Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

MS-600Free trial

By microsoft

Verified

25Q per page

Question 1

HOTSPOT -
You are developing an interactive invoicing application that will be used by end users. The application will have the following features:
✑ Save invoices generated by a user to the user's OneDrive for Business.
✑ Email daily automated reminders.
You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.
Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 2

HOTSPOT -
You are developing a single-page application (SPA) named App1 that will be used by the public.
Many users of App1 restrict pop-up windows from opening in their browser.
You need to authenticate the users by using the Microsoft identity platform. The solution must meet the following requirements:
✑ Ensure that App1 can read the profile of a user.
✑ Minimize user interaction during authentication.
✑ Prevent App1 from requiring admin consent for any permissions.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 3

HOTSPOT -
You are building a single-page application (SPA) that will have the following parameters:
✑ App Id: DBA22F72-642A-4C44-AA2C-FAA0DA5A471B
✑ Tenant Id: DC045C4D-5881-43C7-97AB-3C5A1ADB8DBC
✑ AppName: Contoso.Spa
You have a line-of-business API for invoicing that is secured by using the Microsoft identity platform. The API has the following parameters:
✑ App Id: 879A43D7-1794-47A0-AB2B-440B63FEC248
✑ Tenant Id: DC045C4D-5881-43C7-97AB-3C5A1ADB8DBC
✑ AppName: Contoso.Invoicing
Contoso.Invoicing declares the following custom scopes:
✑ Invoices.Read
✑ Invoices.ReadWrite
Contoso.Spa needs to call Contoso.Invoicing to create new invoices.
Which code should you use in Contoso.Spa to obtain an access token for Contoso.Invoicing? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 4

You need to develop a SharePoint Framework (SPFx) solution that interacts with Microsoft SharePoint and also Microsoft Teams. The solution must share the same code base.
What should you do?

A: Make the code aware of the Teams context and the SharePoint context.
B: Include the Microsoft Authentication Library for .NET (MSAL.NET) in the solution.
C: Grant admin consent to the Teams API.
D: Publish the solution to an Azure App Service.

—

Question 5

DRAG DROP -
You have an app named App1 that provisions security groups daily by using the Microsoft identity platform and the Microsoft Graph API. App1 runs as a scheduled task.
You need to register App1 in the Microsoft identity platform.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

—

Question 6

You are developing an Azure web app that will enable users to view a consolidated view of multiple users' tasks based on data in Microsoft Planner and Outlook.
The app will use the Microsoft identity platform and a certificate to establish an authorization flow between the app and Microsoft 365.
You obtain a certificate and you create an Azure Active Directory (Azure AD) application.
You need to set up authorization for the application.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A: From the Azure portal, upload a certificate public key for the Azure AD application.
B: Add the application permissions to the Azure AD application.
C: Modify the code of the web app to use the certificate to obtain an access token for Microsoft Graph.
D: Create a secret in the Azure AD application.
E: Add the required delegated permissions to the Azure AD application.

—

Question 7

HOTSPOT -
You have an app that queries Azure Active Directory (Azure AD) by using the Microsoft Graph API.
You need to minimize the number of times users are prompted for their credentials.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 8

You have an application named App1 that is used to administer an Azure Active Directory (Azure AD) tenant.
When administrators install App1, they are prompted for admin consent.
Which application permission can cause the administrators to be prompted for consent?

A: RoleManagement.ReadWrite.Directory
B: Calendars.ReadWrite
C: Device.Read
D: Calendars.ReadWrite.Shared

—

Question 9

HOTSPOT -
You are developing a single-page application (SPA) that authenticates users by using MSAL.js. The SPA must meet the following requirements:
✑ Only allow access to the users in an organization named contoso.onmicrosoft.com.
✑ Support single sign-on (SSO) across tabs and user sessions.
How should you complete the code for the SPA? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 10

You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.
Which type of authorization flow should you use?

A: authorization code
B: refresh token
C: resource owner password
D: device code

—

Question 11

DRAG DROP -
You are building an API that will return a user's documents from a Microsoft SharePoint Online site.
You need to ensure that the API can use the Microsoft Authentication Library (MSAL) to access the SharePoint site. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choice is correct. You will receive credit for any of the correct orders you select.
Select and Place:

—

Question 12

You use Microsoft identity platform to store user identities.
The user profile information is inconsistently populated.
You need to develop a web app that will provide users with a page where they can enter their interests, skills, and description. When the users click the submit button, the app will use Microsoft Graph to send only changed data to Microsoft identity platform.
Which HTTP method should you use against the Microsoft Graph endpoint?

A: PATCH
B: POST
C: GET
D: PUT

—

Question 13

HOTSPOT -
You are building a web app that will display the Microsoft Exchange Online Inbox of a user. The app will maintain a copy of the user's Inbox data and regularly check for updates.
You need to configure the Microsoft Graph URI for the app. The solution must minimize network traffic.
How should you complete the request URI? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 14

You plan to develop a client-side JavaScript web app that will be registered to the Microsoft identity platform and use Microsoft Authentication Library (MSAL) v2.0.
Which type of authorization flow should you use?

A: client credentials grant
B: device code
C: resource owner password credentials grant
D: authorization code grant

—

Question 15

You are building an app that will use the Microsoft Graph API and the Microsoft identity platform to enable users to perform the following tasks:
✑ Sign in to Azure Active Directory (Azure AD).
✑ View all the Microsoft 365 groups that they own.
Each week, the app will also email the users a list of the Microsoft 365 groups to which they belong.
You need to identify which permissions to assign to the app. The solution must use the principle of least privilege.
What should you identify?

A: User.Read delegated, Group.Read delegated, Group.Read application, and Mail.Send application permissions
B: User.Read delegated, Group.Read application, and Mail.Send delegated permissions
C: User.Read delegated, User.Read application, Group.Read application, and Mail.Send application permissions
D: User.Read delegated, Group.Read delegated, and Mail.Send delegated permissions

—

Question 16

HOTSPOT -
You have a multitenant app named App1.
You need to ensure that App1 supports token acquisition when a user accesses the app by using a web browser that has a popup blocker extension enabled.
How should you complete the Microsoft Authentication Library (MSAL) for JavaScript v2.0 code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 17

You have a web app that uses the Microsoft Identity Platform.

You extend the application manifest to implement the following role-based access control (RBAC).

When you attempt to save the manifest, you receive a validation error.

Which key value pair should you modify to resolve the error?

A: isEnabled
B: appId
C: allowedMemberTypes
D: id

—

Question 18

You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService.
The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. (Click the TodoListSPA tab.)

The permissions for the TodoListService API are configured as shown in the TodoListService exhibit. (Click the TodoListService tab.)

You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege.
Which permission should to grant?

A: the Sites.Read.All delegated permission for TodoListService
B: the Sites.Read.All delegated permission for TodoListSpa
C: the Sites.Read.All application permission for TodoListSPA
D: the Sites.Read.All application permission for TodoListService

—

Question 19

You have a conversational bot that retrieves files from the Microsoft OneDrive of users.

You are adding functionality to the bot to enable the bot to retrieve files from other cloud storage providers.

What should you configure to ensure that the bot can access the other cloud storage providers on behalf of the users?

A: Modify the API permissions of the Azure AD application.
B: Add OAuth Connection Settings to the Bot Channels Registration.
C: Generate a new client certificate for the Azure AD application.
D: Add a new site to the channels of the Bot Channels Registration.

—

Question 20

You are building a custom API.

Client applications will use access tokens to authenticate to the API.

You need to validate the integrity of the tokens.

Which three elements should you verify? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A: the iat claim
B: the aud claim
C: the tid claim
D: the JSON Web Token (JWT) signature
E: the exp claim

—

Question 21

You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.
Which two values does the single-tenant app require to obtain tokens from the token endpoint for the Microsoft identity platform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A: the tenant ID
B: the context token
C: the application ID
D: the application secret
E: the authorization code

—

Question 22

HOTSPOT -
You are developing a single-page application (SPA).
You plan to access user data from Microsoft Graph by using an AJAX call.
You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 23

HOTSPOT -
You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application's identity and the OAuth 2.0 client credentials grant flow.
You register the application and grant permissions. The tenant administrator grants admin consent to the application.
You need to get the access token from Azure Active Directory (Azure AD).
Which URI should you use for the POST request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 24

You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD).
You need to formulate the response that WebApi1 will return to the client application.
Which HTTP response should you send?

A: HTTP 307 Temporary Redirect
B: HTTP 400 Bad Request
C: HTTP 403 Forbidden
D: HTTP 412 Precondition Failed

—

Question 25

You have a backend service that will access the Microsoft Graph API. The backend service is hosted on-premises.
You need to configure the service to authenticate by using the most secure authentication method.
What should you configure the service to use?

A: a certificate
B: a client secret
C: a shared key
D: a hash

—

Page 1 of 5 • Questions 1-25 of 125

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!