Latest Microsoft AZ-400 Free Certification Exam Material with 438 Q&As [Q25-Q47]

Share

Latest Microsoft AZ-400 Free Certification Exam Material with 438 Q&As 

UPDATED AZ-400 Exam Questions Certification Test Engine to PDF


The AZ-400 exam is a comprehensive exam that covers a wide range of topics related to DevOps. AZ-400 exam evaluates the candidate's ability to design and implement DevOps strategies, manage source code, build and deploy applications, and configure and manage infrastructure. AZ-400 exam also tests the candidate's knowledge of continuous integration and delivery, monitoring and feedback, and security and compliance.

 

NEW QUESTION # 25
You have a project Azure DevOps.
You plan to create a build pipeline that will deploy resources by using Azure Resource Manager templates.
The templates will reference secretes stored in Azure Key Vault.
Yu need to ensure that you can dynamically generate the resource ID of the key vault during template deployment.
What should you include in the template? To answer, select eh appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 26
You plan to use Desired State Configuration (DSC) to maintain the configuration state of virtual machines that run Windows Server.
You need to perform the following:
Install Internet Information Services (IIS) on the virtual machines.
Update the default home page of the IIS web server.
How should you configure the DSC configuration file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/powershell/scripting/dsc/quickstarts/website-quickstart


NEW QUESTION # 27
You use Azure Pipelines to automate Continuous Integration/Continuous Deployment (CI/CD) for an Azure web app named WebApp1.
You configure an Azure Monitor alert that is triggered when WebApp1 generates an error.
You need to configure the alert to forward details of the error to a third-party system. The solution must minimize administrative effort.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Create an Azure logic app.
2 - Select the HTTP request trigger.
3 - Updated the action group in Azure Monitor.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups-logic-app


NEW QUESTION # 28
You need to recommend project metrics for dashboards in Azure DevOps.
Which chart widgets should you recommend for each metric? To answer, drag the appropriate chart widgets to the correct metrics. Each chart widget may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Lead time
Lead time measures the total time elapsed from the creation of work items to their completion.
Box 2: Cycle time
Cycle time measures the time it takes for your team to complete work items once they begin actively working on them.
Box 3: Burndown
Burndown charts focus on remaining work within a specific time period.
Incorrect Answers:




References:
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/velocity-guidance?view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/cycle-time-and-lead-time?view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/configure-burndown-burnup-widgets?view=vsts


NEW QUESTION # 29
You are developing a multi-tier application. The application will use Azure App Service web apps as the front end and an Azure SQL database as the back end. The application will use Azure functions to write some data to Azure Storage.
You need to send the Azure DevOps team an email message when the front end fails to return a status code of
200.
Which feature should you use?

  • A. Service Map in Azure Log Analytics
  • B. Application Map in Azure Application Insights
  • C. Profiler in Azure Application Insights
  • D. Availability tests in Azure Application Insights

Answer: B

Explanation:
Explanation
Explanation:
Application Map helps you spot performance bottlenecks or failure hotspots across all components of your distributed application. Each node on the map represents an application component or its dependencies; and has health KPI and alerts status.
Incorrect Answers:
A: Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. You can use it to view your servers as you think of them--interconnected systems that deliver critical services. Service Map shows connections between servers, processes, and ports across any TCP-connected architecture with no configuration required, other than installation of an agent.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-map


NEW QUESTION # 30
You are designing a strategy to monitor thebaseline metrics of Azure virtual machines that run Windows Server. You need to collect detailed data about the processes running in the guest operating system. Which two agents should you deploy? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. the Azure Network Watcher Agent for Windows
  • B. the Telegraf agent
  • C. the Azure Log Analytics agent
  • D. the Dependency agent

Answer: C,D

Explanation:
Explanation
The following table provide a quick comparison ofthe Azure Monitor agents for Windows.

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview


NEW QUESTION # 31
Your company is building a new web application.
You plan to collect feedback from pilot users on the features being delivered.
All the pilot users have a corporate computer that has Google Chrome and the Microsoft Test & Feedback extension installed. The pilot users will test the application by using Chrome.
You need to identify which access levels are required to ensure that developers can request and gather feedback from the pilot users. The solution must use the principle of least privilege.
Which access levels m Azure DevOps should you identify? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Basic
Assign Basic to users with a TFS CAL, with a Visual Studio Professional subscription, and to users for whom you are paying for Azure Boards & Repos in an organization.
Box 2: Stakeholder
Assign Stakeholders to users with no license or subscriptions who need access to a limited set of features.
Note:
You assign users or groups of users to one of the following access levels:
Basic: provides access to most features
VS Enterprise: provides access to premium features
Stakeholders: provides partial access, can be assigned to unlimited users for free References: https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=vsts


NEW QUESTION # 32
You use Azure Pipelines to manage build pipelines, GitHub to store source code, and Dependabot to manage dependencies.
You have an app named App1.
Dependabot detects a dependency in App1 that requires an update.
What should you do first to apply the update?

  • A. Create a branch.
  • B. Approve the pull request.
  • C. Perform a commit.
  • D. Create a pull request.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
DependaBot is a useful tool to regularly check for dependency updates. By helping to keep your project up to date, DependaBot can reduce technical debt and immediately apply security vulnerabilities when patches are released. How does DependaBot work?
1. DependaBot regularly checks dependencies for updates
2. If an update is found, DependaBot creates a new branch with this upgrade and Pull Request for approval
3. You review the new Pull Request, ensure the tests passed, review the code, and decide if you can merge the change Reference:
https://samlearnsazure.blog/2019/12/20/github-using-dependabot/


NEW QUESTION # 33
You need to increase the security of your team's development process.
Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security toots to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Threat modeling
Threat modeling's motto should be, "The earlier the better, but not too late and never ignore." Box 2: Static code analysis Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.
Box 3: Penetration testing
Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.
References:
https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts
Topic 2, Case Study: 1Overview
Existing Environment
Litware, Inc. e an independent software vendor (ISV) Litware has a main office and five branch offices.
Application Architecture
The company' s primary application is a single monolithic retirement fund management system based on ASP.NE T web forms that use logic written in V8.NET. Some new sections of the application are written in C#.
Variations of the application are created for individual customers. Currently, there are more than 80 have code branches in the application's code base.
The application was developed by using Microsoft Visual Studio. Source code is stored in Team Foundation Server (TFS) in the main office. The branch offices access of the source code by using TFS proxy servers.
Architectural Issues
Litware focuses on writing new code for customers. No resources are provided to refactor or remove existing code. Changes to the code base take a long time, AS dependencies are not obvious to individual developers.
Merge operations of the code often take months and involve many developers. Code merging frequently introduces bugs that are difficult to locate and resolve.
Customers report that ownership costs of the retirement fund management system increase continually. The need to merge unrelated code makes even minor code changes expensive.
Requirements
Planned Changes
Litware plans to develop a new suite of applications for investment planning. The investment planning Applications will require only minor integration with the easting retirement fund management system.
The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.
Litware plans to move to a more agile development methodology. Shared code will be extracted into a series of package.
Litware has started an internal cloud transformation process and plans to use cloud based services whenever suitable.
Litware wants to become proactive m detecting failures, rather than always waning for customer bug reports.
Technical Requirements
The company's investment planning applications suite must meet the following technical requirements:
* New incoming connections through the firewall must be minimized.
* Members of a group named Developers must be able to install packages.
* The principle of least privilege must be used for all permission assignments
* A branching strategy that supports developing new functionality in isolation must be used.
* Members of a group named Team leaders must be able to create new packages and edit the permissions of package feeds
* Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
* By default, all App Center must be used to centralize the reporting of mobile application crashes and device types in use.
* Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release.
* The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HUPS.
* The required operating system configuration tor the test servers changes weekly. Azure Automation State Configuration must be used to ensure that the operating system on each test servers configured the same way when the servers are created and checked periodically.
Current Technical
The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.


NEW QUESTION # 34
You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.
The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Azure portal.

Answer:

Explanation:
See solution below.
Explanation
1. In Azure portal navigate to the az400-9940427-main app.
2. Scroll down to the Settings group in the left navigation.
3. Select Managed identity.
4. Within the System assigned tab, switch Status to On. Click Save.

References:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity


NEW QUESTION # 35
You need to perform the GitHub code migration. The solution must support the planned changes for the DevOps environment.
What should you use?

  • A. git clone
  • B. Import repository in Azure Repos
  • C. GitHub Importer
  • D. git-tfs

Answer: A

Explanation:
Woodgrove Bank plans to implement the following changes to the DevOps environment:
Migrate all the source code from TFS1 to GitHub.
The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.
Reference:
https://docs.microsoft.com/en-us/devops/develop/git/migrate-from-tfvc-to-git


NEW QUESTION # 36
In Azure DevOps, you create Project3.
You need to meet the requirements of the project.
What should you do first?

  • A. From Azure DevOps, modify the build definition.
  • B. From SonarQube, create a project.
  • C. From SonarQube, obtain an authentication token.
  • D. From Azure DevOps, create a service endpoint.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The first thing to do is to declare your SonarQube server as a service endpoint in your VSTS/DevOps project settings.
References: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts- TFS Question Set 2


NEW QUESTION # 37
You are configuring the Azure DevOps dashboard. The solution must meet the technical requirements.
Which widget should you use for each metric? To answer, drag the appropriate widgets to the correct metrics. Each widget may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/widget-catalog?view=azure-devops


NEW QUESTION # 38
You are designing a YAML template for use with Azure Pipelines. The template Will include the Outputfile parameter.
Which two methods can you use to reference the parameter? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Option E
  • B. Option B
  • C. Option C
  • D. Option A
  • E. Option D

Answer: C,E


NEW QUESTION # 39
You have a private project in Azure DevOps and two users named User1 and User2.
You need to add User1 and User2 to groups to meet the following requirements:
User1 must be able to create a code wiki.
User2 must be able to edit wiki pages.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/devops/project/wiki/wiki-create-repo


NEW QUESTION # 40
You are creating a container for an ASP.NET Core app.
You need to create a Dockerfile file to build the image. The solution must ensure that the size of the image is minimized.
How should you configure the file? To answer, drag the appropriate values to the correct targets. Each value must be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: microsoft.com/dotnet/sdk:2.3
The first group of lines declares from which base image we will use to build our container on top of. If the local system does not have this image already, then docker will automatically try and fetch it. The mcr.microsoft.com/dotnet/core/sdk:2.1 comes packaged with the .NET core 2.1 SDK installed, so it's up to the task of building ASP .NET core projects targeting version 2.1 Box 2: dotnet restore The next instruction changes the working directory in our container to be /app, so all commands following this one execute under this context.
COPY *.csproj ./
RUN dotnet restore
Box 3: microsoft.com/dotnet/2.2-aspnetcore-runtime
When building container images, it's good practice to include only the production payload and its dependencies in the container image. We don't want the .NET core SDK included in our final image because we only need the .NET core runtime, so the dockerfile is written to use a temporary container that is packaged with the SDK called build-env to build the app.
Reference:
https://docs.microsoft.com/de-DE/virtualization/windowscontainers/quick-start/building-sample-app


NEW QUESTION # 41
You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?

  • A. Configure the application to use a SAML endpoint.
  • B. Create a new OAuth token from the application.
  • C. Create an app registration in Azure AD.
  • D. Assign an enterprise application to users and groups.
  • E. Create a membership database in an Azure SQL database.

Answer: C

Explanation:
Explanation
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applica
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-webapp


NEW QUESTION # 42
You plan to use Desired State Configuration (DSC) to maintain the configuration state of virtual machines that run Windows Server.
You need to perform the following:
Install Internet Information Services (IIS) on the virtual machines.
Update the default home page of the IIS web server.
How should you configure the DSC configuration file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
See the answer in image

Box 1: WindowsFeature
Example:
Configuration WebsiteTest {
# Import the module that contains the resources we're using.
Import-DscResource -ModuleName PsDesiredStateConfiguration
# The Node statement specifies which targets this configuration will be applied to.
Node 'localhost' {
# The first resource block ensures that the Web-Server (IIS) feature is enabled.
WindowsFeature WebServer {
Ensure = "Present"
Name = "Web-Server"
}
Box 2: File
Example continued:
# The second resource block ensures that the website content copied to the website root folder.
File WebsiteContent {
Ensure = 'Present'
SourcePath = 'c:\test\index.htm'
DestinationPath = 'c:\inetpub\wwwroot'
}
Reference:
https://docs.microsoft.com/en-us/powershell/scripting/dsc/quickstarts/website-quickstart


NEW QUESTION # 43
You have an Azure DevOps organization named Contoso.
You need to recommend an authentication mechanism that meets the following requirements:
* Supports authentication from Get
* Minimizes the need to provide credentials during authentication
What should you recommend?

  • A. Alternate credentials in Azure DevOps
  • B. managed identities in Azure Active Directory (Azure AD)
  • C. user accounts in Azure Active Directory (Azure AD)
  • D. personal access tokens (PATs) in Azure DevOps

Answer: D

Explanation:
Explanation
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created.
You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.
Reference:
https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview


NEW QUESTION # 44
You need to create and configure an Azure Storage account namedaz400lod11566895stor in a resource group named RG1lod11566895 to store the boot diagnostics for a virtual machine named VM1.
To complete this task, sign in to the Microsoft Azure portal.

Answer:

Explanation:
See solution below.
Explanation
Step 1: To create a general-purpose v2 storage account in the Azure portal, follow these steps:
* On the Azure portal menu, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.
* On the Storage Accounts window that appears, choose Add.
* Select the subscription in which to create the storage account.
* Under the Resource group field, select RG1lod11566895
* Next, enter a name for your storage account named: az400lod11566895stor
* Select Create.
Step 2: Enable boot diagnostics on existing virtual machine
To enable Boot diagnostics on an existing virtual machine, follow these steps:
1. Sign in to the Azure portal, and then select the virtual machine VM1.
2. In the Support + troubleshootingsection, select Boot diagnostics, then select the Settings tab.
3. In Boot diagnostics settings, change the status to On, and from the Storage account drop-down list, select the storage account az400lod11566895stor.
4. Save the change.

You must restartthe virtual machine for the change to take effect.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/boot-diagnostics


NEW QUESTION # 45
You are developing a full Microsoft .NET Framework solution that includes unit tests.
You need to configure SonarQube to perform a code quality validation of the C# code as part of the build pipelines.
Which four tasks should you perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation:
Step 1: Prepare Analysis Configuration
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
This task is mandatory.
In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Step 2: Visual Studio Build
Reorder the tasks to respect the following order:
Prepare Analysis Configuration task before any MSBuild or Visual Studio Build task.
Step 3: Visual Studio Test
Reorder the tasks to respect the following order:
Run Code Analysis task after the Visual Studio Test task.
Step 4: Run Code Analysis
Run Code Analysis task, to actually execute the analysis of the source code.
This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.
Note:

References:
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS


NEW QUESTION # 46
You have a build pipeline in Azure Pipelines that occasionally fails.
You discover that a test measuring the response time of an API endpoint causes the failures.
You need to prevent the build pipeline from failing due to The test.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

  • A. Set Flaky test detection to Off
  • B. Enable test slicing.
  • C. Clear Flaky tests included in test pass percentage
  • D. Manually mark the test as flaky.
  • E. Enable Test Impact Analysis (TIA).

Answer: C,D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/test/flaky-test-management


NEW QUESTION # 47
......

Get The Important Preparation Guide With AZ-400 Dumps: https://www.verifieddumps.com/AZ-400-valid-exam-braindumps.html

Get Totally Free Updates on AZ-400 Dumps PDF Questions: https://drive.google.com/open?id=1K0JqdVADWJNHgAw5i53HbsEtoheRKnNU