Skip Navigation Links
 

Microsoft - MS-100: Microsoft 365 Identity and Services

Sample Questions

Question: 444
Measured Skill: Manage Access and Authentication (20-25%)

You are developing a single-page application (SPA) that authenticates users by using MSAL.js.

The SPA must meet the following requirements:
  • Only allow access to the users in an organization named contoso.onmicrosoft.com.
  • Support single sign-on (SSO) across tabs and user sessions.
How should you complete the code for the SPA?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: "https://login.microsoftonline.com/consumers/",
P2: "localStorage"
B P1: "https://login.microsoftonline.com/consumers/",
P2: "sessionStorage"
C P1: "https://login.microsoftonline.com/organizations/",
P2: "localStorage"
D P1: "https://login.microsoftonline.com/organizations/",
P2: "sessionStorage"
E P1: "https://login.microsoftonline.com/contoso.onmicrosoft.com/",
P2: "localStorage"
F P1: "https://login.microsoftonline.com/contoso.onmicrosoft.com/",
P2: "sessionStorage"

Correct answer: E

Explanation:

When a user has your application open in several tabs and signs in on one of them, they can be signed into the same app open on the other tabs without being prompted. To do so, you'll need to set the cacheLocation in MSAL.js configuration object to localStorage. 

The authority for authentication of a single tenant application is specified in the form https://login.microsoftonline.com/<tenant-id>.

References:

Single sign-on with MSAL.js

Tutorial: Sign in users and call the Microsoft Graph API from a JavaScript single-page application (SPA)



Question: 445
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have an app that uses the Microsoft Graph API. The app will perform the following actions m sequence:
  • Update a user's city to Redmond.
  • Retrieve the current user s profile.
You need to implement batching for the app.

Which HTTP methods should you use in the batch request?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: GET
P2: GET
P3: POST
B P1: GET
P2: PATCH
P3: GET
C P1: DELETE
P2: POST
P3: GET
D P1: PATCH
P2: POST
P3: GET
E P1: POST
P2: PATCH
P3: GET
F P1: POST
P2: DELETE
P3: PATCH

Correct answer: E

Explanation:

To read from or write to a resource such as a user or an email message, you construct a request that looks like the following:

{HTTP method} https://graph.microsoft.com/{version}/{resource}?{query-parameters}

The components of a request include:

  • {HTTP method} - The HTTP method used on the request to Microsoft Graph.
  • {version} - The version of the Microsoft Graph API your application is using.
  • {resource} - The resource in Microsoft Graph that you're referencing.
  • {query-parameters} - Optional OData query options or REST method parameters that customize the response.

After you make a request, a response is returned that includes:

  • Status code - An HTTP status code that indicates success or failure.
  • Response message - The data that you requested or the result of the operation. The response message can be empty for some operations.
  • @odata.nextLink - If your request returns a lot of data, you need to page through it by using the URL returned in @odata.nextLink

Microsoft Graph uses the HTTP method on your request to determine what your request is doing. The API supports the following methods.

  • GET - Read data from a resource.
  • POST - Create a new resource, or perform an action.
  • PATCH - Update a resource with new values.
  • PUT - Replace a resource with a new one.
  • DELETE - Remove a resource.

For the CRUD methods GET and DELETE, no request body is required.

The POSTPATCH, and PUT methods require a request body, usually specified in JSON format, that contains additional information, such as the values for properties of the resource.

References:

Use the Microsoft Graph API

First JSON batch request



Question: 446
Measured Skill: Manage Access and Authentication (20-25%)

You are securing a web API by using the Microsoft identity Platform. The web API must meet the following requirements:
  • Authenticated Azure Active Directory (Azure AD) users must be able to retrieve user information from Azure AD.
  • Authenticated Azure AD users must be able to manage Microsoft 365 groups.
You need to grant permissions for the web API. The solution must use the principle of least privilege.

What should you grant?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: Directory.AccessAsUser.All
P2: User.Read.All
B P1: Group.Create
P2: User.Read.All
C P1: Group.Create
P2: UserReadWrite.All
D P1: Group.Read
P2: User.Read
E P1: Group.ReadWrite.All
P2: User.ReadBasic.All
F P1: Group.ReadWrite.All
P2: UserReadWrite.All

Correct answer: E

Explanation:

For your app to access data in Microsoft Graph, the user or administrator must grant it the correct permissions via a consent process.

The following exhibit shows the correct permissions matching the descriptions:

References:

Authorization and the Microsoft Graph Security API

Microsoft Graph permissions reference



Question: 447
Measured Skill: Manage Access and Authentication (20-25%)

You are developing a single-page application (SPA) named App1 that will be used by the public.

Many users of App1 restrict pop-up windows from opening in their browser.

You need to authenticate the users by using the Microsoft identity platform. The solution must meet the following requirements:
  • Ensure that App1 can read the profile of a user.
  • Minimize user interaction during authentication.
  • Prevent App1 from requiring admin consent for any permissions.
How should you complete the code?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AP1: scopes: ["people.read"],
P2: acquireTokenRedirect
P3: acquireTokenSilen
B P1: scopes: ["user.read"],
P2: acquireTokenRedirect
P3: acquireTokenPopup
C P1: scopes: ["user.read"],
P2: acquireTokenSilent
P3: acquireTokenRedirect
D P1: scopes: ["people.read.all"],
P2: acquireTokenSilent
P3: acquireTokenPopup
E P1: scopes: ["user.read.all"],
P2: acquireTokenPopup
P3: acquireTokenRedirect
F P1: scopes: ["people.read"],
P2: acquireTokenPopup
P3: acquireTokenSilen

Correct answer: C

Explanation:

If no constraint is specified the app is limited to performing the operations on the resources owned by the signed-in user. For example, User.Read grants privileges to read the profile of the signed-in user only, and Mail.Read grants permission to read only mail in the mailbox of the signed-in user.

The All constraint grants permission for the app to perform the operations on all of the resources of the specified type in a directory. For example, User.Read.All potentially grants the app privileges to read the profiles of all of the users in a directory.

The pattern for acquiring tokens for APIs with MSAL.js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a valid token exists and returns it. When no valid token is in the cache, it attempts to use its refresh token to get the token. If the refresh token's 24-hour lifetime has expired, MSAL.js will open a hidden iframe to silently request a new authorization code, which it will exchange for a new, valid refresh token. For more information about single sign-on (SSO) session and token lifetime values in Azure Active Directory (Azure AD).

The silent token requests to Azure AD might fail for reasons like a password change or updated conditional access policies. More often, failures are due to the refresh token's 24-hour lifetime expiring and the browser blocking third party cookies, which prevents the use of hidden iframes to continue authenticating the user. In these cases, you should invoke one of the interactive methods (which may prompt the user) to acquire tokens:

  • Pop-up window, by using acquireTokenPopup
  • Redirect, by using acquireTokenRedirect

References:

Microsoft Graph permissions reference

Single-page application: Acquire a token to call an API

Authorization and the Microsoft Graph Security API



Question: 448
Measured Skill: Plan Office 365 Workloads and Applications (10-15%)

You have a Microsoft 365 tenant that contains a Microsoft SharePoint Online site named Projects.

You need to get a list of documents in the Documents library by using the Microsoft Graph API.

How should you complete the query?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

Ahttps://graph.microsoft.com/v1.0/sites/{siteId}/sites{siteId}/items
B https://graph.microsoft.com/v1.0/sites/{siteId}/lists/Documents/items
C https://graph.microsoft.com/v1.0/drives/Documents/sites/Projects/Documents
D https://graph.microsoft.com/v1.0/my/sites/Documents/sites/{siteId}/Documents
E https://graph.microsoft.com/v1.0/my/sites/Documents/sites/Projects/Documents
F https://graph.microsoft.com/v1.0/files/{siteId}/Projects/lists/Documents/items

Correct answer: B

Explanation:

The SharePoint API in Microsoft Graph supports the following core scenarios:

  • Access to SharePoint sites, lists, and drives (document libraries)
  • Read-only support for site resources (no ability to create new sites)
  • Read-write support for lists, listItems, and driveItems
  • Address resources by SharePoint ID, URL, or relative path

The SharePoint API exposes three major resource types:

  • Site (top-level object)
  • List
  • ListItem

To enumerate items in a list such as a document library, you would use the following format:

GET https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
GET https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items?expand=fields
GET https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items?expand=fields(select=Column1,Column2)

References:

Working with SharePoint sites in Microsoft Graph

Enumerate items in a list





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com