[{"_1":2,"_277":-5,"_278":-5},"loaderData",{"_3":4},"routes/topics.$name",[5,26,40,55,68,86,100,117,126,135,145,156,167,177,185,192,201,212,218,227,237,243,253,265],{"_6":7,"_8":9,"_10":11,"_12":13,"_18":19,"_22":23,"_24":25},"id","5cb431738ad408b43dc62fd7928259120995a681b33133978b304345b0d8305e","question","You receive `403 Forbidden` trying to get access to your API instance. What are possible reasons for that?","answer","Quota and ip restrictions are `403`. \nServer errors are `5XX`, Subscription errors are `401`","options",[14,15,16,17],"Server crashed","You have to pass a valid subscription key.","Quota has been exceeded","IP Filter policy has been activated","answerIndexes",[20,21],2,3,"hasCode",false,"topic","API Management",{"_6":27,"_8":28,"_10":29,"_12":30,"_18":38,"_22":23,"_24":25},"78f533392543fe56efdc7442f62d446ad7b5bcfc7e2a1d6551b7a215e4c67fb4","You have JSON endpoint that expects JSON payload. The client sends XML payload. What policy should be applied?","Request is transformed in inbound section",[31,32,33,34,35,36,37],"`xml-to-json-policy` in inbound section","`xml-to-json-policy` in backend section","`xml-to-json-policy` in outbound section","`json-to-xml-policy` in inbound section","`json-to-xml-policy` in backend section","`json-to-xml-policy` in outbound section","No policy should be applied",[39],0,{"_6":41,"_8":42,"_10":43,"_12":44,"_18":53,"_22":23,"_24":25},"f81ad0af33cae52307890bcdf96ac87e3767917e2b3f7e7e0facccba86b7d246","You establish an API Management (APIM) gateway and incorporate an existing App Services API app within it. Your goal is to limit each client application to a maximum of 1000 calls to the API on an hourly basis.\". Which policies could achieve this requirement?","`rate-limit-by-key` and `quota-by-key` can limit numbers of requests.",[45,46,47,48,49,50,51,52],"``","``","``","``","``","``","``","``",[39,54],4,{"_6":56,"_8":57,"_10":58,"_12":59,"_18":67,"_22":23,"_24":25},"d6c8a6fa4cb1f5f9966853da0179d584160af184de6811790dc63c69a1dab907","What rule should be used to cache this URL: `https://myapi.azure-api.net/items/123456`?","When URL has no parameters to cache on, the whole URL is used (empty `vary-by-query-parameter`). \n`itemId` does not exist. `items` is not a valid query parameter. `cache-lookup-value` is for retrieving cached value by name.",[60,61,62,63,64,65,66],"`

`","`

itemId

`","``","``","`

items

`","``","``",[39],{"_6":69,"_8":70,"_10":71,"_12":72,"_18":85,"_22":23,"_24":25},"4e273eedead0a547f597362ec26b0124a156699a03aab122ba70cf2fa0302b24","You are working on an API where an end user is authenticated, and you need to generate a throttling key based on information that uniquely identifies that user. The requirement is to limit the calls to 10 every minute, with a total of 100 calls and 100 MB of bandwidth per hour. Which policies should you implement to achieve this requirement?","`rate-limit-by-key` and `quota-by-key`, units in seconds and KB, `counter-key=\"@(context.Request.Headers.GetValueOrDefault(\\\"Authorization\\\",\\\"\").AsJwt()?.Subject)\"`.",[73,74,75,76,77,78,79,80,81,82,83,84],"``","``","``","``","``","``","``","``","``","``","``","``",[39,54],{"_6":87,"_8":88,"_10":89,"_12":90,"_18":99,"_22":23,"_24":25},"4f14335bcd6ebdcb692dfaba2e410a1a6c739d6b3c8873256dabce02b7cd2239","You are developing an API that needs to restrict a single client IP address to only 10 calls every minute, with a total of 100 calls and 100 MB of bandwidth per hour. Which policies should you implement to achieve this requirement?","`rate-limit-by-key` and `quota-by-key`, units in seconds and KB, `counter-key=\"@(context.Request.IpAddress)\"`.",[91,92,75,76,93,94,95,96,81,82,83,84,97,98],"``","``","``","``","``","``","`

\"@(context.Request.IpAddress)\"

`","`

\"@(context.Request.IpAddress)\"

`",[39,54],{"_6":101,"_8":102,"_10":103,"_12":104,"_18":114,"_22":23,"_24":25},"f4756458ae0930ba807d9ffd227f9b1e1aeb52dda503e560a19caad02bbbd350","Your company has a complex environment with APIs hosted both on-premises and in different cloud providers. You are tasked with centralizing the management of these APIs using Azure API Management, while ensuring low-latency access for local users. What actions should you take to accomplish this task?","First, you need to create a new API management instance using `az apim create`. \n`az apim api import` imports an API into an existing API Management service instance. \n`az apim backend create` creates a new backend entity in API Management.\n`az apim backend proxy create` is for creating a proxy backend, not an API Management instance.",[105,106,107,108,109,110,111,112,113],"Upgrade to the Premium tier of Azure API Management.","Implement a self-hosted gateway to manage on-premises APIs and APIs across multiple clouds.","Migrate all APIs to Azure App Service.","Generate OpenAPI specifications for all APIs.","Configure a VPN connection between the internal network and Azure.","`az apim api import`","`az apim backend create`","`az apim create`","`az apim backend proxy create`",[39,115,116],1,7,{"_6":118,"_8":119,"_10":120,"_12":121,"_18":125,"_22":23,"_24":25},"2ad205a4b5f59049a6b33423753323dfe7a4904b9e240f7571325202bdfd42af","In what unit is the bandwidth limit in Quota policy?","All sizes are in KB",[122,123,124],"KB","MB","GB",[39],{"_6":127,"_8":128,"_10":129,"_12":130,"_18":134,"_22":23,"_24":25},"432139a6157dbd4579692cf8d715f98d2f6ec623499dbab8d67b5efb86acd59a","Which of the following components of the API Management service would a developer use if they need to create an account and subscribe to get API keys?","The Developer portal serves as the main web presence for developers, and is where they can subscribe to get API keys. \nThe API gateway routes calls, performs API transforms, and verifies keys. \nThe Azure portal is the administrative interface where you set up your API program.",[131,132,133],"API gateway","Azure portal","Developer portal",[20],{"_6":136,"_8":137,"_10":138,"_12":139,"_18":144,"_22":23,"_24":25},"36cebc512c3735cfcff37709516871a40bb0dc417ddfc5eab7f3b3f104738e41","You are developing a solution that requires the Azure API Management (APIM) instance to authenticate to a backend service. The authentication process must be secure and aligned with best practices. The backend service supports authentication through specific methods, and you need to ensure that the APIM instance can access it without storing credentials within the APIM configuration. Which of the following policies should you apply to the APIM instance to achieve this requirement?","By using a authentication-managed-identity identity, you can authenticate to services that support Entra ID authentication without credentials in your code. In this scenario, it allows the APIM instance to authenticate to the backend service securely.",[140,141,142,143],"authentication-managed-identity","validate-jwt","check-header","set-body",[39],{"_6":146,"_8":147,"_10":148,"_12":149,"_18":155,"_22":23,"_24":25},"503302d30fbc18ef15b61c65374973fcc4ca3fd1297bdbc25af27b46791a8e59","In what unit is renewal period for Rate limiting / Quota policy?","All times are in seconds",[150,151,152,153,154],"Milliseconds","Seconds","Minutes","Hours","Days",[115],{"_6":157,"_8":158,"_10":159,"_12":160,"_18":166,"_22":23,"_24":25},"7097bb3fb30b84344638a319e628ad63750cfe7a3f2fde4b402cf07e9f52904e","In a company's API system hosted behind an Azure API Management service, you are tasked with implementing response caching. The user ID of the client must first be detected and saved. Then, the response must be cached specifically for that saved user ID. What types of policies should be used to accomplish this task?","Both inbound and outbound policies\n\n- Inbound Policy: The inbound policy is used to extract and save the user ID from the incoming request. The `` policy is used to save the user ID, and the `` policy with a custom key is used to check if a cached response exists for that user ID.\n- Outbound Policy: The outbound policy is used to store the response in the cache. The `` policy with a custom key is used to cache the response specifically for the saved user ID.\n\nTherefore, both inbound and outbound policies are needed to meet the requirements.",[161,162,163,164,165],"Inbound policy only","Outbound policy only","Both inbound and outbound policies","Backend policy only","Global policy only",[20],{"_6":168,"_8":169,"_10":170,"_12":171,"_18":176,"_22":23,"_24":25},"29f0f64ae38d09bb91b184410bd83a83d83e90c82c5b5dacc51cc301e9e04cf7","Your client, once again, complains they receive a `403 Forbidden` error when trying to access your API. It was working just 5 minutes ago, they claim. You look into this \"urgent\" problem and see no policy changes have been made, and surprise, surprise, it works on your machine(tm). How would you make client to shut up and be happy?","A `403 Forbidden` error is either an IP filter policy or an exceeded quota. Since policy rules haven't been modified, it must be a quota issue. \nNote: Cursing your clients (in your mind) is a valid/invalid solution, depending on your morals.",[172,173,174,175],"The API endpoint must be faulty, so just remove it for now and debug it later, like everything else","Add an `ip-filter` policy that allows access to your client's IP, because that's never been a problem before","Call them idiots (in your head, of course) and tell them to use a different subscription key, like you've told them a hundred times","Modify the quota policy to be more generous, because probably they have been spamming your endpoint",[21],{"_6":178,"_8":179,"_10":180,"_12":181,"_18":184,"_22":23,"_24":25},"cdbaddde8c7828ef08990a136c7aa561123e53ea0ca9f210b5ae9408617471db","Your organization offers web services to third-party clients. These services require non-anonymous access, authentication through OpenID Connect, and are accessed via APIs. To ensure secure Entra ID authentication, you decide to base it on a specific value embedded in the request query parameter. Which policy within Azure API Management should you enforce to meet this requirement?","The JWT Validation or \"validate-jwt\" policy in Azure API Management is used to validate the JWT (JSON Web Token) extracted from a specified HTTP Header or a URI query parameter. In this scenario, it allows you to securely support Entra ID authentication based on a value passed as a request query parameter. The other options do not provide this specific functionality.",[142,141,182,183],"set-header","control-client-flow",[115],{"_6":186,"_8":187,"_10":188,"_12":189,"_18":190,"_22":23,"_24":25},"2d51cf23ae45549efccbf0901a0574c3d51be6c46c0554ff308bfa50ce72b0c7","You have JSON endpoint. The client expects XML response. What policy should be applied?","Response is transformed in outbound section",[31,32,33,34,35,36,37],[191],5,{"_6":193,"_8":194,"_10":195,"_12":196,"_18":200,"_22":23,"_24":25},"04363fe5a3cabd750c902fd5844d51c5c5d22d467cea7bd36b9ba94bc131e569","Which of the following API Management policies would one use if one wants to apply a policy based on a condition?","The choose policy applies enclosed policy statements based on the outcome of evaluation of boolean expressions. \nThe forward-request policy forwards the incoming request to the backend service specified in the request context. \nThe return-response policy aborts pipeline execution and returns either a default or custom response to the caller.",[197,198,199],"forward-request","choose","return-response",[115],{"_6":202,"_8":203,"_10":204,"_12":205,"_18":211,"_22":23,"_24":25},"8a857bd281f3cf43da00da29e45430c07d13be300c35285f75c8d80412a652db","An API is integrated into an Azure API Management (APIM) gateway and is utilized by client applications worldwide. You are tasked with granting access to 10 new operations exclusively to a select group of 200 beta developers around the world. How can you enable these developers to test the new operations using the existing API URL?","Header-based versioning uses custom HTTP headers to determine the version of the API to be accessed. This allows different versions of the API to be accessed through the same URL.",[206,207,208,209,210],"Implement a revision in Azure API Management.","Implement path-based versioning.","Implement header-based versioning.","Implement query string-based versioning.","Create separate gateways.",[20],{"_6":213,"_8":214,"_10":215,"_12":216,"_18":217,"_22":23,"_24":25},"878c71095c034c708745cfeb10bafe250f9e5bc384b7fce075dc41416ff40212","You receive `401 Access Denied` trying to get access to your API instance. What is happening?","Pass a valid subsription key. \nServer errors are `5XX`, quota and ip restrictions are `403`.",[14,15,16,17],[115],{"_6":219,"_8":220,"_10":221,"_12":222,"_18":226,"_22":23,"_24":25},"90b4ba1ec5f4fdee73456a345807ee80935c4292381f2ed4e5b8f10ee9a32646","What rule should be used to cache this URL: `https://myapi.azure-api.net/items?id=123456`?","Use `id` to store the value. \n`items` is not valid query parameter. `cache-lookup-value` is for retrieving cached value by name.",[64,223,224,225,65,66],"`

`","``","``",[115],{"_6":228,"_8":229,"_10":230,"_12":231,"_18":236,"_22":23,"_24":25},"68c45edc79c3ebcfe23302a9599723d2d52b73cf06728e07197b1a88443e503e","When attempting to access an API through Microsoft's API Management, a developer receives a `401 Access Denied error`. What could be the possible reasons for this error, and how can it be fixed? Select the correct options.","The key can be included in the request header as \"Ocp-Apim-Subscription-Key\" or as a query string \"subscription-key.\" Additionally, the API must be added to a product in the Azure Portal, which applies to a particular product (a collection of APIs) in API Management.",[232,233,234,235],"Add the API to product in Azure Portal","Include the `Ocp-Apim-Subscription-Key` header in the HTTP request.","Add the check-header policy statement for the Authorization header.","Disable OAuth2.0 in the API Management gateway.",[39,115],{"_6":238,"_8":239,"_10":240,"_12":241,"_18":242,"_22":23,"_24":25},"b8af13895a31820a5d120dfc0c8156ecab87bdf59be7e37536f8109399c9d6cf","Your organization has implemented Azure API Management (APIM) and requires a custom TLS/SSL certificate for securing communication. The certificate must be obtained from Azure Key Vault, and the process must adhere to security best practices without hardcoding any secrets or credentials in the APIM configuration. Which of the following policies should you apply to the APIM instance to fulfill this requirement?","By using a authentication-managed-identity identity, the APIM instance can authenticate to Azure Key Vault and retrieve the custom TLS/SSL certificate securely without needing to store any credentials in the code or configuration.",[140,141,142,143],[39],{"_6":244,"_8":245,"_10":246,"_12":247,"_18":252,"_22":23,"_24":25},"461f77bd010119f38b27f9c3d8a3c78d55c772860b3568d7d8e3ce61f5e2b776","A company uses Azure API Management to publish APIs for external consultants. The API needs to forward the user ID associated with the subscription key to the back-end service. Which type of policy should be used for this requirement?","Forwarding the user ID that is associated with the subscription key to the back-end service would be done in an inbound policy.\n\n```xml\n\n \n \n @(context.Subscription.Id)\n \n \n\n\n```",[248,249,250,251],"Inbound","Outbound","Backend","Error",[39],{"_6":254,"_8":255,"_10":256,"_12":257,"_18":264,"_22":23,"_24":25},"e89966f40a5abb69b75d25bb0877934de5154c7c91d5aac29f70f4aa96b3364c","You are setting up an API Management instance to manage your organization's various API services. You have a REST API developed in-house that is already exposed to the public internet. What is the first step you should take before incorporating this REST API into the API Management instance?","OpenAPI specification enables Azure API Management to automatically discover the endpoints and methods supported by the API.",[258,259,260,261,262,263],"Establish a VPN connection between the in-house network and Azure.","Generate OpenAPI specification for the REST API.","Move the API to Azure Functions.","Implement OAuth 2.0 authentication for the API.","Set up a load balancer for the API in Azure.","Set up a self-hosted gateway between the internal network and Azure.",[115],{"_6":266,"_8":267,"_10":268,"_12":269,"_18":276,"_22":23,"_24":25},"8da4afca735cff5a02f2deabd9654474bf4cb863a444eccfc22c9f16db8e8681","What rule should be used to cache this URL: `https://myapi.azure-api.net/me`?","This looks like user endpoint, `Authorization` header could be used.",[270,60,271,272,273,274,275],"`

Authorization

`","`

`","``","``","``","``",[39],"actionData","errors"]

AZ-204 Quiz

← Back to Topics