Designing Azure Infrastructure Solutions — Question 8

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
✑ The number of incoming microservice calls must be rate-limited.
✑ Costs must be minimized.
What should you include in the solution?

Answer options

• A. Azure App Gateway with Azure Web Application Firewall (WAF)
• B. Azure API Management Standard tier with a service endpoint
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure API Management Premium tier with virtual network connection

Correct answer: D

Explanation

The correct option is D because the Azure API Management Premium tier supports virtual network integration, allowing you to restrict access to a private IP address and implement mutual TLS authentication. Other options do not provide the necessary features for rate limiting combined with private IP address access, or they come with higher costs and less suitable functionalities for this specific scenario.