Microsoft AZ-400 Practice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 14 2026

All questions are working fine.

All Questions (337)bookmarkBookmarked (0)

All337Show all accessible questions in this exam.Missed337Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 91

You are building a Microsoft ASP.NET application that requires authentication.

You need to authenticate users by using Azure Active Directory (Azure AD).

What should you do first?

A. Assign an enterprise application to users and groups

B. Create an app registration in Azure AD

C. Configure the application to use a SAML endpoint

D. Create a new OAuth token from the application

E. Create a membership database in an Azure SQL database

Question 92

You have an Azure DevOps organization named Contoso.

You need to recommend an authentication mechanism that meets the following requirements:

✑ Supports authentication from Git

✑ Minimizes the need to provide credentials during authentication

What should you recommend?

A. personal access tokens (PATs) in Azure DevOps

B. Alternate credentials in Azure DevOps

C. user accounts in Azure Active Directory (Azure AD)

D. managed identities in Azure Active Directory (Azure AD)

Question 93

You have an application that consists of several Azure App Service web apps and Azure functions.

You need to assess the security of the web apps and the functions.

Which Azure feature can you use to provide a recommendation for the security of the application?

A. Security & Compliance in Azure Log Analytics

B. Resource health in Azure Service Health

C. Smart Detection in Azure Application Insights

D. Compute & apps in Azure Security Center

Question 94

Your company has a project in Azure DevOps for a new web application.

The company identifies security as one of the highest priorities.

You need to recommend a solution to minimize the likelihood that infrastructure credentials will be leaked.

What should you recommend?

A. Add a Run Inline Azure PowerShell task to the pipeline.

B. Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.

C. Add an Azure Key Vault task to the pipeline.

D. Add Azure Key Vault references to Azure Resource Manger templates.

Question 95

SIMULATION -

You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.

The solution must use the principle of least privilege.

To complete this task, sign in to the Microsoft Azure portal.

Question 96

You create a Microsoft ASP.NET Core application.

You plan to use Azure Key Vault to provide secrets to the application as configuration data.

You need to create a Key Vault access policy to assign secret permissions to the application. The solution must use the principle of least privilege.

Which secret permissions should you use?

A. List only

B. Get only

C. Get and List

Question 97

DRAG DROP -

Your company has a project in Azure DevOps.

You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure

Key Vault.

You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.

What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

A.Box1 -> Box2

B.Box1 -> Box3

C.Box2 -> Box1

D.Box2 -> Box3

Question 98

DRAG DROP -

You need to configure access to Azure DevOps agent pools to meet the following requirements:

✑ Use a project agent pool when authoring build or release pipelines.

✑ View the agent pool and agents of the organization.

✑ Use the principle of least privilege.

Which role memberships are required for the Azure DevOps organization and the project? To answer, drag the appropriate role memberships to the correct targets. Each role membership may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

A. Box2 -> Box3

B. Box2 -> Box4

C. Box1 -> Box2

D. Box3 -> Box4

Question 99

You have a branch policy in a project in Azure DevOps. The policy requires that code always builds successfully.

You need to ensure that a specific user can always merge changes to the master branch, even if the code fails to compile. The solution must use the principle of least privilege.

What should you do?

A. Add the user to the Build Administrators group.

B. Add the user to the Project Administrators group.

C. From the Security settings of the repository, modify the access control for the user.

D. From the Security settings of the branch, modify the access control for the user.

Question 100

You have an Azure Resource Manager template that deploys a multi-tier application.

You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application.

What should you use?

Update History

Update History