Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

You are standardizing Azure DevOps pipelines that run on Microsoft-hosted agents. The jobs must deploy to Azure subscriptions in the same Microsoft Entra ID (Azure AD) tenant, but you want to eliminate any stored client secrets or certificates in the project. Pipelines should obtain an identity automatically at run time while still allowing you to scope permissions granularly at the resource-group level. Which approach meets the requirements with the least operational overhead?

  • Create a service principal, generate a client secret, and store the secret in an Azure DevOps variable group referenced by each pipeline.

  • Create an Azure AD application and service principal, add a federated credential that trusts the Azure DevOps organization, and configure an Azure Resource Manager service connection that uses workload identity federation.

  • Use an Azure DevOps personal access token (PAT) in the service connection and grant the PAT access to the target subscription.

  • Enable a system-assigned managed identity on each Microsoft-hosted agent and reference it from Azure CLI tasks in the pipeline.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot