Microsoft DevOps Engineer Expert AZ-400 Practice Question
The main branch of an Azure Repos Git repository must accept changes only through pull requests. Requirements are: at least two human reviewers, the code author may not approve, any new push must invalidate existing approvals, a CI build must succeed before completion, and direct pushes, force pushes, and branch deletion must all be blocked. Which configuration meets every requirement while still allowing pull-request merges into main?
Apply a branch policy that automatically adds two reviewers but allows author approval, keeps existing approvals after updates, and adds required build validation. Finally, lock the main branch so no one can push.
Create a branch policy on main that requires two reviewers, disallows author approval, resets approvals on new pushes, and adds a required build-validation pipeline. Then use Branch security to deny Force push and Delete permissions for the Contributors group, leaving Contribute unset.
Configure environment approvers in the release pipeline, trigger it from main, leave Contribute permission set to Allow for developers, and mark build validation as optional in the branch policy.
Enable repository-level settings to require signed commits and restrict merges to squash only; do not modify branch security. Rely on developers to open pull requests voluntarily.
A branch policy can enforce PR-based reviews and build validation. Setting "Minimum number of reviewers" to 2, clearing "Allow requestors to approve," and enabling "Reset approvals when new changes are pushed" satisfies the review-workflow rules. Adding a build-validation check ensures the pipeline passes before completion. Permissions, not a branch lock, are needed to keep the branch usable while protecting it; denying Force push and Delete on the branch security tab prevents both actions and, because Contribute is not explicitly allowed, blocks direct pushes but still permits the PR merge service account. The other answers fail by either locking the branch (which disables merges), allowing self-approval, omitting approval resets, or leaving the branch unprotected against direct or force pushes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a branch policy, and how does it work in Azure Repos?
Open an interactive chat with Bash
How do branch permissions differ from branch locks in Azure Repos?
Open an interactive chat with Bash
What is build validation in Azure Repos, and why is it required for pull requests?
Open an interactive chat with Bash
What are branch policies in Azure Repos and why are they important?
Open an interactive chat with Bash
What is the purpose of requiring CI build validation in a branch policy?
Open an interactive chat with Bash
How do permissions like denying Force push and Delete protect a branch?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Design and implement a source control strategy
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .