AZ-400 Practice Test Questions

You are interrogating logs by using KQL.
You execute the query shown in the following exhibit.

Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base. What should you use?

A. Code Style

B. Microsoft Visual SourceSafe

C. Black Duck

D. Jenkins

C. Black Duck

Explanation: Secure and Manage Open Source Software Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met. Note: WhiteSource would also be a good answer, but it is not an option here.

You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?

A. Create a membership database in an Azure SQL database.

B. Assign an enterprise application to users and groups.

C. Create an app registration in Azure AD.

D. Configure the application to use a SAML endpoint.

E. Create a new OAuth token from the application.

C. Create an app registration in Azure AD.

Explanation: Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.

You use release pipelines in Azure Pipelines to deploy an app. Secrets required by the pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure Pipelines agent. You need to prevent the values of the secrets from being logged. What should you do?

A. Apply a prefix of secret to the name of the variables.

B. Pass the secrets on the command line instead of in the pipeline variables.

C. Echo the values of the secrets to the command line.

D. Store the secrets in the environment variables instead of the pipeline variables.

You have a build pipeline in Azure Pipelines. You create a Slack App Integration. You need to send build notifications to a Slack channel named #Development. What should you do first?

A. Configure a service connection

B. Create a service hook subscription.

C. Create a project-level notification.

D. Create a global notification.

B. Create a service hook subscription.

Explanation: Create a service hook for Azure DevOps with Slack to post messages to Slack in response to events in your Azure DevOps organization, such as completed builds, code changes, pull requests, releases, work items changes, and more.
Note:

Go to your project Service Hooks page:
https://{orgName}/{project_name}/_settings/serviceHooksSelect Create Subscription.
Choose the types of events you want to appear in your Slack channel.
Paste the Web Hook URL from the Slack integration that you created and select Finish.
Now, when the event you configured occurs in your project, a notification appears in your team's Slack channel.

You use Azure Pipelines to manage build pipelines. GitHub to store source code, and Dependabot to manage dependencies. You have an app named App1. Dependabot detects a dependency in App1 that requires an update. What should you do first to apply the update?

A. Perform a commit

B. Create a pull request

C. Approve the pull request

D. Create a branch

B. Create a pull request

Explanation: DependaBot is a useful tool to regularly check for dependency updates. By helping to keep your project up to date, DependaBot can reduce technical debt and immediately apply security vulnerabilities when patches are released. How does DependaBot work?

DependaBot regularly checks dependencies for updates.
If an update is found, DependaBot creates a new branch with this upgrade and Pull Request for approval.
You review the new Pull Request, ensure the tests passed, review the code, and decide if you can merge the change.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure DevOps project.
Your build process creates several artifacts.
You need to deploy the artifacts to on-premises servers.
Solution: You deploy a Docker build to an on-premises server. You add a Download Build Artifacts task to the deployment pipeline.
Does this meet the goal?

A. Yes

B. No

Explanation: Instead you should deploy an Azure self-hosted agent to an on-premises server.
Note: To build your code or deploy your software using Azure Pipelines, you need at least one agent.
If your on-premises environments do not have connectivity to a Microsoft-hosted agent pool (which is typically the case due to intermediate firewalls), you'll need to manually configure a self-hosted agent on on-premises computer(s).

NO: 15 DRAG DROP
You are developing a full Microsoft .NET Framework solution that includes unit tests.
You need to configure SonarQube to perform a code quality validation of the C# code as part of the build pipelines.
Which four tasks should you perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.

Step 1: Prepare Analysis Configuration
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
This task is mandatory.
In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Step 2: Visual Studio Build
Reorder the tasks to respect the following order:
Prepare Analysis Configuration task before any MSBuild or Visual Studio Build task.
Step 3: Visual Studio Test
Reorder the tasks to respect the following order:
Run Code Analysis task after the Visual Studio Test task.
Step 4: Run Code Analysis
Run Code Analysis task, to actually execute the analysis of the source code.
This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company uses Azure DevOps to manage the build and release processes for applications.
You use a Git repository for applications source control.
You need to implement a pull request strategy that reduces the history volume in the master branch.
Solution: You implement a pull request strategy that uses fast-forward merges.
Does this meet the goal?

A. Yes

B. No

A. Yes

Explanation: No fast-forward merge - This option merges the commit history of the source branch when the pull request closes and creates a merge commit in the target branch.

You are configuring Azure Pipelines for three projects in Azure DevOps as shown in the following table.

Project1:Git in Azure Repos
Project2: Github Enterprise
GitHub Enterprise is the on-premises version of GitHub.com. GitHub Enterprise includes the same great set of features as GitHub.com but packaged for running on your organization's local network. All repository data is stored on machines that you control, and access is integrated with your organization's authentication system (LDAP, SAML, or CAS).
Project3: Bitbucket cloud
One downside, however, is that Bitubucket does not include support for SVN but this can be easily amended migrating the SVN repos to Git with tools such as SVN Mirror for Bitbucket .
Note: SVN is a centralized version control system.

You have a web app named App1 that is hosted on multiple servers. App1 uses Application Insights in Azure Monitor.
You need to compare the dairy CPU usage from the last week for all servers.
How should you complete the query? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
NOTE: Each correct selection is worth one point.

You manage source code control and versioning by using GitHub. You need to ensure that a PowerShell script is executed automatically before rebase operations are performed. What should you use?

A. a package

B. GitHub Copilot

C. a webbook

D. a gist

C. a webbook