Microsoft MS-600 Exam Practice Questions (P. 5)
- Full Access (245 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #21
DRAG DROP -
You are building an API that will return a user's documents from a Microsoft SharePoint Online site.
You need to ensure that the API can use the Microsoft Authentication Library (MSAL) to access the SharePoint site. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select.
Select and Place:
You are building an API that will return a user's documents from a Microsoft SharePoint Online site.
You need to ensure that the API can use the Microsoft Authentication Library (MSAL) to access the SharePoint site. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Correct Answer:
Step 1: From Azure Active Directory admin center, register an app and create a client secret
Register your application in Azure AD. Service-to-service calls require that your application use an X.509 certificate to create client assertion in the form of a base64-encoded, SHA256 signed JWT bearer token.
Generate a new key for your application. Keys, also known as client secrets, are used when exchanging an authorization code for an access token.
Step 2: From the Azure Active Directory admin center, grant the Sites.Read.All delegated permission to the app.
Delegated Permissions. Enables your client app to perform operations on behalf of the signed-in user, such as reading email or modifying the user's profile.
Incorrect Answers:
✑ Application Permissions. Permissions that enable the client app to authenticate as itself without user interaction or consent, such as an app used by background services or daemon apps.
Step 3: From the API code, configure the MSAL.
When have registered your app in Azure AD and configured it with the necessary permissions, you're ready to build your app.
Reference:
https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis
Step 1: From Azure Active Directory admin center, register an app and create a client secret
Register your application in Azure AD. Service-to-service calls require that your application use an X.509 certificate to create client assertion in the form of a base64-encoded, SHA256 signed JWT bearer token.
Generate a new key for your application. Keys, also known as client secrets, are used when exchanging an authorization code for an access token.
Step 2: From the Azure Active Directory admin center, grant the Sites.Read.All delegated permission to the app.
Delegated Permissions. Enables your client app to perform operations on behalf of the signed-in user, such as reading email or modifying the user's profile.
Incorrect Answers:
✑ Application Permissions. Permissions that enable the client app to authenticate as itself without user interaction or consent, such as an app used by background services or daemon apps.
Step 3: From the API code, configure the MSAL.
When have registered your app in Azure AD and configured it with the necessary permissions, you're ready to build your app.
Reference:
https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis
Question #23
HOTSPOT -
You are building a web app that will display the Microsoft Exchange Online Inbox of a user. The app will maintain a copy of the user's Inbox data and regularly check for updates.
You need to configure the Microsoft Graph URI for the app. The solution must minimize network traffic.
How should you complete the request URI? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
You are building a web app that will display the Microsoft Exchange Online Inbox of a user. The app will maintain a copy of the user's Inbox data and regularly check for updates.
You need to configure the Microsoft Graph URI for the app. The solution must minimize network traffic.
How should you complete the request URI? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: https://graph.microsoft.com/
For Microsoft Graph, apps specify permissions prefixed with https://graph.microsoft.com/. For example, an app can request the Mail.Read permission by including
Box 2: v1.0/me/mailfolders/inbox/messages/delta
API versions -
The Microsoft Graph API offers two versions: v1.0 and beta, while Outlook offers v1.0, v2.0, and beta. Microsoft Graph v1.0 matches Outlook v2.0, and Microsoft
Graph beta matches Outlook beta.
Microsoft Graph -
First, the app has the user sign in to authorize the application. Because the app uses the Microsoft Graph scope Mail.Read, the authorization URL looks like the following: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=openid+Mail.Read&response_type=code&client_id=<SOME
GUID>&redirect_uri=<REDIRECT URL>
Once the app has an access token, it sends the following request: https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messages?$top=1&$select=subject,from,receivedDateTime,isRead
Accept: application/json -
Authorization: Bearer <token>
delta - tracking changes (synchronization)
Both endpoints support querying collections for changes relative to a synchronization state. While the functionality is the same, the methods are slightly different.
On the Microsoft Graph endpoint, changes are queried by using delta queries. This is implemented as a delta function on the collection.
Reference:
https://docs.microsoft.com/en-us/outlook/rest/compare-graph
Box 1: https://graph.microsoft.com/
For Microsoft Graph, apps specify permissions prefixed with https://graph.microsoft.com/. For example, an app can request the Mail.Read permission by including
Box 2: v1.0/me/mailfolders/inbox/messages/delta
API versions -
The Microsoft Graph API offers two versions: v1.0 and beta, while Outlook offers v1.0, v2.0, and beta. Microsoft Graph v1.0 matches Outlook v2.0, and Microsoft
Graph beta matches Outlook beta.
Microsoft Graph -
First, the app has the user sign in to authorize the application. Because the app uses the Microsoft Graph scope Mail.Read, the authorization URL looks like the following: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?scope=openid+Mail.Read&response_type=code&client_id=<SOME
GUID>&redirect_uri=<REDIRECT URL>
Once the app has an access token, it sends the following request: https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messages?$top=1&$select=subject,from,receivedDateTime,isRead
Accept: application/json -
Authorization: Bearer <token>
delta - tracking changes (synchronization)
Both endpoints support querying collections for changes relative to a synchronization state. While the functionality is the same, the methods are slightly different.
On the Microsoft Graph endpoint, changes are queried by using delta queries. This is implemented as a delta function on the collection.
Reference:
https://docs.microsoft.com/en-us/outlook/rest/compare-graph
Question #24
You plan to develop a client-side JavaScript web app that will be registered to the Microsoft identity platform and use Microsoft Authentication Library (MSAL) v2.0.
Which type of authorization flow should you use?
Which type of authorization flow should you use?
- Aclient credentials grant
- Bdevice code
- Cresource owner password credentials grant
- Dauthorization code grant
Correct Answer:
D
Authorization code - User sign-in and access to web APIs on behalf of the user.
Supported application types:
* Desktop
* Mobile
* Single-page app (SPA) (requires PKCE)
* Web
Incorrect:
The other authentication flows do not support Single-page apps (SPAs).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
D
Authorization code - User sign-in and access to web APIs on behalf of the user.
Supported application types:
* Desktop
* Mobile
* Single-page app (SPA) (requires PKCE)
* Web
Incorrect:
The other authentication flows do not support Single-page apps (SPAs).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
All Pages