You are developing several Azure API Management (APIM) hosted APIs.
You must transform the APIs to hide private backend information and obscure the technology stack used to implement the backend processing.
You need to protect all APIs.
What should you do?
To protect all APIs and ensure that private backend information and the technology stack are obscured, you should configure and apply a new outbound policy scoped globally. This type of policy will uniformly transform the responses of all APIs within your Azure API Management instance, which aligns perfectly with the goal of hiding backend details and technological specifics across the board.
All APIs -> global
To safeguard private backend information and mask the underlying technology stack utilized in the backend processes of your Azure API Management (APIM) hosted APIs, implement and apply a fresh global-scoped outbound policy. This policy will uniformly apply the necessary transformations and concealments to the responses of all APIs within your APIM instance, ensuring a consistent approach to securing backend details and technology stack disclosure. So C
Its 'C'. Check https://learn.microsoft.com/en-us/azure/api-management/set-edit-policies?tabs=form
B is correct refer to below link https://learn.microsoft.com/en-us/azure/api-management/transform-api
Why not C?
Answer : C https://learn.microsoft.com/en-us/azure/api-management/transform-api#replace-original-urls-in-the-body-of-the-api-response-with-api-management-gateway-urls The question says to '...hide private backend information and obscure the technology stack.' Per this MS doc replacing backend URLs and other server info is done in the Outbound processing.
Sorry this could also have meant answer B.
Retract this, correct answer is C.
Answer C https://learn.microsoft.com/en-us/azure/api-management/transform-api#set-the-transformation-policy-1 If you look at the outbound settings they are global in nature. E.g. 'Mask URLs in content' is global.
C. Configure and apply a new outbound policy scoped to global. By configuring and applying a global outbound policy, you can transform the responses from all APIs in your Azure API Management instance. This will help you hide private backend information and obscure the technology stack used for backend processing across all APIs.
I agree with you. As far as I understand in the document, the operation scope is related only to one specific API https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-policies#scopes
It should be an outbound policy. The articles says you shoyld select 'All operations', so either you take that as 'global' and go for C, or there is a typo in B and it should have said 'All operations'
Maybe is B: https://learn.microsoft.com/en-us/azure/api-management/transform-api
The question says you are developing 'several Azure API...". Not seeing why it would be only to the operation when Operation relates to a "single operation in an API".
Selected Answer C: Global scope is for All APIs in your API Management Instance. And since we need to protect all the APIs the, we want an outbound policy with a global scope. Ans
Add outbound policy -> Set headers and the scope should be global (transform the APIs - no mention of specific operation)
C: You need to protect all APIs ("All operations")
C, is a global policy. Check https://learn.microsoft.com/en-us/azure/api-management/transform-api. "Select Demo Conference API > Design > All operations."