Download Microsoft Azure DevOps Solutions.AZ-400.Dump4Pass.2024-02-27.251q.vcex

Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux

Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents.    Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.  These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.    Incorrect Answers: B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).    Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview

Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.    Recommendations  This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.    Incorrect Answers: C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.   Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics

1. In Azure portal navigate to the az400-9940427-main app.  2. Scroll down to the Settings group in the left navigation.  3. Select Managed identity.  4. Within the System assigned tab, switch Status to On. Click Save.               Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity

Application data plane permissions: Keys: sign Secrets: get   Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Box 1: A key Vault advanced access policy              Box 2: RBAC Management plane access control uses RBAC.  The management plane consists of operations that affect the key vault itself, such as:   Creating or deleting a key vault.   Getting a list of vaults in a subscription.  Retrieving Key Vault properties (such as SKU and tags).  Setting Key Vault access policies that control user and application access to keys and secrets.    Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

Box 1: Reader Members of the Reader role can view the organization agent pool as well as agents. You typically use this to add operators that are responsible for monitoring the agents and their health.    Box 2: Service account Members of the Service account role can use the organization agent pool to create a project agent pool in a project. If you follow the guidelines above for creating new project agent pools,  you typically do not have to add any members here.    Incorrect Answers: In addition to all the permissions given the Reader and the Service Account role, members of the administrator role can register or unregister agents from the organization agent pool. They can also refer to the organization agent pool when creating a project agent pool in a project. Finally, they can also manage membership for all roles of the organization agent pool. The user that created the organization agent pool is automatically added to the Administrator role for that pool.    Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues

In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.    Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies

When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.    Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter