ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 7 discussion

Actual exam question from Microsoft's AZ-204
Question #: 7
Topic #: 4
[All AZ-204 Questions]

DRAG DROP -
You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers.
Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials.
You implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles.
You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers.
How should you configure the application? To answer, drag the appropriate setting to the correct location. Each setting can be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: user_impersonation -

Box 2: delegated -
Example:
1. Select the API permissions section
2. Click the Add a permission button and then:
Ensure that the My APIs tab is selected
3. In the list of APIs, select the API TodoListService-aspnetcore.
4. In the Delegated permissions section, ensure that the right permissions are checked: user_impersonation.
5. Select the Add permissions button.

Box 3: delegated -

Example -
1. Select the API permissions section
2. Click the Add a permission button and then,
Ensure that the Microsoft APIs tab is selected
3. In the Commonly used Microsoft APIs section, click on Microsoft Graph
4. In the Delegated permissions section, ensure that the right permissions are checked: User.Read. Use the search box if necessary.
5. Select the Add permissions button
Reference:
https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore/calling-a-web-api-in-an-aspnet-core- web-application-using-azure-ad/
by aswqe338 at March 18, 2021, 10:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aswqe338
Highly Voted 3 years, 3 months ago
The given answer is correct.
upvoted 47 times
TonyMel
1 year, 3 months ago
correct, in 2023Mar24, score: 904/1000
upvoted 12 times
...
...
mlantonis
Highly Voted 3 years, 1 month ago
Box 1: user_impersonation The built-in user_impersonation scope indicates that the token is being requested on behalf of the user. Azure Storage exposes a single delegation scope named user_impersonation that permits applications to take any action allowed by the user. Box 2: delegated Box 3: delegated Reference: https://stackoverflow.com/questions/31404128/azure-ad-app-application-permissions-vs-delegated-permissions https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory
upvoted 38 times
...
p2006
Most Recent 10 months ago
https://learn.microsoft.com/en-us/information-protection/develop/concept-api-permissions#delegated-permissions
upvoted 2 times
...
Dianahu
11 months, 3 weeks ago
https://www.andrew-best.com/posts/please-sir-can-i-have-some-auth/ first image
upvoted 1 times
...
Dats1987
1 year, 3 months ago
That's Correct.
upvoted 1 times
...
Priya0703
1 year, 4 months ago
On exam today 20-02-2023
upvoted 1 times
...
Esward
1 year, 5 months ago
Given answers are correct https://stackoverflow.com/questions/31404128/azure-ad-app-application-permissions-vs-delegated-permissions
upvoted 1 times
...
serpevi
1 year, 10 months ago
Got this in 09/22 , went with the most voted answers, score 927.
upvoted 6 times
...
Eltooth
2 years ago
User Delegated Delegated
upvoted 3 times
...
petitbilly
2 years, 4 months ago
Got it in exam 03/22
upvoted 3 times
monaindia
2 years ago
what answer you have chosen
upvoted 1 times
...
...
edengoforit
2 years, 7 months ago
Application Permissions: Your application needs to access the web API directly as itself (no user context). This type of permission requires administrator consent and is also not available for native client applications. Delegation Permissions: Your application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission is configured as requiring administrator consent.
upvoted 4 times
lugospod
2 years, 6 months ago
Nope, it explicitly states that user is given RBAC permissions, and that each users permissions need to be used to access storage. So Application is not an option.
upvoted 1 times
...
...
jungaster
3 years, 1 month ago
the answer is correct.
upvoted 1 times
...
roybunt
3 years, 1 month ago
The answer is correct. For granting registered app permissions to Azure Storage, find in reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet#grant-your-registered-app-permissions-to-azure-storage
upvoted 4 times
...
glam
3 years, 2 months ago
correct
upvoted 2 times
...
kwaazaar
3 years, 3 months ago
why Graph API?
upvoted 4 times
Sachini
2 years, 4 months ago
"Permissions are granted to Microsoft Graph automatically when you first register your app with Azure AD."
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel