Microsoft DevOps Engineer Expert AZ-400 Practice Question
You are designing a configuration management approach for 700 Windows and Linux virtual machines that run in both Azure and an on-premises VMware cluster. The operations team requires the following capabilities:
Enforce OS-level settings such as firewall rules and registry keys by using declarative code.
Pull-based application of configuration, so that no inbound network ports must be opened from the internet to on-premises servers.
A single Azure-hosted dashboard that shows compliance and automatically remediates drift at regular intervals. Which technology should you recommend?
Ansible playbooks executed from an Ansible control node
Azure Automanage Machine Configuration
HashiCorp Terraform with the AzureRM provider
Azure Resource Manager (ARM) or Bicep deployment templates
Azure Automanage Machine Configuration is the recommended solution. It uses an agent on each VM (either the guest configuration extension for Azure VMs or the Azure Arc agent for on-premises machines) that pulls assigned configurations from Azure. This meets the pull-based requirement, avoiding the need for inbound ports to on-premises servers. The service uses PowerShell Desired State Configuration (DSC) to enforce settings and reports compliance status to a centralized dashboard in Azure Policy, which can also be configured to automatically remediate configuration drift.
Terraform and ARM/Bicep templates are designed for provisioning infrastructure but do not continuously enforce in-guest OS settings after initial deployment. Ansible typically uses a push model that initiates outbound SSH/WinRM sessions from a control node and does not provide an Azure-native compliance dashboard or the same type of integrated, automatic drift remediation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Azure Automanage Machine Configuration enforce OS-level settings?
Open an interactive chat with Bash
What is configuration drift, and how does Azure Automanage handle it?
Open an interactive chat with Bash
What are the key differences between Azure Automanage and Ansible for configuration management?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Design and implement build and release pipelines
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .