Question 166
Selectable Answer
You have the following Azure policy.
Answer:
Free Demo Questions
Test Online Free Microsoft AZ-400 Exam Questions and Answers
Practice a live sample before buying full access. This page keeps the free AZ-400 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.
Page 12 of 18
Question 167
Written Answer
HOTSPOT
You have an Azure Kubernetes Service (AKS) pod.
You need to configure a probe to perform the following actions:
✑ Confirm that the pod is responding to service requests.
✑ Check the status of the pod four times a minute.
✑ Initiate a shutdown if the pod is unresponsive.
How should you complete the YAML configuration file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Kubernetes Service (AKS) pod.
You need to configure a probe to perform the following actions:
✑ Confirm that the pod is responding to service requests.
✑ Check the status of the pod four times a minute.
✑ Initiate a shutdown if the pod is unresponsive.
How should you complete the YAML configuration file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: readinessProbe:
For containerized applications that serve traffic, you might want to verify that your container is ready to handle incoming requests. Azure Container Instances supports readiness probes to include configurations so that your container can't be accessed under certain conditions.
Explanation:
Box 1: readinessProbe:
For containerized applications that serve traffic, you might want to verify that your container is ready to handle incoming requests. Azure Container Instances supports readiness probes to include configurations so that your container can't be accessed under certain conditions.
Question 168
Selectable Answer
You are designing the security validation strategy for a project in Azure DevOps.
You need to identify package dependencies that have known security issues and can be resolved by an
update.
What should you use?
You need to identify package dependencies that have known security issues and can be resolved by an
update.
What should you use?
Answer:
Explanation:
With enterprise level of SonarQube you can use OWASP that runs the security scans for known vulnerabilities.
https://www.sonarqube.org/features/security/
https://www.sonarqube.org/features/security/owasp/?gclid=Cj0KCQiAzZL-BRDnARIsAPCJs70Teq0-efI2Hd_h-kykCB7I_C7L88Q7kpiuTzuD6Xw1jUb6ZqIP7O0aApVzEALw_wcB
Explanation:
With enterprise level of SonarQube you can use OWASP that runs the security scans for known vulnerabilities.
https://www.sonarqube.org/features/security/
https://www.sonarqube.org/features/security/owasp/?gclid=Cj0KCQiAzZL-BRDnARIsAPCJs70Teq0-efI2Hd_h-kykCB7I_C7L88Q7kpiuTzuD6Xw1jUb6ZqIP7O0aApVzEALw_wcB
Question 169
Selectable Answer
You have a web app hosted on Azure App Service. The web app stores data in an Azure SQL database.
You need to generate an alert when there are 10,000 simultaneous connections to the database. The solution must minimize deve4opment effort.
Which option should you select in the Diagnostics settings of the database?
You need to generate an alert when there are 10,000 simultaneous connections to the database. The solution must minimize deve4opment effort.
Which option should you select in the Diagnostics settings of the database?
Answer:
Explanation:
ENABLE DIAGNOSTICS TO LOG ANALYTICS
This configuration is done PER DATABASE
Explanation:
ENABLE DIAGNOSTICS TO LOG ANALYTICS
This configuration is done PER DATABASE
Question 170
Selectable Answer
You have a build pipeline in Azure Pipelines that occasionally fails.
You discover that a test measuring the response time of an API endpoint causes the failures.
You need to prevent the build pipeline from failing due to The test.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
You discover that a test measuring the response time of an API endpoint causes the failures.
You need to prevent the build pipeline from failing due to The test.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/test/flaky-test-management
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/test/flaky-test-management
Question 171
Written Answer
DRAG DROP
You need to use Azure Automation Sure Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices in correct. You writ receive credit for any of the orders you select.
You need to use Azure Automation Sure Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices in correct. You writ receive credit for any of the orders you select.
Answer:
Explanation:
Step 1: Assign the node configuration.
You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.
Step 2: Upload a configuration to Azure Automation State Configuration.
You import the configuration into the Automation account.
Step 3: Compiling a configuration into a node configuration Compiling a configuration in Azure Automation
Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 4: Onboard the virtual machines to Azure State Configuration
Onboarding an Azure VM for management with Azure Automation State Configuration
Step 5: Check the compliance status of the node.
Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ― whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).
References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
Explanation:
Step 1: Assign the node configuration.
You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.
Step 2: Upload a configuration to Azure Automation State Configuration.
You import the configuration into the Automation account.
Step 3: Compiling a configuration into a node configuration Compiling a configuration in Azure Automation
Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 4: Onboard the virtual machines to Azure State Configuration
Onboarding an Azure VM for management with Azure Automation State Configuration
Step 5: Check the compliance status of the node.
Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ― whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).
References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
Question 172
Written Answer
CORRECT TEXT
You need to ensure that the https://contoso.com/statushook webhook is called every time a repository named az40010480345acr1 receives a new version of an image named dotnetapp.
To complete this task, sign in to the Microsoft Azure portal.
You need to ensure that the https://contoso.com/statushook webhook is called every time a repository named az40010480345acr1 receives a new version of an image named dotnetapp.
To complete this task, sign in to the Microsoft Azure portal.
Answer: ✑ Sign in to the Azure portal.
✑ Navigate to the container registry az40010480345acr1.
✑ Under Services, select Webhooks.
✑ Select the existing webhook https://contoso.com/statushook, and double-click on it to get its properties.
✑ For Trigger actions select image push
Example web hook:
✑ Navigate to the container registry az40010480345acr1.
✑ Under Services, select Webhooks.
✑ Select the existing webhook https://contoso.com/statushook, and double-click on it to get its properties.
✑ For Trigger actions select image push
Example web hook:
Question 173
Selectable Answer
Your company uses Service Now for incident management.
You develop an application that runs on Azure.
The company needs to generate a ticket in Service Now when the application fails to authenticate.
Which Azure Log Analytics solution should you use?
You develop an application that runs on Azure.
The company needs to generate a ticket in Service Now when the application fails to authenticate.
Which Azure Log Analytics solution should you use?
Answer:
Explanation:
The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service.
ITSMC supports connections with the following ITSM tools:
✑ ServiceNow
✑ System Center Service Manager
✑ Provance
✑ Cherwell
With ITSMC, you can
✑ Create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).
✑ Optionally, you can sync your incident and change request data from your ITSM tool to an Azure Log Analytics workspace.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview
Explanation:
The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service.
ITSMC supports connections with the following ITSM tools:
✑ ServiceNow
✑ System Center Service Manager
✑ Provance
✑ Cherwell
With ITSMC, you can
✑ Create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).
✑ Optionally, you can sync your incident and change request data from your ITSM tool to an Azure Log Analytics workspace.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview
Question 174
Selectable Answer
You are designing a YAML template for use with Azure Pipelines. The template Will include the Outputfile parameter.
Which two methods can you use to reference the parameter? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Which two methods can you use to reference the parameter? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Answer:
Question 175
Written Answer
DRAG DROP
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.
Box 2: RBAC
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
Explanation:
Box 1: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.
Box 2: RBAC
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
Question 176
Written Answer
HOTSPOT
You use Git for source control.
You need to optimize the performance of a repository.
The solution must meet the following requirements:
✑ Permanently remove all items referenced only in the reflog.
✑ Remove history that is NOT in any current branch.
How should you complete the command? To answer, select the appropriate options in the answer area.
You use Git for source control.
You need to optimize the performance of a repository.
The solution must meet the following requirements:
✑ Permanently remove all items referenced only in the reflog.
✑ Remove history that is NOT in any current branch.
How should you complete the command? To answer, select the appropriate options in the answer area.
Answer:
Question 177
Selectable Answer
You haw an Azure subscription that contains multiple Azure services. You need to send an SMS alert when scheduled maintenance is planned for the Azure services.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE:
Each correct selection is worth one point.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE:
Each correct selection is worth one point.
Answer:
Question 178
Written Answer
CORRECT TEXT
You need to create a notification if the peak average response time of an Azure web app named az400-9940427-main is more than five seconds when evaluated during a five-minute period. The notification must trigger the “https://contoso.com/notify” webhook.
To complete this task, sign in to the Microsoft Azure portal.
You need to create a notification if the peak average response time of an Azure web app named az400-9940427-main is more than five seconds when evaluated during a five-minute period. The notification must trigger the “https://contoso.com/notify” webhook.
To complete this task, sign in to the Microsoft Azure portal.
Answer:
Question 179
Selectable Answer
You have an Azure subscription that contains the resources shown in the following table.
Project1 produces npm packages that are published to Feed1. Feed1 is consumed by multiple projects.
You need to ensure that only tested packages are available for consumption. The solution must minimize development effort.
What should you do?
Project1 produces npm packages that are published to Feed1. Feed1 is consumed by multiple projects.
You need to ensure that only tested packages are available for consumption. The solution must minimize development effort.
What should you do?
Answer:
Explanation:
By creating a feed view named "release" and setting it as the default view, packages that are published to the feed will not be immediately available for consumption. After the npm packages are tested successfully, you can configure a release pipeline that promotes a package to the @release view. This ensures that only tested packages are available for consumption and minimizes development effort as it doesn't require any additional steps to be taken by the consumer of the feed.
Reference: Azure DevOps Docs: Create a feed and views https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/create-feed?view=azure-devops
Azure DevOps Docs: Promote a package https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/promote-package?view=azure-devops
Explanation:
By creating a feed view named "release" and setting it as the default view, packages that are published to the feed will not be immediately available for consumption. After the npm packages are tested successfully, you can configure a release pipeline that promotes a package to the @release view. This ensures that only tested packages are available for consumption and minimizes development effort as it doesn't require any additional steps to be taken by the consumer of the feed.
Reference: Azure DevOps Docs: Create a feed and views https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/create-feed?view=azure-devops
Azure DevOps Docs: Promote a package https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/promote-package?view=azure-devops
Question 180
Selectable Answer
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
Answer:
Explanation:
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
✑ Detect and remedy vulnerable open source components.
✑ Generate comprehensive open source inventory reports per project or build.
✑ Enforce open source license compliance, including dependencies’ licenses.
✑ Identify outdated open source libraries with recommendations to update.
References: https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/
Explanation:
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
✑ Detect and remedy vulnerable open source components.
✑ Generate comprehensive open source inventory reports per project or build.
✑ Enforce open source license compliance, including dependencies’ licenses.
✑ Identify outdated open source libraries with recommendations to update.
References: https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/
Showing page 12 of 18