Posted by: Pdfprep
Post Date: October 28, 2021
You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
✑ Use API Management to access the services
✑ Use OpenID Connect for authentication
✑ Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?
A . jsonp
B . authentication-certificate
C . check-header
D . validate-jwt
Answer: D
Explanation:
Add the validate-jwt policy to validate the OAuth token for every incoming request.
Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
Leave a Reply