Microsoft AZ-400 Practice Test - Questions Answers, Page 16

Instead use implement continuous integration.

Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Reference:

https://azuredevopslabs.com/labs/vstsextend/whitesource/

Instead implement continuous integration.

Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Reference:

https://azuredevopslabs.com/labs/vstsextend/whitesource/

Set up Advanced Threat Protection in the Azure portal

1. Sign into the Azure portal.

2. Navigate to the configuration page of the server you want to protect. In the security settings, select Advanced Data Security.

3. On the Advanced Data Security configuration page:

4. Enable Advanced Data Security on the server.

Note: Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create

https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure

When you connect to a Get repository from your Get client for the first time, the credential manager prompts for credentials. Provide your Microsoft account or Azure AD credentials. Note: Git Credential Managers simplify authentication with your Azure Repos Git repositories. Credential managers let you use the same credentials that you use for the Azure DevOps Services web portal. Credential managers support multi-factor authentication through Microsoft account or Azure Active Directory (Azure AD). Besides supporting multi-factor authentication with Azure Repos, credential managers also support two-factor authentication with GitHub repositories.

Reference:

https://docs.microsoft.com/en-us/azure/devops/repos/git/set-up-credential-managers

You can check policy compliance with gates.

You can extend the approval process for the release by adding a gate. Gates allow you to configure automated calls to external services, where the results are used to approve or reject a deployment. You can use gates to ensure that the release meets a wide range or criteria, without requiring user intervention.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals

WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server. Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Note: Blackduck would also be a good answer, but it is not an option here.

Reference: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/

Incorrect Answers:

B: Jenkins is a popular open-source automation server used to set up continuous integration and delivery (CI/CD) for your software projects. D: SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future.

Reference:

https://octopus.com/docs/packaging-applications

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

Reference:

https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed-permissions

Secure and Manage Open Source Software

Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.

Note:

There are several versions of this question in the exam. The question has two possible correct answers:

1. Black Duck

2. WhiteSource Bolt

Other incorrect answer options you may see on the exam include the following:

1. OWASP ZAP

2. PDM

3. SourceGear

Reference:

https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs