nerdexam
Microsoft

MS-600 · Question #7

MS-600 Question #7: Real Exam Question with Answer & Explanation

The correct answer is A. the Sites.Read.All delegated permission for TodoListService. A client application gains access to a resource server by declaring permission requests. Two types are available: "Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time a

Question

You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService. The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. The permissions for the TodoListService API are configured as shown in the TodoListService exhibit. You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege. Which permission should to grant?

Exhibits

MS-600 question #7 exhibit 1
MS-600 question #7 exhibit 2

Options

  • Athe Sites.Read.All delegated permission for TodoListService
  • Bthe Sites.Read.All delegated permission for TodoListSpa
  • Cthe Sites.Read.All application permission for TodoListSPA
  • Dthe Sites.Read.All application permission for TodoListService

Explanation

A client application gains access to a resource server by declaring permission requests. Two types are available: "Delegated" permissions, which specify scope-based access using delegated authorization from the signed-in resource owner, are presented to the resource at run-time as "scp" claims in the client's access token. "Application" permissions, which specify role-based access using the client application's credentials/ identity, are presented to the resource at run-time as "roles" claims in the client's glossary#permissions

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full MS-600 Practice