View on GitHub

AZ-204 - Training - Developing Solutions for Microsoft Azure

Companion material and resources for the course 'Developing Solutions for Microsoft Azure' delivery by Ricardo Cabral.


Back to assessment Back to main

Learning Path 8: AZ-204: Implement API Management

Multiple-choice questions

  1. Which of the following components of the API Management service would a developer use if they need to create an account and subscribe to get API keys?

    • A. API gateway
    • B. Azure portal
    • C. Developer portal


    Show answer Developer portal


  2. Which of the following API Management policies would one use if one wants to apply a policy based on a condition?

    • A. forward-request
    • B. choose
    • C. return-response


    Show answer choose


Open ended questions

  1. What is an API Gateway and what problems does it help address?


    Show answer An API gateway sits between clients and services. It acts as a reverse proxy, routing requests from clients to services. It may also perform various cross-cutting tasks such as authentication, SSL termination, and rate limiting. If you don't deploy a gateway, clients must send requests directly to front-end services. However, there are some potential problems with exposing services directly to clients such as needed more complex code on the client and increasing the potential attack surface of the solution.


  2. Describe how you can secure APIs.


    Show answer Certificates can be used to provide Transport Layer Security (TLS) mutual authentication between the client and the API gateway. You can configure the API Management gateway to allow only requests with certificates containing a specific thumbprint. The authorization at the gateway level is handled through inbound policies.


  3. Policies can be used to change the behavior of an API. Describe how policies are configured and what each section of the configuration does.


    Show answer In Azure API Management, policies allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. The configuration is divided into inbound, backend, outbound, and on-error. The series of specified policy statements is executed in order for a request and a response



Back to top Back to assessment Back to main