You plan to deploy an API by using Azure API Management.
You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.
What should you recommend?
You plan to deploy an API by using Azure API Management.
You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.
What should you recommend?
To protect an API from a distributed denial of service (DDoS) attack, the best recommendation among the options provided is to enable rate limiting. Rate limiting helps mitigate DDoS attacks by restricting the number of requests a client can make to the server within a certain timeframe. This prevents any single client from overwhelming the system with too many requests, which is a common tactic in DDoS attacks. Other options such as stripping the Powered-By response header, enabling quotas, or creating network security groups (NSGs) do not directly address the mechanism of mitigating high request rates from multiple sources, as rate limiting does.
Rate limit should be correct! A rate limiting solution measures the amount of time between each request from each IP address, and also measures the number of requests within a specified timeframe. If there are too many requests from a single IP within the given timeframe, the rate limiting solution will not fulfill the IP address's requests for a certain amount of time. [Copied] Ref: https://www.examtopics.com/discussions/microsoft/view/7189-exam-az-301-topic-6-question-21-discussion/
A and C are wrong for sure NSG is for allowing and blocking traffic flow so answer is B rate limiting
Correct
Correct - https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies
Based on this: https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-flexible-throttling#rate-limits-and-quotas
I don't think this is a good question as DDoS is enabled by default. Rate limiting only works by key, so this question is assuming the attackers have limited keys at their disposal....a reasonable assumption, but again, rate limiting isn't meant to protect against DDoS.