- A
Apply the rate-limit-by-key policy using the subscription key as the counter key, with calls set to 100 and renewal-period to 60
rate-limit-by-key with counter-key='@(context.Subscription.Id)' (or the subscription key header) creates a separate 100-calls/60-second counter per subscriber. When a subscriber's counter reaches 100, APIM returns 429 Too Many Requests for that subscriber while other subscribers continue at full rate.
- B
Apply the quota policy to the product with a total of 100 calls per minute shared across all subscribers
Why wrong: The quota policy enforces a cumulative call limit across all subscribers of the product. If one subscriber uses 90 calls, only 10 remain for all others in that minute. This is a global cap, not a per-subscriber limit.
- C
Apply an ip-filter policy that blocks IP addresses making more than 100 requests per minute
Why wrong: ip-filter allows or denies requests from specific IP ranges — it is an access control policy, not a rate-limiting policy. It cannot count requests per minute and cannot distinguish between subscribers sharing the same egress IP.
- D
Configure a backend circuit breaker policy to return cached responses after 100 calls
Why wrong: Circuit breaker policies detect backend failures and open the circuit to prevent cascading failures — they are not rate-limiting mechanisms. Returning cached responses after 100 calls would change response content, not enforce a per-subscriber call limit.
AZ-204 Practice Question: APIM rate-limit-by-key policy for per-subscriber…
This AZ-204 practice question tests your understanding of connect to and consume azure services and third-party services. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. A key principle to apply: rate-limit-by-key policy. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Backend APIs exposed through Azure API Management are consumed by multiple subscribers. The product owner wants to prevent any single subscriber from sending more than 100 requests per minute, while allowing subscribers with heavier plans to have higher limits configured separately. Which APIM policy implements per-subscriber rate limiting?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Apply the rate-limit-by-key policy using the subscription key as the counter key, with calls set to 100 and renewal-period to 60
Option A is correct because the `rate-limit-by-key` policy in Azure API Management enforces a per-key rate limit, and using the subscription key as the counter key ensures each subscriber is limited individually. The `calls` parameter set to 100 and `renewal-period` to 60 seconds matches the requirement of 100 requests per minute per subscriber, while allowing different limits for different plans by applying separate policies with different call counts.
Key principle: rate-limit-by-key policy
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Apply the rate-limit-by-key policy using the subscription key as the counter key, with calls set to 100 and renewal-period to 60
Why this is correct
rate-limit-by-key with counter-key='@(context.Subscription.Id)' (or the subscription key header) creates a separate 100-calls/60-second counter per subscriber. When a subscriber's counter reaches 100, APIM returns 429 Too Many Requests for that subscriber while other subscribers continue at full rate.
Related concept
rate-limit-by-key policy
- ✗
Apply the quota policy to the product with a total of 100 calls per minute shared across all subscribers
Why it's wrong here
The quota policy enforces a cumulative call limit across all subscribers of the product. If one subscriber uses 90 calls, only 10 remain for all others in that minute. This is a global cap, not a per-subscriber limit.
- ✗
Apply an ip-filter policy that blocks IP addresses making more than 100 requests per minute
Why it's wrong here
ip-filter allows or denies requests from specific IP ranges — it is an access control policy, not a rate-limiting policy. It cannot count requests per minute and cannot distinguish between subscribers sharing the same egress IP.
- ✗
Configure a backend circuit breaker policy to return cached responses after 100 calls
Why it's wrong here
Circuit breaker policies detect backend failures and open the circuit to prevent cascading failures — they are not rate-limiting mechanisms. Returning cached responses after 100 calls would change response content, not enforce a per-subscriber call limit.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is confusing the `quota` policy (which sets a total limit shared across all subscribers of a product) with the `rate-limit-by-key` policy (which enforces per-subscriber limits), leading candidates to pick Option B when they see 'product' and 'per minute' without recognizing the shared vs. individual distinction.
Detailed technical explanation
How to think about this question
The `rate-limit-by-key` policy uses a distributed token bucket algorithm, where each key (e.g., subscription key) has a bucket of tokens that refills at the renewal period. Under the hood, Azure API Management stores the counter in a shared cache across all gateway instances, ensuring consistent enforcement even in multi-region deployments. A real-world scenario is offering tiered plans (e.g., Basic: 100 req/min, Premium: 1000 req/min) by applying separate `rate-limit-by-key` policies with different `calls` values, each scoped to the appropriate subscription key.
KKey Concepts to Remember
- rate-limit-by-key policy
- Subscription key
- Quota policy
- Per-subscriber throttling
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
rate-limit-by-key policy
Real-world example
How this comes up in practice
A cloud solutions architect for a retail company is evaluating services for a new workload. The correct answer here reflects best practice for the specific scenario described — not a general cloud recommendation. rate-limit-by-key policy Cloud exam questions reward reading the constraint carefully: the same technology can be right or wrong depending on the use case.
What to study next
Got this wrong? Here's your next step.
Review rate-limit-by-key policy, then practise related AZ-204 questions on the same topic to reinforce the concept.
- →
Connect to and consume Azure services and third-party services — study guide chapter
Learn the concepts, then practise the questions
- →
Connect to and consume Azure services and third-party services practice questions
Targeted practice on this topic area only
- →
All AZ-204 questions
997 questions across all exam domains
- →
Microsoft Azure Developer Associate AZ-204 study guide
Full concept coverage aligned to exam objectives
- →
AZ-204 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related AZ-204 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Develop Azure compute solutions practice questions
Practise AZ-204 questions linked to Develop Azure compute solutions.
Develop for Azure storage practice questions
Practise AZ-204 questions linked to Develop for Azure storage.
Implement Azure security practice questions
Practise AZ-204 questions linked to Implement Azure security.
Connect to and consume Azure services and third-party services practice questions
Practise AZ-204 questions linked to Connect to and consume Azure services and third-party services.
Monitor, troubleshoot, and optimize Azure solutions practice questions
Practise AZ-204 questions linked to Monitor, troubleshoot, and optimize Azure solutions.
AZ-204 fundamentals practice questions
Practise AZ-204 questions linked to AZ-204 fundamentals.
AZ-204 scenario practice questions
Practise AZ-204 questions linked to AZ-204 scenario.
AZ-204 troubleshooting practice questions
Practise AZ-204 questions linked to AZ-204 troubleshooting.
Practice this exam
Start a free AZ-204 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this AZ-204 question test?
Connect to and consume Azure services and third-party services — This question tests Connect to and consume Azure services and third-party services — rate-limit-by-key policy.
What is the correct answer to this question?
The correct answer is: Apply the rate-limit-by-key policy using the subscription key as the counter key, with calls set to 100 and renewal-period to 60 — Option A is correct because the `rate-limit-by-key` policy in Azure API Management enforces a per-key rate limit, and using the subscription key as the counter key ensures each subscriber is limited individually. The `calls` parameter set to 100 and `renewal-period` to 60 seconds matches the requirement of 100 requests per minute per subscriber, while allowing different limits for different plans by applying separate policies with different call counts.
What should I do if I get this AZ-204 question wrong?
Review rate-limit-by-key policy, then practise related AZ-204 questions on the same topic to reinforce the concept.
What is the key concept behind this question?
rate-limit-by-key policy
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More AZ-204 practice questions
- An app must store relational state and perform transactions across multiple tables with T-SQL support. Which Azure data…
- You are monitoring an Azure App Service using Application Insights. You notice that the server response time is high for…
- Which TWO services can be used to implement a publish-subscribe messaging pattern in Azure?
- You need to monitor the CPU utilization of an Azure VM in real-time and set up an alert when it exceeds 90%. Which Azure…
- You are monitoring an Azure web application with Application Insights. You notice a sudden increase in the number of fai…
- You are monitoring an Azure web app using Application Insights. You need to create a query that returns the average dura…
Last reviewed: Jun 11, 2026
This AZ-204 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the AZ-204 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.