Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

You are designing an Azure Pipelines YAML pipeline that will run only on Microsoft-hosted agents. The pipeline must deploy Bicep templates to an Azure subscription while meeting the following requirements:

  • Do not store any long-lived client secrets or certificates in Azure DevOps.
  • Rely on short-lived tokens issued by Azure AD.
  • Allow scoping permissions to a single resource group. Which authentication approach should you implement in the pipeline's service connection to meet the requirements?

  • Create an Azure Resource Manager service connection that uses Workload Identity Federation (OIDC) with a federated credential on an Azure AD application.

  • Enable a system-assigned managed identity on the Microsoft-hosted agent and grant it the required Azure RBAC role.

  • Store an App Service publish profile as a secure file and reference it during the deployment stage.

  • Create an Azure Resource Manager service connection that uses a service principal secured by a client secret stored in a variable group.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot