CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-600

Free MS-600 Exam Braindumps (page: 3)

Page 3 of 26
PDF with 247 Questions

HOTSPOT
You are developing an interactive invoicing application that will be used by end users. The application will have the following features:
·Save invoices generated by a user to the user's Microsoft OneDrive.
·Email daily automated reminders.
You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.
Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Exhibit A:



Exhibit B:

  1. Please refer to Exhibit B for answer.

Answer(s): A

Explanation:

Microsoft identity platform supports two types of permissions: delegated permissions and application permissions.
Box 1: Delegated
·Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app is delegated permission to act as the signed-in user when making calls to the target resource.
Box 2: Application
·Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent



You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user? Which type of authorization flow should you use?

  1. authorization code
  2. refresh token
  3. resource owner password
  4. device code

Answer(s): A

Explanation:

In web server apps, the sign-in authentication flow takes these high-level steps:



You can ensure the user's identity by validating the ID token with a public signing key that is received from the Microsoft identity platform endpoint. A session cookie is set, which can be used to identify the user on subsequent page requests.
In addition to simple sign-in, a web server app might need to access another web service, such as a REST API. In this case, the web server app engages in a combined OpenID Connect and OAuth 2.0 flow, by using the OAuth 2.0 authorization code flow.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types



You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService.
The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. (Click the TodoListSPA tab.)



The permissions for the TodoListService API are configured as shown in the TodoListService exhibit.
(Click the TodoListService tab.)



You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege.
Which permission should to grant?

  1. the Sites.Read.All delegated permission for TodoListService
  2. the Sites.Read.All delegated permission for TodoListSpa
  3. the Sites.Read.All application permission for TodoListSPA
  4. the Sites.Read.All application permission for TodoListService

Answer(s): A

Explanation:

A client application gains access to a resource server by declaring permission requests. Two types are available:
"Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as "scp" claims in the client's access token.
"Application" permissions, which specify role-based access using the client application's credentials/identity, are presented to the resource at run-time as "roles" claims in the client's access token.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-glossary#permissions



You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.
Which two values does the app require to obtain tokens from the Azure Active Directory (Azure AD) authorization endpoint? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. the tenant ID
  2. the context token
  3. the application ID
  4. the application secret
  5. the authorization code

Answer(s): C,E

Explanation:

C: The required client_id is the Application (client) ID that the Azure portal ­ App registrations experience assigned to your app.
E: The authorization code flow begins with the client directing the user to the /authorize endpoint.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow



Page 3 of 26



Post your Comments and Discuss Microsoft MS-600 exam with other Community members:

Vivik commented on June 08, 2021
This exam is very hard. Study these questions from the this exam dumsp well. I would not have apssed without these exam dumps questions.
INDIA
upvote

Rajesh commented on August 19, 2020
I thought due to low price the quality would be bad. But I was wrong. The PDF questions are well formatted and the Free Xengine Engine Simulator Test Engine is really Free.
UNITED STATES
upvote