Free AZ-400 Exam Braindumps (page: 39)

Page 39 of 128

HOTSPOT (Drag and Drop is not supported)
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.

What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: A Build task Trigger a build
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.
Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build. To view the build in progress status, click on ellipsis and select View build results.

Box 2: WhiteSource Bolt
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.


Reference:

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/



You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that all the open source libraries comply with your company’s licensing standards.
Which service should you use?

  1. NuGet
  2. Maven
  3. Black Duck
  4. Helm

Answer(s): C

Explanation:

Secure and Manage Open Source Software

Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.


Reference:

https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs



DRAG DROP (Drag and Drop is not supported)
You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.

You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.

Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Step 1 : azacr create

An Azure Container Registry (ACR) can also be created using the new Azure CLI.

azacr create
--name <REGISTRY_NAME>
--resource-group <RESOURCE_GROUP_NAME>
--sku Basic

Step 2: az ad sp create-for-rbac
Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.

az ad sp create-for-rbac
--scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME>
--role Contributor
--name <SERVICE_PRINCIPAL_NAME>

Step 3: kubectl create
Create a new Kubernetes Secret.

kubectl create secret docker-registry <SECRET_NAME>
--docker-server <REGISTRY_NAME>.azurecr.io
--docker-email <YOUR_MAIL>
--docker-username=<SERVICE_PRINCIPAL_ID>
--docker-password <YOUR_PASSWORD>


Reference:

https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes



Your company develops an app for iOS. All users of the app have devices that are members of a private distribution group in Microsoft Visual Studio App Center.

You plan to distribute a new release of the app.

You need to identify which certificate file you require to distribute the new release from App Center. Which file type should you upload to App Center?

  1. .cer
  2. .pfx
  3. .p12
  4. .pvk

Answer(s): C

Explanation:

A successful IOS device build will produce an ipa file. In order to install the build on a device, it needs to be signed with a valid provisioning profile and certificate. To sign the builds produced from a branch, enable code signing in the configuration pane and upload a provisioning profile (.mobileprovision) and a valid certificate (.p12), along with the password for the certificate.


Reference:

https://docs.microsoft.com/en-us/appcenter/build/xamarin/ios/



Page 39 of 128



Post your Comments and Discuss Microsoft AZ-400 exam with other Community members:

yajnas commented on December 12, 2024
lot of the questions are from AZ-400 practice test
JAPAN
upvote

yajnas commented on December 12, 2024
very relevant information
JAPAN
upvote

yajnas commented on December 12, 2024
good material
JAPAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

jack commented on September 11, 2024
?? Just found this to be a great resource for AZ-400 prep! Perfect for gauging your readiness before the exam! ????
Anonymous
upvote

FezekaH commented on June 20, 2024
Very effective.
Anonymous
upvote

Marchelo commented on April 17, 2024
My honest opinion, it is good for passing the exam because all questions are same as the exam. But not so much for learning.
FRANCE
upvote

redy commented on February 09, 2024
nice questions
UNITED STATES
upvote

James commented on November 08, 2023
Thank you for providing these free exam questions. I used your questions for AZ-900 and managed to pass my exam. I am now preparing for my AZ-400. The content and questions looks very helpful.
UNITED STATES
upvote

Pieere commented on May 19, 2023
This exam dumps proved to be very same to the real exam. The questions are from real exam.
FRANCE
upvote

salpar commented on March 15, 2023
Good Questions
UNITED STATES
upvote

Papoo commented on October 19, 2022
There were questions on this breaindump that I had not studied for which helped me brush up on the exam. These dump is India.
INDIA
upvote

Jessica commented on July 22, 2022
I like this site because they promise a 100% money back if you fail. I passed my first exam. So I am going to set for my second exam. I feel confident.
UNITED STATES
upvote

Ron commented on June 24, 2022
I cannot thank you guys enough. I finally passed this exam with the help of your questions bank.
UNITED KINGDOM
upvote

Rakish commented on April 26, 2022
Managed to pass the exam after practicing these questions. The Xenigne App software in this package is very handy.
NEW ZEALAND
upvote

Heavy-Coder commented on November 23, 2021
The PDF questions is well formatted. The Test Engine is a very cool tool to practicy. it take the boring out of studying. Over all I am happy with my purchase.
UNITED STATES
upvote

Praveen commented on June 02, 2020
The content of the exam is pretty much same as the exam. Their Xengine App is very user-friendly and quite helpful to simulate the real exam. However, it still needs work which I have provided my feedback to their support email.
UNITED STATES
upvote