Free AZ-400 Exam Braindumps (page: 6)

Page 6 of 128

You need to consider the underlined segment to establish whether it is accurate.

To find when common open source libraries are added to the code base, you should add Jenkins to the build pipeline.
Select ‘No adjustment required’ if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

  1. No adjustment required.
  2. SourceGear Vault
  3. WhiteSource
  4. OWASP ZAP

Answer(s): C

Explanation:

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Azure DevOps integration with WhiteSource Bolt will enable you to:
1. Detect and remedy vulnerable open source components.
2. Generate comprehensive open source inventory reports per project or build.
3. Enforce open source license compliance, including dependencies’ licenses.
4. Identify outdated open source libraries with recommendations to update.
Note: Black duck would also be a good answer, but it is not an option here.


Reference:

https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/



Your company has an Azure DevOps project, which includes a build pipeline that makes use of roughly fifty open source libraries.
You have been tasked with making sure that you are able to scan project for common security weaknesses in the open source libraries.
Which of the following actions should you take?

  1. You should create a build task and use the WhiteSource Bolt service.
  2. You should create a deployment task and use the WhiteSource Bolt service.
  3. You should create a build task and use the Chef service.
  4. You should create a deployment task and use the Chef service.

Answer(s): A


Reference:

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/



You need to consider the underlined segment to establish whether it is accurate.

Black Duck can be used to make sure that all the open source libraries conform to your company’s licensing criteria.
Select ‘No adjustment required’ if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

  1. No adjustment required.
  2. Maven
  3. Bamboo
  4. CMAKE

Answer(s): A

Explanation:

Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and codequality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.


Reference:

https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs



You have created an Azure DevOps project for a new application that will be deployed to a number of Windows Server 2016 Azure virtual machines.

You are preparing a deployment solution that allows for the virtual machines to maintain a uniform configuration, and also keep administrative effort with regards to configuring the virtual machines to a minimum.

Which of the following should be part of your solution? (Choose two.)

  1. Azure Resource Manager templates
  2. The PowerShell Desired State Configuration (DSC) extension for Windows
  3. Azure pipeline deployment groups
  4. The Custom Script Extension for Windows
  5. Azure pipeline stage templates

Answer(s): A,B



Page 6 of 128



Post your Comments and Discuss Microsoft AZ-400 exam with other Community members:

Marchelo 4/17/2024 11:18:49 AM
My honest opinion, it is good for passing the exam because all questions are same as the exam. But not so much for learning.
FRANCE
upvote

redy 2/9/2024 9:32:20 AM
nice questions
UNITED STATES
upvote

Andy 12/1/2023 2:21:03 AM
Thank you for providing these free exam questions. I used your questions for AZ-900 and managed to pass my exam. I am now preparing for my AZ-400. The content and questions looks very helpful.
Anonymous
upvote

James 11/8/2023 6:42:02 AM
Thank you for providing these free exam questions. I used your questions for AZ-900 and managed to pass my exam. I am now preparing for my AZ-400. The content and questions looks very helpful.
UNITED STATES
upvote

Pieere 5/19/2023 8:52:10 AM
This exam dumps proved to be very same to the real exam. The questions are from real exam.
FRANCE
upvote

Papoo 10/19/2022 10:41:08 AM
There were questions on this breaindump that I had not studied for which helped me brush up on the exam. These dump is India.
INDIA
upvote

Jessica 7/22/2022 9:59:53 AM
I like this site because they promise a 100% money back if you fail. I passed my first exam. So I am going to set for my second exam. I feel confident.
UNITED STATES
upvote

Ron 6/24/2022 10:52:21 PM
I cannot thank you guys enough. I finally passed this exam with the help of your questions bank.
UNITED KINGDOM
upvote

Rakish 4/26/2022 2:51:27 PM
Managed to pass the exam after practicing these questions. The Xenigne App software in this package is very handy.
NEW ZEALAND
upvote

Heavy-Coder 11/23/2021 10:14:13 PM
The PDF questions is well formatted. The Test Engine is a very cool tool to practicy. it take the boring out of studying. Over all I am happy with my purchase.
UNITED STATES
upvote

Praveen 6/2/2020 2:03:16 PM
The content of the exam is pretty much same as the exam. Their Xengine App is very user-friendly and quite helpful to simulate the real exam. However, it still needs work which I have provided my feedback to their support email.
UNITED STATES
upvote