ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 5 question 43 discussion

Actual exam question from Microsoft's AZ-304
Question #: 43
Topic #: 5
[All AZ-304 Questions]

Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
✑ Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
✑ The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
✑ The solution must NOT require changes to the logic apps.
✑ The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

  • A. Azure AD business-to-business (B2B)
  • B. Azure Front Door
  • C. Azure API Management
  • D. Azure AD Application Proxy
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Incorrect Answers:
A: Azure Active Directory B2B uses guest users.
B: Azure Front Door is an Application Delivery Network (ADN) as a service, offering various layer 7 load-balancing capabilities for your applications.
Azure Front Door supports HTTP, HTTPS and HTTP/2.
Applications can be authorized through OAuth 2.0.
D: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the
Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.
Application Proxy works with:
✑ Web applications that use Integrated Windows Authentication for authentication
Web applications that use form-based or header-based access

Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
by David_986969 at Sept. 30, 2020, 3:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoxMan
Highly Voted 4 years, 8 months ago
Correct, C. Azure API Management. You can eliminate B swiftly as it is a global entry portal. A as it requires Guest Accounts in AAD. D as it is “just” a proxy solution for on-premises Web Applications The policies required to rate limit are part of the API Management feature (link in the original answer) and further details to respond to other parts of the requirements are here: https://docs.microsoft.com/en-us/azure/api-management/api-management-features
upvoted 27 times
...
BoxGhost
Highly Voted 3 years, 11 months ago
A - Uses guest accounts, does not meet the requirements https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b B - AFD is a frontend for web apps, nothing to do with identity management C - Meets the requirements, it supports oauth https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2 D - App proxy is to serve on-premise apps to be accessible over the internet, does not help here
upvoted 12 times
...
ManSinhLee
Most Recent 3 years, 8 months ago
I have no idea :)))
upvoted 8 times
Ali526
3 years, 5 months ago
You got company.
upvoted 2 times
...
...
syu31svc
3 years, 10 months ago
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enable-oauth-20-user-authorization-in-the-developer-console Answer is C
upvoted 3 times
...
leo_az300
3 years, 10 months ago
I'll go with API Management. As Guest Group in API management, Policy and Developer Portal meet all requirements. About AAD B2B option. Yes, you can invite Fabrikan devs as guest user in you subscription then set up IAM roles. But doesn't this against the last requirement "NOT use AAD Guest account"? [After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. ] ref: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator
upvoted 1 times
...
modiallo
4 years, 1 month ago
Correct answer https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
upvoted 3 times
...
demonite
4 years, 2 months ago
Answer is APIM, you can have it as external access for the devs, it can also have a policy for rate limits
upvoted 2 times
...
bc5468521
4 years, 9 months ago
I will choose A, B2B. B2B does not require guests to have AAD service. Email is good enough. then grant sufficient permission to the guest user.
upvoted 2 times
pentum7
4 years, 8 months ago
"Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. " ..... "Guest users sign in to your apps and services with their own work, school, or social identities." B2B seems to be centered around use of Guest Accounts? But the question requires us not to use Guest Accounts. I think B is still correct
upvoted 2 times
pentum7
4 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
upvoted 3 times
...
...
David_986969
4 years, 8 months ago
It says fabrikan does not have an AD so it would be more work to implement b2b
upvoted 3 times
...
tita_tovenaar
4 years ago
You're right, B2B seems to fit the bill. APIM can surely cover part of it, but the question refers to Fabricam 'using a subset of the logic apps to ... integrate with on-prem web service of Contoso'. Think that is too much to chew for APIM.
upvoted 1 times
...
...
David_986969
4 years, 10 months ago
Does azure API management gives access to logical apps?
upvoted 1 times
David_986969
4 years, 10 months ago
I did not see anything about logic apps in the link, so I may think its wrong
upvoted 1 times
...
bobbyjones
4 years, 10 months ago
Yes, https://docs.microsoft.com/en-us/azure/api-management/import-logic-app-as-api
upvoted 5 times
...
Spooky7
3 years, 9 months ago
It was said that logic app has http trigger, so anything can access logic app.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel