Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You registered an ASP.NET Core web API named ContosoApi in Microsoft Entra ID. Background services in other Azure AD tenants will call the API by using the OAuth 2.0 client-credentials flow. Each consuming tenant's administrator must grant consent, and the API must not expose any delegated permissions.

In the Azure portal, which change should you make to the ContosoApi app registration to satisfy these requirements?

  • Add a delegated permission scope and set "User consent enabled" to Yes.

  • Add an application role that has Allowed member type set to "Application" and admin consent required enabled.

  • Enable the "Allow public client flows" option in Authentication settings.

  • Change Supported account types to "Accounts in this organizational directory only".

Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot