ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 25 discussion

Actual exam question from Microsoft's AZ-204
Question #: 25
Topic #: 4
[All AZ-204 Questions]

You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
✑ Use API Management to access the services
✑ Use OpenID Connect for authentication
✑ Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?

  • A. jsonp
  • B. authentication-certificate
  • C. check-header
  • D. validate-jwt
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Cornholioz at Nov. 27, 2020, 11:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cornholioz
Highly Voted 4 years, 5 months ago
Correct. It's validate-jwt for Open ID, API, secure authentication.
upvoted 47 times
...
mlantonis
Highly Voted 3 years, 11 months ago
Correct Answer: D Add the validate-jwt policy to validate the OAuth token for every incoming request. Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
upvoted 18 times
...
Vichu_1607
Most Recent 7 months ago
Selected Answer: D
The correct answer is D. validate-jwt. The validate-jwt policy in Azure API Management allows you to enforce validation of JSON Web Tokens (JWT) from the client as part of the API call. This can be used to ensure that the caller has authenticated with OpenID Connect, as OpenID Connect uses JWTs for its identity tokens. Option A, jsonp, is used for wrapping JSON responses in a JSONP callback function, and does not provide any authentication. Option B, authentication-certificate, is used for client certificate authentication, not OpenID Connect. Option C, check-header, is used for checking the existence of certain headers, and while it could be used to check for the existence of an Authorization header, it would not validate the JWT itself.
upvoted 2 times
...
applepie
1 year, 9 months ago
got this question today, answer D - validate-jwt - 7/30/2023, score 895/1000
upvoted 3 times
...
Videira
2 years, 2 months ago
On my exam 2023-02-25
upvoted 2 times
...
sam5678
2 years, 7 months ago
correct
upvoted 1 times
...
serpevi
2 years, 8 months ago
Got this in 09/22 , went with the most voted answer, score 927.
upvoted 3 times
...
Eltooth
2 years, 10 months ago
Selected Answer: D
D is correct answer.
upvoted 3 times
...
JotaEleEfe
3 years, 1 month ago
Selected Answer: D
I think validate-jwt is the correct option.
upvoted 2 times
...
iamstudying
3 years, 2 months ago
Selected Answer: D
validate-jwt, buddies
upvoted 1 times
...
Freidrich
3 years, 2 months ago
Selected Answer: D
The proposed answer is correct D: validate-jwt.
upvoted 1 times
...
mabusalma
3 years, 3 months ago
Can someone let me understand why a check-header isn't a valid answer? https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#CheckHTTPHeader Use the check-header policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or check for a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy.
upvoted 1 times
coffecold
2 years, 7 months ago
JWT is a token issued by an identity provider, sent in the request, and that can be verified by the receiving site. A HTTP header is not issued by an identity provider.
upvoted 4 times
...
...
mcbc
3 years, 9 months ago
correct
upvoted 2 times
...
Peter304403
3 years, 11 months ago
The answer might be correct, but in the explanation of the incorrect answers it sounds very confusing to read jsonp described 3-times in a similar way? Since I don't know and I coldn't find anything: Could someone please explain the other two answers, what it is or where to find sothing about that?
upvoted 4 times
...
UnknowMan
3 years, 11 months ago
correct
upvoted 1 times
...
glam
3 years, 12 months ago
correct
upvoted 2 times
...
demius_8
4 years ago
Answer is correct. Source: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago