You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements: ✑ Use API Management to access the services ✑ Use OpenID Connect for authentication ✑ Prevent anonymous usage A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement?

QuestionsCategory: AZ-204You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements: ✑ Use API Management to access the services ✑ Use OpenID Connect for authentication ✑ Prevent anonymous usage A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement?
Admin Staff asked 4 months ago
You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
✑ Use API Management to access the services
✑ Use OpenID Connect for authentication
✑ Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?

A. jsonp

B. authentication-certificate

C. check-header

D. validate-jwt








 

Suggested Answer: D

Add the validate-jwt policy to validate the OAuth token for every incoming request.
Incorrect Answers:
A: The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
JSONP is a method used in JavaScript programs to request data from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where access to web pages must be in the same domain.
JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

This question is in AZ-204: Developing Solutions for Microsoft Azure Exam
For getting Microsoft Azure Developer Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.