Download Microsoft.AZ-400.Dump4Pass.2024-02-18.241q.tqb

Download Exam

File Info

Exam Microsoft Azure DevOps Solutions
Number AZ-400
File Name Microsoft.AZ-400.Dump4Pass.2024-02-18.241q.tqb
Size 14 MB
Posted Feb 18, 2024
Download Microsoft.AZ-400.Dump4Pass.2024-02-18.241q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%






Demo Questions

Question 1

You plan to provision a self-hosted Linux agent.    
Which authentication mechanism should you use to register the self-hosted agent?


  1. personal access token (PAT)
  2. SSH key
  3. Alternate credentials
  4. certificate
Correct answer: A
Explanation:
Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux
Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux



Question 2

You are building a Microsoft ASP.NET application that requires authentication.  
You need to authenticate users by using Azure Active Directory (Azure AD).  
What should you do first?


  1. Assign an enterprise application to users and groups
  2. Create an app registration in Azure AD
  3. Configure the application to use a SAML endpoint
  4. Create a new OAuth token from the application
  5. Create a membership database in an Azure SQL database
Correct answer: B
Explanation:
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.    Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications



Question 3

You have an Azure DevOps organization named Contoso.    
You need to recommend an authentication mechanism that meets the following requirements:   
  • Supports authentication from Git.  
  • Minimizes the need to provide credentials during authentication.    
What should you recommend?


  1. personal access tokens (PATs) in Azure DevOps
  2. Alternate credentials in Azure DevOps
  3. user accounts in Azure Active Directory (Azure AD)
  4. managed identities in Azure Active Directory (Azure AD)
Correct answer: A
Explanation:
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.  These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.    Incorrect Answers: B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).    Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.  
These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.  
  
Incorrect Answers: 
B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview



Question 4

You have an application that consists of several Azure App Service web apps and Azure functions.  
You need to assess the security of the web apps and the functions.  
Which Azure feature can you use to provide a recommendation for the security of the application?  


  1. Security & Compliance in Azure Log Analytics
  2. Resource health in Azure Service Health
  3. Smart Detection in Azure Application Insights
  4. Compute & apps in Azure Security Center
Correct answer: D
Explanation:
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.    Recommendations  This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.    Incorrect Answers: C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.   Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.  
  
Recommendations  
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.  
  
Incorrect Answers: 
C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application. 
  
Reference: 
https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics



Question 5

You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.    
The solution must use the principle of least privilege.  
To complete this task, sign in to the Microsoft Azure portal.


  1. See the explanation
Correct answer: A
Explanation:
1. In Azure portal navigate to the az400-9940427-main app.  2. Scroll down to the Settings group in the left navigation.  3. Select Managed identity.  4. Within the System assigned tab, switch Status to On. Click Save.              Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
1. In Azure portal navigate to the az400-9940427-main app.  
2. Scroll down to the Settings group in the left navigation.  
3. Select Managed identity.  
4. Within the System assigned tab, switch Status to On. Click Save.  
        
    
Reference: 
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity



Question 6

You create a Microsoft ASP.NET Core application.    
You plan to use Azure Key Vault to provide secrets to the application as configuration data.    
You need to create a Key Vault access policy to assign secret permissions to the application. The solution must use the principle of least privilege.  
Which secret permissions should you use?


  1. List only
  2. Get only
  3. Get and List
Correct answer: B
Explanation:
Application data plane permissions: Keys: sign Secrets: get   Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
Application data plane permissions: 
  • Keys: sign 
  • Secrets: get 
  
Reference: 
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault



Question 7

Your company has a project in Azure DevOps.    
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.    
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.    
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: A key Vault advanced access policy             Box 2: RBAC Management plane access control uses RBAC.  The management plane consists of operations that affect the key vault itself, such as:   Creating or deleting a key vault.   Getting a list of vaults in a subscription.  Retrieving Key Vault properties (such as SKU and tags).  Setting Key Vault access policies that control user and application access to keys and secrets.    Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
Box 1: A key Vault advanced access policy 
        
    
Box 2: RBAC 
Management plane access control uses RBAC.  
The management plane consists of operations that affect the key vault itself, such as:   
  • Creating or deleting a key vault.   
  • Getting a list of vaults in a subscription.  
  • Retrieving Key Vault properties (such as SKU and tags).  
  • Setting Key Vault access policies that control user and application access to keys and secrets.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault



Question 8

You need to configure access to Azure DevOps agent pools to meet the following requirements:   
  • Use a project agent pool when authoring build or release pipelines.  
  • View the agent pool and agents of the organization.  
  • Use the principle of least privilege.    
Which role memberships are required for the Azure DevOps organization and the project? To answer, drag the appropriate role memberships to the correct targets. Each role membership may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.    
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Reader Members of the Reader role can view the organization agent pool as well as agents. You typically use this to add operators that are responsible for monitoring the agents and their health.    Box 2: Service account Members of the Service account role can use the organization agent pool to create a project agent pool in a project. If you follow the guidelines above for creating new project agent pools,  you typically do not have to add any members here.    Incorrect Answers: In addition to all the permissions given the Reader and the Service Account role, members of the administrator role can register or unregister agents from the organization agent pool. They can also refer to the organization agent pool when creating a project agent pool in a project. Finally, they can also manage membership for all roles of the organization agent pool. The user that created the organization agent pool is automatically added to the Administrator role for that pool.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues
Box 1: Reader 
Members of the Reader role can view the organization agent pool as well as agents. You typically use this to add operators that are responsible for monitoring the agents and their health.  
  
Box 2: Service account 
Members of the Service account role can use the organization agent pool to create a project agent pool in a project. If you follow the guidelines above for creating new project agent pools,  
you typically do not have to add any members here.  
  
Incorrect Answers: 
In addition to all the permissions given the Reader and the Service Account role, members of the administrator role can register or unregister agents from the organization agent pool. They can also refer to the organization agent pool when creating a project agent pool in a project. Finally, they can also manage membership for all roles of the organization agent pool. The user that created the organization agent pool is automatically added to the Administrator role for that pool.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues



Question 9

You have a branch policy in a project in Azure DevOps. The policy requires that code always builds successfully.    
You need to ensure that a specific user can always merge changes to the master branch, even if the code fails to compile. The solution must use the principle of least privilege.  
What should you do?


  1. Add the user to the Build Administrators group.
  2. Add the user to the Project Administrators group.
  3. From the Security settings of the repository, modify the access control for the user.
  4. From the Security settings of the branch, modify the access control for the user.
Correct answer: D
Explanation:
In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.    Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies
In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies



Question 10

You have an Azure Resource Manager template that deploys a multi-tier application.    
You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application.  
What should you use?


  1. Azure Key Vault
  2. a Web.config file
  3. an Appsettings.json file
  4. an Azure Storage table
  5. an Azure Resource Manager parameter file
Correct answer: A
Explanation:
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.    Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.  
  
Reference: 
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files