Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft MS-600

Microsoft MS-600 Exam Practice Questions (P. 2)

  • Full Access (245 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
HOTSPOT -
You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application's identity and the OAuth 2.0 client credentials grant flow.
You register the application and grant permissions. The tenant administrator grants admin consent to the application.
You need to get the access token from Azure Active Directory (Azure AD).
Which URI should you use for the POST request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 Oauth2 client_id client_secret -
The authorization code flow begins with the client directing the user to the /authorize endpoint.

Box 1: token -
Use the authorization code to request an access token.
Now that you've acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource, by sending a POST request to the /token endpoint:

Box 2: authorization_code -
Use the authorization code to request an access token.
Example:
// Line breaks for legibility only
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
...etc.
Note: At a high level, the entire authorization flow for an application looks a bit like this:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

Question #7
You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD).
You need to formulate the response that WebApi1 will return to the client application.
Which HTTP response should you send?
  1. A
    HTTP 307 Temporary Redirect
  2. B
    HTTP 400 Bad Request
  3. C
    HTTP 403 Forbidden
  4. D
    HTTP 412 Precondition Failed

Correct Answer:
D
The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None-Match headers is not fulfilled. In that case, the request, usually an upload or a modification of a resource, cannot be made and this error response is sent back.

MsalUiRequiredException -
The "Ui Required" is proposed as a specialization of MsalServiceException named MsalUiRequiredException. This means you have attempted to use a non- interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because:
✑ you need to sign-in
✑ you need to consent
✑ you need to go through a multi-factor authentication experience.
The remediation is to call AcquireTokenInteractive
try
{
app.AcquireTokenXXX(scopes, account)
.WithYYYY(...)
.ExecuteAsync()
}
catch(MsalUiRequiredException ex)
{
app.AcquireTokenInteractive(scopes)
.WithAccount(account)
.WithClaims(ex.Claims)
.ExcecuteAsync();
}
Incorrect Answers:
A: A 307 Temporary Redirect message is an HTTP response status code indicating that the requested resource has been temporarily moved to another URI , as indicated by the special Location header returned within the response
B: The 400 Bad Request Error is an HTTP response status code that indicates that the server was unable to process the request sent by the client due to invalid syntax.
C: The 403 Forbidden Error happens when the web page (or other resource) that you're trying to open in your web browser is a resource that you're not allowed to access.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/exceptions

Question #8
You have a backend service that will access the Microsoft Graph API. The backend service is hosted on-premises.
You need to configure the service to authenticate by using the most secure authentication method.
What should you configure the service to use?
  1. A
    a certificate
  2. B
    a client secret
  3. C
    a shared key
  4. D
    a hash

Correct Answer:
A
You can authenticate to the Graph API with two primary methods: AppId/Secret and certificate based authentication. Certificate is the preferred and more secure way of authenticating.
Reference:
https://adamtheautomator.com/microsoft-graph-api-powershell/

Question #9
You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from the Microsoft Identity Platform.
You need to ensure that the client application has the information required to complete the authentication.
Which header should you include in the HTTP response sent from WebApi1 to the client application?
  1. A
    Accept
  2. B
    Authorization
  3. C
    WWW-Authenticate
  4. D
    Access-Control-Allow-Credentials

Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/dotnet/api/system.net.http.headers.httpresponseheaders.wwwauthenticate?view=net-5.0

Question #10
HOTSPOT -
You are developing a single-page application (SPA) named App1 that will be used by the public.
Many users of App1 restrict pop-up windows from opening in their browser.
You need to authenticate the users by using the Microsoft identity platform. The solution must meet the following requirements:
✑ Ensure that App1 can read the profile of a user.
✑ Minimize user interaction during authentication.
✑ Prevent App1 from requiring admin consent for any permissions.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-acquire-token?tabs=javascript1

Previous Questions Next Questions

All Pages