Download Microsoft.AZ-400.Dump4Pass.2023-12-25.149q.tqb

Download Exam

File Info

Exam Microsoft Azure DevOps Solutions
Number AZ-400
File Name Microsoft.AZ-400.Dump4Pass.2023-12-25.149q.tqb
Size 8 MB
Posted Dec 25, 2023
Download Microsoft.AZ-400.Dump4Pass.2023-12-25.149q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%






Demo Questions

Question 1

Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.    
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.  
What should you use?


  1. Microsoft Visual SourceSafe
  2. Code Style
  3. Black Duck
  4. Jenkins
Correct answer: C
Explanation:
Secure and Manage Open Source Software  Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.  Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.    Note: There are several versions of this question in the exam. The question has two possible correct answers: Black Duck  WhiteSource Bolt    Other incorrect answer options you may see on the exam include the following: OWASP ZAP  PDM  SourceGear  SourceGear Vault    Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Secure and Manage Open Source Software  
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.  
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.  
  
Note: 
There are several versions of this question in the exam. The question has two possible correct answers: 
  • Black Duck  
  • WhiteSource Bolt  
  
Other incorrect answer options you may see on the exam include the following: 
  • OWASP ZAP  
  • PDM  
  • SourceGear  
  • SourceGear Vault  
  
Reference: 
https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs



Question 2

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.  
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.  
What should you do? To answer, select the appropriate options in the answer area.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: A Build task Trigger a build  You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.  1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.  2. To view the build in progress status, click on ellipsis and select View build results.    Box 2: WhiteSource Bolt WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.    Reference: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/ 
Box 1: A Build task 
Trigger a build  
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.  
1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.  
2. To view the build in progress status, click on ellipsis and select View build results.  
  
Box 2: WhiteSource Bolt 
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.  
  
Reference: 
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/ 



Question 3

You need to increase the security of your team’s development process.    
Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Threat modeling - Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”    Box 2: Static code analysis - Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.    Box 3: Penetration testing - Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.    Reference: https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts
Box 1: Threat modeling - 
Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”  
  
Box 2: Static code analysis - 
Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.  
  
Box 3: Penetration testing - 
Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts



Question 4

You use Azure Pipelines to manage project builds and deployments.    
You plan to use Azure Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release.  
You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines for Microsoft Teams.  
What should you turn on?


  1. Third-party application access via OAuth
  2. Azure Active Directory Conditional Access Policy Validation
  3. Alternate authentication credentials
  4. SSH authentication
Correct answer: A
Explanation:
The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams
The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams



Question 5

You store source code in a Git repository in Azure Repos. You use a third-party continuous integration (CI) tool to control builds.  
What will Azure DevOps use to authenticate with the tool?


  1. certificate authentication
  2. a personal access token (PAT)
  3. a Shared Access Signature (SAS) token
  4. NTLM authentication
Correct answer: B
Explanation:
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.    Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview



Question 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.    
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.  
  
You need to recommend an integration strategy for the build process of a Java application. The solution must meet the following requirements:   
  • The builds must access an on-premises dependency management system.  
  • The build outputs must be stored as Server artifacts in Azure DevOps.  
  • The source code must be stored in a Git repository in Azure DevOps.    
Solution: Configure an Octopus Tentacle on an on-premises machine. Use the Package Application task in the build pipeline. 
Does this meet the goal?


  1. Yes
  2. No
Correct answer: B
Explanation:
Octopus Deploy is an automated deployment server that makes it easy to automate deployment of ASP.NET web applications, Java applications, NodeJS application and custom scripts to multiple environments.  Octopus can be installed on various platforms including Windows, Mac and Linux. It can also be integrated with most version control tools including VSTS and GIT.    When you deploy software to Windows servers, you need to install Tentacle, a lightweight agent service, on your Windows servers so they can communicate with the Octopus server.    When defining your deployment process, the most common step type will be a package step. This step deploys your packaged application onto one or more deployment targets.  When deploying a package you will need to select the machine role that the package will be deployed to.  Reference: https://octopus.com/docs/deployment-examples/package-deployments   https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models
Octopus Deploy is an automated deployment server that makes it easy to automate deployment of ASP.NET web applications, Java applications, NodeJS application and custom scripts to multiple environments.  
Octopus can be installed on various platforms including Windows, Mac and Linux. It can also be integrated with most version control tools including VSTS and GIT.    
When you deploy software to Windows servers, you need to install Tentacle, a lightweight agent service, on your Windows servers so they can communicate with the Octopus server.    
When defining your deployment process, the most common step type will be a package step. This step deploys your packaged application onto one or more deployment targets.  
When deploying a package you will need to select the machine role that the package will be deployed to.  
Reference: 
https://octopus.com/docs/deployment-examples/package-deployments   
https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models



Question 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.    
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.    
You need to recommend an integration strategy for the build process of a Java application. The solution must meet the following requirements:   
  • The builds must access an on-premises dependency management system.  
  • The build outputs must be stored as Server artifacts in Azure DevOps.  
  • The source code must be stored in a Git repository in Azure DevOps.    
Solution: Configure the build pipeline to use a Hosted VS 2019 agent pool. Include the Java Tool Installer task in the build pipeline. 
Does this meet the goal?


  1. Yes
  2. No 
Correct answer: B
Explanation:
Instead use Octopus Tentacle.    Reference: https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models
Instead use Octopus Tentacle.  
  
Reference: 
https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models



Question 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.    
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.  
  
You need to recommend an integration strategy for the build process of a Java application. The solution must meet the following requirements:   
  • The builds must access an on-premises dependency management system.  
  • The build outputs must be stored as Server artifacts in Azure DevOps.  
  • The source code must be stored in a Git repository in Azure DevOps.   
Solution: Configure the build pipeline to use a Hosted Ubuntu agent pool. Include the Java Tool Installer task in the build pipeline. 
Does this meet the goal?


  1. Yes
  2. No
Correct answer: B
Explanation:
Instead use Octopus Tentacle.    Reference: https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models
Instead use Octopus Tentacle.  
  
Reference: 
https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models



Question 9

Your company uses cloud-hosted Jenkins for builds.    
You need to ensure that Jenkins can retrieve source code from Azure Repos.    
Which three actions should you perform? Each correct answer presents part of the solution.    
NOTE: Each correct selection is worth one point.


  1. Create a webhook in Jenkins.
  2. Add the Team Foundation Server (TFS) plug-in to Jenkins.
  3. Add a personal access token to your Jenkins account. 
  4. Create a personal access token (PAT) in your Azure DevOps account.
  5. Create a service hook in Azure DevOps.
Correct answer: BDE
Explanation:
B: Jenkins requires a plug-in to connect to TFS and check for updates to a project. Jenkins’ built-in Git Plugin or Team Foundation Server Plugin can poll a Team Services repository every few minutes and queue a job when changes are detected.    C: Use Azure DevOps/ Visual Studio Team Services to create a Personal access token. D: After you have generated credentials using Visual Studio Team Services, you need to use those credentials in Jenkins.   Reference:   http://www.aisoftwarellc.com/blog/post/how-to-setup-automated-builds-using-jenkins-and-visual-studio-team-foundation-server/2044
B: Jenkins requires a plug-in to connect to TFS and check for updates to a project. 
Jenkins’ built-in Git Plugin or Team Foundation Server Plugin can poll a Team Services repository every few minutes and queue a job when changes are detected.    
C: Use Azure DevOps/ Visual Studio Team Services to create a Personal access token. 
D: After you have generated credentials using Visual Studio Team Services, you need to use those credentials in Jenkins. 
  
Reference:   
http://www.aisoftwarellc.com/blog/post/how-to-setup-automated-builds-using-jenkins-and-visual-studio-team-foundation-server/2044



Question 10

You are automating the build process for a Java-based application by using Azure DevOps.  
You need to add code coverage testing and publish the outcomes to the pipeline.  
What should you use?  


  1. Bullseye Coverage
  2. JUnit
  3. JaCoCo
  4. MSTest
Correct answer: C
Explanation:
Use Publish Code Coverage Results task in a build pipeline to publish code coverage results to Azure Pipelines or TFS, which were produced by a build in  Cobertura or JaCoCo format.    Incorrect Answers: A: Bullseye Coverage is used for C++ code, and not for Java.   Note: There are several versions of this question in the exam. The question has two possible correct answers: Cobertura  JaCoCo    Other incorrect answer options you may see on the exam include the following: Coverlet  NUnit  Coverage.py    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-code-coverage-results
Use Publish Code Coverage Results task in a build pipeline to publish code coverage results to Azure Pipelines or TFS, which were produced by a build in  
Cobertura or JaCoCo format.  
  
Incorrect Answers: 
A: Bullseye Coverage is used for C++ code, and not for Java. 
  
Note: 
There are several versions of this question in the exam. The question has two possible correct answers: 
  • Cobertura  
  • JaCoCo    
Other incorrect answer options you may see on the exam include the following: 
  • Coverlet  
  • NUnit  
  • Coverage.py    
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-code-coverage-results









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files