Plan and implement workload identities Questions
Practice questions for Plan and implement workload identities topic in Microsoft Certified: Identity and Access Administrator Associate. 48 questions covering this domain.
Which Microsoft Entra feature securely publishes on-premises web applications for remote access without requiring inbound firewall openings to the int...
An administrator wants some high-impact app permission requests to require administrator approval instead of letting end users consent on their own. W...
A web application needs to call an API on behalf of the currently signed-in user. Which API permission type is the best fit?
A company has many related enterprise applications and wants a simpler way to organize them for access management. Which feature should it use?
A security team wants to identify unsanctioned cloud apps being used in the organization by analyzing firewall and proxy logs. Which Defender for Clou...
Which object represents an application's instance in a Microsoft Entra tenant and is used for access and permissions there?
A solution runs on several Azure resources and all of them must share the same identity, which also needs to continue existing even if one resource is...
A daemon application runs without any signed-in user and must call a protected API. Which permission type should be granted?
Which managed identity type is created directly on an Azure resource and is deleted when that resource is deleted?
An application needs distinct levels such as Reader, Approver, and Auditor inside the app itself. Which feature should be configured in the app regist...
A company wants to monitor and control user activity inside a sanctioned SaaS app session, including restricting certain actions in real time. Which f...
A virtual machine must access Azure resources without storing credentials in code or configuration. Which identity approach should be used?
Which credential type, in addition to client_id, is used by a confidential client app to prove its identity when requesting tokens?
An admin integrates a SaaS application that supports SAML 2.0 SSO from the Microsoft Entra gallery. After uploading service-provider metadata, what mu...
Which Microsoft Entra add-on extends ID Protection-style risk detection and Conditional Access to service principals/workload identities?
A SAML-based enterprise app's signing certificate is approaching expiry. What should the admin do to avoid downtime for users?
An app needs additional fields (such as employeeID and department) included in the issued ID/access tokens. Which app registration feature should be c...
Which Microsoft Entra object holds the application's global definition (manifest, redirect URIs, requested permissions) for a multi-tenant app?
A daemon application has been granted the Microsoft Graph application permission Mail.Read but cannot read mail. What is the most likely missing step?
A legacy SaaS app supports only username/password forms and not SAML/OIDC. Which Microsoft Entra single sign-on option fits?
Sign in to see all 48 questions
Create a free account to browse all questions — completely free during our launch phase.