Implement API Management Flashcards

1
Q

When are the rate-limit-by-key and quota-by-key policies not avaliable in Azure API Management?

A

When using the consumption tier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How would you rate limit an IP to only 10 calls every minute?

A

rate-limit-by-key calls=”10”
renewal-period=”60”
counter-key=”@(context.Request.IpAddress)”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What’s the difference between a rate limit and a quota?

A

A rate limit are usually used to protect against short and intense volume bursts.
Quotas are used for controlling call rates over a longer period of time.

E.g. have 10,000 requests per month, but if you were to make 5,000 in 1 minute would overwhelm the service so we limit it to a 10 a minute.
If we were to run 10 requests per minute we’d run out of our quota in 16 hours but our service wouldn’t go down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What PowerShell cmdlet would you use to create a new identity provider?

A

New-AzApiManagementIdentityProvider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which PowerShell cmdlet would you use to create a new API Management instance?

A

New-AzApiManagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which PowerShell cmdlet would you use to create a new APIM API instance?

A

New-AzApiManagementApi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When an API has reached it’s usage quota what will the response be?

A

403 Forbidden

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What response will an API return if it’s reached its limit of call rates?

A

429 Too Many Requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Before an API can be consumed through a APIM what must be done first?

A

Added to a product in the Azure portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When wanting to test changes of an API without publishing what should you do?

A

Create a revision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Powershell commandlet would you use to create an API Management Service? And then show it?

A

New-AzApiManagement -Name “myapim” -ResourceGroupName “myResourceGroup” `
-Location “West US” -Organization “Contoso” -AdminEmail “admin@contoso.com”

Get-AzApiManagement -Name “myapim” -ResourceGroupName “myResourceGroup”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What Azure CLI command would you use to create a new API Management Service? And then show the result

A

az apim create –name myapim –resource-group myResourceGroup \

  • -publisher-name Contoso –publisher-email admin@contoso.com \
  • -no-wait

az apim show –name myapim –resource-group myResourceGroup –output table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What xml snippet would be used for adding the header ‘Forwarded’ with the value of the host?

A

@(“host=” + context.Request.OriginalUrl.Host + “;”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do the four different API policies mean?

  • inbound
  • backend
  • outbound
  • on-error
A

< policies>
< inbound>
< !– statements to be applied to the request go here –>
< /inbound>
< backend>
< !– statements to be applied before the request is forwarded to
the backend service go here –>
< /backend>
< outbound>
< !– statements to be applied to the response go here –>
< /outbound>
< on-error>
< !– statements to be applied if there is an error condition go here –>
< /on-error>< /policies>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What policy statement should you add to authenticate with basic auth?

A

< authentication-basic username=”username” password=”password” />

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What snippet would you use to authenticate with a backend service using a client certificate?

A

< authentication-certificate thumbprint=”thumbprint” certificate-id=”resource name”/>

17
Q

What do you need to be careful of when rotating a key vault certificate if using it for client certificate authentication?

A

The thumbprint in API management will change, and the policy will not resolve the new certificate if it is identified by it’s thumbprint

18
Q

What snippet would you use to authenticate with managed identity ?

A

< authentication-managed-identity resource=”resource” client-id=”clientid of user-assigned identity” output-token-variable-name=”token-variable” ignore-error=”true|false”/>

19
Q

What identity will be used when using managed identity if client-id is not provided?

A

The system-assigned identity

20
Q

What are the three subscriptions scopes for API management?

A

All APIs
Applies to every API accessible from the gateway.

Single API
Applies to a single imported API and all of its endpoints.

Product
A product is a collection of one or more APIs that you configure in APIM. You can assign APIs to more than one product. Products can have different access rules, usage quotas, and terms of use.

21
Q

What two tags would you need to add to cache an API result for 20 seconds?

A
< cache-lookup >
    < vary-by-header>Accept
    < vary-by-header>Accept-Charset
    < vary-by-header>Authorization
< /cache-lookup>

< cache-store duration=”20” />

22
Q

What unit is the renewal-period for rate limiting set as? E.g. restricitng a user via IP to an API

A

Seconds