Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

Your organization runs Azure DevOps pipelines on a virtual machine scale set (VMSS) that hosts self-hosted build agents. The pipelines use Azure CLI scripts to deploy and modify resources only in the same Azure subscription that contains the scale set. You need to grant the agents least-privilege access, avoid any manual rotation of credentials, and ensure that disabling or deleting an individual VMSS instance does not affect authentication for the remaining instances. Which authentication mechanism should you choose?

  • Create an Azure AD application (service principal) secured by a certificate installed on each VMSS instance and referenced by the pipeline.

  • Enable a system-assigned managed identity on the VM scale set and assign the minimal required Azure RBAC role to that identity.

  • Assign a single user-assigned managed identity to the VM scale set and grant it the required Azure RBAC role.

  • Create an Azure AD application (service principal) secured by a client secret and store the secret as a secure pipeline variable.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot