Home » Microsoft » AZ-204 » HOTSPOT
HOTSPOT
You need to configure API Management for authentication.
Which policy values should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Box 1: Validate JWT The validate-jwt policy enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
Scenario: User authentication (see step 5 below) The following steps detail the user authentication process:
1. The user selects Sign in in the website.
2. The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
3. The user signs in.
4. Azure AD redirects the user’s session back to the web application. The URL includes an access token.
5. The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.
6. The back-end API validates the access token.
Incorrect Answers:
Limit call rate by key – Prevents API usage spikes by limiting call rate, on a per key basis.
Restrict caller IPs – Filters (allows/denies) calls from specific IP addresses and/or address ranges.
Check HTTP header – Enforces existence and/or value of a HTTP Header.
Box 2: Outbound Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies
Microsoft AZ-204: Developing Solutions for Microsoft Azure
Free dumps for AZ-204 in PDF format also you can read online.
High quality AZ-204 PDF and software. VALID exam to help you pass.
|
|
validate-jwt is an “inbound” policy section