ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 12 discussion

Actual exam question from Microsoft's AZ-304
Question #: 12
Topic #: 2
[All AZ-304 Questions]

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
✑ The number of incoming microservice calls must be rate-limited.
✑ Costs must be minimized.
What should you include in the solution?

  • A. Azure App Gateway with Azure Web Application Firewall (WAF)
  • B. Azure API Management Premium tier with virtual network connection
  • C. Azure API Management Standard tier with a service endpoint
  • D. Azure Front Door with Azure Web Application Firewall (WAF)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by bharatns at Dec. 3, 2020, 6:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xAlx
Highly Voted 4 years, 5 months ago
Answer is correct: https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes#option-2-install-an-ingress-controller taking into account TLS support and traffic control
upvoted 40 times
BrettusMaximus
3 years, 9 months ago
It cannot be either A: or D: as the need for a PRIVATE IP address.
upvoted 5 times
...
...
arseyam
Highly Voted 4 years, 5 months ago
Deploying Azure API Management in a virtual network is only available in the Premium and Developer tiers of API Management. https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet
upvoted 16 times
adolover
4 years, 2 months ago
Isolated as well.
upvoted 3 times
...
...
Teringzooi
Most Recent 3 years ago
Selected Answer: B
Correct answer: B In AZ-305
upvoted 2 times
...
hertino
3 years ago
In AZ-305 exam, 9 april 22
upvoted 3 times
...
k14us
3 years, 1 month ago
A is meeting all the pre-reqs and is cheaper than the APIM premium
upvoted 1 times
...
plmmsg
3 years, 1 month ago
B. Azure API Management Premium tier
upvoted 1 times
...
arun
3 years, 2 months ago
Selected Answer: B
Vnet support is only on Premium version.. refer the comparison mentioned at https://docs.microsoft.com/en-us/azure/api-management/api-management-features
upvoted 1 times
...
S_AB
3 years, 2 months ago
Selected Answer: B
Only premiun and developer for API management vnet deployment
upvoted 1 times
...
examineezer
3 years, 4 months ago
I don't understand why the premium feature of VNET deployment is required here. As far as I can tell the premium tier is only required if APIM is used to manage APIs which are consumed by consumers OUTSIDE of the VNET. But here, everything is inside the same VNET!
upvoted 1 times
examineezer
3 years, 4 months ago
Apologies - in both internal mode and external mode it looks like Premium is required: https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes#option-2-install-an-ingress-controller
upvoted 3 times
...
...
examineezer
3 years, 4 months ago
Nice table comparing APIM premium to standard here: https://docs.microsoft.com/en-us/azure/api-management/api-management-features
upvoted 2 times
...
Azurefox79
3 years, 4 months ago
Selected Answer: B
VNet connection supported only in Premium and Developer Tiers, not standard
upvoted 2 times
...
cfsxtuv33
3 years, 6 months ago
The thing I've noticed when reviewing these questions is that whenever one of the answers has "premium" in it, then that's the answer.
upvoted 7 times
...
leo_az300
3 years, 7 months ago
It should be API Management with AKS in the same Virtual Network with the Add servers. To control rate limit, you can use access restriction policies in API Management. The only thing I didn't get is why it's premium not standard?
upvoted 1 times
...
syu31svc
3 years, 7 months ago
https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes#option-2-install-an-ingress-controller Mutual TLS authentication is natively supported by API Management and can be enabled in Kubernetes by installing an Ingress Controller. https://docs.microsoft.com/en-us/azure/api-management/media/api-management-aks/ingress-controller.png Answer is B
upvoted 1 times
...
Manish03Nov
3 years, 7 months ago
Answer is correct. Ref : https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet?tabs=stv2
upvoted 1 times
...
Gautam1985
3 years, 8 months ago
correct
upvoted 1 times
...
modiallo
3 years, 9 months ago
Correct Answer ... the AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Developer and Premium tiers support VNet deployment.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago