Free AZ-400 Exam Braindumps (page: 42)

Page 42 of 128

DRAG DROP (Drag and Drop is not supported)
You have an Azure Key Vault that contains an encryption key named key1.
You plan to create a Log Analytics workspace that will store logging data.
You need to encrypt the workspace by using key1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Customer-Managed key provisioning steps (assuming there already is an Azure Key Vault):

Step 1: Enable soft delete for the key vault.
The Azure Key Vault must be configured as recoverable, to protect your key and the access to your data in Azure Monitor. You can verify this configuration under properties in your Key Vault, both Soft delete and Purge protection should be enabled.

Step 2: Create a Log Analytics cluster.
Clusters uses managed identity for data encryption with your Key Vault. Configure identity type property to SystemAssigned when creating your cluster to allow access to your Key Vault for "wrap" and "unwrap" operations.

Step 3: Grant permissions to the key vault.
Grant Key Vault permissions.
Create Access Policy in Key Vault to grants permissions to your cluster. These permissions are used by the underlay cluster storage. Open your Key Vault in
Azure portal and click Access Policies then + Add Access Policy to create a policy with these settings:
Key permissions" select Get, Wrap Key and Unwrap Key.
Etc.

1. Creating cluster
2. Granting permissions to your Key Vault
3. Updating cluster with key identifier details
4. Linking workspaces

Step 4: Link workspace
Link workspace to cluster.
This step should be performed only after the cluster provisioning. If you link workspaces and ingest data prior to the provisioning, ingested data will be dropped and won't be recoverable.


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys



You use release pipelines in Azure Pipelines to deploy an app. Secrets required be the pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure Pipelines agent.
You need to prevent the values of the secrets from being logged.
What should you do?

  1. Store the secrets in the environment variables instead of the pipeline variables.
  2. Pass the secrets on the command line instead of in the pipeline variables.
  3. Apply a prefix of secret to the name of the variables.
  4. Echo the values of the secrets to the command line.

Answer(s): A

Explanation:

Don't set secret variables in your YAML file. Operating systems often log commands for the processes that they run, and you wouldn't want the log to include a secret that you passed in as an input. Use the script's environment or map the variable within the variables block to pass secrets to your pipeline.
Incorrect Answers:
B: Never pass secrets on the command line.
C: Adding a prefix does not make the variable a secret. The issecret property makes it secret but does not prevent logging of the secret.
D: Never echo secrets as output.


Reference:

https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch https://docs.microsoft.com/en-us/azure/devops/pipelines/scripts/logging-commands?view=azure-devops&tabs=bash
Community vote distribution



DRAG DROP (Drag and Drop is not supported)
You need to deploy a new project in Azure DevOps that has the following requirements:
-The lead developer must be able to create repositories, manage permissions, manage policies, and contribute to the repository.
-Developers must be able to contribute to the repository and create branches, but NOT bypass policies when pushing builds.
-Project managers must only be able to view the repository.
-The principle of least privilege must be used.

You create a new Azure DevOps project team for each role.
To which Azure DevOps groups should you add each team? To answer, drag the appropriate groups to the correct teams. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Readers
Project managers must only be able to view the repository.
Only read permission necessary.

Box 2: Project Administrators
The lead developer must be able to create repositories, manage permissions, manage policies, and contribute to the repository.
Add to the Project Collection Administrators security group users tasked with managing organization or collection resources.

Box 3: Contributors
Developers must be able to contribute to the repository and create branches, but NOT bypass policies when pushing builds.
Add to the Contributors security group full-time workers who contribute to the code base or manage projects.


Reference:

https://docs.microsoft.com/en-us/azure/devops/organizations/security/look-up-project-collection-administrators



DRAG DROP (Drag and Drop is not supported)
You have an Azure subscription that contains a project in Azure DevOps named Project1. You have three Azure Active Directory (Azure AD) users that require access to Project1 as shown in the following table.


You need to ensure that the users have the appropriate permissions. The solution must use the principle of least privilege.

To which permission group in Azure DevOps should you add each user? To answer, drag the appropriate permission groups to the correct users. Each permission group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Page 42 of 128



Post your Comments and Discuss Microsoft AZ-400 exam with other Community members:

yajnas commented on December 12, 2024
lot of the questions are from AZ-400 practice test
JAPAN
upvote

yajnas commented on December 12, 2024
very relevant information
JAPAN
upvote

yajnas commented on December 12, 2024
good material
JAPAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

jack commented on September 11, 2024
?? Just found this to be a great resource for AZ-400 prep! Perfect for gauging your readiness before the exam! ????
Anonymous
upvote

FezekaH commented on June 20, 2024
Very effective.
Anonymous
upvote

Marchelo commented on April 17, 2024
My honest opinion, it is good for passing the exam because all questions are same as the exam. But not so much for learning.
FRANCE
upvote

redy commented on February 09, 2024
nice questions
UNITED STATES
upvote

James commented on November 08, 2023
Thank you for providing these free exam questions. I used your questions for AZ-900 and managed to pass my exam. I am now preparing for my AZ-400. The content and questions looks very helpful.
UNITED STATES
upvote

Pieere commented on May 19, 2023
This exam dumps proved to be very same to the real exam. The questions are from real exam.
FRANCE
upvote

salpar commented on March 15, 2023
Good Questions
UNITED STATES
upvote

Papoo commented on October 19, 2022
There were questions on this breaindump that I had not studied for which helped me brush up on the exam. These dump is India.
INDIA
upvote

Jessica commented on July 22, 2022
I like this site because they promise a 100% money back if you fail. I passed my first exam. So I am going to set for my second exam. I feel confident.
UNITED STATES
upvote

Ron commented on June 24, 2022
I cannot thank you guys enough. I finally passed this exam with the help of your questions bank.
UNITED KINGDOM
upvote

Rakish commented on April 26, 2022
Managed to pass the exam after practicing these questions. The Xenigne App software in this package is very handy.
NEW ZEALAND
upvote

Heavy-Coder commented on November 23, 2021
The PDF questions is well formatted. The Test Engine is a very cool tool to practicy. it take the boring out of studying. Over all I am happy with my purchase.
UNITED STATES
upvote

Praveen commented on June 02, 2020
The content of the exam is pretty much same as the exam. Their Xengine App is very user-friendly and quite helpful to simulate the real exam. However, it still needs work which I have provided my feedback to their support email.
UNITED STATES
upvote