🔥 3-day streak
Microsoft Cybersecurity Architect Expert3 / 158
Question 3 of 158
A retail company exposes several internal microservices through Azure API Management (APIM) to external partner applications. Security requirements state that: (1) every inbound request must present a valid OAuth 2.0 access token issued by Microsoft Entra ID before reaching any backend; (2) tokens must be rejected at the gateway if the audience or issuer is wrong; and (3) backend services must never be reachable directly, bypassing the gateway. The architect must design the APIM policy and network approach with the least custom code. Which combination BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question