52 Questions
In API Management, who can create or invite developers to join an instance?
Administrators
What are policies in API Management?
A collection of statements executed on the request or response of an API
Where can policies be applied in API Management?
Global (all APIs), a product, a specific API, or an API operation
What are some popular statements used in policies in API Management?
Format conversion from XML to JSON and call rate limiting
What components make up Azure API Management?
API gateway, management plane, developer portal
What is the purpose of products in API Management?
To surface APIs to developers
What is the difference between Open and Protected products in API Management?
Protected products require subscription, while open products can be used without a subscription
What are groups used for in API Management?
Manage the visibility of products to developers
What are the core functionalities provided by API Management?
Developer engagement, business insights, analytics, security, and protection
What is the difference between Open and Protected products in API Management?
Protected products require subscription before use, while open products can be used without a subscription
What are groups used for in API Management?
Manage the visibility of products to developers
What are the immutable system groups in API Management?
Administrator, developer, guest
What are developers in API Management?
User accounts representing individuals who can create or join an instance
What is the purpose of policies in API Management?
To execute a collection of statements sequentially on the request or response of an API
Where can policies be applied in API Management?
Global (all APIs), a product, a specific API, or an API operation
What are some popular statements used in policies in API Management?
Format conversion from XML to JSON and call rate limiting
Who can create or invite developers to join an instance in API Management?
Administrators
What is the role of products in API Management?
To grant visibility to groups and allow developers to subscribe to them
What are policy expressions used for in API Management?
As attribute values or text values in any of the API Management policies
What are developers able to do in API Management?
Subscribe to products and be members of groups
What is the purpose of a gateway in API Management?
To decouple clients from services and address potential attack surface
Where does all API traffic flow through when using the managed gateway in Azure API Management?
Azure
In what scenarios is the self-hosted gateway in Azure API Management useful?
Hybrid and multicloud scenarios
What component is responsible for proxying API requests, applying policies, and collecting telemetry?
API Management gateway
What is the role of an API gateway in a system with multiple front- and back-end services?
Acting as a reverse proxy and routing requests from clients to services
What are some potential problems with exposing services directly to clients?
Complex client code due to multiple endpoints and resilient failure handling
What must public-facing services handle in terms of client interactions?
Authentication, SSL, and client rate limiting
What does the log-to-eventhub policy do?
Sends messages in the specified format to an Event Hub defined by a Logger entity
What is the purpose of the mock-response policy?
To mock APIs and operations by returning a mocked response to the caller
What does the retry policy do?
Retries the execution of its child policies until the retry condition becomes false or retry count is exhausted
What does the return-response policy do?
Aborts pipeline execution and returns either a default or custom response to the caller
What does the control flow policy do in API Management?
Applies enclosed policy statements based on the evaluation of boolean expressions
What happens when the condition attribute of the first element in the control flow policy equals true?
Policy statement(s) enclosed within the first element with condition attribute equals true will be applied
What does the forward-request policy do in API Management?
Forwards the incoming request to the backend service specified in the request context
What is the purpose of the limit-concurrency policy in API Management?
Prevents enclosed policies from executing by more than the specified number of requests at any time
What is the purpose of a subscription key in API Management?
To secure access to published APIs
How many keys does every subscription have in API Management?
Two keys, a primary and a secondary
What is the relationship between a subscription key and a subscription in API Management?
A subscription key is directly related to a subscription
What happens if a valid subscription key is not included in HTTP requests to access APIs in API Management?
The calls are rejected immediately
How can keys be passed in HTTP requests to API endpoints?
In the request header or as a query string in the URL
What happens if a key is not passed in the header or as a query string in the URL?
A 401 Access Denied response is received from the API gateway
What is the default header name for passing subscription keys in HTTP requests?
Ocp-Apim-Subscription-Key
How can developers test API calls?
Using the developer portal or command-line tools like curl
What can be used to provide Transport Layer Security (TLS) mutual authentication between the client and the API gateway?
Certificates
How can the API Management gateway inspect the certificate contained within the client request?
TLS client authentication
In which tier of API Management must you explicitly enable the use of client certificates?
Consumption tier
What is the purpose of signing client certificates?
To ensure they are not tampered with
What is the purpose of checking the thumbprint of a client certificate in API Management?
To ensure the values in the certificate have not been altered
Where can certificates from partners be uploaded in API Management to support multiple client certificates?
Client certificates page in the Azure portal
What does checking the issuer and subject of a client certificate in API Management involve?
Verifying the entity that issued the certificate and the subject it was issued to
What is the purpose of uploading certificates from partners in API Management?
To support multiple client certificates
What is the purpose of API Management instance?
To manage and secure APIs
Test your knowledge of API Management service with this quiz! Explore the core functionality, developer engagement, business insights, analytics, security, and protection aspects of API Management. Learn about API operations, products, and developer subscriptions.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free