🔥 40% Off Crucial Exams Memberships — This Week Only

3 days, 13 hours remaining!
Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

Your team maintains a YAML multi-stage Azure Pipeline that deploys a Java web app to Azure Kubernetes Service (AKS). The release stage needs a password-protected PFX certificate (app_tls.pfx) that must never be committed to the Git repository. The certificate must be usable only while the job runs and should be wiped from the build agent automatically after completion. Which approach should you implement to meet these requirements with minimal changes to the existing pipeline?

  • Define a secret variable named APP_CERT that contains a base64-encoded copy of the certificate and decode it with a script step at runtime.

  • Commit the certificate to a private Git submodule and add an authenticated checkout step to pull the submodule during the release stage.

  • Store the certificate as a secret in Azure Key Vault and use the AzureKeyVault@2 task to inject it into environment variables during the job.

  • Upload app_tls.pfx to the pipeline Library as a secure file and add a DownloadSecureFile@1 task that references the file in the release stage.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot