Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-400

Microsoft AZ-400 Exam Questions
Designing and Implementing Microsoft DevOps Solutions (Page 6 )

Updated On: 21-Feb-2026
Page 6 of 103
PDF with 510 Questions

You need to consider the underlined segment to establish whether it is accurate.

To find when common open source libraries are added to the code base, you should add Jenkins to the build pipeline.
Select ‘No adjustment required’ if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

  1. No adjustment required.
  2. SourceGear Vault
  3. WhiteSource
  4. OWASP ZAP

Answer(s): C

Explanation:

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Azure DevOps integration with WhiteSource Bolt will enable you to:
1. Detect and remedy vulnerable open source components.
2. Generate comprehensive open source inventory reports per project or build.
3. Enforce open source license compliance, including dependencies’ licenses.
4. Identify outdated open source libraries with recommendations to update.
Note: Black duck would also be a good answer, but it is not an option here.


Reference:

https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/



Your company has an Azure DevOps project, which includes a build pipeline that makes use of roughly fifty open source libraries.
You have been tasked with making sure that you are able to scan project for common security weaknesses in the open source libraries.
Which of the following actions should you take?

  1. You should create a build task and use the WhiteSource Bolt service.
  2. You should create a deployment task and use the WhiteSource Bolt service.
  3. You should create a build task and use the Chef service.
  4. You should create a deployment task and use the Chef service.

Answer(s): A


Reference:

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/



You need to consider the underlined segment to establish whether it is accurate.

Black Duck can be used to make sure that all the open source libraries conform to your company’s licensing criteria.
Select ‘No adjustment required’ if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

  1. No adjustment required.
  2. Maven
  3. Bamboo
  4. CMAKE

Answer(s): A

Explanation:

Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and codequality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.


Reference:

https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs



You have created an Azure DevOps project for a new application that will be deployed to a number of Windows Server 2016 Azure virtual machines.

You are preparing a deployment solution that allows for the virtual machines to maintain a uniform configuration, and also keep administrative effort with regards to configuring the virtual machines to a minimum.

Which of the following should be part of your solution? (Choose two.)

  1. Azure Resource Manager templates
  2. The PowerShell Desired State Configuration (DSC) extension for Windows
  3. Azure pipeline deployment groups
  4. The Custom Script Extension for Windows
  5. Azure pipeline stage templates

Answer(s): A,B



Your company has an application that contains a number of Azure App Service web apps and Azure functions. You would like to view recommendations with regards to the security of the web apps and functions. You plan to navigate to Compute and Apps to achieve your goal.
Which of the following should you access to make use of Compute and Apps?

  1. Azure Log Analytics
  2. Azure Event Hubs
  3. Azure Advisor
  4. Azure Security Center

Answer(s): D

Explanation:

Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.

Recommendations
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics






Post your Comments and Discuss Microsoft AZ-400 exam dumps with other Community members:

Join the AZ-400 Discussion