Microsoft AZ-305 Exam - Topic 5 Question 11 Discussion

Actual exam question for Microsoft's AZ-305 exam

Question #: 11
Topic #: 5

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.

You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:

* Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.

* The number of incoming microservice calls must be rate-limited.

* Costs must be minimized.

What should you include in the solution?

AAzure API Management Premium tier with virtual network connection

BAzure Front Door with Azure Web Application Firewall (WAF)

CAzure API Management Standard tier with a service endpoint

DAzure App Gateway with Azure Web Application Firewall (WAF)

Show Suggested Answer

Suggested Answer: A

One option is to deploy APIM (API Management) inside the cluster VNet.

The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.

https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes

by Amie at May 09, 2022, 02:42 PM

Limited Time Offer

25%

Off

Get Premium AZ-305 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bronwyn

4 months ago

Wait, mutual TLS with just a standard tier? That sounds off!

upvoted 0 times

...

Caprice

5 months ago

D could work, but not sure about the cost.

upvoted 0 times

...

Tresa

5 months ago

C seems too basic for this setup.

upvoted 0 times

...

Loreen

5 months ago

I think B is better for WAF features.

upvoted 0 times

...

Phuong

5 months ago

Gotta go with A for private IP and mutual TLS!

upvoted 0 times

...

Noah

5 months ago

I recall that Azure App Gateway can do WAF and has some rate-limiting features, but I’m not sure if it meets all the requirements for mutual TLS.

upvoted 0 times

...

Jade

5 months ago

I’m a bit confused about the difference between Azure Front Door and API Management for this scenario. I know Front Door is more for global distribution.

upvoted 0 times

...

Lucy

5 months ago

I think we practiced a similar question where we had to consider cost and security. I feel like Azure API Management is the best fit here.

upvoted 0 times

...

Lajuana

5 months ago

I remember studying about API Management and its tiers, but I'm not sure if the Standard tier can handle mutual TLS like the Premium tier.

upvoted 0 times

...

Anglea

5 months ago

I'm a little confused by the wording of these options. They seem to be describing different cloud-related capabilities, but I'm not sure which one specifically matches the purpose of the Cloud Decision Framework. I'll have to re-read the question and options more closely.

upvoted 0 times

...

Teri

5 months ago

Alright, this is a good one. I think I know the answer, but I want to double-check the details in the configuration to make sure I'm not missing anything.

upvoted 0 times

...

Robt

5 months ago

This one seems pretty straightforward. The business analyst is responsible for defining the business need, so I'm going with option C.

upvoted 0 times

...

Vincenza

6 months ago

I think the role that allows viewing application-related data is the appReadonly role, but I'm not completely sure. It sounds familiar from our last review session.

upvoted 0 times

...