Free Microsoft AZ-400 Exam Questions (page: 74)

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a project in Azure DevOps.

You need to prevent the configuration of the project from changing over time. Solution: Perform a Subscription Health scan when packages are created.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead implement Continuous Assurance for the project.

Note: The Subscription Security health check features in AzSK contains a set of scripts that examines a subscription and flags off security issues, misconfigurations or obsolete artifacts/settings which can put your subscription at higher risk.


Reference:

https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html



Your company uses the following resources:

-Windows Server 2019 container images hosted in an Azure Container Registry.
-Azure virtual machines that run the latest version of Ubuntu
-An Azure Log Analytics workspace
-Azure Active Directory (Azure AD)
-An Azure key vault

For which two resources can you receive vulnerability assessments in Azure Security Center? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  1. the Azure Log Analytics workspace
  2. the Azure key vault
  3. the Azure virtual machines that run the latest version of Ubuntu
  4. Azure Active Directory (Azure AD)
  5. The Windows Server 2019 container images hosted in the Azure Container Registry.

Answer(s): C,E

Explanation:

B: Azure Security Center includes Azure-native, advanced threat protection for Azure Key Vault, providing an additional layer of security intelligence.

C: When Security Center discovers a connected VM without a vulnerability assessment solution deployed, it provides the security recommendation "A vulnerability assessment solution should be enabled on your virtual machines".
Ubuntu supported versions: 12.04 LTS, 14.04 LTS, 15.x, 16.04 LTS, 18.04 LTS


Reference:

https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm



You use Azure Pipelines to manage build pipelines, GitHub to store source code, and Dependabot to manage dependencies.

You have an app named App1.
Dependabot detects a dependency in App1 that requires an update. What should you do first to apply the update?

  1. Create a pull request.
  2. Approve the pull request.
  3. Create a branch.
  4. Perform a commit.

Answer(s): B

Explanation:

DependaBot is a useful tool to regularly check for dependency updates. By helping to keep your project up to date, DependaBot can reduce technical debt and immediately apply security vulnerabilities when patches are released. How does DependaBot work?
DependaBot regularly checks dependencies for updates
If an update is found, DependaBot creates a new branch with this upgrade and Pull Request for approval
You review the new Pull Request, ensure the tests passed, review the code, and decide if you can merge the change


Reference:

https://samlearnsazure.blog/2019/12/20/github-using-dependabot/



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.

Solution: Add a code coverage step to the build pipelines.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead implement Continuous Assurance for the project.


Reference:

https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html



Viewing page 74 of 128



Post your Comments and Discuss Microsoft AZ-400 exam prep with other Community members:

AZ-400 Exam Discussions & Posts