AZ-400 Designing and Implementing Microsoft DevOps Solutions Exam

Seeking the thrill of transformative tech? Explore the art of designing and implementing DevOps solutions on Azure. Master the shift towards CI/CD, testing, and delivery, while preparing for the Designing and Implementing Microsoft DevOps Solutions exam!

Intermediate

Gauge your current knowledge

Practice test preview
Track Readiness
Set Exam Goal

A development team manages a critical application's source code in a GitHub repository. They need to implement a robust security and compliance plan for their `main` branch to ensure code quality and prevent unauthorized changes. The organization uses Microsoft Entra ID for centralized identity management. The team has identified the following requirements: * Direct pushes to the `main` branch must be strictly prohibited. * All code changes must go through a pull request process, requiring at least two approved reviews before merging. * Automated CI build and security scanning checks must pass successfully before a pull request can be merged into `main`. * All GitHub users must authenticate via Microsoft Entra ID, and their access policies should be validated against corporate standards. Which combination of GitHub and Azure features should the team implement to meet these set of requirements?

Explanations

Related questions

A development team uses Azure DevOps pipelines to deploy applications to various Azure resources, including App Services and Azure SQL Databases. The organization's security policy mandates that all automated connections from Azure DevOps to Azure resources must adhere to the principle of least privilege, utilize automated credential management, and avoid hard-coded secrets. Which authentication method should the team prioritize for configuring their Azure DevOps service connections to Azure to meet these security requirements?

Implement and manage Azure DevOps service connections and personalaccess tokens

A software development company is designing a new cloud-native application composed of multiple independent microservices. The application needs to handle highly variable loads, including periods of inactivity, and must scale down to zero instances to optimize costs. The architecture requires robust inter-service communication, dynamic service discovery, and the ability to perform A/B testing by routing a percentage of traffic to new versions of services. The development team has strong containerization skills but prefers a platform that abstracts away the complexities of direct Kubernetes API management and underlying infrastructure operations. Which Azure container hosting and orchestration service should the company recommend to meet these requirements efficiently?

Recommend a container-based solution

A security-conscious organization is developing a critical backend daemon service that requires unattended access to Microsoft Graph. This service needs to perform two distinct, high-privilege operations: 1. Retrieve the full profile details for all users across the entire Microsoft Entra tenant. 2. Send emails from a designated shared mailbox without user interaction. The organization's security policy strictly enforces the **principle of least privilege** and mandates that all necessary permissions for this daemon service must be granted through **admin consent**. Which configuration approach correctly defines the required permissions and ensures they are granted appropriately for this application?

Configure app registration permission scopes

A development team is building an application that uploads various document types, such as PDFs and images, to Azure Blob Storage. For each uploaded document, they need to ensure that the browser correctly interprets the file type by setting the appropriate Content-Type property. Additionally, they must attach custom information, specifically a ProjectID and DocumentVersion, to each blob for internal tracking and categorization. The team is using the Azure Blob Storage .NET SDK. Which of the following approaches should the team use to efficiently set both the standard `Content-Type` and the custom `ProjectID` and `DocumentVersion` for each blob?

Set and retrieve properties and metadata

A company is deploying a critical, multi-tier application in an Azure region that supports Availability Zones. The application requires maximum resilience against infrastructure failures, including individual hardware component failures within a datacenter and complete datacenter outages within the region. Additionally, the company needs to ensure that planned Azure maintenance activities do not cause a full application downtime. Which Azure high availability strategy should be implemented for the application's virtual machines to meet these comprehensive requirements?

Deploy virtual machines to availability zones and availability sets

A company has Azure File Sync deployed with cloud tiering enabled on several Windows Servers. Users report that some files that should be tiered are still consuming local disk space, and some tiered files are failing to recall. The administrator needs to investigate these issues efficiently. Which monitoring tools and event logs should the administrator primarily use on the Windows Server to diagnose why files are failing to tier and recall, and to check the overall health of the server endpoint?

Configure and manage Azure File Sync

Want more questions like this?

Get a free certification question every week.