ExamGecko
Home / Microsoft / AZ-400 / List of questions
Ask Question

Microsoft AZ-400 Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report
Export
Collapse

DRAG DROP

You are configuring an Azure DevOps deployment pipeline. The deployed application will authenticate to a web service by using a secret stored in an Azure key vault.

You need to use the secret in the deployment pipeline.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Microsoft AZ-400 image Question 171 86860 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 171 86860 10022024015257000

Explanation:

Step 1: Create a service principal in Azure Active Directory (Azure AD).

You will need a service principal to deploy an app to an Azure resource from Azure Pipelines.

Step 2: Configure an access policy in the key vault.

You need to secure access to your key vaults by allowing only authorized applications and users. To access the data from the vault, you will need to provide read (Get) permissions to the service principal that you will be using for authentication in the pipeline.

Select Access policy and then select + Add Access Policy to setup a new policy.

Microsoft AZ-400 image Question 43 explanation 86860 10022024015257000000

Step 3: Add an Azure Resource Manager service connection to the pipeline

You need to authorize the pipeline to deploy to Azure:

1. Select Pipelines | Pipelines,

2. Go to Releases under Pipelines and then select and Edit your pipeline.

3. Under Tasks, notice the release definition for Dev stage has a Azure Key Vault task. This task downloads Secrets from an Azure Key Vault. You will need to point to the subscription and the Azure Key Vault resource.

4. Click Manage, this will redirect to the Service connections page.

Microsoft AZ-400 image Question 43 explanation 86860 10022024015257000000

5. Click on New Service connection -> Azure Resource Manager -> Service Principal (manual). Fill the information from previously created service principal.

Reference:

https://azuredevopslabs.com/labs/vstsextend/azurekeyvault/

asked 02/10/2024
Sandeep Ramakrishnan
49 questions

Question 172

Report
Export
Collapse

DRAG DROP

You have a private project in Azure DevOps and two users named User1 and User2.

You need to add User1 and User2 to groups to meet the following requirements:

User1 must be able to create a code wiki.

User2 must be able to edit wiki pages.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Microsoft AZ-400 image Question 172 86861 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 172 86861 10022024015257000

Explanation:

User1: Project Administrators

You must have the permission Create Repository to publish code as wiki. By default, this permission is set for members of the Project Administrators group.

User2: Contributors

Anyone who is a member of the Contributors security group can add or edit wiki pages.

Anyone with access to the team project, including stakeholders, can view the wiki.

Reference:

https://docs.microsoft.com/en-us/azure/devops/project/wiki/wiki-create-repo

asked 02/10/2024
wendy brouwer
38 questions

Question 173

Report
Export
Collapse

HOTSPOT

Your company has an Azure subscription.

The company requires that all resource group in the subscription have a tag named organization set to a value of Contoso.

You need to implement a policy to meet the tagging requirement.

How should you complete the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft AZ-400 image Question 173 86862 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 173 86862 10022024015257000

Explanation:

Box 1: " Microsoft.Resources/subscriptions/resourceGroups"

Box 2: "Deny",

Sample - Enforce tag and its value on resource groups

},

"policyRule": {

"if": {

"allOf": [

{

"field": "type",

"equals": "Microsoft.Resources/subscriptions/resourceGroups"

},

{

"not": {

"field": "[concat('tags[',parameters('tagName'), ']')]",

"equals": "[parameters('tagValue')]"

}

}

]

},

"then": {

"effect": "deny"

}

}

}

}

References:

https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-on-resource-groups

asked 02/10/2024
MARCIA SHEILA PELAEZ GONZALEZ
38 questions

Question 174

Report
Export
Collapse

DRAG DROP

You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled.

You plan to use Azure Container Instances as a hosted development environment to run containers in the AKS implementation.

You need to configure Azure Container Instances as a hosted environment for running the containers in AKS.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Microsoft AZ-400 image Question 174 86863 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 174 86863 10022024015257000

Explanation:

Step 1: Create a YAML file.

If your AKS cluster is RBAC-enabled, you must create a service account and role binding for use with Tiller. To create a service account and role binding, create a file named rbac-virtual-kubelet.yaml

Step 2: Run kubectl apply.

Apply the service account and binding with kubectl apply and specify your rbac-virtual-kubelet.yaml file.

Step 3: Run helm init.

Configure Helm to use the tiller service account:

helm init --service-account tiller

You can now continue to installing the Virtual Kubelet into your AKS cluster.

References: https://docs.microsoft.com/en-us/azure/aks/virtual-kubelet

asked 02/10/2024
giorgi durglishvili
42 questions

Question 175

Report
Export
Collapse

DRAG DROP

You are implementing a package management solution for a Node.js application by using Azure Artifacts.

You need to configure the development environment to connect to the package repository. The solution must minimize the likelihood that credentials will be leaked.

Which file should you use to configure each connection? To answer, drag the appropriate files to the correct connections. Each file may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Microsoft AZ-400 image Question 175 86864 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 175 86864 10022024015257000

Explanation:

All Azure Artifacts feeds require authentication, so you'll need to store credentials for the feed before you can install or publish packages. npm uses .npmrc configuration files to store feed URLs and credentials. Azure DevOps Services recommends using two .npmrc files.

Feed registry information: The .npmrc file in the project

One .npmrc should live at the root of your git repo adjacent to your project's package.json. It should contain a "registry" line for your feed and it should not contain credentials since it will be checked into git.

Credentials: The .npmrc file in the user's home folder

On your development machine, you will also have a .npmrc in $home for Linux or Mac systems or $env.HOME for win systems. This .npmrc should contain credentials for all of the registries that you need to connect to. The NPM client will look at your project's .npmrc, discover the registry, and fetch matching credentials from $home/.npmrc or $env.HOME/.npmrc.

References:

https://docs.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=windows

asked 02/10/2024
Jennifer Okai Addey
36 questions

Question 176

Report
Export
Collapse

HOTSPOT

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.

You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft AZ-400 image Question 176 86865 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 176 86865 10022024015257000

Explanation:

Box 1: A Build task

Trigger a build

You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.

1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build. 2. To view the build in progress status, click on ellipsis and select View build results.

Box 2: WhiteSource Bolt

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated de?nitive database of open source repositories.

References:

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/

asked 02/10/2024
Carlos Antonio Cardenas Lee
35 questions

Question 177

Report
Export
Collapse

DRAG DROP

You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.

You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.

Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.


Microsoft AZ-400 image Question 177 86866 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 177 86866 10022024015257000

Explanation:

Step 1 : az acr create

An Azure Container Registry (ACR) can also be created using the new Azure CLI.

az acr create

--name <REGISTRY_NAME>

--resource-group <RESOURCE_GROUP_NAME>

--sku Basic

Step 2: az ad sp create-for-rbac

Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.

az ad sp create-for-rbac

--scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME> --role Contributor

--name <SERVICE_PRINCIPAL_NAME>

Step 3: kubectl create

Create a new Kubernetes Secret.

kubectl create secret docker-registry <SECRET_NAME>

--docker-server <REGISTRY_NAME>.azurecr.io

--docker-email <YOUR_MAIL>

--docker-username=<SERVICE_PRINCIPAL_ID>

--docker-password <YOUR_PASSWORD>

References:

https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes

asked 02/10/2024
Gennaro Migliaccio
33 questions

Question 178

Report
Export
Collapse

DRAG DROP

You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2. You need to ensure that Pipeline1 can deploy code successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2 does not have permission to webapp1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Microsoft AZ-400 image Question 178 86867 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 178 86867 10022024015257000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops

asked 02/10/2024
Tiziano Riezzo
47 questions

Question 179

Report
Export
Collapse

DRAG DROP

You need to increase the security of your team’s development process.

Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Microsoft AZ-400 image Question 179 86868 10022024015257000
Correct answer: Microsoft AZ-400 image answer Question 179 86868 10022024015257000

Explanation:

Box 1: Threat modeling -

Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”

Box 2: Static code analysis -

Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.

Box 3: Penetration testing -

Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.

Reference:

https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts

asked 02/10/2024
Arnold Bronson TCHOFFO
44 questions

Question 180

Report
Export
Collapse

You configure an Azure Application Insights availability test.

You need to notify the customer services department at your company by email when availability is degraded. You create an Azure logic app that will handle the email and follow up actions.

Which type of trigger should you use to invoke the logic app?

an HTTPWebhook trigger
an HTTPWebhook trigger
an HTTP trigger
an HTTP trigger
a Request trigger
a Request trigger
an ApiConnection trigger
an ApiConnection trigger
Suggested answer: A

Explanation:

You can use webhooks to route an Azure alert notification to other systems for post-processing or custom actions. You can use a webhook on an alert to route it to services that send SMS messages, to log bugs, to notify a team via chat or messaging services, or for various other actions.

Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-webhooks

asked 02/10/2024
Ruben Munilla Hernandez
42 questions
Total 489 questions
Go to page: of 49
Search

Related questions