ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 33 discussion

Actual exam question from Microsoft's AZ-305
Question #: 33
Topic #: 1
[All AZ-305 Questions]

HOTSPOT -
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company s Azure Active Directory (Azure
AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
✑ Use Azure AD-generated claims.
Minimize configuration and management effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure AD -
Grant permissions in Azure AD.

Box 2: Azure API Management -
Configure a JWT validation policy to pre-authorize requests.
Pre-authorize requests in API Management with the Validate JWT policy, by validating the access tokens of each incoming request. If a request does not have a valid token, API Management blocks it.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
by Gowind at Sept. 2, 2022, 11:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gowind
Highly Voted 2 years, 10 months ago
Corrects https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad Authorization workflow A user or application acquires a token from Azure AD with permissions that grant access to the backend-app. The token is added in the Authorization header of API requests to API Management. API Management validates the token by using the validate-jwt policy. If a request doesn't have a valid token, API Management blocks it. If a request is accompanied by a valid token, the gateway can forward the request to the API. https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT
upvoted 41 times
...
Xinx
Highly Voted 2 years, 9 months ago
This appears in my test at July 30th
upvoted 12 times
...
Sonat
Most Recent 4 months, 2 weeks ago
Now it's: Entra ID & API Management
upvoted 3 times
...
23169fd
1 year ago
The given answers are correct. Grant permissions to allow the web apps to access the web APIs by using: Azure AD Reason: Azure AD can issue tokens containing claims that the APIs can validate, ensuring only authorized applications access the APIs. Configure a JSON Web Token (JWT) validation policy by using: Azure API Management Reason: Azure API Management can enforce JWT validation policies, ensuring that only requests with valid Azure AD-generated JWTs are allowed to access the APIs. This minimizes configuration and management effort while leveraging Azure AD for claims.
upvoted 2 times
...
Lazylinux
1 year, 2 months ago
Given answer is correct Azure AD and Azure API Management
upvoted 1 times
...
varinder82
1 year, 3 months ago
Final Answer: 1. Azure AD 2. Azure API Management
upvoted 1 times
...
nav109
1 year, 7 months ago
This question appeared on my Exam today 11/17/2023
upvoted 6 times
...
johnD16
2 years, 3 months ago
Showed in exam 18.03.2023. correct passed 940/1000
upvoted 10 times
...
zellck
2 years, 4 months ago
1. Azure AD 2. Azure API Management https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy
upvoted 7 times
...
OPT_001122
2 years, 5 months ago
the ans is correct
upvoted 1 times
OPT_001122
2 years, 4 months ago
key factor is Your company has 20 web APIs ,.. so it requires API management for 20 web apis
upvoted 3 times
...
...
janvandermerwer
2 years, 5 months ago
AzureAD https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad Azure API management https://learn.microsoft.com/en-us/azure/api-management/api-management-policies "Validate JWT - Enforces existence and validity of a JWT extracted from either a specified HTTP Header, query parameter, or token value."
upvoted 2 times
...
NarasimhanMV
2 years, 8 months ago
Ans - correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel