AZ-400 Free Practice Test

- (Exam Topic 4)
Your company uses Azure DevOps.
Only users who have accounts in Azure Active Directory can access the Azure DevOps environment. You need to ensure that only devices that are connected to the on-premises network can access the Azure DevOps environment.
What should you do?

1. A. Assign the Stakeholder access level to all users.
2. B. In Azure Active Directory, configure risky sign-ins.
3. C. In Azure DevOps, configure Security in Project Settings.
4. D. In Azure Active Directory, configure conditional access.

Correct Answer: D
Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions.
Conditional Access policies are enforced after the first-factor authentication has been completed. References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

- (Exam Topic 4)
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: A Build task Trigger a build
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.
Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.
To view the build in progress status, click on ellipsis and select View build results.
Box 2: WhiteSource Bolt
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
References: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A