Microsoft 365 Core Services: MS-600 Sample Questions
To obtain the Microsoft 365 Certified: Developer Associate certification, you must pass the MS-600: Building Applications and Solutions with MS-365 Core Services certification exam. This exam assesses a candidate’s ability to perform technical tasks such as performing Microsoft identity, developing apps with Microsoft Graph, extending and customizing SharePoint, and extending Teams and MS Office.
Prospective Clientele
Candidates for the MS-600 exam are primarily Microsoft 365 Developers who are proficient in designing, building, testing, and sustainable solutions and applications that are intended to be optimized for organizations’ productivity and collaboration needs through the effective use of the Windows 365 platform.
Microsoft 365 Core Services: MS-600 Sample Questions
Advanced Sample Questions
What is Microsoft Graph?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A framework for building applications that integrate with Microsoft 365 services.
- C. A set of tools for managing network infrastructure.
- D. A tool for automating workflows.
Answer: B. Microsoft Graph is a framework for building applications that integrate with Microsoft 365 services.
Explanation: Microsoft Graph is a powerful tool that provides a unified API endpoint for accessing data from different Microsoft 365 services such as SharePoint, OneDrive, Teams, and more. Developers can use Microsoft Graph to build applications that can access and manipulate data from different Microsoft 365 services in a consistent manner.
What is Microsoft Teams?
- A. A chat-based collaboration platform in Microsoft 365.
- B. A tool for managing email and calendar data in Microsoft 365.
- C. A set of tools for managing network infrastructure.
- D. A tool for automating workflows.
Answer: A. Microsoft Teams is a chat-based collaboration platform in Microsoft 365.
Explanation: Microsoft Teams is a collaboration platform in Microsoft 365 that enables users to communicate and collaborate in real-time using chat, audio, and video calls. Teams also provides a wide range of features and integrations, including file sharing, co-authoring, app integration, and more.
What is Microsoft Power Automate?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A chat-based collaboration platform in Microsoft 365.
- C. A set of tools for managing network infrastructure.
- D. A tool for automating workflows.
Answer: D. Microsoft Power Automate is a tool for automating workflows.
Explanation: Microsoft Power Automate is a powerful tool that enables users to create automated workflows that can connect different systems and services, including Microsoft 365 services. With Power Automate, users can automate repetitive tasks, trigger actions based on specific events, and create custom workflows that meet their specific business needs.
What is Azure Active Directory (Azure AD)?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A tool for automating workflows.
- C. A cloud-based identity and access management service.
- D. A set of tools for managing network infrastructure.
Answer: C. Azure Active Directory (Azure AD) is a cloud-based identity and access management service.
Explanation: Azure Active Directory (Azure AD) is a cloud-based service that provides identity and access management capabilities for different applications and services, including Microsoft 365. With Azure AD, users can manage user identities, assign access privileges, and enforce security policies across different applications and services.
What is Microsoft Intune?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A tool for automating workflows.
- C. A set of tools for managing network infrastructure.
- D. A cloud-based mobile device management service.
Answer: D. Microsoft Intune is a cloud-based mobile device management service.
Explanation: Microsoft Intune is a powerful tool that enables organizations to manage and secure mobile devices and applications, including those that are used to access Microsoft 365 services. With Intune, organizations can set policies for device management, application management, and data protection.
What is the purpose of the Microsoft Identity Platform?
- A. To enable users to access Microsoft 365 services from any device.
- B. To provide a single sign-on (SSO) experience across multiple applications.
- C. To manage user identities and access privileges in Microsoft 365.
- D. To create custom applications that integrate with Microsoft 365 services.
Answer: B. To provide a single sign-on (SSO) experience across multiple applications.
Explanation: The Microsoft Identity Platform is a powerful tool that enables users to sign in to different applications and services using a single set of credentials. This provides a seamless and secure experience for users, and helps organizations manage user identities and access privileges across multiple applications.
What is the purpose of the Microsoft Graph Security API?
- A. To manage user identities and access privileges in Microsoft 365.
- B. To provide a unified API endpoint for accessing data from different Microsoft 365 services.
- C. To enable developers to build applications that integrate with Microsoft 365 services.
- D. To provide a programmatic interface for accessing security data from different sources.
Answer: D. To provide a programmatic interface for accessing security data from different sources.
Explanation: The Microsoft Graph Security API is a powerful tool that provides a programmatic interface for accessing security data from different sources, such as Microsoft Defender for Endpoint, Azure Active Directory, and more. This enables developers to build applications that can help organizations detect and respond to security threats in real-time.
What is Microsoft Search?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A tool for automating workflows.
- C. A chat-based collaboration platform in Microsoft 365.
- D. A unified search experience across Microsoft 365 services.
Answer: D. A unified search experience across Microsoft 365 services.
Explanation: Microsoft Search is a powerful tool that provides a unified search experience across different Microsoft 365 services, such as SharePoint, OneDrive, Teams, and more. This enables users to find the information they need quickly and easily, without having to switch between different applications.
What is Microsoft Information Protection (MIP)?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A tool for automating workflows.
- C. A set of tools for managing network infrastructure.
- D. A set of technologies for classifying, labeling, and protecting data in Microsoft 365.
Answer: D. A set of technologies for classifying, labeling, and protecting data in Microsoft 365.
Explanation: Microsoft Information Protection (MIP) is a powerful set of technologies that enables organizations to classify, label, and protect their sensitive data in Microsoft 365. MIP includes features such as data classification, labeling, encryption, and more, which help organizations protect their sensitive data from unauthorized access and disclosure.
What is Microsoft Cloud App Security?
- A. A tool for managing email and calendar data in Microsoft 365.
- B. A tool for automating workflows.
- C. A set of tools for managing network infrastructure.
- D. A cloud-based security service for monitoring and controlling access to cloud applications.
Answer: D. A cloud-based security service for monitoring and controlling access to cloud applications.
Explanation: Microsoft Cloud App Security is a powerful cloud-based security service that enables organizations to monitor and control access to their cloud applications, including Microsoft 365 services. With Cloud App Security, organizations can detect and respond to security threats in real-time, and enforce security policies to ensure compliance with regulations and standards.
Basic Sample Questions
Question 1
You must create a server-side web application that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform actions on the user’s behalf.
Which authorization flow should you employ?
- A. authorization number
- B. token for refreshing
- C. password for the resource owner
- D. device identification code
Solution – A
You can validate the ID token with a public signing key from the Microsoft identity platform endpoint to ensure the user’s identity. A session cookie is created, which can be used to identify the user on future page requests.
A web server app may require access to another web service, such as a REST API, in addition to simple sign-in. In this case, the web server app uses the OAuth 2.0 authorization code flow to engage in a combined OpenID Connect and OAuth 2.0 flow. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types
Question 2
You are developing a server-based web application that will use OAuth2 and be registered with the Microsoft identity platform.
Which two values are required by the app to obtain tokens from the Azure Active Directory (Azure AD) authorization endpoint? Each correct response represents a portion of the solution.
REMEMBER: Each correct answer is worth one point.
- A. the tenant identification number
- B. the context token
- C. the application identifier
- D. the application’s confidentiality
- E. the authorization code
Solution – C, E
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Question 3
You create a web API called WebApi1.
WebApi1 receives a MsalUiRequiredException exception from Azure Active Directory when validating a token received from a client application (Azure AD).
You must write the response that WebApi1 will send back to the client application.
What type of HTTP response should you send?
- A. HTTP 307 Temporary Redirect
- B. HTTP 400 Bad Request
- C. HTTP 403 Error
- D. HTTP 412 Precondition Failed
Solution – D
Question 4
You have a backend service that will communicate with the Microsoft Graph API.
You must configure the service to use the most secure authentication method available.
What should the service be configured to use?
- A. a certification
- B. a client’s confidential information
- C. a public key
- D. a hash
Solution – A
You can authenticate to the Graph API using one of two methods: AppId/Secret authentication or certificate-based authentication. The preferred and more secure method of authentication is by certificate.
Reference:
https://adamtheautomator.com/microsoft-graph-api-powershell/
Question 5
You have a program that makes use of the Microsoft Graph API.
You must configure the application so that it can retrieve the groups to which the currently logged-in user belongs. The outcomes must include the groups’ extended priorities.
What is the best URI to use?
- A. https://graph.microsoft.com/v1.0/me/getMemberObjects
- B. Graph.microsoft.com/v1.0/me/getMemberGroups
- C. graph.microsoft.com/v1.0/me/memberOf
- D. Graph.microsoft.com/v1.0/me/checkMemberGroups
Solution – B
Get member groups returns all of the groups to which the specified user, group, or directory object belongs. This function has a transitive property.
Reference:
https://docs.microsoft.com/en-us/graph/api/directoryobject-getmembergroups
Question 6
You’re working on a human resources app that will show users where they stand in their company’s organizational chart.
You are adding a new feature to the application that will display the name of a user’s manager.
To retrieve the data, you must first create a REST query. The solution must reduce the amount of data that is retrieved.
Which of the following queries should you use?
- A. GET https://graph.microsoft.com/v1.0/users/{UserPricipalName}/manager?$select=displayName
- B. OBTAIN https://graph.microsoft.com/v1.0/users/UserPricipalName/people?$select=displayName&$filter=jobTitle eq’manager’
- C. ACCESS https://graph.microsoft.com/v1.0/users/UserPricipalName/contacts?$filter=jobTitle eq’manager’
- D. ACCESS http://graph.microsoft.com/v1.0/users/UserPricipalName/manager
Solution – A
References:
https://docs.microsoft.com/en-us/graph/api/user-list-manager
https://developer.microsoft.com/en-us/graph/docs/overview/query_parameters
Question 7
You’re working on an app that will monitor changes to the UserPrincipalName attribute of Microsoft 365 accounts.
To retrieve the information using Microsoft Graph, you must make a REST request. The solution must reduce the amount of data that is retrieved.
What are your options?
- A. For the first call, use GET https://graph.microsoft.com/v1.0/users/delta. In subsequent calls, use the state token.
- B. For the first call, use GET https://graph.microsoft.com/v1.0/users/delta?$select=UserPrincipalName. In subsequent calls, use the state token.
- C. For the calls, use GET https://graph.microsoft.com/v1.0/users$select=UserPrincipalName and track the changes.
- D. For the calls, use GET https://graph.microsoft.com/v1.0/users and monitor the changes.
Solution – B
To track changes in a resource collection, use the delta query.
The following is a typical call pattern:
The application starts by sending a GET request to the desired resource with the delta function.
- Microsoft Inc.
- The Graph responds with the requested resource and a state token.
Choosing three properties as an example
The following example shows the initial request, which selects three properties for change tracking and uses the default response behavior.
Nota bene: Delta queries allow applications to discover newly created, updated, or deleted entities without having to perform a full read of the target resource with each request.
Answers that are incorrect:
A is an example of default properties.
An example of a request is provided below. Because there is no $select parameter, a set of default properties is tracked and returned.
Reference:
https://docs.microsoft.com/en-us/graph/api/user-delta
Question 8
You are creating a new application called App1 that will authenticate to Azure Active Directory using the Microsoft identity platform (Azure AD).
App1 can currently read user profile information.
You must grant App1 access to the user’s calendar.
Solution: Add the Microsoft Graph API and the Calendar to the Azure portal. App1’s API permission list can be used to read permission. Give administrative permission to the tenant.
Is this satisfactory?
- A. Yes
- B. No
Solution – A
Calendars in Microsoft Graph. Read enables the app to read events from the user’s calendar.
To allow your app to access data in Microsoft Graph, the user or administrator must grant it the necessary permissions through a consent process.
Apps that run without a signed-in user present, such as background services or daemons, make use of application permissions. Only an administrator can grant application permissions.
Question 9
You are creating a new application called App1 that will authenticate to Azure Active Directory using the Microsoft identity platform (Azure AD).
App1 can currently read user profile information.
You must grant App1 access to the user’s calendar.
Solution: During the initial login request, add https://graph.windows.net/user.read to the list of scopes.
Is this satisfactory?
- A. Yes
- B. No
Solution – B
Calendars in Microsoft Graph. Read enables the app to read events from the user’s calendar.
To allow your app to access data in Microsoft Graph, the user or administrator must grant it the necessary permissions through a consent process.
Apps that run without a signed-in user present, such as background services or daemons, make use of application permissions. Only an administrator can grant application permissions.
Question 10
You are creating a new application called App1 that will authenticate to Azure Active Directory using the Microsoft identity platform (Azure AD).
App1 can currently read user profile information.
You must grant App1 access to the user’s calendar.
Solution: Request the Calendar dynamically in App1’s code.
The Microsoft Graph API read permission.
Is this satisfactory?
- A. Yes
- B. No
Solution – B
Question 11
You’re working on a SharePoint Framework (SPFx) web part.
Which API should you use to get a user’s Microsoft Teams memberships with the least amount of code?
- A. MSGraphClient
- B. AadHttpClient
- C. SPHttpClient
- D. XMLHttpRequest
Solution – A
Question 12
You intend to make a SharePoint Framework (SPFx) solution available in the tenant app catalog.
Which attribute in the package-solution.json file should you configure to ensure that the solution is immediately available to all site collections?
- A. IgnoreFeatureDeployment
- B. zippedPackage
- C. ClientSideComponentId
- D. isDomainIsolated
Solution – A
Reference:
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/tenant-scoped-deployment
Question 13
What should you add to a SharePoint Framework (SPFx) solution to make it usable as a Microsoft Teams tab?
- A. the TeamsTab value in the manifest file’s componentType property
- B. Add a manifest file to the solution’s Teams folder.
- C. the TeamsTab value in the manifest file’s supportedHosts property
- D. Add a manifest file to the solution’s webparts folder.
Solution – D
Question 14
What is the best tool for creating a SharePoint Framework (SPFx) solution?
- A. Solar Eclipse
- B. App Studio
- C. Yacc
- D. Yeoman
Solution – D
Question 15
You have a business API that is protected by Azure Active Directory (Azure AD).
You add an app to the app catalog. The solution asks for access to the API.
What actions should you take in the SharePoint admin center to ensure that the solution has access to the API?
- A. Make a SharePoint security group and include the solution in it.
- B. Establish an access policy.
- C. Make sandbox solutions available.
- D. Grant a previously requested permission.
Solution – D
Developers creating a SharePoint Framework solution that requires access to specific resources secured with Azure AD list these resources in the solution manifest, along with the required permission scopes. SharePoint creates permission requests and prompts the administrator to manage the requested permissions when deploying the solution package to the app catalog. Tenant administrators have the option of granting or denying specific permissions for each request.
All permissions are granted to the entire tenant rather than to a specific application. When a tenant administrator grants specific permission, it is added to the Azure AD application SharePoint Online Client Extensibility, which is provisioned by Microsoft in every Azure AD and is used by the SharePoint Framework.
Question 16
You are creating a custom SharePoint Framework (SPFx) web part for use on modern Microsoft SharePoint sites.
When you deploy the web part, you must ensure that all of the web part fields and controls adhere to the site’s theme.
What tools should you use to create the web part?
- A. Material User Interface
- B. React Office UI Fabric
- C. HTML 5.0 and CSS
- D. Dynamic Framework
Solution – B
Reference:
http://www.sharepointsamples.com/sharepoint-framework-webpart-with-office-ui-fabric-react-component/
Question 17
You are working with a SharePoint Framework (SPFx) 1.5 solution.
You must ensure that the solution can be accessed via Microsoft Teams as a tab.
What should you start with?
- A. Modify the solution to make use of the Bot Framework.
- B. Distribute the solution to a collection of developer sites.
- C. Upload the solution to Microsoft AppSource.
- D. Update the solution to the most recent SPFx version.
Solution – D
Question 18
You have an API that is protected by Azure Active Directory (Azure AD).
You’re putting together a SharePoint Framework (SPFx) solution.
Which object should you use in the solution to connect to the API?
- A. SPHttpClient
- B. HttpClient
- C. AadHttpClient
Solution – C
Reference:
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient
Question 19
What is the default permission scope when you use MSGraphClient to request an access token?
- A. Read.User
- B. People.Read.Everything
- C. Individuals.
- D. Read.All.User
Solution – D
Reference:
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph
Question 20
You have a SharePoint Framework (SPFx) starter web part.
You must test the web part using the local workbench by going to https://localhost:4321/temp/workbench.html.
Which tool should you use to make the web part available for debugging locally?
- A. Yeoman
- B. Visual Studio Code by Microsoft
- C. install npm
- D. gulp serve
Solution – B
Reference:
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/debug-in-vscode
