Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company hosts an on-premises ASP.NET Core web API that must be consumed by several external partner organizations. The partners already authenticate with their own Azure AD tenants. You must expose the API while meeting the following requirements:
Authenticate and authorize users by using Azure AD groups.
Enforce Azure AD Conditional Access policies for multifactor authentication.
Avoid opening any inbound ports through the corporate firewall or adding new perimeter-network infrastructure.
You need to recommend the simplest Azure-based approach.
Which solution should you recommend?
Install an Azure AD Application Proxy connector on the on-premises network and publish the API through Azure AD Application Proxy.
Deploy Azure AD Domain Services in Azure, join the API server to the managed domain, and enable Azure AD Kerberos authentication.
Establish a site-to-site VPN to Azure and publish the API behind an internal Load Balancer fronted by Azure Application Gateway.
Set up Active Directory Federation Services (AD FS) with Web Application Proxy in a perimeter network and federate the partner Azure AD tenants.
Azure AD Application Proxy meets all the stated requirements. An Application Proxy connector installed inside the corporate network establishes only outbound connections to Azure, so no inbound firewall ports are required. When the on-premises API is published through Application Proxy, users authenticate with Azure AD, allowing authorization through Azure AD groups and enforcement of Conditional Access policies, including MFA.
A site-to-site VPN with an Azure Load Balancer still requires network publishing and does not, by itself, integrate with Azure AD Conditional Access. Deploying Azure AD Domain Services only provides domain join and Kerberos within Azure virtual networks; it neither publishes the on-premises API nor eliminates firewall changes. Implementing AD FS with Web Application Proxy introduces additional perimeter servers and still requires inbound HTTPS ports, increasing complexity compared to Application Proxy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure AD Application Proxy and how does it work?
Open an interactive chat with Bash
What are the main benefits of Azure AD Application Proxy versus other solutions?
Open an interactive chat with Bash
How does Azure AD Conditional Access reinforce MFA for users accessing the API?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .