exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 108 discussion

Actual exam question from Microsoft's AZ-305
Question #: 108
Topic #: 4
[All AZ-305 Questions]

DRAG DROP
-

You plan to deploy an infrastructure solution that will contain the following configurations:
• External users will access the infrastructure by using Azure Front Door.
• External user access to the backend APIs hosted in Azure Kubernetes Service (AKS) will be controlled by using Azure API Management.
• External users will be authenticated by an Azure AD B2C tenant that uses OpenID Connect-based federation with a third-party identity provider.

Which function does each service provide? To answer, drag the appropriate functions to the correct services. Each function may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
MenadeCai
Highly Voted 1 year, 2 months ago
Correct answers should be: - Front Door --> OWASP - APIM --> Validation JWT
upvoted 43 times
...
Som_triv
Highly Voted 1 year, 2 months ago
Front Door - OWASP with WAF APIM - JWT VALIDATION and IP filtering https://learn.microsoft.com/en-us/azure/api-management/ip-filter-policy https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy
upvoted 16 times
ValB
3 months, 1 week ago
IP filtering for consumers which normally have varying IP addresses does not make sense.
upvoted 2 times
...
marcellov
1 year, 2 months ago
I wasn't sure I could select 2 functions for APIM but indeed that is the right answer.
upvoted 2 times
mmarkiew
1 year ago
Is IP filtering even needed for this solution, given it's B2C? Why would we want to restrict IP addresses?
upvoted 2 times
...
...
...
SeMo0o0o0o
Most Recent 2 weeks, 6 days ago
WRONG 1. Protection against Open Web Application Security Project (OWASP) 2. Validation of Azure AD B2C JSON Web Tokens (JWTs)
upvoted 1 times
...
cosmicT73
1 month, 1 week ago
had this question in my exam this month , i selected : Front Door - OWASP APIM - JWT VALIDATION, scored 925
upvoted 3 times
...
_punky_
1 month, 1 week ago
0WASP & IP filtering
upvoted 1 times
...
cosmicT73
2 months ago
Front Door: Protection against Open Web Application Security Project (OWASP) API Management: IP filtering on a per-API level (it could be an option if needed, why to eliminate if it is one of the capabilities of the APIM Validation of Azure AD B2C JSON Web Tokens (JWTs)
upvoted 1 times
...
raj29oct
2 months, 2 weeks ago
in todays Exam 21-Sept-2024, passed with 843, not sure about given ans but i selected - Front Door --> OWASP - APIM --> Validation JWT as per below discussion and i feel it was correct
upvoted 1 times
...
Len83
3 months, 4 weeks ago
This question appeared in the exam, August 2024. The question doesn't mention any requirement to IP-filter on a per-API basis so for box 1, I answered Protection against OWASP and for Box 2 I entered Validation of JWTs. I scored 870
upvoted 2 times
...
Lazylinux
7 months, 2 weeks ago
Given answer is incorrect, The firs one is obvious as it is one of functions of Azure FD ->OWASP 2nd API management does both JWT VALIDATION and IP filtering however JWT VALIDATION comes first, however there are number of tiers and hence some may not support IP filtering => Consumption, Developer, Basic, Standard , Premium, IsolatedPreview Follow below
upvoted 2 times
Lazylinux
7 months, 2 weeks ago
All requests from client applications first reach the API gateway, which then forwards them to respective backend services. It enables consistent configuration of routing, security, throttling, caching, and observability. Specifically, the gateway: *Acts as a facade to backend services by accepting API calls and routing them to appropriate backends *Verifies API keys and other credentials such as JWT tokens and certificates presented with requests *Enforces usage quotas and rate limits *Optionally transforms requests and responses as specified in policy statements *If configured, caches responses to improve response latency and minimize the load on backend services *Emits logs, metrics, and traces for monitoring, reporting, and troubleshooting
upvoted 2 times
...
...
9b03b96
8 months ago
Appeared on the test, 3 April, 24. Answered Front Door -> OWASP and APIM -> Validation JWT. Passed with 840.
upvoted 4 times
...
varinder82
8 months ago
Final Answer: - Front Door --> OWASP - APIM --> Validation JWT
upvoted 3 times
...
Fidel_104
9 months ago
Got this on today's exam (March of 2024), answered OWASP / JWT and passed the exam. Thanks guys for the votes & comments, this was a useful learning resource.
upvoted 2 times
...
177c705
9 months, 1 week ago
Front Door - OWASP with WAF APIM - JWT VALIDATION and IP filtering !!
upvoted 2 times
...
[Removed]
10 months, 4 weeks ago
Since we don't know the SKU for the Azure Front Door deployment (not all tiers support WAF, only the premium SKU does that), I tend to agree with: Front Door: IP Filtering on a per-API level API Management: JWT validation
upvoted 1 times
...
Santosh4u
11 months, 3 weeks ago
Looks like the give answer is correct: https://learn.microsoft.com/en-us/azure/architecture/solution-ideas/articles/protect-backend-apis-azure-management
upvoted 3 times
...
BShelat
11 months, 4 weeks ago
Front Door SKU (Classic, standard or Premium) information is not given and we cannot assume that it is Premium SKU. Only Premium SKU has WAF so protection against OWASP is ruled out as it is function of WAF. Front Door provides IP Filtering per API level but cannot validate B2C JWTs. API management can validate B2C JWTs.
upvoted 2 times
...
BShelat
11 months, 4 weeks ago
Azure Front Door has three SKUs. Classic, Standard and Premium. In this question SKU information is not given. Classic version just do load balancing of https traffic across regions. We need CDN & WAF as additional components if it is Classic SKU. Standard SKU is basically Azure Front Door classic + CDN and Premium SKU = standard + WAF. Considering this fact I would rule out mapping the Function "Protection ....(OWASP) vulnerabilities" to Front Door because WAF performs that and we do not have enough information of Front Door SKU here. So answers given here are correct.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...