AZ-305 Question #108: Real Exam Question with Answer & Explanation

Question

Hotspot Question A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders. The API must meet the following requirements: - Implement Azure Functions - Provide public read-only operations - Do not allow write operations You need to recommend configuration options. What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area. NOTE: Each correct selection is worth one point. Answer:

Options

• __typehotspot
• variantdropdown

Explanation

This hotspot question tests knowledge of Azure Functions authorization levels and HTTP methods to create a public read-only API that prevents write operations.

Approach. The Authorization level should be set to 'Anonymous' because the requirement states the API must provide public read-only operations - anonymous access allows unauthenticated callers to invoke the function without API keys. The HTTP method should be restricted to 'GET' only, because GET is the standard read-only HTTP verb and excluding POST, PUT, DELETE, and PATCH prevents any write operations from being performed through the API. Together, Anonymous authorization + GET-only methods satisfy both the 'public' and 'read-only' requirements simultaneously.

Concept tested. Azure Functions HTTP trigger configuration - specifically the 'Authorization level' setting (Anonymous, Function, Admin) and the allowed HTTP methods (GET, POST, PUT, DELETE, etc.). Anonymous level removes authentication barriers for public access, while limiting accepted HTTP verbs to GET enforces read-only behavior at the trigger level.

Reference. https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=python-v2%2Cisolated-process%2Cnodejs-v4%2Cfunctionsv2&pivots=programming-language-csharp#authorization-keys

No community discussion yet for this question.