ExamGecko
Search Search Login
Home Home / Microsoft / AZ-400

Microsoft AZ-400 Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

SIMULATION Task 8 Initialize the default main branch, if it does not exist already. In Project 1, you need to create a new Azure Pipelines YAML pipeline by using the ASP.NET template. The pipeline must use Azure Repos as the hosting platform and must be created in a new branch named azure-pipelines.
SIMULATION Task 3 You need to create a new team dashboard named Dashboard1 for the default project team of Project1. The dashboard must display the members of the team
You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?
SIMULATION Task 7 Initialize the default main branch, if it does not exist already In the User 1-42147509 organization, you need to install the Microsoft Security DevOps extension. Next, create a new starter pipeline named starter1 that will use the following starter code. Ensure that starter! includes a task that executes the extension and uses the following input*: * Command: run * Policy aruredevops * Publish: true Save the pipeline to a new branch named starter
HOTSPOT You use Azure Pipelines to manage the build and deployment of apps. You are planning the release strategies for a new app. You need to choose strategies for the following scenarios: Releases will be made available to users who are grouped by their tolerance for software faults. Code will be deployed to enable functionality that will be available in later releases of the app. When a new release occurs, the existing deployment will remain active to minimize recovery time if a return to the previous version is required. Which strategy should you choose for each scenario? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure pipeline that is used to deploy a web app. The pipeline includes a test suite named TestSuite1. TestSuite1 is used to validate the operations of the web app. TestSuite1 fails intermittently. You identify that the failures are unrelated to changes in the source code and execution environment. You need to minimize troubleshooting effort for the TestSuite1 failures. Solution: You increase code coverage. Does this meet the goal?
SIMULATION You plan to deploy a website that will be hosted in two Azure regions. You need to create an Azure Traffic Manager profile named az40011566895n1-tm in a resource group named RG1lod11566895. The solution must ensure that users will always connect to a copy of the website that is in the same country. To complete this task, sign in to the Microsoft Azure portal.
Your company has a release pipeline in an Azure DevOps project. You plan to deploy to an Azure Kubernetes Services (AKS) cluster by using the Helm package and deploy task. You need to install a service in the AKS namespace for the planned deployment. Which service should you install?
You have an Azure DevOps organization named Contoso. You need to recommend an authentication mechanism that meets the following requirements: Supports authentication from Git Minimizes the need to provide credentials during authentication What should you recommend?
You have an Azure pipeline that is used to deploy an app named App1. You need to ensure that new versions of App1 are released only if they exceed performance baselines. The solution must minimize administrative effort. What should you configure?

Question 131

Report
Export
Collapse

You use Azure Pipelines to manage project builds and deployments.

You plan to use Azure Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release. You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines for Microsoft Teams. What should you turn on?

A.
Third-party application access via OAuth
A.
Third-party application access via OAuth
Answers
B.
Azure Active Directory Conditional Access Policy Validation
B.
Azure Active Directory Conditional Access Policy Validation
Answers
C.
Alternate authentication credentials
C.
Alternate authentication credentials
Answers
D.
SSH authentication
D.
SSH authentication
Answers
Suggested answer: A

Explanation:

The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams

Question 132

Report
Export
Collapse

You have an existing project in Azure DevOps.

You plan to integrate GitHub as the repository for the project.

You need to ensure that Azure Pipelines runs under the Azure Pipelines identity.

Which authentication mechanism should you use?

A.
personal access token (PAT)
A.
personal access token (PAT)
Answers
B.
GitHub App
B.
GitHub App
Answers
C.
Azure Active Directory (Azure AD)
C.
Azure Active Directory (Azure AD)
Answers
D.
OAuth
D.
OAuth
Answers
Suggested answer: B

Explanation:

GitHub App uses the Azure Pipelines identity.

Incorrect Answers:

A: Personal access token and OAuth use your personal GitHub identity.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github

Question 133

Report
Export
Collapse

You plan to provision a self-hosted Linux agent.

Which authentication mechanism should you use to register the self-hosted agent?

A.
personal access token (PAT)
A.
personal access token (PAT)
Answers
B.
SSH key
B.
SSH key
Answers
C.
Alternate credentials
C.
Alternate credentials
Answers
D.
certificate
D.
certificate
Answers
Suggested answer: A

Explanation:

Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux

Question 134

Report
Export
Collapse

You are building a Microsoft ASP.NET application that requires authentication.

You need to authenticate users by using Azure Active Directory (Azure AD).

What should you do first?

A.
Assign an enterprise application to users and groups
A.
Assign an enterprise application to users and groups
Answers
B.
Create an app registration in Azure AD
B.
Create an app registration in Azure AD
Answers
C.
Configure the application to use a SAML endpoint
C.
Configure the application to use a SAML endpoint
Answers
D.
Create a new OAuth token from the application
D.
Create a new OAuth token from the application
Answers
E.
Create a membership database in an Azure SQL database
E.
Create a membership database in an Azure SQL database
Answers
Suggested answer: B

Explanation:

Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications

Question 135

Report
Export
Collapse

You have an Azure DevOps organization named Contoso.

You need to recommend an authentication mechanism that meets the following requirements:

Supports authentication from Git

Minimizes the need to provide credentials during authentication

What should you recommend?

A.
personal access tokens (PATs) in Azure DevOps
A.
personal access tokens (PATs) in Azure DevOps
Answers
B.
Alternate credentials in Azure DevOps
B.
Alternate credentials in Azure DevOps
Answers
C.
user accounts in Azure Active Directory (Azure AD)
C.
user accounts in Azure Active Directory (Azure AD)
Answers
D.
managed identities in Azure Active Directory (Azure AD)
D.
managed identities in Azure Active Directory (Azure AD)
Answers
Suggested answer: A

Explanation:

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential. Incorrect Answers:

B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).

Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview

Question 136

Report
Export
Collapse

You have an application that consists of several Azure App Service web apps and Azure functions.

You need to assess the security of the web apps and the functions.

Which Azure feature can you use to provide a recommendation for the security of the application?

A.
Security & Compliance in Azure Log Analytics
A.
Security & Compliance in Azure Log Analytics
Answers
B.
Resource health in Azure Service Health
B.
Resource health in Azure Service Health
Answers
C.
Smart Detection in Azure Application Insights
C.
Smart Detection in Azure Application Insights
Answers
D.
Compute & apps in Azure Security Center
D.
Compute & apps in Azure Security Center
Answers
Suggested answer: D

Explanation:

Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each. Recommendations

This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue. Incorrect Answers:

C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics

Question 137

Report
Export
Collapse

Your company has a project in Azure DevOps for a new web application.

The company identifies security as one of the highest priorities.

You need to recommend a solution to minimize the likelihood that infrastructure credentials will be leaked. What should you recommend?

A.
Add a Run Inline Azure PowerShell task to the pipeline.
A.
Add a Run Inline Azure PowerShell task to the pipeline.
Answers
B.
Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
B.
Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
Answers
C.
Add an Azure Key Vault task to the pipeline.
C.
Add an Azure Key Vault task to the pipeline.
Answers
D.
Add Azure Key Vault references to Azure Resource Manger templates.
D.
Add Azure Key Vault references to Azure Resource Manger templates.
Answers
Suggested answer: B

Explanation:

Azure Key Vault provides a way to securely store credentials and other keys and secrets.

The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in a key vault in Azure Key Vault.

Reference:

https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecret

Question 138

Report
Export
Collapse

SIMULATION

You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity. The solution must use the principle of least privilege.

To complete this task, sign in to the Microsoft Azure portal.

A.
See solution below.
A.
See solution below.
Answers
Suggested answer: A

Explanation:

1. In Azure portal navigate to the az400-9940427-main app.

2. Scroll down to the Settings group in the left navigation.

3. Select Managed identity.

4. Within the System assigned tab, switch Status to On. Click Save.

Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity

Question 139

Report
Export
Collapse

You create a Microsoft ASP.NET Core application.

You plan to use Azure Key Vault to provide secrets to the application as configuration data.

You need to create a Key Vault access policy to assign secret permissions to the application. The solution must use the principle of least privilege. Which secret permissions should you use?

A.
List only
A.
List only
Answers
B.
Get only
B.
Get only
Answers
C.
Get and List
C.
Get and List
Answers
Suggested answer: B

Explanation:

Application data plane permissions:

Keys: sign

Secrets: get

Reference:

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Question 140

Report
Export
Collapse

You have a branch policy in a project in Azure DevOps. The policy requires that code always builds successfully. You need to ensure that a specific user can always merge changes to the master branch, even if the code fails to compile. The solution must use the principle of least privilege. What should you do?

A.
Add the user to the Build Administrators group.
A.
Add the user to the Build Administrators group.
Answers
B.
Add the user to the Project Administrators group.
B.
Add the user to the Project Administrators group.
Answers
C.
From the Security settings of the repository, modify the access control for the user.
C.
From the Security settings of the repository, modify the access control for the user.
Answers
D.
From the Security settings of the branch, modify the access control for the user.
D.
From the Security settings of the branch, modify the access control for the user.
Answers
Suggested answer: D

Explanation:

In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.

Reference:

https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies

Total 482 questions
Go to page: of 49
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms