Note: The question is included in a number of questions that depicts the identical set-up.
However, every question has a distinctive result.
Establish if the solution satisfies the requirements.
You are developing a solution for a public facing API.
The API back end is hosted in an Azure App Service instance.
You have implemented a RESTful service for the API back end.
You must configure back-end authentication for the API Management service instance.
Solution: You configure Basic gateway credentials for the Azure resource.
Does the solution meet the goal?
Click on the arrows to vote for the correct answer
A. B.B.
API Management allows to secure access to the back-end service of an API using client certificates.
https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-backend-entityThe solution provided in the question is to configure Basic gateway credentials for the Azure resource to enable back-end authentication for the API Management service instance.
Basic authentication is a simple authentication scheme that involves sending a user's credentials (username and password) in clear text over the network. While Basic authentication is easy to implement and widely supported, it is generally considered to be a weak form of authentication because the credentials are transmitted in clear text and can be intercepted by attackers.
Therefore, the use of Basic authentication for the API Management service instance raises security concerns as it transmits credentials over the network in clear text, making it vulnerable to attacks such as eavesdropping and man-in-the-middle attacks.
In addition, the use of Basic authentication does not provide strong security mechanisms such as multi-factor authentication, conditional access, or role-based access control. Therefore, it may not meet the security requirements for a public-facing API that requires back-end authentication.
In conclusion, the solution provided in the question does not meet the goal of configuring a secure back-end authentication for the API Management service instance, and the correct answer is B. No.