AZ-204 Certification Practice Question #119

Question

You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS).
Every request to the backend service must include a valid HTTP authorization header.
You need to configure the Azure API Management instance with an authentication policy.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

Accepted Answer

In Azure API Management, the two primary built-in backend authentication policies are **Basic Authentication** (`authentication-basic`) and **Certificate Authentication** (`authentication-certificate`). Although client certificates authenticate at the Transport layer (mutual TLS) rather than the HTTP application layer (Authorization header), these are the only two valid built-in API Management backend authentication policies among the choices, making A and C the correct answers.

More AZ-204 practice questions