Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
 

Microsoft MS-600 Exam Actual Questions

The questions for MS-600 were last updated on July 24, 2024.
  • Viewing page 1 out of 49 pages.
  • Viewing questions 1-5 out of 245 questions

Topic 1 - Question Set 1

Question #1 Topic 1

HOTSPOT -
You are developing an interactive invoicing application that will be used by end users. The application will have the following features:
✑ Save invoices generated by a user to the user's OneDrive for Business.
✑ Email daily automated reminders.
You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.
Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Reveal Solution Hide Solution   Discussion   1

Correct Answer:
Microsoft identity platform supports two types of permissions: delegated permissions and application permissions.

Box 1: Delegated -
✑ Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app is delegated permission to act as the signed-in user when making calls to the target resource.

Box 2: Application -
✑ Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons.
Application permissions can only be consented by an administrator.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

Question #2 Topic 1

You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.
Which type of authorization flow should you use?

  • A. authorization code
  • B. refresh token
  • C. resource owner password
  • D. device code
Reveal Solution Hide Solution   Discussion   2

Correct Answer: A 🗳️
In web server apps, the sign-in authentication flow takes these high-level steps:

You can ensure the user's identity by validating the ID token with a public signing key that is received from the Microsoft identity platform endpoint. A session cookie is set, which can be used to identify the user on subsequent page requests.
In addition to simple sign-in, a web server app might need to access another web service, such as a REST API. In this case, the web server app engages in a combined OpenID Connect and OAuth 2.0 flow, by using the OAuth 2.0 authorization code flow.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types

Question #3 Topic 1

You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService.
The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. (Click the TodoListSPA tab.)

The permissions for the TodoListService API are configured as shown in the TodoListService exhibit. (Click the TodoListService tab.)

You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege.
Which permission should to grant?

  • A. the Sites.Read.All delegated permission for TodoListService
  • B. the Sites.Read.All delegated permission for TodoListSpa
  • C. the Sites.Read.All application permission for TodoListSPA
  • D. the Sites.Read.All application permission for TodoListService
Reveal Solution Hide Solution   Discussion   3

Correct Answer: A 🗳️
A client application gains access to a resource server by declaring permission requests. Two types are available:
"Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as "scp" claims in the client's access token.
"Application" permissions, which specify role-based access using the client application's credentials/identity, are presented to the resource at run-time as "roles" claims in the client's access token.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-glossary#permissions

Question #4 Topic 1

You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.
Which two values does the single-tenant app require to obtain tokens from the token endpoint for the Microsoft identity platform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. the tenant ID
  • B. the context token
  • C. the application ID
  • D. the application secret
  • E. the authorization code
Reveal Solution Hide Solution   Discussion   1

Correct Answer: CE 🗳️
C: The required client_id is the Application (client) ID that the Azure portal ג€" App registrations experience assigned to your app.
E: The authorization code flow begins with the client directing the user to the /authorize endpoint.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

Question #5 Topic 1

HOTSPOT -
You are developing a single-page application (SPA).
You plan to access user data from Microsoft Graph by using an AJAX call.
You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Reveal Solution Hide Solution   Discussion   7

Correct Answer:
Box 1: loginPopup -

Box 2: acquireTokenSilent -
The pattern for acquiring tokens for APIs with MSAL.js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a valid token exists and returns it. When no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe. This method also allows the library to renew tokens.

Box 3: acquireTokenPopup -
//AcquireToken Failure, send an interactive request.
Example:
userAgentApplication.loginPopup(applicationConfig.graphScopes).then(function (idToken) {
//Login Success
userAgentApplication.acquireTokenSilent(applicationConfig.graphScopes).then(function (accessToken) {
//AcquireToken Success
updateUI();
}, function (error) {
//AcquireToken Failure, send an interactive request.
userAgentApplication.acquireTokenPopup(applicationConfig.graphScopes).then(function (accessToken) { updateUI();
}, function (error) {
console.log(error);
});
})
}, function (error) {
console.log(error);
});
Reference:
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/339

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in