exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 9 discussion

Actual exam question from Microsoft's AZ-305
Question #: 9
Topic #: 4
[All AZ-305 Questions]

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
✑ The number of incoming microservice calls must be rate-limited.
✑ Costs must be minimized.
What should you include in the solution?

  • A. Azure App Gateway with Azure Web Application Firewall (WAF)
  • B. Azure API Management Standard tier with a service endpoint
  • C. Azure Front Door with Azure Web Application Firewall (WAF)
  • D. Azure API Management Premium tier with virtual network connection
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
malcubierre
Highly Voted 1 year, 8 months ago
Selected Answer: D
A: No rate limited B: Does not have Private Endpoint integration C: Does not make sense, and does not rate limited D: OK, rate limited + PE integration
upvoted 16 times
...
Greysi
Highly Voted 2 years, 11 months ago
Selected Answer: D
D is correct answer!
upvoted 15 times
...
robinhoHH
Most Recent 6 days, 11 hours ago
Selected Answer: B
Azure API Management (Standard tier) can expose a private IP through service endpoints when deployed in the same virtual network as the AKS cluster.
upvoted 1 times
...
SeMo0o0o0o
3 weeks, 1 day ago
Selected Answer: D
D is correct
upvoted 1 times
...
enigma65
1 month ago
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
upvoted 1 times
...
84e067a
1 month, 2 weeks ago
Selected Answer: B
MS Copilot says: Azure API Management Premium tier with virtual network connection would work, it offers more features than you need and at a higher cost. The Standard tier with service endpoints is a better fit for your requirements, balancing cost and functionality effectively.
upvoted 2 times
...
goldist
1 month, 2 weeks ago
Selected Answer: B
Microservices are meant to be accessible from the virtual network so just a service endpoint is enough. No need for a premium tier.
upvoted 3 times
...
Sephethus
2 months, 3 weeks ago
Why D? There's no mention of this microservice application being an API.
upvoted 1 times
...
Len83
3 months, 3 weeks ago
This question appeared in the exam, August 2024. I gave this same answer listed here. I scored 870
upvoted 2 times
...
photon99
9 months, 1 week ago
I think the answer should be Azure App Gateway with Azure Web Application Firewall (WAF). Beacuse the API managemnt is Charged HOURLY basis. App Gw supports rate limiting: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/rate-limiting-overview
upvoted 2 times
bazylson
9 months ago
API Management also supports rate-limiting: https://learn.microsoft.com/en-us/azure/api-management/rate-limit-policy
upvoted 1 times
...
...
Tr619899
1 year, 6 months ago
The best option to meet the requirements you mentioned would be to use Azure API Management with a virtual network connection. This can be achieved with the Premium tier of Azure API Management. This will allow you to restrict ingress access to a single private IP address and protect it using mutual TLS authentication. Additionally, Azure API Management provides rate limiting capabilities and can be deployed within a virtual network to minimize costs. So, the correct answer is D. Azure API Management Premium tier with virtual network connection.
upvoted 6 times
...
NotMeAnyWay
1 year, 8 months ago
Selected Answer: D
D. Azure API Management Premium tier with a virtual network connection Azure API Management Premium tier supports virtual network integration, which allows you to restrict ingress access to the microservices to a single private IP address within the virtual network. This tier also supports mutual TLS authentication, rate-limiting policies, and provides a solution for exposing the microservices to the consumer apps while minimizing costs.
upvoted 13 times
...
JohnPhan
1 year, 8 months ago
Selected Answer: D
D is correct answer!
upvoted 1 times
...
OPT_001122
1 year, 9 months ago
Selected Answer: D
D. Azure API Management Premium tier with virtual network connection
upvoted 1 times
...
orionduo
1 year, 10 months ago
Selected Answer: D
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
upvoted 1 times
...
VBK8579
1 year, 10 months ago
Selected Answer: D
Option D, Azure API Management Premium tier with virtual network connection, can meet the requirements mentioned in the question. Azure API Management service can be deployed in a virtual network and access to the microservices can be restricted to a single private IP address by using a virtual network connection. Azure API Management also supports mutual TLS authentication and rate limiting.
upvoted 1 times
...
rjcverar
1 year, 12 months ago
Selected Answer: D
D Indeed. =) Happy test everyone
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...