Download Microsoft.AZ-400.Dump4Pass.2024-01-05.164q.vcex

Download Exam

File Info

Exam Microsoft Azure DevOps Solutions
Number AZ-400
File Name Microsoft.AZ-400.Dump4Pass.2024-01-05.164q.vcex
Size 8 MB
Posted Jan 05, 2024
Download Microsoft.AZ-400.Dump4Pass.2024-01-05.164q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

You are building a Microsoft ASP.NET application that requires authentication.  
You need to authenticate users by using Azure Active Directory (Azure AD).  
What should you do first?


  1. Assign an enterprise application to users and groups
  2. Create an app registration in Azure AD
  3. Configure the application to use a SAML endpoint
  4. Create a new OAuth token from the application
  5. Create a membership database in an Azure SQL database
Correct answer: B
Explanation:
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.    Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications



Question 2

You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.    
The solution must use the principle of least privilege.  
To complete this task, sign in to the Microsoft Azure portal.


  1. See the explanation
Correct answer: A
Explanation:
1. In Azure portal navigate to the az400-9940427-main app.  2. Scroll down to the Settings group in the left navigation.  3. Select Managed identity.  4. Within the System assigned tab, switch Status to On. Click Save.              Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
1. In Azure portal navigate to the az400-9940427-main app.  
2. Scroll down to the Settings group in the left navigation.  
3. Select Managed identity.  
4. Within the System assigned tab, switch Status to On. Click Save.  
        
    
Reference: 
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity



Question 3

You have an Azure Resource Manager template that deploys a multi-tier application.    
You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application.  
What should you use?


  1. Azure Key Vault
  2. a Web.config file
  3. an Appsettings.json file
  4. an Azure Storage table
  5. an Azure Resource Manager parameter file
Correct answer: A
Explanation:
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.    Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter



Question 4

Your company plans to implement a new compliance strategy that will require all Azure web apps to be backed up every five hours.    
You need to back up an Azure web app named az400-11566895-main every five hours to an Azure Storage account in your resource group.  
To complete this task, sign in to the Microsoft Azure portal.


  1. See the explanatiob
Correct answer: A
Explanation:
With the storage account ready, you can configure backs up in the web app or App Service.  1. Open the App Service az400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup  Configuration blade should appear.  2. Select the storage account.  3. Click + to create a private container. You could name this container after the web app or App Service.  4. Select the container.  5. If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours 6. Select your retention. Note that 0 means never delete backups.  7. Decide if at least one backup should always be retained.  8. Choose if any connected databases should be included in the web app backup.  9. Click Save to finalize the backup configuration.            Reference: https://petri.com/backing-azure-app-service
With the storage account ready, you can configure backs up in the web app or App Service.  
1. Open the App Service az400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup  
Configuration blade should appear.  
2. Select the storage account.  
3. Click + to create a private container. You could name this container after the web app or App Service.  
4. Select the container.  
5. If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours 
6. Select your retention. Note that 0 means never delete backups.  
7. Decide if at least one backup should always be retained.  
8. Choose if any connected databases should be included in the web app backup.  
9. Click Save to finalize the backup configuration.  
        
  
Reference: 
https://petri.com/backing-azure-app-service



Question 5

You manage build and release pipelines by using Azure DevOps. Your entire managed environment resides in Azure.    
You need to configure a service endpoint for accessing Azure Key Vault secrets. The solution must meet the following requirements:   
  • Ensure that the secrets are retrieved by Azure DevOps.  
  • Avoid persisting credentials and tokens in Azure DevOps.    
How should you configure the service endpoint? To answer, select the appropriate options in the answer area.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Azure Pipelines service connection   Box 2: Managed Service Identity Authentication The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault   https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Box 1: Azure Pipelines service connection   
Box 2: Managed Service Identity Authentication 
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault   
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview



Question 6

Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.    
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.  
What should you use?


  1. Microsoft Visual SourceSafe
  2. Code Style
  3. Black Duck
  4. Jenkins
Correct answer: C
Explanation:
Secure and Manage Open Source Software  Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.  Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.    Note: There are several versions of this question in the exam. The question has two possible correct answers: Black Duck  WhiteSource Bolt    Other incorrect answer options you may see on the exam include the following: OWASP ZAP  PDM  SourceGear  SourceGear Vault    Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Secure and Manage Open Source Software  
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.  
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.  
  
Note: 
There are several versions of this question in the exam. The question has two possible correct answers: 
  • Black Duck  
  • WhiteSource Bolt  
  
Other incorrect answer options you may see on the exam include the following: 
  • OWASP ZAP  
  • PDM  
  • SourceGear  
  • SourceGear Vault  
  
Reference: 
https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs



Question 7

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.  
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.  
What should you do? To answer, select the appropriate options in the answer area.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: A Build task Trigger a build  You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.  1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.  2. To view the build in progress status, click on ellipsis and select View build results.    Box 2: WhiteSource Bolt WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.    Reference: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/ 
Box 1: A Build task 
Trigger a build  
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.  
1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.  
2. To view the build in progress status, click on ellipsis and select View build results.  
  
Box 2: WhiteSource Bolt 
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.  
  
Reference: 
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/ 



Question 8

You need to increase the security of your team’s development process.    
Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Threat modeling - Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”    Box 2: Static code analysis - Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.    Box 3: Penetration testing - Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.    Reference: https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts
Box 1: Threat modeling - 
Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”  
  
Box 2: Static code analysis - 
Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.  
  
Box 3: Penetration testing - 
Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts



Question 9

Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.    
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.  
What should you use?


  1. OWASP ZAP
  2. Jenkins
  3. Code Style
  4. WhiteSource Bolt
Correct answer: D
Explanation:
WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server.    Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.    Note: There are several versions of this question in the exam. The question has two possible correct answers: 1. Black Duck  2. WhiteSource Bolt    Other incorrect answer options you may see on the exam include the following: 1. Microsoft Visual SourceSafe  2. PDM  3. SourceGear  4. SourceGear Vault  Reference: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/
WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server.  
  
Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.  
  
Note: 
There are several versions of this question in the exam. The question has two possible correct answers: 
1. Black Duck  
2. WhiteSource Bolt  
  
Other incorrect answer options you may see on the exam include the following: 
1. Microsoft Visual SourceSafe  
2. PDM  
3. SourceGear  
4. SourceGear Vault  
Reference: 
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/



Question 10

You use Azure Pipelines to manage project builds and deployments.    
You plan to use Azure Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release.  
You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines for Microsoft Teams.  
What should you turn on?


  1. Third-party application access via OAuth
  2. Azure Active Directory Conditional Access Policy Validation
  3. Alternate authentication credentials
  4. SSH authentication
Correct answer: A
Explanation:
The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams
The Azure Pipelines app uses the OAuth authentication protocol, and requires Third-party application access via OAuth for the organization to be enabled. To enable this setting, navigate to Organization Settings > Security > Policies, and set the Third-party application access via OAuth for the organization setting to On.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files