Microsoft Azure Developer Associate AZ-204 Practice Question
You are developing a multi-tenant ASP.NET Core Web API called Inventory API protected by Microsoft Entra ID. Client apps access the API by using the OAuth 2.0 client-credentials flow. An application role "inventory.read.all" is defined in the API registration and assigned to the clients. When validating incoming access tokens, which claim and value should you verify to authorize read operations?
Check that the scp claim equals "inventory.read.all".
Check that the roles claim includes "inventory.read.all".
Check that the appid claim equals "inventory.read.all".
Check that the aud claim equals "inventory.read.all".
Tokens obtained through the client-credentials flow carry application permissions. Microsoft Entra ID does not include the scp (scope) claim in these tokens. Instead, it places granted application roles in the roles claim. Therefore, the API should verify that the roles claim contains the expected application role value ("inventory.read.all").
The other options are incorrect:
scp is absent in client-credentials tokens.
aud identifies the audience, not permissions.
appid is the caller's client ID and unrelated to role validation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the client-credentials flow in OAuth 2.0?
Open an interactive chat with Bash
Why is the roles claim important in Microsoft Entra ID's client-credentials flow?
Open an interactive chat with Bash
What is the difference between the aud and appid claims in OAuth 2.0 tokens?
Open an interactive chat with Bash
Microsoft Azure Developer Associate AZ-204
Implement Azure security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .