Microsoft 365 Developer Associate Certified MS-600 Exam Dumps

1. Testlet 1

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end on this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Existing Environment

Application Architecture

E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.

E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.

The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.

Security Architecture

ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.

Requirements

Business Goals

ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.

Planned Changes

ADatum plans to add the following capabilities to E-invoicing:

– Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.

– Perform as many operations as possible in the browser without having to leave the E-invoicing application.

– Use Azure AD to manage identities, authentication, and authorization.

– Display all emails that contain a specific invoiceid.

Technical Requirements

ADatum identifies the following technical requirements for the planned E-invoicing capabilities:

– Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user’s behalf.

– Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.

– Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.

– Implement single sign-on (SSO) and minimize login prompts across browser tabs.

– Secure access to the backend web service by using Azure AD.

– Ensure that all solutions use secure coding practices.

Backend Security Planned Changes

ADatum wants to use custom application roles to map user functionality to permissions granted to users.

E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.

SSO JavaScript Script

You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script

You have the following JavaScript code to obtain an access token.

Change Notification JSON

You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

You need to configure the initial login request in the access token JavaScript script.

Which code segment should you insert at line 01?

2. DRAG DROP

You need to protect the backend web service to meet the technical requirements.

Which four actions should you perform in sequence? To answer, move the actions from the list of actions to the answer area and arrange them in the correct order.

3. You need to complete the MSAL.js code for SSO.

Which code segment should you insert at line 06?

4. Question Set 2

HOTSPOT

You are developing an interactive invoicing application that will be used by end users.

The application will have the following features:

– Save invoices generated by a user to the user’s Microsoft OneDrive.

– Email daily automated reminders.

You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.

Which permission should you grant for each feature? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

5. You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.

Which type of authorization flow should you use?

6. You have a single-page application (SPA) named TodoListSPA and a server-based web app named TodoListService.

The permissions for the TodoList SPA API are configured as shown in the TodoList SPA exhibit. (Click the TodoListSPA tab.)

The permissions for the TodoListService API are configured as shown in the TodoListService exhibit. (Click the TodoListService tab.)

You need to ensure that TodoListService can access a Microsoft OneDrive file of the signed-in user. The solution must use the principle of least privilege.

Which permission should to grant?

7. You are building a server-based web app that will use OAuth2 and will be registered with the Microsoft identity platform.

Which two values does the app require to obtain tokens from the Azure Active Directory (Azure AD) authorization endpoint? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

8. HOTSPOT

You are developing a single-page application (SPA). You plan to access user data from Microsoft Graph by using an AJAX call. You need to obtain an access token by the Microsoft Authentication Library (MSAL). The solution must minimize authentication prompts.

How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

9. HOTSPOT

You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application’s identity and the OAuth 2.0 client credentials grant flow.

You register the application and grant permissions. The tenant administrator grants admin consent to the application.

You need to get the access token from Azure Active Directory (Azure AD).

Which URI should you use for the POST request? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

10. You develop a web API named WebApi1.

When validating a token received from a client application, WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory (Azure AD).

You need to formulate the response that WebApi1 will return to the client application.

Which HTTP response should you send?

11. You have a backend service that will access the Microsoft Graph API.

You need to configure the service to authenticate by using the most secure authentication method.

What should you configure the service to use?

12. Testlet 1

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end on this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

ADatum Corporation develops a software as a service (SaaS) application named E-invoicing.

Existing Environment

Application Architecture

E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.

E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.

The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.

Security Architecture

ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.

Requirements

Business Goals

ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.

Planned Changes

ADatum plans to add the following capabilities to E-invoicing:

– Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.

– Perform as many operations as possible in the browser without having to leave the E-invoicing application.

– Use Azure AD to manage identities, authentication, and authorization.

– Display all emails that contain a specific invoiceid.

Technical Requirements

ADatum identifies the following technical requirements for the planned E-invoicing capabilities:

– Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user’s behalf.

– Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.

– Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.

– Implement single sign-on (SSO) and minimize login prompts across browser tabs.

– Secure access to the backend web service by using Azure AD.

– Ensure that all solutions use secure coding practices.

Backend Security Planned Changes

ADatum wants to use custom application roles to map user functionality to permissions granted to users.

E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.

SSO JavaScript Script

You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script

You have the following JavaScript code to obtain an access token.

Change Notification JSON

You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

How can you validate that the JSON notification message is sent from the Microsoft Graph service?

13. Question Set 2

You have an application that uses the Microsoft Graph API.

You need to configure the application to retrieve the groups to which the current signed-in user belongs. The results must contain the extended priorities of the groups.

Which URI should you use?

14. HOTSPOT

You are developing an Azure function to provision a team in Microsoft Teams.

You need to create a group named Project A, add a classification of Private to the group, and then convert Project A to a team group.

How should you complete the REST requests? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

15. DRAG DROP

You are developing a web app that will display emails from the Microsoft 365 mailbox of the current signed-in user. For performance reasons, you do not want all the emails to be loaded simultaneously, rather page-by-page as the user navigates the app. You plan to display 30 emails per page. The most recent emails must be displayed first.

How should you complete the query parameters for the REST request to display the third page of emails? To answer, drag the appropriate query parameters to the correct targets. Each query parameter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

16. HOTSPOT

You need to retrieve a list of the last 10 files that the current user opened from Microsoft OneDrive. The response must contain only the file ID and the file name.

Which URI should you use to retrieve the results? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

17. You are developing a human resources application that will show users where they are in their company’s organization chart.

You are adding a new feature that will display the name of a user’s manager inside the application.

You need to create a REST query to retrieve the information. The solution must minimize the amount of data retrieved.

Which query should you use?

18. HOTSPOT

You receive the following JSON document when you use Microsoft Graph to query the current signed-in user.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

19. DRAG DROP

You are developing in application named App1. App1 needs to use the Microsoft Graph API to retrieve emails from Microsoft 365 for the current signed-in user.

The solution must meet the following requirements:

– Emails that have attachments and are from [email protected] must be retrieved.

– The results must show the subject of the email, the sender address, and the count of emails retrieved.

How should you complete the URI to retrieve the results? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

20. HOTSPOT

You have an application that has the code shown in the exhibits. (Click the JavaScript Version tab or the C# Version tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

JavaScript Version

C# Version