Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

Your company hosts all application source code in Azure DevOps Repos. Compliance rules require that every repository is continuously scanned for the following:

  • accidental commits of credentials or tokens
  • vulnerable or non-permissive open-source dependencies
  • security defects in application code across multiple languages
    You must minimize tool sprawl and management overhead while meeting all requirements inside Azure DevOps. Which strategy should you adopt?

  • Integrate Azure Key Vault with a Fortify static analysis task in every pipeline to identify hard-coded secrets and code vulnerabilities.

  • Apply Azure Policy for Azure DevOps and execute SonarQube analysis in a build stage to cover security and compliance needs.

  • Enable GitHub Advanced Security for Azure DevOps and configure CodeQL analysis, secret scanning, and Dependabot alerts for each repository.

  • Add Microsoft Defender for Cloud DevOps Security and rely on its default policy assessments for all repositories.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot