CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MS-600

Free MS-600 Exam Braindumps (page: 4)

Page 4 of 26
PDF with 247 Questions

HOTSPOT
You are developing a single-page application (SPA).
You plan to access user data from Microsoft Graph by using an AJAX call. You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Exhibit A:



Exhibit B:

  1. Please refer to Exhibit B for answer.

Answer(s): A

Explanation:

Box 1: loginPopup
Box 2: acquireTokenSilent
The pattern for acquiring tokens for APIs with MSAL.js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a valid token exists and returns it. When no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe. This method also allows the library to renew tokens.
Box 3: acquireTokenPopup
//AcquireToken Failure, send an interactive request.
Example:
userAgentApplication.loginPopup(applicationConfig.graphScopes).then(function (idToken) { //Login Success
userAgentApplication.acquireTokenSilent(applicationConfig.graphScopes).then(function (accessToken) {
//AcquireToken Success
updateUI();
}, function (error) {
//AcquireToken Failure, send an interactive request.
userAgentApplication.acquireTokenPopup(applicationConfig.graphScopes).then(function (accessToken) {
updateUI();
}, function (error) {
console.log(error);
});
})
}, function (error) {
console.log(error);
});


Reference:

https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/339



HOTSPOT
You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application's identity and the OAuth 2.0 client credentials grant flow.
You register the application and grant permissions. The tenant administrator grants admin consent to the application.
You need to get the access token from Azure Active Directory (Azure AD). Which URI should you use for the POST request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Exhibit A:


Exhibit B:

  1. Please refer to Exhibit B for answer.

Answer(s): A

Explanation:

Oauth2 client_id client_secret
The authorization code flow begins with the client directing the user to the /authorize endpoint.
Box 1: token
Use the authorization code to request an access token. Now that you've acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource, by sending a POST request to the /token endpoint:
Box 2: authorization_code
Use the authorization code to request an access token.
Example:
// Line breaks for legibility only
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
...etc.
Note: At a high level, the entire authorization flow for an application looks a bit like this:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code



You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException
exception from Azure Active Directory (Azure AD).
You need to formulate the response that WebApi1 will return to the client application.
Which HTTP response should you send?

  1. HTTP 307 Temporary Redirect
  2. HTTP 400 Bad Request
  3. HTTP 403 Forbidden
  4. HTTP 412 Precondition Failed

Answer(s): D

Explanation:

The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None- Match headers is not fulfilled. In that case, the request, usually an upload or a modification of a
resource, cannot be made and this error response is sent back.
MsalUiRequiredException
The "Ui Required" is proposed as a specialization of MsalServiceException named MsalUiRequiredException. This means you have attempted to use a non-interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because:
·you need to sign-in
·you need to consent
·you need to go through a multi-factor authentication experience.
The remediation is to call AcquireTokenInteractive
try
{
app.AcquireTokenXXX(scopes, account)
.WithYYYY(...)
.ExecuteAsync()
}
catch(MsalUiRequiredException ex)
{
app.AcquireTokenInteractive(scopes)
.WithAccount(account)
.WithClaims(ex.Claims)
.ExcecuteAsync();
}
Incorrect Answers:
A: A 307 Temporary Redirect message is an HTTP response status code indicating that the requested resource has been temporarily moved to another URI , as indicated by the special Location header returned within the response
B: The 400 Bad Request Error is an HTTP response status code that indicates that the server was unable to process the request sent by the client due to invalid syntax.
C: The 403 Forbidden Error happens when the web page (or other resource) that you're trying to open in your web browser is a resource that you're not allowed to access.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling- exceptions
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/exceptions



You have a backend service that will access the Microsoft Graph API. You need to configure the service to authenticate by using the most secure authentication method.
What should you configure the service to use?

  1. a certificate
  2. a client secret
  3. a shared key
  4. a hash

Answer(s): A

Explanation:

You can authenticate to the Graph API with two primary methods: AppId/Secret and certificate based authentication. Certificate is the preferred and more secure way of authenticating.


Reference:

https://adamtheautomator.com/microsoft-graph-api-powershell/



Page 4 of 26



Post your Comments and Discuss Microsoft MS-600 exam with other Community members:

Vivik commented on June 08, 2021
This exam is very hard. Study these questions from the this exam dumsp well. I would not have apssed without these exam dumps questions.
INDIA
upvote

Rajesh commented on August 19, 2020
I thought due to low price the quality would be bad. But I was wrong. The PDF questions are well formatted and the Free Xengine Engine Simulator Test Engine is really Free.
UNITED STATES
upvote