Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

Microsoft Designing and Implementing DevOps Solutions AZ-400 Exam Questions in PDF

Free Microsoft AZ-400 Dumps Questions (page: 7)

AZ-400 PDF — 355 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a project in Azure DevOps.

You need to prevent the configuration of the project from changing over time.

Solution: Implement Continuous Assurance for the project.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

The basic idea behind Continuous Assurance (CA) is to setup the ability to check for "drift" from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a 'state' as opposed to a 'point in time' achievement. This is particularly important in today's context when 'continuous change' has become a norm.
There can be two types of drift:
Drift involving 'baseline' configuration: This involves settings that have a fixed number of possible states

(often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF...or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days.
Drift involving 'stateful' configuration: There are settings which cannot be constrained within a finite set of well-known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered 'secure' or not. However, once that is done, it is important to ensure that there is no "stateful drift" from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger 'auto- remediation' depending on the severity of the change).


Reference:

https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html



DRAG DROP (Drag and Drop is not supported)

You are planning projects for three customers. Each customer's preferred process for work items is shown in the following table.



The customers all plan to use Azure DevOps for work item management.

Which work item process should you use for each customer? To answer, drag the appropriate work item processes to the correct customers. Each work item process may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Note: Each correct selection is worth one point.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Scrum
Choose Scrum when your team practices Scrum. This process works great if you want to track product backlog items (PBIs) and bugs on the Kanban board, or break PBIs and bugs down into tasks on the taskboard.

Box 2: Agile
Choose Agile when your team uses Agile planning methods, including Scrum, and tracks development and test activities separately. This process works great if you want to track user stories and (optionally) bugs on the Kanban board, or track bugs and tasks on the taskboard.

Box 3: CMMI
Choose CMMI when your team follows more formal project methods that require a framework for process improvement and an auditable record of decisions. With this process, you can track requirements, change requests, risks, and reviews.

Incorrect Answers:
XP:
The work tracking objects contained within the default DevOps processes and DevOps process templates are Basic, Agile, CMMI, and Scrum
XP (Extreme Programming) and DevOps are different things. They don't contradict with each other, they can be used together, but they have different base concepts inside them.


Reference:

https://docs.microsoft.com/en-us/azure/devops/boards/work-items/guidance/choose-process?view=azure- devops



You configure an Azure Application Insights availability test.

You need to notify the customer services department at your company by email when availability is degraded.

You create an Azure logic app that will handle the email and follow up actions.

Which type of trigger should you use to invoke the logic app?

  1. an HTTPWebhook trigger
  2. an HTTP trigger
  3. a Request trigger
  4. an ApiConnection trigger

Answer(s): C



You have an Azure DevOps organization named Contoso and an Azure subscription.

You use Azure DevOps to build a containerized app named App1 and deploy App1 to an Azure container instance named ACI1.

You need to restart ACI1 when App1 stops responding.

What should you do?

  1. Add a liveness probe to the YAML configuration of App1.
  2. Add a readiness probe to the YAML configuration of App1.
  3. Use Connection Monitor in Azure Network Watcher.
  4. Use IP flow verify in Azure Network Watcher.

Answer(s): A



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage a project in Azure DevOps.

You need to prevent the configuration of the project from changing over time.

Solution: Perform a Subscription Health scan when packages are created.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Correct:
* Implement Continuous Assurance for the project.
Incorrect:
* Add a code coverage step to the build pipelines.
* Perform a Subscription Health scan when packages are created.
* Implement Continuous Integration for the project.
Note:
The basic idea behind Continuous Assurance (CA) is to setup the ability to check for "drift" from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a 'state' as opposed to a 'point in time' achievement. This is particularly important in today's context when 'continuous change' has become a norm.
There can be two types of drift:
Drift involving 'baseline' configuration: This involves settings that have a fixed number of possible states (often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF...or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days.
Drift involving 'stateful' configuration: There are settings which cannot be constrained within a finite set of well- known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered 'secure' or not. However, once that is done, it is important to ensure that there is no "stateful drift" from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger 'auto-remediation' depending on the severity of the change).


Reference:

https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is an independent software vendor (ISV). Litware has a main office and five branch offices.

Existing Environment
Application Architecture
The company's primary application is a single monolithic retirement fund management system based on ASP.NET web forms that use logic written in VB.NET. Some new sections of the application are written in C#.
Variations of the application are created for individual customers. Currently, there are more than 80 live code branches in the application's code base.
The application was developed by using Microsoft Visual Studio. Source code is stored in Team Foundation Server (TFS) in the main office. The branch offices access the source code by using TFS proxy servers.
Architectural Issues
Litware focuses on writing new code for customers. No resources are provided to refactor or remove existing code. Changes to the code base take a long time, as dependencies are not obvious to individual developers.
Merge operations of the code often take months and involve many developers. Code merging frequently introduces bugs that are difficult to locate and resolve.
Customers report that ownership costs of the retirement fund management system increase continually. The need to merge unrelated code makes even minor code changes expensive.
Customers report that bug reporting is overly complex.

Requirements
Planned Changes

Litware plans to develop a new suite of applications for investment planning. The investment planning applications will require only minor integration with the existing retirement fund management system.
The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.
Litware plans to move to a more agile development methodology. Shared code will be extracted into a series of packages.
Litware has started an internal cloud transformation process and plans to use cloud-based services whenever suitable.
Litware wants to become proactive in detecting failures, rather than always waiting for customer bug reports.

Technical Requirements:
The company's investment planning applications suite must meet the following technical requirements:
New incoming connections through the firewall must be minimized.

Members of a group named Developers must be able to install packages.

The principle of least privilege must be used for all permission assignments.

A branching strategy that supports developing new functionality in isolation must be used.

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.
Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.
Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release.
The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The required operating system configuration for the test servers changes weekly. Azure Automation State

Configuration must be used to ensure that the operating system on each test server is configured the same way when the servers are created and checked periodically.
Current Technical Issue
The test servers are configured correctly when first deployed, but they experience configuration drift over time.
Azure Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.



HOTSPOT (Drag and Drop is not supported)

How should you complete the code to initialize App Center in the mobile application? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app's AppDelegate class in the didFinishLaunchingWithOptions method.

MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])


Reference:

https://docs.microsoft.com/en-us/appcenter/sdk/getting-started/ios




Case Study:

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a manufacturing company that has a main office in Chicago.


Existing Environment

Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.

The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2019

The Azure subscription contains an Azure Automation account.


Requirements

Planned changes

Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements

Contoso identifies the following technical requirements:

Implement build agents for Project1.

Whenever possible, use Azure resources.

Avoid using deprecated technologies.

Implement a code flow strategy for Project2 that will:

- Enable Team2 to submit pull requests for Project2.
- Enable Team2 to work independently on changes to a copy of Project2.
- Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.

Implement Project3, Project5, Project6, and Project7 based on the planned changes.

Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You add the virtual machines as managed nodes in Azure Automation State Configuration.

You need to configure the managed computers in Pool7.

What should you do next?

  1. Modify the RefreshMode property of the Local Configuration Manager (LCM).
  2. Run the Register-AzureRmAutomationDscNode Azure Powershell cmdlet.
  3. Modify the ConfigurationMode property of the Local Configuration Manager (LCM).
  4. Install PowerShell Core.

Answer(s): C




Case Study:

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a manufacturing company that has a main office in Chicago.


Existing Environment

Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.

The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2019

The Azure subscription contains an Azure Automation account.


Requirements

Planned changes

Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements

Contoso identifies the following technical requirements:

Implement build agents for Project1.

Whenever possible, use Azure resources.

Avoid using deprecated technologies.

Implement a code flow strategy for Project2 that will:

- Enable Team2 to submit pull requests for Project2.
- Enable Team2 to work independently on changes to a copy of Project2.
- Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.

Implement Project3, Project5, Project6, and Project7 based on the planned changes.

Implement Project4 and configure the project to push Docker images to Azure Container Registry.

DRAG DROP (Drag and Drop is not supported)

You need to implement the code flow strategy for Project2 in Azure DevOps.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Step 1: Create a repository
A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a fork

Step 3: Add a build policy for the fork
Build policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.

Scenario:
Implement a code flow strategy for Project2 that will:
Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.


Reference:

https://docs.microsoft.com/en-us/azure/devops/repos/git/manage-your-branches



Viewing page 7 of 46

Share your comments for Microsoft AZ-400 exam with other users:

A
Anonymous User
4/13/2026 1:00:51 PM

Question 2:

  • Answer: D. Azure Advisor

  • Why: To view security-related recommendations for resources in the Compute and Apps area (including App Service Web Apps and Functions), you use Azure Advisor. Advisor surfaces personalized best-practice recommendations across resources, including security, and shows which resources are affected and the severity.

  • Why not the others:
- Azure Log Analytics is for ad-hoc querying of telemetry, not for viewing security recommendations. - Azure Event Hubs is for streaming telemetry data, not for security recommendations.
  • Quick tip: In the portal, navigate to Azure Advisor and check the Security recommendations for App Services to see actionable items and affe

    Brazil
R
Rian
3/19/2026 9:12:10 AM

This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.

United States
AI Tutor 👋 I’m here to help!