Microsoft DevOps Engineer Expert AZ-400 Practice Question
You are designing the configuration-management portion of an infrastructure-as-code solution for an Azure-hosted application platform. Infrastructure is provisioned through Bicep templates in Azure Pipelines, and the operations team wants to store OS hardening baselines in the same Git repository so that changes follow the normal pull-request process. The baselines must be:
applied automatically to any new or existing Windows or Linux VM that belongs to a specified environment tag,
continuously monitored for drift and remediated if necessary,
delivered through an Azure-native service that does not require you to deploy or manage a third-party agent. Which approach should you recommend?
Package each baseline as a guest-configuration package, publish it to Azure Policy, and assign the corresponding policy definition to VMs that have the appropriate environment tag, enabling remediation.
Install the Chef client on every VM and use an Azure DevOps extension to apply cookbooks that implement the required baselines.
Create DSC configurations in Azure Automation State Configuration and configure each VM to use the pull server hosted in the Automation account.
Add a Custom Script Extension step to the Bicep templates that invokes a PowerShell or Bash script to apply the baseline during VM deployment.
Guest Configuration policies let you package desired state definitions as version-controlled artefacts, publish them to Azure Policy, and then assign them to scopes such as a subscription, resource group, or a set of VMs identified by tags. When the policy assignment is created, Azure automatically installs the Guest Configuration VM extension and starts auditing and, if configured, remediating drift, without requiring you to deploy or maintain an additional agent. Azure Automation State Configuration, Chef, or ad-hoc Custom Script Extensions can deliver configuration, but they either require a separate DSC or third-party agent, or they provide no continuous compliance monitoring and remediation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Policy and how does it help with configuration management?
Open an interactive chat with Bash
What is a Guest Configuration package in Azure?
Open an interactive chat with Bash
How does Azure manage drift remediation using Guest Configuration?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Design and implement build and release pipelines
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .