Back to assessment | Back to main |
Learning Path 6: AZ-204: Implement user authentication and authorization
Multiple-choice questions
-
Which of the types of permissions supported by the Microsoft identity platform is used by apps that have a signed-in user present?
- A. Delegated permissions
- B. App-only access permissions
- C. Both delegated and app-only access permissions
Show answer
Delegated permissions -
Which of the following app scenarios require code to handle Conditional Access challenges?
- A. Apps performing the device-code flow
- B. Apps performing the on-behalf-of flow
- C. Apps performing the Integrated Windows uthentication flow
Show answer
Apps performing the on-behalf-of flow -
Which of the following MSAL libraries supports single-page web apps?
- A. MSAL Node
- B. MSAL.js
- C. MSAL.NET
Show answer
MSAL.js -
What is the purpose of using PublicClientApplicationBuilder class in MSAL.NET?
- A. It is used to create a new Azure account.
- B. Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms
- C. It is used to add a new API permission to the registered app.
Show answer
Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms -
Which HTTP method below is used to update a resource with new values?
- A. POST
- B. PATCH
- C. PUT
Show answer
PATCH -
Which of the following types of shared access signatures (SAS) applies to Blob storage only?
- A. Account SAS
- B. Service SAS
- C. User delegation SAS
Show answer
User delegation SAS -
Which of the following best practices provides the most flexible and secure way to use a service or account shared access signature (SAS)?
- A. Associate SAS tokens with a stored access policy.
- B. Always use HTTPS
- C. Implement a user delegation SAS
Show answer
Associate SAS tokens with a stored access policy. -
Which of the components of the Microsoft 365 platform is used to deliver data external to Azure into Microsoft Graph services and applications?
- A. Microsoft Graph API
- B. Microsoft Graph connectors
- C. Microsoft Graph Data Connect
Show answer
Microsoft Graph connectors
Open ended questions
-
How is a service principal object created and what does it define?
Show answer
When you register an application in the portal, an application object (the globally unique instance of the app) as well as a service principal object are automatically created in your home tenant. The security principal defines the access policy and permissions for the user/application in the Microsoft Entra tenant. -
The Microsoft identity platform supports two types of permissions: delegated and user permissions. How are they different?
Show answer
Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. The app is delegated with the permission to act as a signed-in user when it makes calls to the target resource. User permissions are used by apps that run without a signed-in user present, for example, apps that runas background services or daemons. Only an administrator can consent to application permissions. -
When would Conditional Access impact an app?
Show answer
In most common cases, Conditional Access does not change an app's behavior or require any changes from the developer. Only in certain cases when an app indirectly or silently requests a token for a service does an app require code changes to handle Conditional Access challenges. It may be as simple as performing an interactive sign-in request.
Back to top | Back to assessment | Back to main |