Test Online Free Microsoft AZ-400 Exam Questions and Answers
Practice a live sample before buying full access. This page keeps the free AZ-400 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.
HOTSPOT
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: A Build task
Trigger a build
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.
✑ Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.
✑ To view the build in progress status, click on ellipsis and select View build results.
Box 2: WhiteSource Bolt
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
References: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/
Question 197Written Answer
HOTSPOT
You have an Azure web app named Webapp1.
You need to use an Azure Monitor query to create a report that details the top 10 pages of Webapp1 that failed.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: requests
Failed requests (requests/failed):
The count of tracked server requests that were marked as failed.
Kusto code:
requests
| where success == 'False'
Box 2: success == false
Question 198Selectable Answer
You have a build pipeline in Azure Pipelines that uses different jobs to compile an application for 10 different architectures.
The build pipeline takes approximately one day to complete.
You need to reduce the time it takes to execute the build pipeline
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
Answer: Explanation:
Question: I need more hosted build resources .
What can I do?
Answer : The Azure Pipelines pool provides all Azure DevOps organizations with cloud-hosted build agents and free build minutes each month. If you need more Microsoft-hosted build resources, or need to run more jobs in parallel, then you can either: Host your own agents on infrastructure that you manage.
Buy additional parallel jobs.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues
Question 199Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to create a release pipeline that will deploy Azure resources by using Azure Resource Manager templates.
The release pipeline will create the following resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that has two linked templates, each of which will deploy the resource in its respective group.
Does this meet the goal?
Answer: Explanation:
To deploy your solution, you can use either a single template or a main template with many related templates. The related template can be either a separate file that is linked to from the main template, or a template that is nested within the main template.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates
Question 200Written Answer
HOTSPOT
Where should the build and release agents for the investment planning application suite run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: A source control system
A source control system, also called a version control system, allows developers to collaborate on code and track changes. Source control is an essential tool for multi-developer projects.
Box 2: A hosted service
To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a self-hosted macOS agent.
Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-osx?view=azure-devops
Question 201Written Answer
HOTSPOT
You use Azure DevOps to manage the build and deployment of an app named App1.
You have a release pipeline that deploys a virtual machine named VM1.
You plan to monitor the release pipeline by using Azure Monitor
You need to create an alert to monitor the performance of VM1. The alert must be triggered when the average CPU usage exceeds 70 percent for five minutes. The alert must calculate the average once every minute.
How should you configure the alert rule? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Box 1: 5 minutes
The alert must calculate the average once every minute.
Note: We [Microsoft] recommend choosing an Aggregation granularity (Period) that is larger than the Frequency of evaluation, to reduce the likelihood of missing the first evaluation of added time series
Box 2: Static
Box 3: Greater than
Example, say you have an App Service plan for your website. You want to monitor CPU usage on multiple instances running your web site/app.
You can do that using a metric alert rule as follows:
✑ Target resource: myAppServicePlan
✑ Metric: Percentage CPU
✑ Condition Type: Static
✑ Dimensions
✑ Instance = InstanceName1, InstanceName2
✑ Time Aggregation: Average
✑ Period: Over the last 5 mins
✑ Frequency: 1 min
✑ Operator: GreaterThan
✑ Threshold: 70
✑ Like before, this rule monitors if the average CPU usage for the last 5 minutes exceeds 70%.
✑ Aggregation granularity
Question 202Selectable Answer
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
Answer: Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
References: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Question 203Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that m.ght meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you win NOT be able to return to it. As a result, these questions win not appear in the review screen.
You integrate a cloud- hosted Jenkins server and a new Azure DevOps deployment
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the code pushed event.
Does this meet the goal?
Answer: Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
References: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
Question 204Selectable Answer
You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline.
What should you use?
Answer: Explanation:
Use Publish Code Coverage Results task in a build pipeline to publish code coverage results to Azure Pipelines or TFS, which were produced by a build in Cobertura or JaCoCo format.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-code-coverage-results
Question 205Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend an integration strategy for the build process of a Java application.
The solution must meet the following requirements:
✑ The builds must access an on-premises dependency management system.
✑ The build outputs must be stored as Server artifacts in Azure DevOps.
✑ The source code must be stored in a Git repository in Azure DevOps.
Solution: Install and configure a self-hosted build agent on an on-premises machine. Configure the build pipeline to use the Default agent pool. Include the Java Tool Installer task in the build pipeline.
Does this meet the goal?
Answer: Explanation:
Instead use Octopus Tentacle.
References: https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models
Question 206Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.
Solution: Implement Continuous Assurance for the project.
Does this meet the goal?
Answer: Explanation:
The basic idea behind Continuous Assurance (CA) is to setup the ability to check for "drift" from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a 'state' as opposed to a 'point in time' achievement. This is particularly important in today's context when 'continuous change' has become a norm.
There can be two types of drift:
✑ Drift involving 'baseline' configuration: This involves settings that have a fixed number of possible states (often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF…or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days.
✑ Drift involving 'stateful' configuration: There are settings which cannot be constrained within a finite set of well-known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered 'secure' or not. However, once that is done, it is important to ensure that there is no "stateful drift" from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger 'auto-remediation' depending on the severity of the change).
Reference: https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html
Question 207Written Answer
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You plan to create a linked service in DF1. The linked service will connect to SQL1 by using Microsoft SQL Server authentication. The password for the SQL Server login will be stored in KV1.
You need to configure DF1 to retrieve the password when the data factory connects to SQL1. The solution must use the principle of least privilege.
How should you configure DF1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Secret
Store credential in Azure Key Vault by reference secret stored in key vault.
To reference a credential stored in Azure Key Vault, you need to:
✑ Retrieve data factory managed identity
✑ Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grant Get permission in Secret permissions dropdown. It allows this designated factory to access secret in key vault.
✑ Create a linked service pointing to your Azure Key Vault.
✑ Create data store linked service, inside which reference the corresponding secret stored in key vault.
Box 2: Access policy
Question 208Written Answer
DRAG DROP
You need to use Azure Automation Sure Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices in correct. You writ receive credit for any of the orders you select.
Answer:
Explanation:
Step 1: Assign the node configuration.
You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.
Step 2: Upload a configuration to Azure Automation State Configuration.
You import the configuration into the Automation account.
Step 3: Compiling a configuration into a node configuration Compiling a configuration in Azure Automation
Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 4: Onboard the virtual machines to Azure State Configuration
Onboarding an Azure VM for management with Azure Automation State Configuration
Step 5: Check the compliance status of the node.
Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to
the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ― whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).
References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
Question 209Selectable Answer
You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 and an Azure Standard Load Balancer named LB1. LB1 distributes incoming requests across VMSS1 instances.
You use Azure DevOps to build a web app named Appl and deploy App1 to VMSS1. App1 is accessible via HTTPS only and configured to require mutual authentication by using a client certificate.
You need to recommend a solution for implementing a health check of App1.
The solution must meet the following requirements:
• Identify whether individual instances of VMSSl are eligible for an upgrade operation.
• Minimize administrative effort.
What should you include in the recommendation?
Note: This question part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the staled goals. Some question sets might have more than one correct solution, whale others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
You integrate a cloud-hosted Jenkins server and a new Azure DevOps depsoyment.
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You add a trigger to the build pipeline.
Does this meet the goal?
Answer: Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
References: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
