Domain 4.2: Design an application architecture — AZ-305 Practice Question 44

How to approach this question

Address the two requirements: Rate limiting (APIM policy) and Network isolation (NSGs).

Full Answer

Configure a rate-limit-by-key policy in APIM, and Configure Network Security Groups (NSGs) on the backend VNet to only allow traffic from the APIM subnet/IP.

To prevent abuse, you use Azure API Management policies. The `rate-limit` or `rate-limit-by-key` policy allows you to restrict the number of calls per time period (e.g., 1,000 per hour). To ensure backend APIs are not accessed directly (bypassing APIM), you must secure the backend network. If the backend is in a VNet, you configure Network Security Groups (NSGs) to only allow inbound traffic from the APIM instance's IP address or subnet.

Common mistakes

Assuming APIM automatically secures the backend network. You must explicitly configure NSGs or IP restrictions on the backend to enforce the isolation.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

More questions from this exam