Protecting Azure API Management from DDoS Attacks

C

To protect an API deployed using Azure API Management from a distributed denial of service (DDoS) attack, the recommended solution is to enable rate limiting. Therefore, the correct answer is C.

Explanation:

A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server or network by overwhelming it with a flood of internet traffic. To mitigate such attacks, Azure API Management offers several security features, including rate limiting, IP filtering, and quotas.

Enabling rate limiting allows the API management service to limit the number of requests per second or minute that a specific client or IP address can send to the API. This helps to prevent an attacker from flooding the API with too many requests, which can result in a denial of service. Rate limiting can be configured at different levels, including the API, operation, and product levels.

Network security groups (NSGs) are used to filter network traffic to and from Azure resources based on source and destination IP addresses, ports, and protocols. NSGs can be used to restrict traffic to known sources or to block traffic from certain IP addresses or regions. However, NSGs alone are not sufficient to protect an API from a DDoS attack.

Enabling quotas limits the amount of data that can be accessed by a client during a specified time period. This is useful to prevent abuse of the API or to restrict access to certain clients, but it does not directly address the issue of DDoS attacks.

Stripping the Powered-By response header is a technique used to remove the server software signature from the HTTP response headers. This can help to hide the details of the server software, but it does not provide any protection against DDoS attacks.

Therefore, the correct solution to protect an API deployed using Azure API Management from a DDoS attack is to enable rate limiting.