Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 4 question 9 discussion

Actual exam question from Microsoft's AZ-305
Question #: 9
Topic #: 4
[All AZ-305 Questions]

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
✑ The number of incoming microservice calls must be rate-limited.
✑ Costs must be minimized.
What should you include in the solution?

  • A. Azure App Gateway with Azure Web Application Firewall (WAF)
  • B. Azure API Management Standard tier with a service endpoint
  • C. Azure Front Door with Azure Web Application Firewall (WAF)
  • D. Azure API Management Premium tier with virtual network connection
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by default_wizard at Dec. 13, 2021, 7:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Greysi
Highly Voted 2 years, 10 months ago
Selected Answer: D
D is correct answer!
upvoted 15 times
...
malcubierre
Highly Voted 1 year, 7 months ago
Selected Answer: D
A: No rate limited B: Does not have Private Endpoint integration C: Does not make sense, and does not rate limited D: OK, rate limited + PE integration
upvoted 15 times
...
enigma65
Most Recent 16 hours, 1 minute ago
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
upvoted 1 times
...
84e067a
1 week, 3 days ago
Selected Answer: B
MS Copilot says: Azure API Management Premium tier with virtual network connection would work, it offers more features than you need and at a higher cost. The Standard tier with service endpoints is a better fit for your requirements, balancing cost and functionality effectively.
upvoted 1 times
...
goldist
2 weeks ago
Selected Answer: B
Microservices are meant to be accessible from the virtual network so just a service endpoint is enough. No need for a premium tier.
upvoted 2 times
...
Sephethus
1 month, 2 weeks ago
Why D? There's no mention of this microservice application being an API.
upvoted 1 times
...
Len83
2 months, 3 weeks ago
This question appeared in the exam, August 2024. I gave this same answer listed here. I scored 870
upvoted 2 times
...
photon99
8 months ago
I think the answer should be Azure App Gateway with Azure Web Application Firewall (WAF). Beacuse the API managemnt is Charged HOURLY basis. App Gw supports rate limiting: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview
upvoted 2 times
bazylson
7 months, 4 weeks ago
API Management also supports rate-limiting: https://learn.microsoft.com/en-us/azure/api-management/rate-limit-policy
upvoted 1 times
...
...
Tr619899
1 year, 5 months ago
The best option to meet the requirements you mentioned would be to use Azure API Management with a virtual network connection. This can be achieved with the Premium tier of Azure API Management. This will allow you to restrict ingress access to a single private IP address and protect it using mutual TLS authentication. Additionally, Azure API Management provides rate limiting capabilities and can be deployed within a virtual network to minimize costs. So, the correct answer is D. Azure API Management Premium tier with virtual network connection.
upvoted 5 times
...
NotMeAnyWay
1 year, 7 months ago
Selected Answer: D
D. Azure API Management Premium tier with a virtual network connection Azure API Management Premium tier supports virtual network integration, which allows you to restrict ingress access to the microservices to a single private IP address within the virtual network. This tier also supports mutual TLS authentication, rate-limiting policies, and provides a solution for exposing the microservices to the consumer apps while minimizing costs.
upvoted 12 times
...
JohnPhan
1 year, 7 months ago
Selected Answer: D
D is correct answer!
upvoted 1 times
...
OPT_001122
1 year, 8 months ago
Selected Answer: D
D. Azure API Management Premium tier with virtual network connection
upvoted 1 times
...
orionduo
1 year, 8 months ago
Selected Answer: D
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
upvoted 1 times
...
VBK8579
1 year, 9 months ago
Selected Answer: D
Option D, Azure API Management Premium tier with virtual network connection, can meet the requirements mentioned in the question. Azure API Management service can be deployed in a virtual network and access to the microservices can be restricted to a single private IP address by using a virtual network connection. Azure API Management also supports mutual TLS authentication and rate limiting.
upvoted 1 times
...
rjcverar
1 year, 11 months ago
Selected Answer: D
D Indeed. =) Happy test everyone
upvoted 3 times
...
GarryK
2 years, 1 month ago
Selected Answer: D
https://docs.microsoft.com/en-us/azure/api-management/virtual-network-concepts?tabs=stv2 Vnet = Dev or Premium or Private Endpoint. Service Endpoint is not available
upvoted 9 times
...
Snownoodles
2 years, 1 month ago
Selected Answer: B
Private service endpoint support is available in the Premium, Standard, Basic, and Developer tiers of API Management. https://docs.microsoft.com/en-us/azure/api-management/private-endpoint
upvoted 1 times
Snownoodles
2 years, 1 month ago
Sorry, correct answer is D, since B is talking about service endpoint.
upvoted 4 times
...
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel