Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-204 Exam - Topic 19 Question 11 Discussion

Actual exam question for Microsoft's AZ-204 exam
Question #: 11
Topic #: 19
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.

You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level.

You need to configure authorization.

Solution:

Create a new Azure AD application. In the application's manifest, define application roles that match the required permission levels for the application.

Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claim from the JWT for the user to determine permissions.

Does the solution meet the goal?

Show Suggested Answer Hide Answer
Suggested Answer: B

To configure Manifest to include Group Claims in Auth Token

Go to Azure Active Directory to configure the Manifest. Click on Azure Active Directory, and go to App registrations to find your application:

Click on your application (or search for it if you have a lot of apps) and edit the Manifest by clicking on it.

Locate the ''groupMembershipClaims'' setting. Set its value to either ''SecurityGroup'' or ''All''. To help you decide which:

''SecurityGroup'' - groups claim will contain the identifiers of all security groups of which the user is a member.

''All'' - groups claim will contain the identifiers of all security groups and all distribution lists of which the user is a member

Now your application will include group claims in your manifest and you can use this fact in your code.


https://blogs.msdn.microsoft.com/waws/2017/03/13/azure-app-service-authentication-aad-groups/

by Jennifer at May 03, 2022, 02:26 PM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maryann
5 months ago
Yup, that's how it should be done!
upvoted 0 times
...
Alecia
5 months ago
Wait, can you really use group membership like that?
upvoted 0 times
...
Yolando
5 months ago
Definitely meets the goal!
upvoted 0 times
...
Lamar
5 months ago
I think it should work, but not sure about the roles claim part.
upvoted 0 times
...
Jennifer
5 months ago
Sounds like a solid plan!
upvoted 0 times
...
Skye
5 months ago
I have a nagging feeling that just creating roles might not cover all scenarios. What if there are more specific permissions needed later on?
upvoted 0 times
...
Torie
5 months ago
This reminds me of a similar question we did in class about role-based access control. I feel like this could work, but I need to double-check the details.
upvoted 0 times
...
Felicitas
5 months ago
I'm not entirely sure if using the roles claim from the JWT is the best approach. I remember some practice questions where it was a bit more complicated.
upvoted 0 times
...
Katie
5 months ago
I think this solution makes sense because defining application roles in the manifest seems like the right way to handle permissions.
upvoted 0 times
...
Janine
6 months ago
Hmm, I'm a bit unsure about this one. I know Kanban is all about flow and cycle time, but I'm not sure which specific metrics would be best to measure. I'll have to think this through carefully.
upvoted 0 times
...
Cheryl
6 months ago
I'm a bit confused on this one. Is it really as simple as just selecting the Enforced policy link setting? I want to make sure I fully understand the implications before choosing an answer.
upvoted 0 times
...
Sherell
6 months ago
Okay, I'll follow the standard deviation formula step-by-step: Find expected return, subtract it from each return, square those differences, weight by probabilities, take square root.
upvoted 0 times
...
Laurena
6 months ago
Okay, I've got this. Go-Ethereum gives you a real blockchain node that can connect to the main Ethereum network or your own private network, while Ganache is just a simulation. So option B is the correct answer.
upvoted 0 times
...

Save Cancel