You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS).
Every request to the backend service must include a valid HTTP authorization header.
You need to configure the Azure API Management instance with an authentication policy.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
To meet the requirement of including a valid HTTP authorization header in every request to the backend service, Basic Authentication and Certificate Authentication can be used. Basic Authentication directly includes the authorization header in the request, fulfilling the requirement without additional complexity. Similarly, Certificate Authentication, while not using the traditional authorization header, still meets the necessary security and authorization criteria via client certificates.
Should be BC https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies
For those who are asking is it AC or BC The requirement is asking for the backend service to include a valid HTTP authorization header, B is the minimum that we can do to achieve the goal; you can do A, but it is overkill and it will require more steps to achieve, not the best option for this requirement.
Agree. As @lq said, option A is not a policy Microsoft offers
It should be AB. Certification authentication does not use the Authorization header so it doesn't match the requirements. Example of implementing OAuth Client Credential Grant in API Management: https://platform.deloitte.com.au/articles/oauth2-client-credentials-flow-on-azure-api-management
I think AB is correct because Basic and OAuth are using Authorization Header
I agree
B,C correct
Correct answer are B and C Link : https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies
Should be B and C option A is not a policy Microsoft offers
AC is correct
B, C Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies
This is true! For all who make the same mistake as I did (because it did not read carefully enough): The question is about authentication between APIM and backend (and has nothing to do with the user authentication!)
So it should be AC or BC ?
Authentication policies Authenticate with Basic - Authenticate with a backend service using Basic authentication. Authenticate with client certificate - Authenticate with a backend service using client certificates. Authenticate with managed identity - Authenticate with the managed identity for the API Management service. https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies