ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 14 discussion

Actual exam question from Microsoft's AZ-204
Question #: 14
Topic #: 4
[All AZ-204 Questions]

Your company is developing an Azure API hosted in Azure.
You need to implement authentication for the Azure API to access other Azure resources. You have the following requirements:
✑ All API calls must be authenticated.
✑ Callers to the API must not send credentials to the API.
Which authentication mechanism should you use?

  • A. Basic
  • B. Anonymous
  • C. Managed identity
  • D. Client certificate
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by MrZoom at March 24, 2021, 12:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
clarionprogrammer
Highly Voted 4 years, 2 months ago
C is correct.
upvoted 28 times
...
nnvuf
Highly Voted 4 years ago
A and D will send credential to the API. B is not meet the requirement. only C can be selected
upvoted 21 times
...
Vichu_1607
Most Recent 8 months, 2 weeks ago
Selected Answer: C
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. They are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code. In this case, a managed identity would meet both requirements: it would authenticate all API calls, and callers to the API would not need to send credentials because the authentication is handled automatically by Azure
upvoted 1 times
...
OPT_001122
2 years, 7 months ago
Selected Answer: C
C. Managed identity
upvoted 2 times
...
gmishra88
2 years, 8 months ago
Another pointless requirement made up with some answer in mind and it is impossible to guess what the Microsoft guy had in his mind at that point in time (of course nobody reviews relevance of the questions once created). The requirement that the credentials are not sent is weird. It depends on whether a client certificate is seen as a credential. That gets in conflict with whether the API is called from a client that does not have a managed identity. For example, from postman or curl or a Single Page Application. You cannot use Managed identity in that case. So, depending on how much an unfortunate question taker knows there is 50% chance (excuse my probability knowledge) that he can make a mistake or not. Microsoft guy wins
upvoted 5 times
gmishra88
2 years, 8 months ago
My mistake, the requirement did say one azure resource to access another azure resource. In that case Managed Identity is clearly a winner. One must really read the question properly
upvoted 5 times
florianwicher
4 months, 2 weeks ago
In my view, your original criticism is still valid. The scenario of "API accessing other resource" still leaves open the question of who the resource identifies as. One could imagine delegation, where the API acts on behalf of a client external to Azure; or one could imagine the Azure API acting as itself.
upvoted 1 times
...
...
...
Nokaido
2 years, 9 months ago
Selected Answer: C
Tested it with a App Service running my C# code while using the Azure identity packages.
upvoted 1 times
...
Eltooth
3 years ago
Selected Answer: C
C is the correct answer.
upvoted 2 times
Eltooth
2 years, 11 months ago
https://docs.microsoft.com/en-us/azure/api-management/api-management-policies#authentication-policies
upvoted 1 times
...
...
AZ204Cert
3 years, 2 months ago
Got this on 04/05/22 (selected Managed Identity)
upvoted 7 times
...
petitbilly
3 years, 3 months ago
Got it in exam 03/22
upvoted 2 times
...
ning
3 years, 10 months ago
Question is about from APIM to other azure resource, C is correct managed identity. Question is NOT about how end users access APIM
upvoted 6 times
...
francis6170
4 years ago
got this in the exam :)
upvoted 5 times
...
businesskasper
4 years ago
Managed identity only works for internal api calls. The requirement is "all api calls must be authenticated". Certificate would meet that requirement?
upvoted 4 times
...
glam
4 years, 1 month ago
correct
upvoted 3 times
...
MrZoom
4 years, 2 months ago
D would work though, and it meets all the criteria (the private key of the certificate is never sent to the server during https handshake). If multiple answers are possible, I'd go for C and D, but if only one answer is possible, C is better for the reason stated in the answer explanation section.
upvoted 2 times
MrZoom
4 years, 2 months ago
Also, using certificates for authentication isn't typical use with API's hosted in Azure (which _is_ part of the question).
upvoted 2 times
...
Spooky7
4 years ago
How ClientCerficate would help Azure API to authenticate in other Azure resources? The question is not about client authentication but Azure API authentication to use other Azure resources.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel