🔌 Azure API Management - AZ-204 Practice Questions

Implement API Management including policies, subscriptions, rate limiting, versioning, and developer portal.

20Questions Available
1Exam Domains

Practice API Management Questions Now

Start a timed practice session focusing on Azure API Management topics from the AZ-204 question bank.

Start AZ-204 Practice Quiz →

AZ-204 API Management Question Bank (20 Questions)

Browse all 20 practice questions covering Azure API Management for the AZ-204 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Connect to and consume Azure services and third-party services

    An API Management instance must authenticate to a backend API using a client certificate. Which APIM policy element configures this?

    A<authentication-basic>
    B<authentication-certificate>
    C<set-header Authorization>
    D<validate-client-certificate>

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  2. Question 2Connect to and consume Azure services and third-party services

    A developer needs to use Azure API Management to expose an HTTP backend API with versioning. Clients should pass the version in the URL path (e.g., /v1/products). Which APIM versioning scheme should be used?

    AHeader-based versioning
    BQuery string versioning
    CPath-based versioning
    DNo versioning — use API revision instead

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  3. Question 3Connect to and consume Azure services and third-party services

    A developer needs to configure APIM to return a 401 Unauthorized response immediately if the request does not contain an API key in the Ocp-Apim-Subscription-Key header. Which policy and placement achieves this?

    Avalidate-jwt policy in the outbound pipeline
    Bcheck-header policy in the inbound pipeline to verify the header, returning 401 if missing
    Crate-limit policy on the product
    Dcors policy with origin restriction

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  4. Question 4Connect to and consume Azure services and third-party services

    A developer needs the APIM gateway to transform an XML request body to JSON before forwarding it to a REST backend. Which policy achieves this?

    Aset-body with Liquid template
    Bxml-to-json policy in the inbound pipeline
    Crewrite-uri
    Dset-header Content-Type: application/json

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  5. Question 5Connect to and consume Azure services and third-party services

    A developer configures an API Management policy to rate-limit calls per subscriber to 100 calls per minute. A subscriber exceeds this limit. What HTTP status code does APIM return?

    A401 Unauthorized
    B403 Forbidden
    C429 Too Many Requests
    D503 Service Unavailable

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  6. Question 6Implement Azure security

    You need to implement OAuth 2.0 token validation in an Azure API Management policy. Which inbound policy expression validates a bearer token against Azure AD?

    A<check-header>
    B<validate-jwt>
    C<authenticate-basic>
    D<set-backend-service>

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  7. Question 7Connect to and consume Azure services and third-party services

    Which Azure service provides API gateway capabilities including rate limiting, caching, and authentication for backend APIs?

    AAzure Application Gateway
    BAzure API Management
    CAzure Front Door
    DAzure Service Bus

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  8. Question 8Connect to and consume Azure services and third-party services

    What is the Azure API Management 'subscription key' and how does a developer use it to call an API?

    AAn Azure subscription identifier
    BA unique key generated for a product subscription in APIM, passed in the 'Ocp-Apim-Subscription-Key' HTTP header (or query parameter) to authenticate API calls
    CAn API version key for routing
    DA developer portal login credential

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  9. Question 9Connect to and consume Azure services and third-party services

    What is the Azure API Management 'mock response' policy used for in development?

    AProviding fake monitoring data
    BReturning a configured static response to the API consumer without forwarding the request to the backend, enabling API consumers to develop against the API before the backend is implemented
    CMocking API authentication in test environments
    DProviding sample API documentation

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  10. Question 10Connect to and consume Azure services and third-party services

    A developer needs to route HTTP requests to different backend services based on the URL path. Which Azure API Management policy achieves this?

    Arewrite-uri
    Bset-backend-service
    Cforward-request
    Dcheck-header

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  11. Question 11Connect to and consume Azure services and third-party services

    A developer implements an Azure API Management subscription key. Where can the subscription key be passed in an HTTP request?

    AOnly in the Authorization header
    BIn the Ocp-Apim-Subscription-Key header or as a query parameter named subscription-key
    COnly as a query parameter
    DOnly in the request body

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  12. Question 12Connect to and consume Azure services and third-party services

    An API Management policy must transform a SOAP XML response from a legacy backend into a JSON response for modern clients. Which policy should be used?

    Axml-to-json
    Bset-body
    Cfind-and-replace
    Dvalidate-content

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  13. Question 13Connect to and consume Azure services and third-party services

    A developer configures Azure API Management with a named value to store an API key used by a backend policy. What is the advantage of using named values over hardcoding in policies?

    ANamed values are encrypted automatically
    BNamed values centralise configuration, allow updates without editing policy XML, and support Key Vault references for secrets
    CNamed values have higher performance than inline values
    DNamed values are version-controlled

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  14. Question 14Connect to and consume Azure services and third-party services

    A developer needs to call a third-party API from inside Azure API Management and cache the response for 5 minutes. Which APIM feature enables this?

    ARetry policy
    BCache-lookup and cache-store policies with a 300-second duration
    CRate limit policy
    DValidate JWT policy

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  15. Question 15Connect to and consume Azure services and third-party services

    A developer configures an APIM policy to limit each subscriber to 100 calls per minute. Which policy accomplishes this?

    Aquota
    Brate-limit-by-key
    Cthrottle
    Dset-header

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  16. Question 16Connect to and consume Azure services and third-party services

    A developer needs to protect a specific APIM operation so that only requests containing a valid Azure AD JWT token can access it. Which policy should be applied?

    Acheck-header
    Bvalidate-jwt
    Cip-filter
    Drate-limit

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  17. Question 17Connect to and consume Azure services and third-party services

    A developer needs to call a backend service from APIM and add a correlation ID header to the request for distributed tracing. Which APIM policy should be used?

    Arewrite-uri
    Bset-header
    Cset-query-parameter
    Dforward-request

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  18. Question 18Connect to and consume Azure services and third-party services

    A developer implements an APIM mock response policy for a new API that hasn't been built yet. What is the purpose of mocking?

    ATo test APIM network connectivity
    BTo return hardcoded responses to API consumers before the backend is ready, enabling parallel development
    CTo validate JWT tokens
    DTo cache real backend responses

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  19. Question 19Connect to and consume Azure services and third-party services

    A developer needs to call an internal microservice from Azure API Management without exposing it to the internet. Which APIM feature provides private connectivity to a backend?

    AAPIM rate limiting
    BBackend entity with private endpoint or VNet integration
    CAPIM product restriction
    DAPIM subscription key validation

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz
  20. Question 20Connect to and consume Azure services and third-party services

    A developer needs APIM to call a backend and, if it returns a 5xx error, retry up to 3 times with a 1-second delay. Which APIM policy implements this?

    Acache-lookup
    Bretry condition='@(context.Response.StatusCode >= 500)' count='3' interval='1'
    Cset-backend-service with retry
    Don-error pipeline only

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-204 Quiz

Key API Management Concepts for AZ-204

api managementapimpolicysubscriptionrate limitversioningrevisiondeveloper portalgateway

AZ-204 API Management Exam Tips

Azure API Management questions in AZ-204 are typically scenario-based. Focus on Azure application development, integration services, authentication, and runtime reliability. Priority concepts: api management, apim, policy, subscription, rate limit, versioning.

What AZ-204 Expects

  • Anchor your answer in choose managed developer services that simplify secure integration and deployment.
  • API Management scenarios for AZ-204 are frequently mapped to Domain 5 (15-20%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where API Management interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value API Management Concepts

  • Know the core API Management building blocks cold: api management, apim, policy, subscription.
  • Review the edge-case features and limits for rate limit, versioning; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how API Management pairs with App Service, Azure Functions in real deployment patterns.
  • For AZ-204, explain why the chosen API Management design meets reliability, security, and cost expectations better than the alternatives.

Common AZ-204 Traps

  • Watch for using infrastructure-heavy answers for app-level requirements.
  • Questions in Connect to and Consume Azure Services often include distractors that look correct for API Management but violate least-privilege, compliance, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two API Management implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Connect to and Consume Azure Services (15-20%) outcomes for AZ-204?
  • Can you explain security and access boundaries for API Management without relying on default-open assumptions?
  • Can you describe how API Management integrates with App Service and Azure Functions during failure, scaling, and monitoring events?

Exam Domains Covering API Management

Related Resources

More AZ-204 Study Resources