View on GitHub

AZ-204 - Training - Developing Solutions for Microsoft Azure

Companion material and resources for the course 'Developing Solutions for Microsoft Azure' delivery by Ricardo Cabral.


Back to assessment Back to main

Learning Path 6: AZ-204: Implement user authentication and authorization

Multiple-choice questions

  1. Which of the types of permissions supported by the Microsoft identity platform is used by apps that have a signed-in user present?

    • A. Delegated permissions
    • B. App-only access permissions
    • C. Both delegated and app-only access permissions


    Show answer Delegated permissions


  2. Which of the following app scenarios require code to handle Conditional Access challenges?

    • A. Apps performing the device-code flow
    • B. Apps performing the on-behalf-of flow
    • C. Apps performing the Integrated Windows uthentication flow


    Show answer Apps performing the on-behalf-of flow


  3. Which of the following MSAL libraries supports single-page web apps?

    • A. MSAL Node
    • B. MSAL.js
    • C. MSAL.NET


    Show answer MSAL.js


  4. What is the purpose of using PublicClientApplicationBuilder class in MSAL.NET?

    • A. It is used to create a new Azure account.
    • B. Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms
    • C. It is used to add a new API permission to the registered app.


    Show answer Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms


  5. Which HTTP method below is used to update a resource with new values?

    • A. POST
    • B. PATCH
    • C. PUT


    Show answer PATCH


  6. Which of the following types of shared access signatures (SAS) applies to Blob storage only?

    • A. Account SAS
    • B. Service SAS
    • C. User delegation SAS


    Show answer User delegation SAS


  7. Which of the following best practices provides the most flexible and secure way to use a service or account shared access signature (SAS)?

    • A. Associate SAS tokens with a stored access policy.
    • B. Always use HTTPS
    • C. Implement a user delegation SAS


    Show answer Associate SAS tokens with a stored access policy.


  8. Which of the components of the Microsoft 365 platform is used to deliver data external to Azure into Microsoft Graph services and applications?

    • A. Microsoft Graph API
    • B. Microsoft Graph connectors
    • C. Microsoft Graph Data Connect


    Show answer Microsoft Graph connectors


Open ended questions

  1. How is a service principal object created and what does it define?


    Show answer When you register an application in the portal, an application object (the globally unique instance of the app) as well as a service principal object are automatically created in your home tenant. The security principal defines the access policy and permissions for the user/application in the Microsoft Entra tenant.


  2. The Microsoft identity platform supports two types of permissions: delegated and user permissions. How are they different?


    Show answer Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. The app is delegated with the permission to act as a signed-in user when it makes calls to the target resource. User permissions are used by apps that run without a signed-in user present, for example, apps that runas background services or daemons. Only an administrator can consent to application permissions.


  3. When would Conditional Access impact an app?


    Show answer In most common cases, Conditional Access does not change an app's behavior or require any changes from the developer. Only in certain cases when an app indirectly or silently requests a token for a service does an app require code changes to handle Conditional Access challenges. It may be as simple as performing an interactive sign-in request.



Back to top Back to assessment Back to main