Building Applications and Solutions with Microsoft 365 Core Services v1.0
Question 1
You are building a custom API that will be registered by using the Microsoft identity platform.
You need to ensure that all client requests to the API are authorized. The solution must maximize security.
What should you include in the client requests?
- A. an application secret
- B. a certificate
- C. an authorization code
- D. a SAML token
Answer : C
Question 2
DRAG DROP
-
You have a SharePoint Framework (SPFx) web part named WP1 and a third-party API named API1 that is secured by using the Microsoft identity platform.
You need to configure WP1 to use API1, and then confirm that requests made to API1 are successful.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer : 
Question 3
You are building a Microsoft Teams app named App1 as a software as a service (SaaS) solution for customers.
You need to configure authentication for App1. The solution must meet the following requirements:
• Customers must use their Microsoft 365 credentials to access the app.
• Administrative effort must be minimized.
What should you do?
- A. Configure App1 as a multi-tenant app.
- B. Use Active Directory Federation Services (AD FS) and enable single sign-on (SSO).
- C. Configure App as a single-tenant app.
- D. Configure App1 to use SAML authentication.
Answer : B
Question 4
You have a conversational bot that retrieves files from the Microsoft OneDrive of users.
You are adding functionality to the bot to enable the bot to retrieve files from other cloud storage providers.
What should you configure to ensure that the bot can access the other cloud storage providers on behalf of the users?
- A. Modify the API permissions of the Azure AD application.
- B. Add OAuth Connection Settings to the Bot Channels Registration.
- C. Generate a new client certificate for the Azure AD application.
- D. Add a new site to the channels of the Bot Channels Registration.
Answer : D
Question 5
You are building a custom API.
Client applications will use access tokens to authenticate to the API.
You need to validate the integrity of the tokens.
Which three elements should you verify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. the iat claim
- B. the aud claim
- C. the tid claim
- D. the JSON Web Token (JWT) signature
- E. the exp claim
Answer : BCD
Question 6
HOTSPOT -
You have an app that uses the Microsoft Graph API.
The app will perform the following actions in sequence:
✑ Update a user's city to Redmond.
✑ Retrieve the current user's profile.
You need to implement batching for the app.
Which HTTP methods should you use in the batch request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Box 1: POST -
POST https://graph.microsoft.com/v1.0/$batch
Box 2: PATCH -
PATCH updates a resource with new values.
Box 3: GET -
GET read data from a resource.
Reference:
https://docs.microsoft.com/en-us/graph/json-batching
Question 7
DRAG DROP -
You are developing in application named App1.
App1 needs to use the Microsoft Graph API to retrieve emails from Microsoft 365 for the current signed-in user. The solution must meet the following requirements:
✑ Emails that have attachments and are from [email protected] must be retrieved.
✑ The results must show the subject of the email, the sender address, and the count of emails retrieved.
How should you complete the URI to retrieve the results? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Answer : 
Box 1: $count -
Use $count as a query parameter to include a count of the total number of items in a collection alongside the page of data values returned from the Graph, as in the following example:
GET https://graph.microsoft.com/v1.0/me/contacts?$count=true
Box 2: $select -
To specify a different set of properties to return than the default set provided by the Graph, use the $select query option. The $select option allows for choosing a subset or superset of the default set returned.
Box 3: $filter -
To filter the response data based on a set of criteria, use the $filter query option.
The following example returns messages that have the address field of the from property equal to "[email protected]".
The from property is of the complex type emailAddress.
GET https://graph.microsoft.com/v1.0/me/messages?$filter=from/emailAddress/address eq '[email protected]'
Reference:
https://developer.microsoft.com/en-us/graph/docs/overview/query_parameters
Question 8
HOTSPOT -
You have an application that has the code shown in the exhibits. (Click the JavaScript Version tab or the C# Version tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
JavaScript Version -
C# Version -
Hot Area:
Answer : 
Box 1: No -
Box 2: No -
Box 3: Yes -
A file is downloaded from OneDrive and saved locally.
Drive/Root is the drive resource is the top level object representing a user's OneDrive or a document library in SharePoint.
Reference:
https://docs.microsoft.com/en-us/graph/api/resources/drive
Question 9
HOTSPOT -
You have an application that has the code shown in the exhibits. (Click the JavaScript Version tab or the C# Version tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
JavaScript Version -
C# Version -
Hot Area:
Answer : 
Box 1: Yes -
Unified is specified in the code.
Note: You can create the following types of groups:
Office 365 group (unified group)
Security group -
Box 2: Yes -
A member is added to the group.
Box 3: No -
Box 4: No -
Reference:
https://docs.microsoft.com/en-us/graph/api/group-post-groups
Question 10
You are developing an application that will track changes to the UserPrincipalName attribute of Microsoft 365 accounts.
You need to use a REST request to retrieve the information by using Microsoft Graph. The solution must minimize the amount of data retrieved.
What should you do?
- A. Use GET https://graph.microsoft.com/v1.0/users/delta for the first call. Use the state token in subsequent calls.
- B. Use GET https://graph.microsoft.com/v1.0/users/delta?$select=UserPrincipalName for the first call. Use the state token in subsequent calls.
- C. Use GET https://graph.microsoft.com/v1.0/users$select=UserPrincipalName for the calls and track the changes.
- D. Use GET https://graph.microsoft.com/v1.0/users for the calls and track the changes.
Answer : B
Use delta query to track changes in a resource collection
The typical call pattern is as follows:
1. The application begins by calling a GET request with the delta function on the desired resource.
2. Microsoft Graph sends a response containing the requested resource and a state token.
Example: Selecting three properties
The next example shows the initial request selecting three properties for change tracking, with default response behavior.
Note: Delta query enables applications to discover newly created, updated, or deleted entities without performing a full read of the target resource with every request.
Incorrect Answers:
A: Example: Default properties -
The following is an example of the request. There is no $select parameter, so a default set of properties is tracked and returned.
Reference:
https://docs.microsoft.com/en-us/graph/api/user-delta
Question 11
You plan to create a single-tenant console app that will use the Microsoft identity platform.
You need to ensure that the app can use the device code flow to access Microsoft Graph and read email on behalf of the authenticated user.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Set Supported account types to Accounts in any organizational directory.
- B. Add redirect URIs.
- C. Set Supported account types to Accounts in this organizational directory only.
- D. Enable the Default client type option.
- E. From the Expose an API settings, create a custom scope.
- F. Generate a client secret for the app.
Answer : ABF
Reference:
https://docs.microsoft.com/en-us/graph/auth-register-app-v2
https://docs.microsoft.com/en-us/graph/auth-v2-u
Question 12
You are developing an application that will use Microsoft Graph.
You attempt to retrieve a list of the groups in your organization by using a URI of https://graph.microsoft.com/v1.0/groups on behalf of the user.
The application fails. The diagnostic logs show the following information:
✑ An HTTP 403 Forbidden status code.
✑ An Authorization_RequestDenied error code.
✑ The following error message: `Insufficient privileges to complete the operation.`
You need to ensure that the application can retrieve the list of groups. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Configure the application to use application permissions.
- B. Grant admin consent of the Group.Read.All permission for your tenant.
- C. Configure the application permission Group.Read.All on the application.
- D. In the permission request for the application, request the Group.ReadWrite.All permission.
Answer : AD
Reference:
https://docs.microsoft.com/en-us/graph/permissions-reference
Question 13
You are developing a server-based web app that will use OAuth2 on behalf of the user and will be registered with the Microsoft identity platform.
Which two types of tokens can the app retrieve as part of the authorization flow? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. SAML token
- B. access token
- C. context token
- D. refresh token
- E. Kerberos token
Answer : AB
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
Question 14
You are developing a daemon application that reads all the emails in the inbox of a specific Microsoft 365 mailbox. Some emails contain meeting dates and room mailbox names.
The application has the following requirements:
✑ Move each processed email to a subfolder in the mailbox.
✑ If an email contains meeting data, create an event in the corresponding room mailbox calendar.
Which Microsoft Graph permissions should you grant for the application?
- A. Calendars.ReadWrite and Mail.Read application permissions
- B. Calendars.ReadWrite.Shared and Mail.ReadWrite delegated permissions
- C. Calendars.ReadWrite and Mail.ReadWrite application permissions
- D. Calendars.ReadWrite and Mail.ReadWrite delegated permissions
Answer : C
Reference:
https://docs.microsoft.com/en-us/graph/permissions-reference
Question 15
DRAG DROP -
You are developing a server-based application that has the following requirements:
✑ Prompt the user to fill out form that contains a keyword.
✑ Search the OneDrive for Business folder for files that contain the keyword and return the results to the user.
✑ Allow the user to select one of the files from the results.
✑ Copy the selected file to an Azure Blob storage container.
Which four actions should the application perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer : 