CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-204

Free AZ-204 Exam Braindumps (page: 36)

Page 36 of 79
PDF with 400 Questions

You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.

A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.

You need to authorize the web application and the API.
Which parameter should you use?

  1. tenant
  2. code_challenge
  3. state
  4. client_id
  5. scope

Answer(s): E

Explanation:

Microsoft identity platform and OAuth 2.0 authorization code flow, Request an authorization code
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?

The authorization code flow begins with the client directing the user to the /authorize endpoint. In this request, the client requests the openid, offline_access, and https://graph.microsoft.com/mail.read permissions from the user.

Parameters include:
* scope required
A space-separated list of scopes that you want the user to consent to. For the /authorize leg of the request, this parameter can cover multiple resources. This value allows your app to get consent for multiple web APIs you want to call.

Incorrect:
* tenant required
The {tenant} value in the path of the request can be used to control who can sign into the application. Valid values are common, organizations, consumers, and tenant identifiers. For guest scenarios where you sign a user from one tenant into another tenant, you must provide the tenant identifier to sign them into the resource tenant.

* code_challenge recommended / required
Used to secure authorization code grants by using Proof Key for Code Exchange (PKCE). Required if code_challenge_method is included. This parameter is now recommended for all application types, both public and confidential clients, and required by the Microsoft identity platform for single page apps using the authorization code flow.

* client_id
The Application (client) ID that the Azure portal – App registrations experience assigned to your app.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow



HOTSPOT (Drag & Drop is not supported)
You develop and deploy a web app to Azure App service. The web app allows users to authenticate by using social identity providers through the Azure B2C service. All user profile information is stored in Azure B2C.

You must update the web app to display common user properties from Azure B2C to include the following information:

-Email address
-Job title
-First name
-Last name
-Office location

You need to implement the user properties in the web app.
Which code library and API should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Microsoft Graph
Microsoft Graph allows you to manage resources in your Azure AD B2C directory. Microsoft Graph API operations are supported for the management of Azure AD B2C resources, including users, identity providers, user flows, custom policies, and policy keys

Box 2: Microsoft Authentication Library (MSAL)
MSAL.js supports authentication with social (Microsoft, Google, Facebook etc.), enterprise (ADFS, Salesforce etc.) and local (stored in the Azure AD B2C directory) identities using Azure AD B2C (B2C for short).


Reference:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-operations
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/working-with-b2c.md



HOTSPOT (Drag & Drop is not supported)
You develop and deploy the following staticwebapp.config.json file to the app_location value specified in the workflow file of an Azure Static Web app:


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No
Unauthenticated users are challenged to authenticate with Azure Active Directory.

Note:
401
Unauthorized
Request to restricted pages while unauthenticated.

Note: Restricting access to entire application
It's common to require authentication for every route in an application. To enable this, add a rule that matches all routes and include the built-in authenticated role in the allowedRoles array.

The following example configuration blocks anonymous access and redirects all unauthenticated users to the Azure Active Directory login page.

{
"routes": [
{
"route": "/*",
"allowedRoles": ["authenticated"]
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
}
}

Box 2: No
It depends on the file extension of the file. 404 response codes is only generated for png, jpg and gif files.

Note: Fallback routes
Single Page Applications often rely on client-side routing. These client-side routing rules update the browser's window location without making requests back to the server. If you refresh the page, or navigate directly to URLs generated by client-side routing rules, a server-side fallback route is required to serve the appropriate HTML page (which is generally the index.html for your client-side app).

You can define a fallback rule by adding a navigationFallback section. The following example returns /index.html for all static file requests that do not match a deployed file.

{
"navigationFallback": {
"rewrite": "/index.html"
}
}
You can control which requests return the fallback file by defining a filter. In the following example, requests for certain routes in the /images folder and all files in the /css folder are excluded from returning the fallback file.

{
"navigationFallback": {
"rewrite": "/index.html",
"exclude": ["/images/*.{png,jpg,gif}", "/css/*"]
}
}
The example file structure below, the following outcomes are possible with this rule.



Requests to...
/images/unknown.png
Return File not found error
With status: 404

/images/icon.svg
Returns the /index.html file - since the svg file extension is not listed in the /images/*.{png,jpg,gif} filter
With status: 200

Box 3: Yes
Only the route and methods (if specified) properties are used to determine whether a rule matches a request.

Routes are secured by adding one or more role names into a rule's allowedRoles array.
For instance, to restrict a route to only authenticated users, add the built-in authenticated role to the allowedRoles array.

{
"route": "/profile*",
"allowedRoles": ["authenticated"]
}

Box 4: No
Unauthenticated users are challanged to authenticate with Azure Active Directory.
See box 1 above.


Reference:

https://learn.microsoft.com/en-us/azure/static-web-apps/configuration



You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.

You need to grant App1 access to Vault1 and automatically rotate credentials. Credentials must not be stored in code.

What should you do?

  1. Enable App Service authentication for Appl. Assign a custom RBAC role to Vault1.
  2. Add a TLS/SSL binding to App1.
  3. Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate.
  4. Assign a managed identity to App1.

Answer(s): D

Explanation:

An Azure Function can be used with managed identity to rotate service principal keys. Then an app can use service principal keys to authenticate to Key Vault to check for new versions of the app secret. As long as it does so before the old secret expires it can successfully update its cache with the new secret allowing a smooth transition to the new version.


Reference:

https://abschmidt.medium.com/rotating-service-principal-secrets-automatically-in-azure-key-vault-c4f04a84c9af



Page 36 of 79



Post your Comments and Discuss Microsoft AZ-204 exam with other Community members:

Vinod commented on December 28, 2024
very good questions
INDIA
upvote

n commented on December 25, 2024
Question are
Anonymous
upvote

Ni commented on December 25, 2024
useful questions
Anonymous
upvote

Robin commented on December 24, 2024
nice course
Anonymous
upvote

blaze commented on December 12, 2024
is the PDF worth it? Are these questions the same on the exam?
Anonymous
upvote

Gobenathan commented on October 16, 2024
This is a good exam done but the free version is not complete the PDF version has all the question. that is what I used to pass my exam.
INDIA
upvote

Girish commented on October 16, 2024
Question are nice
Anonymous
upvote

doctor kekana commented on September 18, 2024
hope to pass
Anonymous
upvote

Nuru commented on September 13, 2024
The document is help full .thanks
Anonymous
upvote

Skamza commented on September 05, 2024
challenging
Anonymous
upvote

Sugballs commented on August 06, 2024
The questions are still valid in this exam dumps. Got a 899 mark.
UNITED STATES
upvote

TigerLord commented on July 21, 2024
Great questions
Anonymous
upvote

Raj commented on July 14, 2024
Question are nice
Anonymous
upvote

Vesna commented on June 23, 2024
Nice questions
MACEDONIA THE FORMER YUGOSLAV REPUBLIC OF
upvote

Dr. Nug commented on June 23, 2024
Got 91% in my exam. This site ROCKS. I wish all questions were free... but still worth the $32 for the PDF full version.
UNITED KINGDOM
upvote

falmant commented on June 17, 2024
awesome content
Anonymous
upvote

YNR commented on June 10, 2024
Excellent material for Exam AZ-204
UNITED STATES
upvote

anunymous commented on April 11, 2024
useful .thanks
INDIA
upvote

Shashank commented on February 22, 2024
I passed exams using this dump
UNITED STATES
upvote

Abhishek Narayan commented on January 28, 2024
I am planning to give AZ 204 and need some questions to prepare
Anonymous
upvote

s_123 commented on August 12, 2023
do we need c# coding to be az204 certified
Anonymous
upvote

sachin commented on June 27, 2023
can you share the pdf
Anonymous
upvote

johnson commented on October 24, 2023
i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
GERMANY
upvote

bot commented on July 26, 2023
more comments here
UNITED STATES
upvote

User123 commented on October 08, 2023
good question
UNITED STATES
upvote

VINNY commented on June 02, 2023
very good use full
Anonymous
upvote

Jose commented on August 30, 2023
nice questions
PORTUGAL
upvote

keylly commented on November 28, 2023
im study azure
Anonymous
upvote

Raj commented on May 25, 2023
nice questions
UNITED STATES
upvote

Meghali commented on January 17, 2024
Useful questions listed here, thanks
UNITED STATES
upvote

King J commented on January 09, 2024
These resources proved to be good
UNITED ARAB EMIRATES
upvote

Carlos commented on January 04, 2024
Good questions
Anonymous
upvote

keylly commented on November 28, 2023
i'm study azure
Anonymous
upvote

johnson commented on October 24, 2023
I studied for the Microsoft Azure AZ-204 exam through it has 100% real questions available for practice along with various mock tests. I scored 900/1000.
GERMANY
upvote