Microsoft Microsoft Certifications MS-600 Questions & Answers

• Question 111:

  How can you validate that the JSON notification message is sent from the Microsoft Graph service?

  A. The ClientState must match the value provided when subscribing.

  B. The user_guid must map to a user ID in the Azure AD tenant of the customer.

  C. The tenant ID must match the tenant ID of the customer's Office 365 tenant.

  D. The subscription ID must match the Azure subscription used by ADatum.

  Correct Answer: A

  clientState specifies the value of the clientState property sent by the service in each notification. The maximum length is 128 characters. The client can check that the notification came from the service by comparing the value of the clientState

  property sent with the subscription with the value of the clientState property received with each notification.

  Note: A subscription allows a client app to receive notifications about changes to data in Microsoft Graph.

  Reference: https://docs.microsoft.com/en-us/graph/api/resources/subscription

• Question 112:

  Which URI should you use to query all the emails that relate to an invoice?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 113:

  You need to complete the MSAL.js code for SSO. Which code segment should you insert at line 06?

  A. storeAuthStateInCookie: false

  B. storeAuthStateInCookie: true

  C. cacheLocation: ‘localStorage’

  D. cacheLocation: ‘sessionStorage’

  Correct Answer: C

  Scenario: Implement single sign-on (SSO) and minimize login prompts across browser tabs.

  When your application is open in multiple tabs and you first sign in the user on one tab, the user is also signed in on the other tabs without being prompted. MSAL.js caches the ID token for the user in the browser localStorage and will sign the

  user in to the application on the other open tabs.

  By default, MSAL.js uses sessionStorage which does not allow the session to be shared between tabs. To get SSO between tabs, make sure to set the cacheLocation in MSAL.js to localStorage.

  Reference: https://docs.microsoft.com/bs-latn-ba/Azure/active-directory/develop/msal-js-sso

• Question 114:

  You need to configure the initial login request in the access token JavaScript script. Which code segment should you insert at line 01?

  A. const scopes = ['https://graph.microsoft.com/.default'];

  B. const accessTokenRequest = { };

  C. const scopes = ['https://graph.microsoft.com/Files.Read.All', 'https://graph.microsoft.com/Mail.Send.All'];

  D. const accessTokenRequest = { scopes: ['https://graph.microsoft.com/Files.ReadWrite', 'https://graph.microsoft.com/Mail.Send']

  };

  Correct Answer: D

  Scenario: ADatum identifies the following technical requirements for the planned E-invoicing capabilities:

  Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf. Reference: https://docs.microsoft.com/en-us/graph/permissions-reference

• Question 115:

  HOTSPOT

  You are developing an interactive invoicing application that will be used by end users. The application will have the following features:

  Save invoices generated by a user to the user's Microsoft OneDrive.

  Email daily automated reminders.

  You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.

  Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Microsoft identity platform supports two types of permissions: delegated permissions and application permissions.

  Box 1: Delegated

  Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app is delegated permission to act as the signed-in

  user when making calls to the target resource.

  Box 2: Application

  Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

• Question 116:

  HOTSPOT

  You are developing a single-page application (SPA).

  You plan to access user data from Microsoft Graph by using an AJAX call.

  You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.

  How should you complete the code segment? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: loginPopup

  Box 2: acquireTokenSilent

  The pattern for acquiring tokens for APIs with MSAL.js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a valid token

  exists and returns it. When no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe. This method also allows the library to renew tokens.

  Box 3: acquireTokenPopup

  //AcquireToken Failure, send an interactive request.

  Example:

  userAgentApplication.loginPopup(applicationConfig.graphScopes).then(function (idToken) { //Login Success userAgentApplication.acquireTokenSilent(applicationConfig.graphScopes).then(function (accessToken) {

  //AcquireToken Success

  updateUI();

  }, function (error) {

  //AcquireToken Failure, send an interactive request.

  userAgentApplication.acquireTokenPopup(applicationConfig.graphScopes).then(function (accessToken) {

  updateUI();

  }, function (error) {

  console.log(error);

  });

  })

  }, function (error) {

  console.log(error);

  });

  Reference: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/339

• Question 117:

  HOTSPOT

  You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application's identity and the OAuth 2.0 client credentials grant flow.

  You register the application and grant permissions. The tenant administrator grants admin consent to the application.

  You need to get the access token from Azure Active Directory (Azure AD).

  Which URI should you use for the POST request? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Oauth2 client_id client_secret

  The authorization code flow begins with the client directing the user to the /authorize endpoint.

  Box 1: token

  Use the authorization code to request an access token.

  Now that you've acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource, by sending a POST request to the /token endpoint:

  Box 2: authorization_code

  Use the authorization code to request an access token.

  Example:

  // Line breaks for legibility only

  POST /{tenant}/oauth2/token HTTP/1.1

  Host: https://login.microsoftonline.com

  Content-Type: application/x-www-form-urlencoded

  grant_type=authorization_code

  ...etc.

  Note: At a high level, the entire authorization flow for an application looks a bit like this:

  

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

• Question 118:

  HOTSPOT

  You are developing an Azure function to provision a team in Microsoft Teams.

  You need to create a group named Project A, add a classification of Private to the group, and then convert Project A to a team group.

  How should you complete the REST requests? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: post

  You need to create a group named Project A.

  The following example creates an Office 365 group.

  POST https://graph.microsoft.com/v1.0/groups

  Content-type: application/json

  Content-length: 244

  { "description": "Self help community for library", "displayName": "Library Assist", "groupTypes": [

  "Unified"

  ],

  "mailEnabled": true,

  "mailNickname": "library",

  "securityEnabled": false

  }

  Box 2: PATCH

  Add a classification of Private to the group.

  You can set the classification property in a PATCH request for the group, if do not set it in the initial POST request that creates the group.

  Box 3: put

  Then convert Project A to a team group.

  Syntax: PUT /groups/{id}/team

  References: https://docs.microsoft.com/en-us/graph/api/group-post-groups

  https://docs.microsoft.com/en-us/graph/api/resources/group

  https://docs.microsoft.com/en-us/graph/api/team-put-teams

• Question 119:

  HOTSPOT

  You need to retrieve a list of the last 10 files that the current user opened from Microsoft OneDrive. The response must contain only the file ID and the file name.

  Which URI should you use to retrieve the results? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  "graph.microsoft.com" "drive" onedrive

  Box 1: root

  /root - The root folder for the drive.

  Box 2: $select=id,name

  To specify a different set of properties to return than the default set provided by the Graph, use the $select query option. The $select option allows for choosing a subset or superset of the default set returned. For example, when retrieving

  your messages, you might want to select that only the from and subject properties of messages are returned.

  References: https://docs.microsoft.com/en-us/onedrive/developer/rest-api/concepts/addressing-driveitems

  https://developer.microsoft.com/en-us/graph/docs/overview/query_parameters

• Question 120:

  HOTSPOT

  You receive the following JSON document when you use Microsoft Graph to query the current signed-in user.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes Syntax: GET /me/photo/$value Get the specified profilePhoto or its metadata (profilePhoto properties).

  Example: Get the photo for the signed-in user in the largest available size GET https://graph.microsoft.com/v1.0/me/photo/$value

  Box 2: Yes Syntax: GET /users/{id | userPrincipalName}/photo/$value Get the specified profilePhoto or its metadata (profilePhoto properties).

  Box 3: Yes Syntax: GET /users/{id | userPrincipalName}/photo/$value Get the specified profilePhoto or its metadata (profilePhoto properties).

  Reference: https://docs.microsoft.com/en-us/graph/api/profilephoto-get