exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 55 discussion

Actual exam question from Microsoft's AZ-305
Question #: 55
Topic #: 1
[All AZ-305 Questions]

DRAG DROP
-

You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer.

You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim.

Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Jay1111
Highly Voted 1 year, 4 months ago
App1: App Roles https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#app-roles-ui App2: Api Permissions https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#assign-app-roles-to-applications
upvoted 48 times
...
NotMeAnyWay
Highly Voted 1 year, 4 months ago
1. App1: b. App roles 2. App2: c. Token configuration This is assuming that the exam expects you to know that an application requesting a token (App2) would need to have the roles claim added via Token Configuration. While in practice, this is not the exact place to assign a role to an application, but given the choices provided, this would be the most appropriate. This is because token configuration does indeed impact the claims present in a token, and since no other suitable choice is available (API Permissions would not be used to assign a role to the application), it seems this would be the expected answer. However, please note this is not entirely accurate based on the full capabilities of Azure AD, but it's the best choice given the options. Normally, you would assign the app role to the service principal of App2 in the context of Enterprise Applications, which is not an option here.
upvoted 20 times
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
WRONG App1: App roles App2: API permissions
upvoted 1 times
...
Thanveer
1 month ago
App1: App roles Explanation: The App roles blade in App1 is where you define and configure roles like "Writer." This enables the assignment of the Writer role to users or applications that need access to App1. App2: API permissions Explanation: The API permissions blade in App2 is where you configure permissions to access other applications, in this case, App1. This setup allows App2 to request access to App1 with the appropriate role claim.
upvoted 1 times
...
Teerawee
2 months, 3 weeks ago
1. App1: Since App1 includes the role named Writer, you need to modify its App roles. This is where you define or configure roles for an application. 2. App2: To allow App2 to access App1 with the required role, you will need to modify API permissions. This is where you grant permission for App2 to access App1’s API and ensure the correct roles are included in the tokens. • App1: App roles • App2: API permissions
upvoted 1 times
...
Len83
3 months, 4 weeks ago
This question was in the exam, August 2024. I gave this same answer and scored 870
upvoted 3 times
...
ssergio25
4 months, 3 weeks ago
In plain English: Different users might have different access levels to App1. In order to give writer access , you need to declare that in the App registration setting App Roles ( App1 can give writer access) . Meanwhile App 2 needs to ensure that when a token is given to it, such write access is included in the token itself ( Token Configuration Blade)
upvoted 3 times
...
23169fd
5 months, 2 weeks ago
App1: App roles: Define the Writer role that will be used by App2. App2: API permissions: Grant permission for App2 to access App1.
upvoted 2 times
23169fd
5 months, 2 weeks ago
To ensure that App2 can authenticate to access App1 and the tokens issued include the Writer role claim, you should configure: API permissions Explanation: API permissions: Purpose: Grant App2 the necessary permissions to call App1. Action: Assign permissions to App2 to access App1, ensuring that App2 can request tokens that include the necessary role claims. Details: Navigate to App2's Azure AD registration. Go to "API permissions" and add permissions for App1, ensuring App2 can access App1 and receive tokens with the Writer role claim.
upvoted 1 times
...
...
tatacsi
10 months, 4 weeks ago
I was confused for a while then I found this at https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview: Note Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI). FYI
upvoted 2 times
...
JazzF
10 months, 4 weeks ago
Passed the exam on 10-Jan-24. This question appeared on the exam. There were about 9 questions that came outside of this dump + the case study with 7 questions.
upvoted 10 times
Felas
8 months, 2 weeks ago
of the 294 only 9 appeared?
upvoted 1 times
bryant12138
8 months, 2 weeks ago
I think he means the other way around? Only 9 questions not come from here
upvoted 2 times
...
...
...
Rajkumar082021
1 year ago
App roles, API permissions
upvoted 3 times
...
Paul_white
1 year ago
To ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim, you should use the following blades in Azure AD: For App2: - API permissions blade: Here, you can add the necessary permissions to access App1. Make sure to grant the "Writer" role permission for App1. Remember to click on "Grant admin consent for {your directory}" after adding the necessary permissions. This ensures that the permissions are granted tenant-wide and the tokens issued by Azure AD will include the necessary claims.
upvoted 1 times
...
OrangeSG
1 year, 1 month ago
Box 1: App roles Box 2: Token configuration To ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim: 1. In the Azure portal, navigate to Azure Active Directory > App registrations. 2. Select App1. 3. Under Manage, select App roles. 4. Select New app role. 5. In the Name field, enter Writer. 6. In the Description field, enter a description of the Writer role. 7. Select Create. 8. Select App2. 9. Under Manage, select Token configuration. 10. In the Issued token claims section, select Add claim. 11. In the Name field, enter roles. 12. In the Source field, select Application. 13. In the Value field, enter Writer. 14. Select Add. 15. Select Save. Once you have completed these steps, when App2 authenticates to access App1, the tokens issued by Azure AD will include the Writer role claim. Note: For native applications, such as App2, you cannot use the Manifest blade to add the Writer role claim. Instead, you must use the Token configuration blade.
upvoted 13 times
UWSFish
4 months, 2 weeks ago
I'm going with this
upvoted 1 times
...
TJ001
10 months ago
This is a clear documentation explaining the scenarios https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps...which means for App2: Modify API Permissions looks the right answer
upvoted 4 times
...
...
Exams_Prep_2021
1 year, 2 months ago
Got this on Sept. 29, 2023
upvoted 4 times
...
husam421
1 year, 2 months ago
2- API permissions Grant admin consent Because these are application permissions, not delegated permissions, an admin must grant consent to use the app roles assigned to the application. In the app registration's API permissions pane, select Grant admin consent for <tenant name>.
upvoted 1 times
...
stonwall12
1 year, 3 months ago
App 1: App Roles This app is already configured with a custom role, which is defined under the "App Roles" section. Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#app-roles-ui App 2: API Permissions To allow App 2 to authenticate to App1, it is necessary to assign the appropriate permissions. These can be configured under "API Permissions". Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps
upvoted 9 times
...
InvalidNickname
1 year, 4 months ago
Got this on Aug 5th, 2023.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...