ExamGecko
Search Search Login
Home Home / Microsoft / AZ-400

Microsoft AZ-400 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

SIMULATION Task 8 Initialize the default main branch, if it does not exist already. In Project 1, you need to create a new Azure Pipelines YAML pipeline by using the ASP.NET template. The pipeline must use Azure Repos as the hosting platform and must be created in a new branch named azure-pipelines.
SIMULATION Task 3 You need to create a new team dashboard named Dashboard1 for the default project team of Project1. The dashboard must display the members of the team
You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?
SIMULATION Task 7 Initialize the default main branch, if it does not exist already In the User 1-42147509 organization, you need to install the Microsoft Security DevOps extension. Next, create a new starter pipeline named starter1 that will use the following starter code. Ensure that starter! includes a task that executes the extension and uses the following input*: * Command: run * Policy aruredevops * Publish: true Save the pipeline to a new branch named starter
HOTSPOT You use Azure Pipelines to manage the build and deployment of apps. You are planning the release strategies for a new app. You need to choose strategies for the following scenarios: Releases will be made available to users who are grouped by their tolerance for software faults. Code will be deployed to enable functionality that will be available in later releases of the app. When a new release occurs, the existing deployment will remain active to minimize recovery time if a return to the previous version is required. Which strategy should you choose for each scenario? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SIMULATION You plan to deploy a website that will be hosted in two Azure regions. You need to create an Azure Traffic Manager profile named az40011566895n1-tm in a resource group named RG1lod11566895. The solution must ensure that users will always connect to a copy of the website that is in the same country. To complete this task, sign in to the Microsoft Azure portal.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure pipeline that is used to deploy a web app. The pipeline includes a test suite named TestSuite1. TestSuite1 is used to validate the operations of the web app. TestSuite1 fails intermittently. You identify that the failures are unrelated to changes in the source code and execution environment. You need to minimize troubleshooting effort for the TestSuite1 failures. Solution: You increase code coverage. Does this meet the goal?
Your company has a release pipeline in an Azure DevOps project. You plan to deploy to an Azure Kubernetes Services (AKS) cluster by using the Helm package and deploy task. You need to install a service in the AKS namespace for the planned deployment. Which service should you install?
You have an Azure DevOps organization named Contoso. You need to recommend an authentication mechanism that meets the following requirements: Supports authentication from Git Minimizes the need to provide credentials during authentication What should you recommend?
DRAG DROP You have a GitHub repository. You need to configure Dependabot dependency scanning. The solution must meet the following requirements: * Automatically open a pull request to resolve an alert. * Automatically open a pull request when a dependency is updated. What should you enable for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Question 141

Report
Export
Collapse

You have an Azure Resource Manager template that deploys a multi-tier application.

You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application. What should you use?

A.
Azure Key Vault
A.
Azure Key Vault
Answers
B.
a Web.config file
B.
a Web.config file
Answers
C.
an Appsettings.json file
C.
an Appsettings.json file
Answers
D.
an Azure Storage table
D.
an Azure Storage table
Answers
E.
an Azure Resource Manager parameter file
E.
an Azure Resource Manager parameter file
Answers
Suggested answer: A

Explanation:

When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter

Question 142

Report
Export
Collapse

SIMULATION

Your company plans to implement a new compliance strategy that will require all Azure web apps to be backed up every five hours. You need to back up an Azure web app named az400-11566895-main every five hours to an Azure Storage account in your resource group. To complete this task, sign in to the Microsoft Azure portal.

A.
See solution below.
A.
See solution below.
Answers
Suggested answer: A

Explanation:

With the storage account ready, you can configure backs up in the web app or App Service.

1. Open the App Service az400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup Configuration blade should appear. 2. Select the storage account.

3. Click + to create a private container. You could name this container after the web app or App Service. 4. Select the container.

5. If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours 6. Select your retention. Note that 0 means never delete backups.

7. Decide if at least one backup should always be retained.

8. Choose if any connected databases should be included in the web app backup.

9. Click Save to finalize the backup configuration.

Reference:

https://petri.com/backing-azure-app-service

Question 143

Report
Export
Collapse

SIMULATION

You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv. To complete this task, sign in to the Microsoft Azure portal.

A.
See solution below.
A.
See solution below.
Answers
Suggested answer: A

Explanation:

You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.

1. Sign in to Azure portal

2. Locate virtual machine VM1.

3. Select Identity

4. Enable the system-assigned identity for VM1 by setting the Status to On.

Note: Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad

Question 144

Report
Export
Collapse

You are deploying a server application that will run on a Server Core installation of Windows Server 2019. You create an Azure key vault and a secret.

You need to use the key vault to secure API secrets for third-party integrations.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Configure RBAC for the key vault.
A.
Configure RBAC for the key vault.
Answers
B.
Modify the application to access the key vault.
B.
Modify the application to access the key vault.
Answers
C.
Configure a Key Vault access policy.
C.
Configure a Key Vault access policy.
Answers
D.
Deploy an Azure Desired State Configuration (DSC) extension.
D.
Deploy an Azure Desired State Configuration (DSC) extension.
Answers
E.
Deploy a virtual machine that uses a system-assigned managed identity.
E.
Deploy a virtual machine that uses a system-assigned managed identity.
Answers
Suggested answer: B, C, E

Explanation:

BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.

C:

1. Select Add Access Policy.

2. Open Secret permissions and provide the app with Get and List permissions.

3. Select Select principal and select the registered app by name. Select the Select button.

4. Select OK.

5. Select Save.

6. Deploy the app.

Reference:

https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration

Question 145

Report
Export
Collapse

You have an Azure DevOps organization named Contoso that contains a project named Project1.

You provision an Azure key vault named Keyvault1.

You need to reference Keyvault1 secrets in a build pipeline of Project1.

What should you do first?

A.
Add a secure file to Project1.
A.
Add a secure file to Project1.
Answers
B.
Create an XAML build service.
B.
Create an XAML build service.
Answers
C.
Create a variable group in Project1.
C.
Create a variable group in Project1.
Answers
D.
Configure the security policy of Contoso.
D.
Configure the security policy of Contoso.
Answers
Suggested answer: A

Explanation:

Before this will work, the build needs permission to access the Azure Key Vault. This can be added in the Azure Portal. Open the Access Policies in the Key Vault and add a new one. Choose the principle used in the DevOps build.

Reference:

https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-key-vault

Question 146

Report
Export
Collapse

Your company uses Azure DevOps.

Only users who have accounts in Azure Active Directory can access the Azure DevOps environment.

You need to ensure that only devices that are connected to the on-premises network can access the Azure DevOps environment. What should you do?

A.
Assign the Stakeholder access level to all users.
A.
Assign the Stakeholder access level to all users.
Answers
B.
In Azure Active Directory, configure risky sign-ins.
B.
In Azure Active Directory, configure risky sign-ins.
Answers
C.
In Azure DevOps, configure Security in Project Settings.
C.
In Azure DevOps, configure Security in Project Settings.
Answers
D.
In Azure Active Directory, configure conditional access.
D.
In Azure Active Directory, configure conditional access.
Answers
Suggested answer: D

Explanation:

Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions. Conditional Access policies are enforced after the first-factor authentication has been completed.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Question 147

Report
Export
Collapse

You have the following Azure policy.

You assign the policy to the Tenant root group.

What is the effect of the policy?

A.
prevents all HTTP traffic to existing Azure Storage accounts
A.
prevents all HTTP traffic to existing Azure Storage accounts
Answers
B.
ensures that all traffic to new Azure Storage accounts is encrypted
B.
ensures that all traffic to new Azure Storage accounts is encrypted
Answers
C.
prevents HTTPS traffic to new Azure Storage accounts when the accounts are accessed over the Internet
C.
prevents HTTPS traffic to new Azure Storage accounts when the accounts are accessed over the Internet
Answers
D.
ensures that all data for new Azure Storage accounts is encrypted at rest
D.
ensures that all data for new Azure Storage accounts is encrypted at rest
Answers
Suggested answer: B

Explanation:

Denies non HTTPS traffic.

Question 148

Report
Export
Collapse

You have an Azure DevOps organization named Contoso, an Azure DevOps project named Project1, an Azure subscription named Sub1, and an Azure key vault named vault1. You need to ensure that you can reference the values of the secrets stored in vault1 in all the pipelines of Project1. The solution must prevent the values from being stored in the pipelines. What should you do?

A.
Create a variable group in Project1.
A.
Create a variable group in Project1.
Answers
B.
Add a secure file to Project1.
B.
Add a secure file to Project1.
Answers
C.
Modify the security settings of the pipelines.
C.
Modify the security settings of the pipelines.
Answers
D.
Configure the security policy of Contoso.
D.
Configure the security policy of Contoso.
Answers
Suggested answer: A

Explanation:

Use a variable group to store values that you want to control and make available across multiple pipelines.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups

Question 149

Report
Export
Collapse

You use WhiteSource Bolt to scan a Node.js application.

The WhiteSource Bolt scan identifies numerous libraries that have invalid licenses. The libraries are used only during development and are not part of a production deployment. You need to ensure that WhiteSource Bolt only scans production dependencies.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Run npm install and specify the --production flag.
A.
Run npm install and specify the --production flag.
Answers
B.
Modify the WhiteSource Bolt policy and set the action for the licenses used by the development tools to Reassign.
B.
Modify the WhiteSource Bolt policy and set the action for the licenses used by the development tools to Reassign.
Answers
C.
Modify the devDependencies section of the project's Package.json file.
C.
Modify the devDependencies section of the project's Package.json file.
Answers
D.
Configure WhiteSource Bolt to scan the node_modules directory only.
D.
Configure WhiteSource Bolt to scan the node_modules directory only.
Answers
Suggested answer: A, C

Explanation:

A: To resolve NPM dependencies, you should first run "npm install" command on the relevant folders before executing the plugin. C: All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project. This file is used to give information to npm that allows it to identify the project as well as handle the project's dependencies. It can also contain other metadata such as a project description, the version of the project in a particular distribution, license information, even configuration data - all of which can be vital to both npm and to the end users of the package.

Reference: https://whitesource.atlassian.net/wiki/spaces/WD/pages/34209870/NPM+Plugin https://nodejs.org/en/knowledge/getting-started/npm/what-is-the-file-package-json

Question 150

Report
Export
Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You plan to update the Azure DevOps strategy of your company.

You need to identify the following issues as they occur during the company's development process:

Licensing violations Prohibited libraries

Solution: You implement continuous integration.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Reference:

https://azuredevopslabs.com/labs/vstsextend/whitesource/

Total 482 questions
Go to page: of 49
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms