Azure Developer Questions and Answers
Question 1:
You develop and deploy an API to Azure App Service.
The API must access an Azure Blob Storage container that is secured by Microsoft Entra ID.
Access to the Azure Blob Storage container must be automatically removed once the container
is deleted.
You need to configure access.
Which service principal type should you use?
Select only one answer.
system-assigned managed identity
user-assigned managed identity
application
Legacy
Answer
To access an Azure Blob Storage container secured by Microsoft Entitlement Management
(Microsoft Entitlement ID), you should use a managed identity. In this case, you have two
options: system-assigned managed identity and user-assigned managed identity.
● System-assigned managed identity is created and managed by Azure, and it is tied to a
specific Azure resource like an Azure App Service. It's automatically removed when the
resource is deleted.
● User-assigned managed identity is created and managed separately from any specific
Azure resource, and you can assign it to one or more Azure resources as needed. It is
not automatically removed when the resource is deleted.
In your scenario, where you want access to the Blob Storage container to be automatically
removed when the container is deleted, it's best to use a system-assigned managed identity
associated with your Azure App Service. This ensures that the identity is automatically removed
when the App Service is deleted, achieving the desired behavior.
The correct answer for the given objective question is:
, ● System-assigned managed identity
Question 2:
You develop and deploy an API to Azure App Service.
The API must access an Azure Blob Storage container that is secured by Microsoft Entra ID.
Access to the Azure Blob Storage container must be automatically removed once the container
is deleted.
You need to configure access.
Which service principal type should you use?
Select only one answer.
system-assigned managed identity
user-assigned managed identity
application
Legacy
Answer
The correct answer is "system-assigned managed identity."
Question 3:
A company plans to deploy a non-interactive daemon app to their Azure tenant.
The application must write data to the company’s directory by using the Directory.ReadWrite.All
permission. The application must not prompt users for consent.
You need to grant the access required by the application.
Which permission should you use?
Select only one answer.
admin-restricted
delegated
application
Effective
, Answer
To grant the application the necessary permissions without prompting users for consent and to
perform directory read and write operations, you should use the "application" permission. In the
context of Azure Active Directory (Azure AD), "application" permissions, also known as
application permissions or "app-only" permissions, allow an application to access resources
without user interaction.
So, the correct permission in this case is "application."
Question 4:
You are developing a RESTful Azure Function app API that uses the Microsoft identity platform.
You implement an API method to read a user’s calendar.
You need to ensure the API can request permission to access a user’s calendar.
What should you use?
Select only one answer.
the state OAuth 2.0 authorization request parameter
the response_mode OAuth 2.0 authorization request parameter
the scope OAuth 2.0 authorization request parameter
the client_id OAuth 2.0 authorization request parameter
Use the response_type OAuth 2.0 authorization request parameter.
Answer
To request permission to access a user's calendar using the Microsoft identity platform, you
should use the "scope" OAuth 2.0 authorization request parameter. The "scope" parameter is
used to specify the permissions that the application is requesting from the user or the identity
provider.
So, the correct answer is "the scope OAuth 2.0 authorization request parameter."
Question 5:
Question 1:
You develop and deploy an API to Azure App Service.
The API must access an Azure Blob Storage container that is secured by Microsoft Entra ID.
Access to the Azure Blob Storage container must be automatically removed once the container
is deleted.
You need to configure access.
Which service principal type should you use?
Select only one answer.
system-assigned managed identity
user-assigned managed identity
application
Legacy
Answer
To access an Azure Blob Storage container secured by Microsoft Entitlement Management
(Microsoft Entitlement ID), you should use a managed identity. In this case, you have two
options: system-assigned managed identity and user-assigned managed identity.
● System-assigned managed identity is created and managed by Azure, and it is tied to a
specific Azure resource like an Azure App Service. It's automatically removed when the
resource is deleted.
● User-assigned managed identity is created and managed separately from any specific
Azure resource, and you can assign it to one or more Azure resources as needed. It is
not automatically removed when the resource is deleted.
In your scenario, where you want access to the Blob Storage container to be automatically
removed when the container is deleted, it's best to use a system-assigned managed identity
associated with your Azure App Service. This ensures that the identity is automatically removed
when the App Service is deleted, achieving the desired behavior.
The correct answer for the given objective question is:
, ● System-assigned managed identity
Question 2:
You develop and deploy an API to Azure App Service.
The API must access an Azure Blob Storage container that is secured by Microsoft Entra ID.
Access to the Azure Blob Storage container must be automatically removed once the container
is deleted.
You need to configure access.
Which service principal type should you use?
Select only one answer.
system-assigned managed identity
user-assigned managed identity
application
Legacy
Answer
The correct answer is "system-assigned managed identity."
Question 3:
A company plans to deploy a non-interactive daemon app to their Azure tenant.
The application must write data to the company’s directory by using the Directory.ReadWrite.All
permission. The application must not prompt users for consent.
You need to grant the access required by the application.
Which permission should you use?
Select only one answer.
admin-restricted
delegated
application
Effective
, Answer
To grant the application the necessary permissions without prompting users for consent and to
perform directory read and write operations, you should use the "application" permission. In the
context of Azure Active Directory (Azure AD), "application" permissions, also known as
application permissions or "app-only" permissions, allow an application to access resources
without user interaction.
So, the correct permission in this case is "application."
Question 4:
You are developing a RESTful Azure Function app API that uses the Microsoft identity platform.
You implement an API method to read a user’s calendar.
You need to ensure the API can request permission to access a user’s calendar.
What should you use?
Select only one answer.
the state OAuth 2.0 authorization request parameter
the response_mode OAuth 2.0 authorization request parameter
the scope OAuth 2.0 authorization request parameter
the client_id OAuth 2.0 authorization request parameter
Use the response_type OAuth 2.0 authorization request parameter.
Answer
To request permission to access a user's calendar using the Microsoft identity platform, you
should use the "scope" OAuth 2.0 authorization request parameter. The "scope" parameter is
used to specify the permissions that the application is requesting from the user or the identity
provider.
So, the correct answer is "the scope OAuth 2.0 authorization request parameter."
Question 5:
