Exam AZ-203 topic 2 question 15 discussion

Actual exam question from Microsoft's AZ-203

Question #: 15
Topic #: 2

You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
✑ Use API Management to access the services
✑ Use OpenID Connect for authentication.

Prevent anonymous usage -

A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?

A. validate-jwt
B. jsonp
C. authentication-certificate
D. check-header

Show Suggested Answer

Suggested Answer: A 🗳️
Add the validate-jwt policy to validate the OAuth token for every incoming request.
Incorrect Answers:
B: The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
JSONP is a method used in JavaScript programs to request data from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where access to web pages must be in the same domain.
JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
References:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

by hertino at Aug. 8, 2020, 3:06 p.m.