Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam

Exam AZ-204 topic 10 question 3 discussion

Actual exam question from Microsoft's AZ-204

Question #: 3
Topic #: 10

HOTSPOT -
You need to reliably identify the delivery driver profile information.
How should you configure the system? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer

Suggested Answer:

Box 1: ID -
Scenario: Store delivery driver profile information in Azure Active Directory (Azure AD) by using an Azure Function called from the corporate website.
ID token - A JWT that contains claims that you can use to identify users in your application. This token is securely sent in HTTP requests for communication between two components of the same application or service. You can use the claims in an ID token as you see fit. They're commonly used to display account information or to make access control decisions in an application. ID tokens are signed, but the're not encrypted. When your application or API receives an ID token, it must validate the signature to prove that the token is authentic. Your application or API must also validate a few claims in the token to prove that it's valid.
Depending on the scenario requirements, the claims validated by an application can vary, but your application must perform some common claim validations in every scenario.

Box 2: Oid -
Oid - The immutable identifier for the "principal" of the request - the user or service principal whose identity has been verified. In ID tokens and app+user tokens, this is the object ID of the user. In app-only tokens, this is the object ID of the calling service principal. It can also be used to perform authorization checks safely and as a key in database tables. This ID uniquely identifies the principal across applications - two different applications signing in the same user will receive the same value in the oid claim.
Incorrect:
Aud - Identifies the intended recipient of the token. For Azure AD B2C, the audience is the application ID. Your application should validate this value and reject the token if it doesn't match. Audience is synonymous with resource.
Idp - Records the identity provider that authenticated the subject of the token. This value is identical to the value of the Issuer claim unless the user account not in the same tenant as the issuer - guests, for instance. If the claim isn't present, it means that the value of iss can be used instead. For personal accounts being used in an organizational context (for instance, a personal account invited to an Azure AD tenant), the idp claim may be 'live.com' or an STS URI containing the
Microsoft account tenant.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens

by ArturKon at Sept. 21, 2022, 12:28 p.m.

Comments

Submit Cancel

AbdulMannan

Highly Voted 2 years, 1 month ago

Got this question on 30-Sep-2022 exam. Answer is correct. Passed with 870 score.

upvoted 13 times

...

ArturKon

Highly Voted 2 years, 1 month ago

Looks correct. Ref.: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens

upvoted 7 times

...

jaf19f

Most Recent 1 year, 3 months ago

I got this question (12-Aug-2023) and I chose highly voted answer - 932 passed

upvoted 5 times

...

BaoNguyen2411

1 year, 3 months ago

got this question on 29/02/2023

upvoted 1 times

...

juanckar

1 year, 4 months ago

This was on the exam (July 2023). Went with highly voted. Scored 917

upvoted 3 times

...

winterthor4

1 year, 7 months ago

Look correct. Got this question on 26-Mar-2023 exam. Go with suggested answer got 890 score.

upvoted 5 times

adilkhan