Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

You are designing a GitHub Actions pull request workflow with two jobs: build and analyze. The build job builds a Linux container image, tags it with the commit SHA, and pushes it to an Azure Container Registry (ACR).

According to security policy, the analyze job must run CodeQL static analysis from inside the container image created by the build job. This ensures that only tools from the hardened image are used and that no additional tools are installed on the GitHub-hosted runner.

How should you configure the analyze job to meet this requirement?

  • Add the option build-mode: container under the github/codeql-action/init step in the analyze job.

  • Add the parameter run-in-container: true to every CodeQL action step in the analyze job.

  • In the analyze job, set a container property only on the github/codeql-action/analyze step.

  • Make the analyze job dependent on the build job using the needs property, and add a container property to the analyze job that references the image in ACR.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot