ExamGecko
Home / Microsoft / AZ-400 / List of questions
Ask Question

Microsoft AZ-400 Practice Test - Questions Answers, Page 14

List of questions

Question 131

Report
Export
Collapse

You use Azure Pipelines to manage project builds and deployments.

You plan to use Azure Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release. You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines for Microsoft Teams. What should you turn on?

Third-party application access via OAuth
Third-party application access via OAuth
Azure Active Directory Conditional Access Policy Validation
Azure Active Directory Conditional Access Policy Validation
Alternate authentication credentials
Alternate authentication credentials
SSH authentication
SSH authentication
Suggested answer: A

Explanation:

The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams

asked 02/10/2024
Daniel Adebayo
43 questions

Question 132

Report
Export
Collapse

You have an existing project in Azure DevOps.

You plan to integrate GitHub as the repository for the project.

You need to ensure that Azure Pipelines runs under the Azure Pipelines identity.

Which authentication mechanism should you use?

personal access token (PAT)
personal access token (PAT)
GitHub App
GitHub App
Azure Active Directory (Azure AD)
Azure Active Directory (Azure AD)
OAuth
OAuth
Suggested answer: B

Explanation:

GitHub App uses the Azure Pipelines identity.

Incorrect Answers:

A: Personal access token and OAuth use your personal GitHub identity.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github

asked 02/10/2024
Saksith Tangthong
33 questions

Question 133

Report
Export
Collapse

You plan to provision a self-hosted Linux agent.

Which authentication mechanism should you use to register the self-hosted agent?

personal access token (PAT)
personal access token (PAT)
SSH key
SSH key
Alternate credentials
Alternate credentials
certificate
certificate
Suggested answer: A

Explanation:

Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.

Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux

asked 02/10/2024
Firew Abebe
29 questions

Question 134

Report
Export
Collapse

You are building a Microsoft ASP.NET application that requires authentication.

You need to authenticate users by using Azure Active Directory (Azure AD).

What should you do first?

Assign an enterprise application to users and groups
Assign an enterprise application to users and groups
Create an app registration in Azure AD
Create an app registration in Azure AD
Configure the application to use a SAML endpoint
Configure the application to use a SAML endpoint
Create a new OAuth token from the application
Create a new OAuth token from the application
Create a membership database in an Azure SQL database
Create a membership database in an Azure SQL database
Suggested answer: B

Explanation:

Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications

asked 02/10/2024
Michele Punzo
39 questions

Question 135

Report
Export
Collapse

You have an Azure DevOps organization named Contoso.

You need to recommend an authentication mechanism that meets the following requirements:

Supports authentication from Git

Minimizes the need to provide credentials during authentication

What should you recommend?

personal access tokens (PATs) in Azure DevOps
personal access tokens (PATs) in Azure DevOps
Alternate credentials in Azure DevOps
Alternate credentials in Azure DevOps
user accounts in Azure Active Directory (Azure AD)
user accounts in Azure Active Directory (Azure AD)
managed identities in Azure Active Directory (Azure AD)
managed identities in Azure Active Directory (Azure AD)
Suggested answer: A

Explanation:

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential. Incorrect Answers:

B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).

Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview

asked 02/10/2024
Borisov Aleksandr
35 questions

Question 136

Report
Export
Collapse

You have an application that consists of several Azure App Service web apps and Azure functions.

You need to assess the security of the web apps and the functions.

Which Azure feature can you use to provide a recommendation for the security of the application?

Security & Compliance in Azure Log Analytics
Security & Compliance in Azure Log Analytics
Resource health in Azure Service Health
Resource health in Azure Service Health
Smart Detection in Azure Application Insights
Smart Detection in Azure Application Insights
Compute & apps in Azure Security Center
Compute & apps in Azure Security Center
Suggested answer: D

Explanation:

Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each. Recommendations

This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue. Incorrect Answers:

C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics

asked 02/10/2024
Carson Plunkett
50 questions

Question 137

Report
Export
Collapse

Your company has a project in Azure DevOps for a new web application.

The company identifies security as one of the highest priorities.

You need to recommend a solution to minimize the likelihood that infrastructure credentials will be leaked. What should you recommend?

Add a Run Inline Azure PowerShell task to the pipeline.
Add a Run Inline Azure PowerShell task to the pipeline.
Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
Add an Azure Key Vault task to the pipeline.
Add an Azure Key Vault task to the pipeline.
Add Azure Key Vault references to Azure Resource Manger templates.
Add Azure Key Vault references to Azure Resource Manger templates.
Suggested answer: B

Explanation:

Azure Key Vault provides a way to securely store credentials and other keys and secrets.

The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in a key vault in Azure Key Vault.

Reference:

https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecret

asked 02/10/2024
Kevin Margan
45 questions

Question 138

Report
Export
Collapse

SIMULATION

You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity. The solution must use the principle of least privilege.

To complete this task, sign in to the Microsoft Azure portal.

See solution below.
See solution below.
Suggested answer: A

Explanation:

1. In Azure portal navigate to the az400-9940427-main app.

2. Scroll down to the Settings group in the left navigation.

3. Select Managed identity.

4. Within the System assigned tab, switch Status to On. Click Save.

Microsoft AZ-400 image Question 10 explanation 86827 10022024015257000000

Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity

asked 02/10/2024
Sharanjit Kareer
41 questions

Question 139

Report
Export
Collapse

You create a Microsoft ASP.NET Core application.

You plan to use Azure Key Vault to provide secrets to the application as configuration data.

You need to create a Key Vault access policy to assign secret permissions to the application. The solution must use the principle of least privilege. Which secret permissions should you use?

List only
List only
Get only
Get only
Get and List
Get and List
Suggested answer: B

Explanation:

Application data plane permissions:

Keys: sign

Secrets: get

Reference:

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

asked 02/10/2024
Lambert Shel Pablo
43 questions

Question 140

Report
Export
Collapse

You have a branch policy in a project in Azure DevOps. The policy requires that code always builds successfully. You need to ensure that a specific user can always merge changes to the master branch, even if the code fails to compile. The solution must use the principle of least privilege. What should you do?

Add the user to the Build Administrators group.
Add the user to the Build Administrators group.
Add the user to the Project Administrators group.
Add the user to the Project Administrators group.
From the Security settings of the repository, modify the access control for the user.
From the Security settings of the repository, modify the access control for the user.
From the Security settings of the branch, modify the access control for the user.
From the Security settings of the branch, modify the access control for the user.
Suggested answer: D

Explanation:

In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.

Reference:

https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies

asked 02/10/2024
Gaurav Singh
36 questions
Total 489 questions
Go to page: of 49
Search

Related questions