlock data from a database server and web server. The API has been deployed to Anypoint Virtual Private Cloud
(VPC) on CloudHub 1.0.
The database server and web server are in the customer's secure network and are not accessible through the public internet. The database server is in the customer's AWS
VPC, whereas the web server is in the customer's on-premises corporate data center.
How can access be enabled for the API to connect with the database server and the web server?
A. Set up VPC peering with AWS VPC and a VPN tunnel to the customer's on-premises corporate data center
B. Set up VPC peering with AWS VPC and the customer's on-premises corporate data center
C. Setup a transit gateway to the customer's on-premises corporate data center through AWS VPC
D. Set up VPC peering with the customer's on-premises corporate data center and a VPN tunnel to AWS VPC
A. Set up VPC peering with AWS VPC and a VPN tunnel to the customer's on-premises corporate data center
Explanation:
Anypoint VPC Connectivity Methods documentation specifies two standard, low-code connectivity patterns for CloudHub workers to reach secured backend resources:
1. VPC Peering between the Anypoint VPC and the customer’s AWS VPC.
This creates a private, region-local network link so your Mule apps can directly access resources (like the database server) in the AWS VPC as if they were in the same network.
2. IPsec VPN Tunnel from the Anypoint VPC to the on-premises data center.
A managed IPSec (Anypoint VPN) gateway secures traffic over the public internet, extending your corporate network to the VPC and enabling access to on-prem servers.
Alternative patterns—such as Transit Gateway attachments (C)—require additional AWS infrastructure and are more complex to configure. Direct peering to on-prem (B or D) isn’t possible; on-premises sites must connect via VPN or Transit Gateway, not VPC peering. Thus, combining VPC peering for AWS with an IPsec tunnel for on-prem offers the least development overhead and aligns with MuleSoft best practices.