Microsoft Microsoft Certifications AZ-400 Questions & Answers

• Question 401:

  You configure an Azure Application Insights availability test.

  You need to notify the customer services department at your company by email when availability is degraded.

  You create an Azure logic app that will handle the email and follow up actions.

  Which type of trigger should you use to invoke the logic app?

  A. an ApiConnection trigger

  B. a Request trigger

  C. an HTTPWebhook trigger

  D. an HTTP trigger

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-webhooks

• Question 402:

  You have an Azure DevOps organization named Contoso and an Azure subscription.

  You use Azure DevOps to build a containerized app named Appl and deploy App1 to an Azure container instance named ACM.

  You need to restart ACI1 when App1 stops responding.

  What should you do?

  A. Add a liveness probe to the YAML configuration of App1.

  B. Use Connection Monitor in Azure Network Watcher.

  C. Add a readiness probe to the YAML configuration of Appl.

  D. Use IP flow verify in Azure Network Watcher.

  Correct Answer: C

  https://docs.microsoft.com/en-us/azure/container-instances/container-instances-liveness-probe

• Question 403:

  You have a project in Azure DevOps named Project1. Project1 contains a pipeline that builds a container image named Image1 and pushes Image1 to an Azure container registry named ACR1. Image1 uses a base image stored in Docker

  Hub.

  You need to ensure that Image1 is updated automatically whenever the base image is updated.

  What should you do?

  A. Create and run an Azure Container Registry task.

  B. Add a Docker Hub service connection to Azure Pipelines.

  C. Enable the Azure Event Grid resource provider and subscribe to registry events.

  D. Create a service hook in Project1.

  Correct Answer: A

  ACR Tasks supports automated container image builds when a container's base image is updated, such as when you patch the OS or application framework in one of your base images.

  Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-base-image-update

• Question 404:

  Your company uses the following resources:

  1.

  Windows Server 2019 container images hosted in an Azure Container Registry.

  2.

  Azure virtual machines that run the latest version of Ubuntu

  3.

  An Azure Log Analytics workspace

  4.

  Azure Active Directory (Azure AD)

  5.

  An Azure key vault

  For which two resources can you receive vulnerability assessments in Azure Security Center?

  Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. the Azure Log Analytics workspace

  B. the Azure key vault

  C. the Azure virtual machines that run the latest version of Ubuntu

  D. Azure Active Directory (Azure AD)

  E. the Windows Server 2019 container images hosted in the Azure Container Registry

  Correct Answer: CE

  https://docs.microsoft.com/en-us/azure/security-center/features-paas

• Question 405:

  You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.

  You are configuring a build pipeline in Azure Pipelines that will include a task named Task1. Task1 will authenticate by using an Azure AD service principal.

  Which three values should you configure for Task1? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. the tenant ID

  B. the subscription ID

  C. the client secret

  D. the app ID

  E. the object ID

  Correct Answer: ACD

  Create an Azure Resource Manager service connection with an existing service principal

  AB: Enter the information about your service principal into the Azure subscription dialog textboxes:

  1.

  Tenant ID

  2.

  Subscription ID

  3.

  Subscription name

  4.

  Service principal ID

  Either the service principal client key or, if you have selected Certificate, enter the contents of both the certificate and private key sections of the *.pem file.

  If you're using the classic editor, select data you need. For example, the App service name.

  If you're using YAML, then go to the resource in the Azure portal, and then copy the data into your code. For example, to deploy a web app, you would copy the name of the App Service into the WebAppName value.

  Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure

• Question 406:

  You use Azure Pipelines to manage build pipelines. GitHub to store source code, and Dependabot to manage dependencies.

  You have an app named App1.

  Dependabot detects a dependency in App1 that requires an update.

  What should you do first to apply the update?

  A. Perform a commit.

  B. Create a pull request.

  C. Approve the pull request

  D. Create a branch.

  Correct Answer: C

  DependaBot is a useful tool to regularly check for dependency updates. By helping to keep your project up to date, DependaBot can reduce technical debt and immediately apply security vulnerabilities when patches are released. How does DependaBot work? DependaBot regularly checks dependencies for updates If an update is found, DependaBot creates a new branch with this upgrade and Pull Request for approval You review the new Pull Request, ensure the tests passed, review the code, and decide if you can merge the change

  Reference: https://samlearnsazure.blog/2019/12/20/github-using-dependabot/

• Question 407:

  You have a Microsoft ASP.NET Core web app in Azure that is accessed worldwide.

  You need to run a URL ping test once every five minutes and create an alert when the web app is unavailable from specific Azure regions. The solution must minimize development time.

  What should you do?

  A. Create an Azure Application Insights availability test and alert.

  B. Create an Azure Service Health alert for the specific regions.

  C. Create an Azure Monitor Availability metric and alert

  D. Write an Azure function and deploy the function to the specific regions.

  Correct Answer: A

  There are three types of Application Insights availability tests:

  URL ping test: a simple test that you can create in the Azure portal.

  Multi-step web test

  Custom Track Availability Tests

  Note: After you've deployed your web app/website, you can set up recurring tests to monitor availability and responsiveness. Azure Application Insights sends web requests to your application at regular intervals from points around the world.

  It can alert you if your application isn't responding, or if it responds too slowly.

  You can set up availability tests for any HTTP or HTTPS endpoint that is accessible from the public internet. You don't have to make any changes to the website you're testing. In fact, it doesn't even have to be a site you own. You can test the

  availability of a REST API that your service depends on.

  Reference:

  https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability#create-a-url-ping-test

• Question 408:

  You are designing a strategy to monitor the baseline metrics of Azure virtual machines that run Windows Server.

  You need to collect detailed data about the processes running in the guest operating system.

  Which two agents should you deploy? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. the Dependency agent

  B. the Azure Network Watcher Agent for Windows

  C. the Telegraf agent

  D. the Azure Log Analytics agent

  Correct Answer: AD

  The following table provide a quick comparison of the Azure Monitor agents for Windows.

  

  Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview

• Question 409:

  You have an Azure DevOps organization named Contoso that contains a project named Project1.

  You provision an Azure key vault named Keyvault1.

  You need to reference Keyvault1 secrets in a build pipeline of Project1.

  What should you do first?

  A. Create an XAML build service.

  B. Create a variable group in Project1.

  C. Add a secure file to Project1.

  D. Configure the security policy of Contoso.

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-key-vault

• Question 410:

  Your company uses Azure Artifacts for package management.

  You need to configure an upstream source in Azure Artifacts for Python packages.

  Which repository type should you use as an upstream source?

  A. PyPI

  B. npmjs.org

  C. Maven Central

  D. third-party trusted Python

  Correct Answer: A

  Get started with Python packages in Azure Artifacts Create a feed

  1.

  Select Artifacts (in the left navigation of your Azure DevOps project).

  2.

  On the Artifacts page, select Create Feed.

  3.

  In the Create new feed dialog box:

  4.

  In the Name field, give the feed a name.

  PyPI is the default repository name for twine, which is a tool for publishing Python packages.

  Reference:

  https://docs.microsoft.com/en-us/azure/devops/artifacts/quickstarts/python-packages