ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 3 discussion

Actual exam question from Microsoft's AZ-204
Question #: 3
Topic #: 4
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.
You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level.
You need to configure authorization.
Solution:
✑ Create a new Azure AD application. In the application's manifest, set value of the groupMembershipClaims option to All.
✑ In the website, use the value of the groups claim from the JWT for the user to determine permissions.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Marusyk at March 4, 2021, 10:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mlantonis
Highly Voted 3 years, 11 months ago
Correct Answer: Yes Reference: https://docs.microsoft.com/en-us/archive/blogs/waws/azure-app-service-authentication-aad-groups
upvoted 47 times
...
kondapaturi
Highly Voted 3 years, 10 months ago
Answer – Yes, this is the correct approach. The Application manifest has a setting for groupMembershipClaims. By setting this to all, the Azure AD groups that the user belongs to will be returned as part of the claims in the JWT token.
upvoted 9 times
...
Vichu_1607
Most Recent 6 months, 4 weeks ago
Selected Answer: A
Yes, the solution does not meet the goal. While configuring the Azure Web App to allow only authenticated requests and require Azure AD log on is a necessary step for securing the application, it does not address the requirement of assigning users one of the specific permission levels (admin, normal, reader) based on their Azure AD group membership. To meet this requirement, you would need to implement role-based access control (RBAC) in your application. This would involve mapping Azure AD groups to roles within your application, and then assigning permissions to those roles.
upvoted 1 times
...
Dixavado
1 year, 7 months ago
Selected Answer: A
It was on my exam today (2023-09-26) I went with the examtopics answer - score 850
upvoted 1 times
...
Tarajee
1 year, 7 months ago
On my exam 2023sept
upvoted 1 times
...
NightshadeRC
1 year, 9 months ago
Had this question in today's exam: 2023-07-26
upvoted 2 times
...
MysticalSam
1 year, 10 months ago
This question was in today's exam on 10-June-2023
upvoted 2 times
...
sarmaria
2 years, 1 month ago
Got this on 16/03/23. Chosen yes. Make sure to prepare for case study. I got city and lights case study. No Kubernetes, Search, Logic Apps questions for me.
upvoted 2 times
...
BrettusMaximus
2 years, 2 months ago
B Sure, A would technically work but not the best solution as unauthorized users can hit the website. Best practice is to use groupMembershipClaims in the App Registration to restrict access at the App level.
upvoted 2 times
...
Esward
2 years, 3 months ago
Given answer A is correct as per MS docs https://docs.microsoft.com/en-us/archive/blogs/waws/azure-app-service-authentication-aad-groups
upvoted 2 times
...
serpevi
2 years, 7 months ago
Got this in 09/22 , went just with this as YES, score 927.
upvoted 4 times
...
Eltooth
2 years, 10 months ago
Selected Answer: A
A is correct answer.
upvoted 3 times
...
PieroFranco
3 years, 1 month ago
Selected Answer: A
The answer is correct. If you do not add the groupMembershipClaims to the manifest you wont see any AD group in the auth token.
upvoted 2 times
...
Freidrich
3 years, 2 months ago
Selected Answer: A
The answer is correct.
upvoted 1 times
...
sujitwarrier11
3 years, 10 months ago
I think the answer is no. group claims are at Azure Ad tenant level. The question mentions that the authorization should be for the app. So roles would be the better option here.
upvoted 1 times
ZodiaC
3 years, 9 months ago
thats not true, look link plz: https://docs.microsoft.com/en-us/archive/blogs/waws/azure-app-service-authentication-aad-groups
upvoted 1 times
...
...
UnknowMan
3 years, 11 months ago
Answer is correct
upvoted 1 times
...
glam
3 years, 11 months ago
A. Yes
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago