Configuring Azure API Management Instance Authentication Policies for HTTP Strict Transport Security (HSTS) - Azure Exam AZ-204

Azure API Management Authentication Policies

Q: You provide an Azure API Management managed web service to clients.The back-end web service implements HTTP Strict Transport Security (HSTS)Every request to the backend service must include a valid HTTP authorization header.You need to configure the Azure API Management instance with an authentication policy.Which two policies can you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

Certificate AuthenticationOAuth Client Credential Grant.

Prev Question Next Question

Question

You provide an Azure API Management managed web service to clients.

The back-end web service implements HTTP Strict Transport Security (HSTS)

Every request to the backend service must include a valid HTTP authorization header.

You need to configure the Azure API Management instance with an authentication policy.

Which two policies can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Answers

A. Basic Authentication

B. Digest Authentication

C. Certificate Authentication

D. OAuth Client Credential Grant.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

CD.

The correct policies that can be used to configure Azure API Management instance with an authentication policy to meet the requirement of including a valid HTTP authorization header with every request to the backend web service that implements HTTP Strict Transport Security (HSTS) are:

A. Basic Authentication C. Certificate Authentication

Here's a detailed explanation for each policy:

A. Basic Authentication: The Basic authentication policy can be used to configure Azure API Management instance with an authentication policy to authenticate the requests by adding a valid HTTP authorization header that contains a username and password. This policy uses the standard HTTP Basic authentication scheme to send the credentials in clear text with each request. Therefore, it is recommended to use this policy only over secure HTTPS connections.

C. Certificate Authentication: The Certificate authentication policy can be used to configure Azure API Management instance with an authentication policy to authenticate the requests by adding a valid HTTP authorization header that contains a client certificate. This policy uses the SSL/TLS mutual authentication mechanism to verify the identity of the client before forwarding the request to the backend service. This policy is more secure than Basic authentication as it does not send the credentials in clear text with each request. However, it requires the clients to have a valid client certificate.

B. Digest Authentication: The Digest authentication policy can't be used to meet the requirement of including a valid HTTP authorization header with every request to the backend web service that implements HTTP Strict Transport Security (HSTS). This policy uses a more secure challenge-response mechanism to send the credentials in a hashed form with each request. However, it is not supported by all clients and servers.

D. OAuth Client Credential Grant: The OAuth Client Credential Grant policy can't be used to meet the requirement of including a valid HTTP authorization header with every request to the backend web service that implements HTTP Strict Transport Security (HSTS). This policy is used to obtain an access token that can be used to access protected resources on behalf of a client. It does not add the required authorization header with each request.

Prev Question Next Question