AZ-305 Question #312: Real Exam Question with Answer & Explanation

Submitted by packet_pusher· Mar 6, 2026Implement authentication and authorization in Azure AD - specifically configuring application permissions and role-based access control for service/application identities (Microsoft Identity Platform / Azure AD)

Question

Drag and Drop Question You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer. You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim. Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Explanation

App1 uses the 'App roles' blade to define and expose the 'Writer' role, making it available as a claimable role in tokens. App2 uses the 'API permissions' blade to request (grant) permission to that role defined in App1, so when App2 authenticates, Azure AD includes the Writer role claim in the issued token. This two-step process - defining the role on the resource app (App1) and assigning/requesting it on the client app (App2) - is how application-level RBAC works in Azure AD for app-to-app scenarios.

Topics

#Azure AD App Registrations#App Roles and RBAC#API Permissions#OAuth2 Token Claims

Community Discussion

No community discussion yet for this question.

Full AZ-305 Practice Browse All AZ-305 Questions