Microsoft DevOps Engineer Expert AZ-400 Practice Question
In Azure DevOps, you run a self-hosted build agent on an Azure virtual machine that has a system-assigned managed identity with Contributor rights to the subscription. You must enable all pipelines in a project to deploy Bicep templates to the subscription without storing any credentials in Azure DevOps. Which configuration should you create?
Create an Azure Resource Manager service connection that automatically generates a new service principal secured by a client secret.
Create a GitHub service connection authenticated with a project-level personal access token scoped to all repositories.
Create an Azure Kubernetes Service (AKS) service connection that uses a Kubernetes service account and kubeconfig file.
Create an Azure Resource Manager service connection that authenticates with the agent's system-assigned managed identity and scope it to the agent pool.
An Azure Resource Manager service connection can authenticate by using the managed identity of the self-hosted agent that resides in the target subscription. Because the identity is already trusted by Azure AD, no client secret or certificate is stored in Azure DevOps, satisfying the requirement to avoid storing credentials. A Kubernetes service connection, a GitHub service connection that relies on a personal access token, or an Azure Resource Manager connection that uses a new service principal secured by a secret would all store credentials in Azure DevOps and therefore do not meet the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a system-assigned managed identity in Azure?
Open an interactive chat with Bash
Why does using a system-assigned managed identity with an Azure Resource Manager service connection meet the requirements?
Open an interactive chat with Bash
What is the difference between a system-assigned managed identity and a service principal in Azure?
Open an interactive chat with Bash
What is a managed identity in Azure?
Open an interactive chat with Bash
Why is an Azure Resource Manager service connection suitable in this scenario?
Open an interactive chat with Bash
How does using a managed identity improve security in DevOps pipelines?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .