AZ-304 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-304 Exam - Question 197

Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.

Contoso establishes a partnership with another company named Fabrikam, Inc.

Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.

Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.

You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:

✑ Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.

✑ The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.

✑ The solution must NOT require changes to the logic apps.

✑ The solution must NOT use Azure AD guest accounts.

What should you include in the solution?

Show Answer
Correct Answer: C

C

API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.

You can secure API Management using the OAuth 2.0 client credentials flow.

Incorrect Answers:

A: Azure Active Directory B2B uses guest users.

B: Azure Front Door is an Application Delivery Network (ADN) as a service, offering various layer 7 load-balancing capabilities for your applications.

Azure Front Door supports HTTP, HTTPS and HTTP/2.

Applications can be authorized through OAuth 2.0.

D: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the

Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.

Application Proxy works with:

✑ Web applications that use Integrated Windows Authentication for authentication

Web applications that use form-based or header-based access

Exam AZ-304 Question 197

Reference:

https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts

Discussion

9 comments
Sign in to comment
BoxMan
Nov 10, 2020

Correct, C. Azure API Management. You can eliminate B swiftly as it is a global entry portal. A as it requires Guest Accounts in AAD. D as it is “just” a proxy solution for on-premises Web Applications The policies required to rate limit are part of the API Management feature (link in the original answer) and further details to respond to other parts of the requirements are here: https://docs.microsoft.com/en-us/azure/api-management/api-management-features

BoxGhost
Aug 23, 2021

A - Uses guest accounts, does not meet the requirements https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b B - AFD is a frontend for web apps, nothing to do with identity management C - Meets the requirements, it supports oauth https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2 D - App proxy is to serve on-premise apps to be accessible over the internet, does not help here

ManSinhLee
Nov 28, 2021

I have no idea :)))

Ali526
Feb 20, 2022

You got company.

modiallo
Jul 2, 2021

Correct answer https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts

syu31svc
Oct 5, 2021

https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enable-oauth-20-user-authorization-in-the-developer-console Answer is C

bc5468521
Nov 5, 2020

I will choose A, B2B. B2B does not require guests to have AAD service. Email is good enough. then grant sufficient permission to the guest user.

pentum7
Nov 8, 2020

"Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. " ..... "Guest users sign in to your apps and services with their own work, school, or social identities." B2B seems to be centered around use of Guest Accounts? But the question requires us not to use Guest Accounts. I think B is still correct

pentum7
Nov 8, 2020

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b

pentum7
Nov 8, 2020

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b

David_986969
Nov 9, 2020

It says fabrikan does not have an AD so it would be more work to implement b2b

tita_tovenaar
Jul 28, 2021

You're right, B2B seems to fit the bill. APIM can surely cover part of it, but the question refers to Fabricam 'using a subset of the logic apps to ... integrate with on-prem web service of Contoso'. Think that is too much to chew for APIM.

demonite
May 31, 2021

Answer is APIM, you can have it as external access for the devs, it can also have a policy for rate limits

David_986969
Sep 30, 2020

Does azure API management gives access to logical apps?

David_986969
Sep 30, 2020

I did not see anything about logic apps in the link, so I may think its wrong

bobbyjones
Oct 3, 2020

Yes, https://docs.microsoft.com/en-us/azure/api-management/import-logic-app-as-api

Spooky7
Oct 7, 2021

It was said that logic app has http trigger, so anything can access logic app.

leo_az300
Sep 25, 2021

I'll go with API Management. As Guest Group in API management, Policy and Developer Portal meet all requirements. About AAD B2B option. Yes, you can invite Fabrikan devs as guest user in you subscription then set up IAM roles. But doesn't this against the last requirement "NOT use AAD Guest account"? [After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. ] ref: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator