Free Actual Microsoft Azure AZ-204 Actual Exam Questions - Question 12 Discussion

I’m with you all on “Authorization” and “Bearer.” "WWW-Authenticate" is more for server responses, so it doesn’t really belong in the request policy here. This seems straightforward.

I agree with picking “Authorization” and “Bearer,” but also considered “WWW-Authenticate” — it’s usually for responses, so doesn’t fit here. That helps confirm those two are the right call for requests.

I’d pick “Authorization” and “Bearer” too, seems like the only token-based option here.

The policy should use “Authorization” with “Bearer” since that’s standard for token auth.

“Authorization” header with “Bearer” scheme fits best here.

I’m thinking the key part here is recognizing what the API Management expects for authentication headers. The “Authorization” header is pretty standard for passing tokens, so that should be one. Also, “Bearer” is a common scheme used for OAuth tokens, so including that makes sense. The subscription key header usually looks like “Ocp-Apim-Subscription-Key,” but since that isn’t listed, focusing on the “Authorization” header with the “Bearer” scheme seems most likely correct. The other options don’t quite fit typical token or key formats for API authentication in Microsoft’s policy setup.

I’d rule out options that don’t match typical authentication headers or tokens. Usually, for API Management, you’ll see things like “Authorization” header with a token or “Ocp-Apim-Subscription-Key” for subscription keys. So anything else looks off. Also, the policy value should probably be something like a bearer token or a key reference, not just plain text. This helps narrow it down to values that include “Bearer” or key expressions in the correct header slot. The rest just don’t fit usual API auth patterns.

This one’s kinda confusing, wish the policy details were clearer.