ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 13 discussion

Actual exam question from Microsoft's AZ-500
Question #: 13
Topic #: 5
[All AZ-500 Questions]

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
The company develops an application named App1. App1 is registered in Azure AD.
You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.
What should you configure?

  • A. an application permission without admin consent
  • B. a delegated permission without admin consent
  • C. a delegated permission that requires admin consent
  • D. an application permission that requires admin consent
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by RupaliS at Dec. 28, 2019, 8:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AS007
Highly Voted 5 years ago
Answer is correct - have validated
upvoted 39 times
cerifyme85
7 months, 3 weeks ago
and we believe you.. your lordship
upvoted 2 times
...
...
juselasmc
Highly Voted 4 years, 7 months ago
in the exam
upvoted 14 times
...
golitech
Most Recent 2 months, 3 weeks ago
Selected Answer: C
C. a delegated permission that requires admin consent. This ensures App1 can access the Key Vault secrets on behalf of the users, with admin consent typically required for higher-level permissions like accessing secrets in a Key Vault.
upvoted 2 times
...
tecnicosoffshoretech
1 year, 5 months ago
Selected Answer: C
To access the secrets the user needs user_impersonation which is a delegated permission that needs admin consent
upvoted 3 times
...
tweleve
1 year, 6 months ago
in exam 13 Oct
upvoted 3 times
...
Ario
1 year, 9 months ago
Selected Answer: C
use delegated permissions that require admin consent for better security and control.
upvoted 1 times
xRiot007
9 months ago
You access on behalf of, so consent is not needed - B
upvoted 1 times
...
...
majstor86
2 years, 1 month ago
Selected Answer: B
B. a delegated permission without admin consent Outdated?
upvoted 7 times
...
WhalerTom
3 years, 3 months ago
Correct answer. In exam Dec 21. 40 questions, 1 case study, no labs.
upvoted 3 times
...
Jco
3 years, 6 months ago
#exam ques # 29 Sep
upvoted 1 times
...
jonasis
3 years, 7 months ago
In exam today
upvoted 1 times
...
TonytheTiger
3 years, 7 months ago
## Exam Question - 17 Sept 2021 ##
upvoted 3 times
...
g2d2
4 years, 1 month ago
In order to achieve what is being asked, you need to assign API permission to the registered App. The API permission is Azure Key Vault user_impersonation and that is of type 'Delegated' and Admin Consent Required 'No' Hence B is correct.
upvoted 6 times
...
sureshatt
4 years, 2 months ago
Provided answer is correct. The term "on behalf of" always means "delegation" in OAuth2. Therefore it has to be the permission of the logged in user. However, since this is just a read of a keyvault (not high privileged), the app does not need the admin privilege.
upvoted 9 times
...
milind8451
4 years, 2 months ago
"On-Behalf of" says that answer should be B. No admin consent needed. Let me explain Delegated permission with an Example, assume your app has been granted the User.ReadWrite.All delegated permission. This permission nominally grants your app permission to read and update the profile of every user in an organization. If the signed-in user is a global administrator, your app can update the profile of every user in the organization. However, if the signed-in user doesn't have an administrator role, your app can update only the profile of the signed-in user. It can't update the profiles of other users in the organization because the user that it has permission to act on behalf of doesn't have those privileges. This is "On-Behalf of" permission which ques mentioned.
upvoted 4 times
...
abd500
4 years, 2 months ago
NO YES NO
upvoted 1 times
karia3
4 years, 2 months ago
NO NO NOOOO
upvoted 3 times
...
...
Thi
4 years, 2 months ago
Answer:B. a delegated permission without admin consent Between Application and Deleted permissions, you have to choose Delegated permissions, becausethis can be done on behalf of the user.
upvoted 1 times
...
PM2
4 years, 4 months ago
in the exam
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago