Free Download MS-600 Examp Dump: Building Applications and Solutions with Microsoft 365 Core Services.CertDumps.MS-600.v21-101.2022-07-20.1e.134q.vcex

Question 1

Case Study 1 - ADatum
Overview
ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.
Existing Environment
Application Architecture
E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.
Security Architecture
ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.
Requirements
Business Goals
ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.
Planned Changes
ADatum plans to add the following capabilities to E-invoicing:
Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
Perform as many operations as possible in the browser without having to leave the E-invoicing application.
Use Azure AD to manage identities, authentication, and authorization.
Display all emails that contain a specific invoiceid.

Technical Requirements
ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
Implement single sign-on (SSO) and minimize login prompts across browser tabs.
Secure access to the backend web service by using Azure AD.
Ensure that all solutions use secure coding practices.
Backend Security Planned Changes
ADatum wants to use custom application roles to map user functionality to permissions granted to users.
E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
SSO JavaScript Script
You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script
You have the following JavaScript code to obtain an access token.

Change Notification JSON
You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

You need to configure the initial login request in the access token JavaScript script.
Which code segment should you insert at line 01?

A: const scopes = ['https://graph.microsoft.com/.default'];
B: const accessTokenRequest = {};
C: const scopes = ['https://graph.microsoft.com/Files.Read.All','https://graph.microsoft.com/Mail.Send.All'];
D: const accessTokenRequest = {scopes: ['https://graph.microsoft.com/Files.ReadWrite',
'https://graph.microsoft.com/Mail.Send']
};

Correct Answer: D

Scenario: ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Reference: https://docs.microsoft.com/en-us/graph/permissions-reference

Question 2

Case Study 1 - ADatum
Overview
ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.
Existing Environment
Application Architecture
E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.
Security Architecture
ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.
Requirements
Business Goals
ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.
Planned Changes
ADatum plans to add the following capabilities to E-invoicing:
Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
Perform as many operations as possible in the browser without having to leave the E-invoicing application.
Use Azure AD to manage identities, authentication, and authorization.
Display all emails that contain a specific invoiceid.

Technical Requirements
ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
Implement single sign-on (SSO) and minimize login prompts across browser tabs.
Secure access to the backend web service by using Azure AD.
Ensure that all solutions use secure coding practices.
Backend Security Planned Changes
ADatum wants to use custom application roles to map user functionality to permissions granted to users.
E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
SSO JavaScript Script
You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script
You have the following JavaScript code to obtain an access token.

Change Notification JSON
You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

You need to complete the MSAL.js code for SSO.
Which code segment should you insert at line 06?

A: storeAuthStateInCookie: false
B: storeAuthStateInCookie: true
C: cacheLocation: `localStorage'
D: cacheLocation: `sessionStorage'

Correct Answer: C

Scenario: Implement single sign-on (SSO) and minimize login prompts across browser tabs.
When your application is open in multiple tabs and you first sign in the user on one tab, the user is also signed in on the other tabs without being prompted. MSAL.js caches the ID token for the user in the browser localStorage and will sign the user in to the application on the other open tabs.
By default, MSAL.js uses sessionStorage which does not allow the session to be shared between tabs. To get SSO between tabs, make sure to set the cacheLocation in MSAL.js to localStorage.
Reference: https://docs.microsoft.com/bs-latn-ba/Azure/active-directory/develop/msal-js-sso

Question 3

Case Study 1 - ADatum
Overview
ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.
Existing Environment
Application Architecture
E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.
Security Architecture
ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.
Requirements
Business Goals
ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.
Planned Changes
ADatum plans to add the following capabilities to E-invoicing:
Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
Perform as many operations as possible in the browser without having to leave the E-invoicing application.
Use Azure AD to manage identities, authentication, and authorization.
Display all emails that contain a specific invoiceid.

Technical Requirements
ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
Implement single sign-on (SSO) and minimize login prompts across browser tabs.
Secure access to the backend web service by using Azure AD.
Ensure that all solutions use secure coding practices.
Backend Security Planned Changes
ADatum wants to use custom application roles to map user functionality to permissions granted to users.
E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
SSO JavaScript Script
You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script
You have the following JavaScript code to obtain an access token.

Change Notification JSON
You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

How can you validate that the JSON notification message is sent from the Microsoft Graph service?

A: The ClientState must match the value provided when subscribing.
B: The user_guid must map to a user ID in the Azure AD tenant of the customer.
C: The tenant ID must match the tenant ID of the customer's Office 365 tenant.
D: The subscription ID must match the Azure subscription used by ADatum.

Correct Answer: A

clientState specifies the value of the clientState property sent by the service in each notification. The maximum length is 128 characters. The client can check that the notification came from the service by comparing the value of the clientState property sent with the subscription with the value of the clientState property received with each notification.
Note: A subscription allows a client app to receive notifications about changes to data in Microsoft Graph.
Reference: https://docs.microsoft.com/en-us/graph/api/resources/subscription

Question 4

Case Study 1 - ADatum
Overview
ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.
Existing Environment
Application Architecture
E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.
Security Architecture
ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.
Requirements
Business Goals
ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.
Planned Changes
ADatum plans to add the following capabilities to E-invoicing:
Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
Perform as many operations as possible in the browser without having to leave the E-invoicing application.
Use Azure AD to manage identities, authentication, and authorization.
Display all emails that contain a specific invoiceid.

Technical Requirements
ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
Implement single sign-on (SSO) and minimize login prompts across browser tabs.
Secure access to the backend web service by using Azure AD.
Ensure that all solutions use secure coding practices.
Backend Security Planned Changes
ADatum wants to use custom application roles to map user functionality to permissions granted to users.
E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
SSO JavaScript Script
You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script
You have the following JavaScript code to obtain an access token.

Change Notification JSON
You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

You need to protect the backend web service to meet the technical requirements.
Which four actions should you perform in sequence? To answer, move the actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer: Exam simulator is required

Here is a quick overview of the steps:
Step 1: Register an application in Azure AD for the backend web service Register an application (backend-app) in Azure AD to represent the API.
Step 2: Set the App ID URI for the backend service application registration When the application is created (step 1) select Expose an API and click on Save and continue to create an Application ID URI.
Step 3: Defend the scopes in the backend web service application registration In the Add a scope page, create a new scope supported by the API. (e.g., Read) then click on Add scope to create the scope. Repeat this step to add all scopes supported by your API.
Step 4: Register an application in Azure AD for E-invoicing. Step 4.1 Register another application in Azure AD to represent a client application Step 4.2 Now that you have registered two applications to represent the API and the Developer Console, you need to grant permissions to allow the client-app to call the backend-app.
Scenario:
Secure access to the backend web service by using Azure AD E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Question 5

You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.
Which type of authorization flow should you use?

A: authorization code
B: refresh token
C: resource owner password
D: device code

Correct Answer: A

In web server apps, the sign-in authentication flow takes these high-level steps:

You can ensure the user's identity by validating the ID token with a public signing key that is received from the Microsoft identity platform endpoint. A session cookie is set, which can be used to identify the user on subsequent page requests.
In addition to simple sign-in, a web server app might need to access another web service, such as a REST API. In this case, the web server app engages in a combined OpenID Connect and OAuth 2.0 flow, by using the OAuth 2.0 authorization code flow.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types

Question 6

You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.
Which two values does the app require to obtain tokens from the Azure Active Directory (Azure AD) authorization endpoint? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A: the tenant ID
B: the context token
C: the application ID
D: the application secret
E: the authorization code

Correct Answer: CE

C: The required client_id is the Application (client) ID that the Azure portal ?App registrations experience assigned to your app.
E: The authorization code flow begins with the client directing the user to the /authorize endpoint.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

Question 7

You develop a web API named WebApi1.
When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD).
You need to formulate the response that WebApi1 will return to the client application.
Which HTTP response should you send?

A: HTTP 307 Temporary Redirect
B: HTTP 400 Bad Request
C: HTTP 403 Forbidden
D: HTTP 412 Precondition Failed

Correct Answer: D

The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None-Match headers is not fulfilled.
In that case, the request, usually an upload or a modification of a resource, cannot be made and this error response is sent back.
MsalUiRequiredException
The "Ui Required" is proposed as a specialization of MsalServiceException named MsalUiRequiredException.
This means you have attempted to use a non-interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because:
you need to sign-in
you need to consent
you need to go through a multi-factor authentication experience.
The remediation is to call AcquireTokenInteractive
try
{
app.AcquireTokenXXX(scopes, account)
.WithYYYY(...)
.ExecuteAsync()
}
catch(MsalUiRequiredException ex)
{
app.AcquireTokenInteractive(scopes)
.WithAccount(account)
.WithClaims(ex.Claims)
.ExcecuteAsync();
}
Incorrect Answers:
A: A 307 Temporary Redirect message is an HTTP response status code indicating that the requested resource has been temporarily moved to another URI , as indicated by the special Location header returned within the response
B: The 400 Bad Request Error is an HTTP response status code that indicates that the server was unable to process the request sent by the client due to invalid syntax.
C: The 403 Forbidden Error happens when the web page (or other resource) that you're trying to open in your web browser is a resource that you're not allowed to access.
References: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/exceptions

Question 8

You have a backend service that will access the Microsoft Graph API.
You need to configure the service to authenticate by using the most secure authentication method.
What should you configure the service to use?

A: a certificate
B: a client secret
C: a shared key
D: a hash

Correct Answer: A

You can authenticate to the Graph API with two primary methods: AppId/Secret and certificate based authentication. Certificate is the preferred and more secure way of authenticating.
Reference: https://adamtheautomator.com/microsoft-graph-api-powershell/

Question 9

You have an application that uses the Microsoft Graph API.
You need to configure the application to retrieve the groups to which the current signed-in user belongs. The results must contain the extended priorities of the groups.
Which URI should you use?

A: https://graph.microsoft.com/v1.0/me/getMemberObjects
B: https://graph.microsoft.com/v1.0/me/getMemberGroups
C: https://graph.microsoft.com/v1.0/me/memberOf
D: https://graph.microsoft.com/v1.0/me/checkMemberGroups

Correct Answer: B

Get member groups returns all the groups that the specified user, group, or directory object is a member of.
This function is transitive.
Reference: https://docs.microsoft.com/en-us/graph/api/directoryobject-getmembergroups

Question 10

You are developing a human resources application that will show users where they are in their company's organization chart.
You are adding a new feature that will display the name of a user's manager inside the application.
You need to create a REST query to retrieve the information. The solution must minimize the amount of data retrieved.
Which query should you use?

A: GET https://graph.microsoft.com/v1.0/users/{UserPricipalName}/manager?$select=displayName
B: GET https://graph.microsoft.com/v1.0/users/{UserPricipalName}/people?$filter=jobTitle eq'manager'&$select=displayName
C: GET https://graph.microsoft.com/v1.0/users/{UserPricipalName}/contacts?$filter=jobTitle eq 'manager'
D: GET https://graph.microsoft.com/v1.0/users/{UserPricipalName}/manager

Correct Answer: A

Get user's manager. Returns the user or organizational contact assigned as the user's manager.
Syntax:
GET /me/manager
GET /users/{id | userPrincipalName}/manager
Only the name of the user's manager should be displayed so we use ?select=displayname To specify a different set of properties to return than the default set provided by the Graph, use the $select query option.
The $select option allows for choosing a subset or superset of the default set returned.
References: https://docs.microsoft.com/en-us/graph/api/user-list-manager
https://developer.microsoft.com/en-us/graph/docs/overview/query_parameters

Exam	Building Applications and Solutions with Microsoft 365 Core Services
Number	MS-600
File Name	Building Applications and Solutions with Microsoft 365 Core Services.CertDumps.MS-600.v21-101.2022-07-20.1e.134q.vcex
Size	9.01 Mb
Posted	July 20, 2022
Downloads	12

Download Building Applications and Solutions with Microsoft 365 Core Services.CertDumps.MS-600.v21-101.2022-07-20.1e.134q.vcex

File Info

How to open VCEX & EXAM Files?

Demo Questions

PROFEXAM WITH A 20% DISCOUNT