Microsoft DevOps Engineer Expert AZ-400 Practice Question
You are integrating Microsoft Defender for Cloud's DevOps Security with a GitHub Enterprise Cloud organization. You completed the Add connection wizard in Defender for Cloud and installed the "Microsoft Defender for Cloud" GitHub App at the organization level. The connector is shown as healthy, but the Repositories blade lists zero repositories and no security findings. You verify that developers actively push code to several repositories in the organization.
Which prerequisite is required per-repository before Defender for Cloud can ingest alerts from GitHub Advanced Security?
Grant the Defender for Cloud connector's managed identity the Azure built-in role GitHub Enterprise Owner.
Turn on push-protection for secret scanning in the organization's security settings.
Create a separate Defender for Cloud DevOps connector for each Azure subscription that hosts workloads using the repositories.
Enable GitHub Advanced Security in the repository's Code security and analysis settings.
Microsoft Defender for Cloud only imports vulnerability, secret-scanning, and dependency alerts from repositories that have GitHub Advanced Security (GHAS) turned on. GHAS must be enabled individually for each repository because GitHub does not automatically propagate the setting to all existing repositories, even if it is enabled at the enterprise or organization level. Until the Code security and analysis feature (which enables CodeQL, secret scanning, and Dependabot alerts) is turned on inside the repository settings, the GitHub API will not return any security data for that repository, so Defender for Cloud cannot list the repository or display findings.
The other options are not required prerequisites: push protection is an optional feature and not required for the initial connection ; assigning Azure roles to the connector does not influence GitHub data collection ; and creating additional DevOps connectors in other subscriptions has no effect on an existing healthy connection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GitHub Advanced Security (GHAS)?
Open an interactive chat with Bash
How do you enable GitHub Advanced Security for a repository?
Open an interactive chat with Bash
Why doesn’t enabling GHAS at the organization level automatically apply settings to all repositories?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .