Microsoft AZ-400 Exam Practice Test Instant Access

Question 1

You have several Azure Active Directory (Azure AD) accounts.

You need to ensure that users use multi-factor authentication (MFA) to access Azure apps from untrusted networks.

What should you configure in Azure AD?

Aaccess reviews

Bmanaged identities

Centitlement management

Dconditional access

Answer : D

You can configure a Conditional Access policy that requires MFA for access from untrusted networks.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

Question 2

Note: This question is partof a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to recommend an integration strategy for the build process of a Java application. The solutionmust meet the following requirements:

The builds must access an on-premises dependency management system.

The build outputs must be stored as Server artifacts in Azure DevOps.

The source code must be stored in a Git repository in Azure DevOps.

Solution:Install and configure a self-hosted build agent on an on-premises machine. Configure the build pipeline to use the Default agent pool. Include the Java Tool Installer task in the build pipeline.

Does this meet the goal?

AYes

BNo

Answer : B

Instead use Octopus Tentacle.

https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models

Question 3

You have an Azure DevOps organization named Contoso.

Youneed to receive Microsoft Teams notifications when work items are updated.

What should you do?

AFrom Azure DevOps. configure a service hook subscription.

BFrom Microsoft Teams, configure a connector.

CFrom Microsoft Teams, add a channel.

DFrom Azure DevOps. install an extension.

EFrom the Microsoft Teams admin center configure external access.

Answer : A

https://azuredevopslabs.com/labs/vstsextend/teams/

Question 4

Your company creates a web application.

You need to recommend a solution that automatically sends to Microsoft Teams a dairy summary of the exceptions that occur m the application.

Which two Azure services should you recommend? Eachcorrect answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AMicrosoft Visual Studio App Center

BAzure DevOps Project

CAzure Logic Apps

DAzure Pipelines

EAzure Application Insights

Answer : C, E

https://docs.microsoft.com/en-us/azure/azure-monitor/app/asp-net-exceptions

https://docs.microsoft.com/en-us/azure/azure-monitor/app/automate-custom-reports

Question 5

SIMULATION

You have an Azure subscription that containsAzure DevOps build pipelines.

You to implement pipeline caching by using the cache task

HOW should you complete the YAML definition? TO answer, select the appropriate options in the answer area.

ASee the image in explanation for answer

Answer : A

Answer is as below.

Question 6

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.

You need to ensure that all the open source libraries comply with your company's licensing standards.

Which service should you use?

ANuGet

BMaven

CBlack Duck

DHelm

Answer : C

Secure and Manage Open Source Software

Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.

Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you toautomatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.

Note: WhiteSourcewould also be a good answer, but it is not an option here.

https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs

Question 7

SIMULATION

Task 6

For Project 1. you need to create a service connection that can be used to deploy resources to the RGHod489Q1628 resource group.

The service connection must use the ManagedJd1 identity and workload identity federation.

ASee explanation below

Answer : A

Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation

Step 1: Understand the Requirements

You want to deploy resources in the RGHod489Q1628 resource group.

The service connection must:

Use the ManagedJd1 managed identity.

Use workload identity federation (OIDC-based authentication for enhanced security).

Step 2: Verify Prerequisites

You need to ensure:

The ManagedJd1 managed identity exists in your Azure subscription.

Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).

You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.

Step 3: Assign Role to Managed Identity

Go to the Azure Portal.

In the search bar, type Managed Identities and select Managed Identities.

Locate and click on the ManagedJd1 identity.

In the left menu, click Azure role assignments.

Click + Add role assignment.

Set the following:

Scope: Resource Group

Subscription: Your subscription

Resource Group: RGHod489Q1628

Role: Contributor (or appropriate role)

Click Save.

This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.

Step 4: Create a Federated Credential for Workload Identity Federation

In the Azure Portal, navigate to the ManagedJd1 managed identity.

In the left menu, click Workload identity federation (preview).

Click + Add a federated credential.

Configure as follows:

Federated credential name: devops-oidc

Issuer: https://vstoken.actions.githubusercontent.com (or use the default https://pipelines.actions.githubusercontent.com for Azure DevOps)

Subject identifier: Use the following format for Azure DevOps:

css

Copy

system:azuredevops:{organizationName}:{projectName}

For example:

css

Copy

system:azuredevops:{YourOrganizationName}:{Project1}

Audience: api://AzureADTokenExchange

Click Add.

This federated credential establishes trust between your Azure DevOps project and the managed identity.

Step 5: Create a Service Connection in Azure DevOps

Go to your Azure DevOps project (Project1) in the browser.

In the left menu, click Project settings.

Under Pipelines, click Service connections.

Click New service connection.

Choose Azure Resource Manager.

Choose the authentication method:

Select Workload identity federation.

Configure the service connection:

Scope level: Resource Group.

Resource Group: RGHod489Q1628.

Subscription: Your subscription.

Authentication method: Managed Identity with workload identity federation.

Managed Identity: Enter the client ID or select ManagedJd1.

Service connection name: e.g., Project1-RGHod489Q1628-Conn.

Grant access permission to all pipelines (recommended).

Click Save.

Step 6: Validate the Service Connection

After creation, click on the new service connection to Verify it.

Ensure the connection test is successful.

You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.

Microsoft AZ-400 Designing and Implementing Microsoft DevOps Solutions Exam Practice Test