Practice Free AZ-400 Exam Online Questions
You need to configure GitHub to use Azure Active Directory (Azure AD) for authentication.
What should you do first?
- A . Create a conditional access policy in Azure AD.
- B . Modify the Security settings of the GitHub organization.
- C . Create an Azure Active Directory B2C (Azure AD B2C) tenant.
- D . Register GitHub in Azure AD.
D
Explanation:
When you connect to a Git repository from your Git client for the first time, the credential manager prompts for credentials. Provide your Microsoft account or Azure AD credentials.
Note: Git Credential Managers simplify authentication with your Azure Repos Git repositories. Credential managers let you use the same credentials that you use for the Azure DevOps Services web portal. Credential managers support multi-factor authentication through Microsoft account or Azure Active Directory (Azure AD). Besides supporting multi-factor authentication with Azure Repos, credential managers also support two-factor authentication with GitHub repositories.
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/set-up-credential-managers
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Microsoft Visual SourceSafe
- B . PDM
- C . WhiteSource
- D . OWASP ZAP
C
Explanation:
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
✑ Detect and remedy vulnerable open source components.
✑ Generate comprehensive open source inventory reports per project or build.
✑ Enforce open source license compliance, including dependencies’ licenses.
✑ Identify outdated open source libraries with recommendations to update.
References: https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . PDM
- B . OWASPZAP
- C . WhiteSource
- D . Jenkins
DRAG DROP
You need to recommend a procedure to implement the build agent for Project1.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Scenario:
Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.
Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.
Step 2: Create a personal access token..
A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.
Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.
By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.
Reference: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts
https://mohitgoyal.co/2019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/
You have an Azure subscription.
The development department at your company plans to build web apps that will use multiple Azure resources.
You need to recommend a development solution that meets the following requirements:
• Provides a development environment for each developer
• Supports the use of custom sandbox environments for testing
• Ensures that the environments can be embedded into CI/CD pipelines
• Minimizes administrative effort
What should you include in the recommendation?
- A . Azure Virtual Desktop
- B . Windows 365 Cloud PC
- C . Azure Deployment Environments
- D . Microsoft Dev Box
You have an Azure subscription.
The development department at your company plans to build web apps that will use multiple Azure resources.
You need to recommend a development solution that meets the following requirements:
• Provides a development environment for each developer
• Supports the use of custom sandbox environments for testing
• Ensures that the environments can be embedded into CI/CD pipelines
• Minimizes administrative effort
What should you include in the recommendation?
- A . Azure Virtual Desktop
- B . Windows 365 Cloud PC
- C . Azure Deployment Environments
- D . Microsoft Dev Box
Your company uses Azure DevOps.
Only users who have accounts in Azure Active Directory can access the Azure DevOps environment.
You need to ensure that only devices that are connected to the on-premises network can access the Azure DevOps environment.
What should you do?
- A . Assign the Stakeholder access level to all users.
- B . In Azure Active Directory, configure risky sign-ins.
- C . In Azure DevOps, configure Security in Project Settings.
- D . In Azure Active Directory, configure conditional access.
D
Explanation:
Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement
automated access control decisions for accessing your cloud apps that are based on conditions.
Conditional Access policies are enforced after the first-factor authentication has been completed.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Code Style
- B . Microsoft Visual SourceSafe
- C . Black Duck
- D . Jenkins
C
Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Code Style
- B . Microsoft Visual SourceSafe
- C . Black Duck
- D . Jenkins
C
Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Code Style
- B . Microsoft Visual SourceSafe
- C . Black Duck
- D . Jenkins
C
Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs