Home › Azure AZ-204 › cloudcomputing › az204security › Which type of Microsoft Identity token does a cl…
Which type of Microsoft Identity token does a client present to a downstream API to prove the SIGNED-IN USER's identity and scopes?
AA static API key shared across all users
BThe user's plain-text password
CAn SSL certificate from the user's browser
DAn access token (typically a JWT) issued by Entra ID with the user's claims and granted scopes
Answer & Solution
Correct answer: D. An access token (typically a JWT) issued by Entra ID with the user's claims and granted scopes
Access tokens (JWTs) carry user/app identity + scopes and are validated by the downstream API. The other options are insecure or invalid.
Related questions
Which Azure feature continuously scans App Service / Function code for known vulnerabilitiWhich configuration lets an Azure Function access a SECRET stored in Key Vault via an App An Azure Function needs to read a secret from Key Vault on every cold start. What's the MOAn Azure Web App needs to authenticate users with Entra ID without writing OAuth code. WhiWhich Azure feature lets an admin grant a role assignment that's only ACTIVE for an approvWhich Azure feature lets a developer call `DefaultAzureCredential` from the Azure SDK and Which configuration gives an Azure VM, App Service, or Function App an identity to call KeWhich Azure service handles consumer/customer-facing identity (B2C) — sign-in for end user