Develop a security and compliance plan Questions
Practice questions for Develop a security and compliance plan topic in Microsoft Certified: DevOps Engineer Expert. 27 questions covering this domain.
A team converts an Azure service connection to workload identity federation, but one pipeline task still fails to authenticate. What is the most likel...
A team is creating a new Azure Resource Manager service connection for Azure Pipelines. Which authentication method does Microsoft recommend for new c...
A project administrator wants to reduce exposure from an Azure service connection. What is the better practice for pipeline authorization?
A team needs to store a certificate file for signing during deployment. Which statement about Azure Pipelines secure files is correct?
Which statement correctly compares system-assigned and user-assigned managed identities?
What is the relationship between a Microsoft Entra application object and a service principal?
Which Dependabot capability automatically opens pull requests to update dependencies that have known security advisories?
A GitHub Actions workflow uses OIDC to federate with Azure for a specific GitHub environment. Which subject claim format must the federated credential...
Which GitHub Advanced Security feature performs static analysis to identify security vulnerabilities in source code?
Developers in an organization keep accidentally pushing API keys to GitHub. Which GitHub Advanced Security feature blocks the git push at the protocol...
A regulated team requires every production deployment from a GitHub repo to be approved by two specific reviewers and to wait at least 30 minutes afte...
Which Microsoft service provides DevOps security posture management with connectors for GitHub and Azure DevOps?
An organization wants to reduce ongoing Azure DevOps personal access token (PAT) usage and rotation overhead. Which Microsoft recommendation best meet...
A GitHub organization owner wants to ensure that all repositories automatically enable Dependabot security updates when a vulnerability is detected. W...
A platform engineer wants to scan container images for OS-level vulnerabilities as part of a GitHub Actions pipeline before pushing to a registry. Whi...
A security team requires that every open-source package added to an Azure Artifacts feed be reviewed for license compliance before it can be used in p...
Which Azure Pipelines library object stores a collection of reusable name/value pairs (including secrets) that can be referenced by multiple pipelines...
A team's GitHub Actions workflow needs the minimum possible permissions. The workflow reads repository contents and writes pull request comments only....
An Azure DevOps project uses several Classic release pipelines that still reference service connections with client secrets. The security team wants t...
Which GitHub Advanced Security feature alerts repository maintainers when a project dependency has a known security vulnerability listed in the GitHub...
Sign in to see all 27 questions
Create a free account to browse all questions — completely free during our launch phase.