Microsoft DevOps Engineer Expert AZ-400 Practice Question

You administer an Azure DevOps Git repository using a 'main' branch for production. Your organization requires that any pull request (PR) into 'main' must receive at least two approvals and pass the CI pipeline. Furthermore, PR creators cannot approve their own changes, and any file changed in the '/infra/' path must be reviewed by the developers listed in the repository's CODEOWNERS file. Finally, project administrators need a way to merge a PR in an emergency, even if these policy checks fail. Which branch-policy configuration satisfies all requirements?

Configure a branch policy that requires 2 reviewers from specific security groups, allows self-approval, enables required build validation, and removes the bypass permission for project administrators.
Configure a branch policy on main that requires a minimum of 2 reviewers, enforces approvals from CODEOWNERS, disables self-approval, adds the CI pipeline as a required build-validation check, and grants project administrators the "Bypass policies when completing pull requests" permission.
Configure a branch policy that requires only 1 reviewer, automatically adds CODEOWNERS as optional reviewers, allows the PR creator to approve, and sets the CI pipeline build check to optional.
Use pipeline-gating conditions only: trigger the CI pipeline on PRs to main and rely on informal code reviews; do not configure any branch policy or reviewer requirements.

Report Issue

Answer Description

The required solution combines review and build gates with an emergency override.

Creating a branch policy on the main branch that:

Sets "Require a minimum number of reviewers" to 2 enforces two approvals.
Enables "Automatically include reviewers" and checks the option to require approval from owners of specified files ensures that any change under /infra/ must be approved by the declared code owners.
Disables the checkbox "Allow requestors to approve their own changes" blocks self-approval.
Adds the CI pipeline as a Required build-validation check stops the PR from completing until the build succeeds.
Giving project administrators the repository permission Bypass policies when completing pull requests allows them to override all branch-policy checks in exceptional circumstances.

Together these settings fulfill every stated rule. The distractors each miss at least one requirement: one allows self-approval, another makes the build optional, and another removes the bypass permission, so they cannot meet the organization's standards.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.