ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 17 question 8 discussion

Actual exam question from Microsoft's AZ-301
Question #: 8
Topic #: 17
[All AZ-301 Questions]

HOTSPOT -
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company's Azure Active Directory (Azure
AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
✑ Use Azure AD-generated claims.
✑ Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by praiser at Dec. 12, 2019, 8:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
praiser
Highly Voted 5 years, 6 months ago
First one should be Azure AD, I guess: "In Azure AD, grant permissions to allow the client-app to call the backend-app." https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
upvoted 34 times
cgiglass
5 years, 2 months ago
correct ,Azure AD and Azure Api Management is the answer. Api management doesn't grant permissions.
upvoted 5 times
yemma
5 years, 1 month ago
we can by using : Cross-Origin Resource Sharing (CORS) in the APIM
upvoted 1 times
tartar
4 years, 9 months ago
Azure AD API Management
upvoted 2 times
...
...
...
...
Ekramy_Elnaggar
Highly Voted 5 years, 5 months ago
Sorry, I mean : https://www.examtopics.com/exams/microsoft/az-301/view/21/
upvoted 6 times
...
sanketshah
Most Recent 4 years, 5 months ago
Azure AD API management are correct answer.
upvoted 1 times
sanketshah
4 years, 5 months ago
A B is correct answer.
upvoted 1 times
...
...
sanketshah
4 years, 5 months ago
A B is correct answer.
upvoted 1 times
...
fiol82
4 years, 9 months ago
Azure AD API Management
upvoted 1 times
...
Rooh
4 years, 9 months ago
AD and APIM
upvoted 1 times
...
[Removed]
4 years, 10 months ago
Grant permission to allow the web apps to access the web APIs by using: > Azure AD Configure a JSON Web Token (JWT) validation policy bs using: - > Azure API Management A walkthrough is described here: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
upvoted 5 times
...
aelhalawany
4 years, 11 months ago
AD Active Directory API Managment
upvoted 2 times
...
pandeya442
5 years, 1 month ago
Repeated question- Azure AD API Management
upvoted 6 times
Shunya
4 years, 10 months ago
Box1: see p.3 Box2: See p.5 1) Register an application (backend-app) in Azure AD to represent the API. 2) Register another application (client-app) in Azure AD to represent a client application that needs to call the API. 3) In Azure AD, grant permissions to allow the client-app to call the backend-app. 4) Configure the Developer Console to call the API using OAuth 2.0 user authorization. 5) Add the validate-jwt policy to validate the OAuth token for every incoming request. https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
upvoted 2 times
...
Shunya
4 years, 10 months ago
Correct Answer @pandeya442
upvoted 1 times
...
...
mlourh
5 years, 2 months ago
Access permission for Web App to Web API can be done on Azure AD. then the possible answers are A and D
upvoted 1 times
...
mjdfreeiotcloud
5 years, 3 months ago
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts Securing mobile infrastructure by gating access with API keys, preventing DOS attacks by using throttling, or using advanced security policies like JWT token validation. Enabling ISV partner ecosystems by offering fast partner onboarding through the developer portal and building an API facade to decouple from internal implementations that are not ripe for partner consumption. Running an internal API program by offering a centralized location for the organization to communicate about the availability and latest changes to APIs, gating access based on organizational accounts, all based on a secured channel between the API gateway and the backend.
upvoted 2 times
...
Ekramy_Elnaggar
5 years, 5 months ago
This is a repeated question : https://www.examtopics.com/exams/microsoft/az-301/view/24
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel