HOTSPOT
You are developing an interactive invoicing application that will be used by end users. The application will have the following features:
* Save invoices generated by a user to the user's Microsoft OneDrive.
* Email daily automated reminders.
You need to identify which permissions to grant for the application features. The solution must use the principle of least privilege.
Which permission should you grant for each feature? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Microsoft identity platform supports two types of permissions: delegated permissions and application permissions.
Box 1: Delegated
* Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app is delegated permission to act as the signed-in user when making calls to the target resource.
Box 2: Application
* Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

Comment: *

Name: *

Email: *

Verification: *

You are developing a server-based web app that will use OAuth2 on behalf of the user and will be registered with the Microsoft identity platform.
Which two types of tokens can the app retrieve as part of the authorization flow? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A.context token
• B.Kerberos token
• C.refresh token
• D.SAML token
• E.access token

Comment: *

Name: *

Email: *

Verification: *

You are developing a SharePoint Framework (SPFx) web part.
Which API should you use to retrieve the Microsoft Teams memberships of a user by using the minimum amount of code?

• A.MSGraphClient
• B.AadHttpClient
• C.SPHttpClient
• D.XMLHttpRequest

Comment: *

Name: *

Email: *

Verification: *

You are developing a Microsoft Teams app that will display differently depending on the current Ul theme applied to Microsoft Teams.
You need to retrieve the current theme by using the Microsoft Teams JavaScript client SDK?
Which function should you call?

• A.microsoftTeams.getContext
• B.microsoftTeams.initialize
• C.microsoftTeams.settings.getSettings
• D.microsoftTeams.getMruTablnstances

Comment: *

Name: *

Email: *

Verification: *

You need to recommend the development environment and tools for the redesign of the research department's SharePoint Online sites. What should you recommend? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Correct Answer:

Topic 2, ADatum Corporation
Existing Environment
Application Architecture
E-invoicing consists of a single-page application (SPA) and a backend web service that provides invoice management and processing functionality.
E-invoicing stores all the details of each invoicing operation in a backend cloud database. E-invoicing generates invoices in PDF format and provides users with the ability to download the PDF after it is generated. Each invoice has a unique identifier named invoiceid.
The users have a common workflow where they sign in to E-invoicing, and then open E-invoicing in multiple tabs of a web browser so they can use different parts of the application simultaneously.
Security Architecture
ADatum uses the principle of least privilege whenever possible. ADatum always uses the latest libraries and integration endpoints.
Requirements
Business Goals
ADatum wants to integrate E-invoicing, Azure Active Directory (Azure AD), and Microsoft Graph so that their customers can leverage Microsoft Office 365 services directly from within E-invoicing.
Planned Changes
ADatum plans to add the following capabilities to E-invoicing:
Email the generated invoices to customers on behalf of the current signed-in user. Any emails generated by the system will contain the invoiced.
Perform as many operations as possible in the browser without having to leave the E-invoicing application.
Use Azure AD to manage identities, authentication, and authorization.
Display all emails that contain a specific invoiced.
Technical Requirements
ADatum identifies the following technical requirements for the planned E-invoicing capabilities:
Ensure that all operations performed by E-invoicing against Office 365 are initiated by a user. Require that the user authorize E-invoicing to access the Office 365 data the first time the application attempts to access Office 365 data on the user's behalf.
Send scheduled reminders to customers before a payment due date. Create an administration user interface to enable the scheduled reminders.
Implement Microsoft Graph change notifications to detect emails from vendors that arrive in a designated mailbox.
Implement single sign-on (SSO) and minimize login prompts across browser tabs.
Secure access to the backend web service by using Azure AD.
Ensure that all solutions use secure coding practices.
Backend Security Planned Changes
ADatum wants to use custom application roles to map user functionality to permissions granted to users.
E-invoicing will have internal logic that will dynamically identify whether the user should be allowed to call the backend API.
SSO JavaScript Script
You plan to implement SSO with Microsoft Authentication Library (MSAL) by using the following code:

Access Token JavaScript Script
You have the following JavaScript code to obtain an access token.

Change Notification JSON
You have the following JSON message that will be sent by the Microsoft Graph service to detect the vendor emails.

Comment: *

Name: *

Email: *

Verification: *