Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

You lead a team that delivers infrastructure-as-code through both GitHub Actions and Azure Pipelines.

Requirements

  1. In GitHub, the AZURE_SP_CLIENT_SECRET must be available only to jobs that target the Prod environment and must be masked if someone tries to echo it.
  2. In Azure DevOps, the same secret must be shared by several YAML pipelines, kept encrypted, and automatically update if the value is rotated in Azure Key Vault.

Which combination of platform features satisfies all the requirements with the least administrative effort?

  • Store AZURE_SP_CLIENT_SECRET as a repository secret in GitHub Actions and as a secret variable defined in each YAML pipeline in Azure DevOps.

  • Store AZURE_SP_CLIENT_SECRET in an environment file committed to the repo and encrypted with GPG for GitHub, and expose it through a service connection in Azure Pipelines.

  • Store AZURE_SP_CLIENT_SECRET as an organization secret in GitHub Actions and in a library variable group that is not linked to Key Vault in Azure Pipelines.

  • Store AZURE_SP_CLIENT_SECRET as a secret in the Prod environment in GitHub Actions and use a variable group linked to Azure Key Vault in Azure Pipelines.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot