Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAZ-400TopicsDevelop a security and compliance plan
Free · No Signup RequiredMicrosoft · AZ-400

AZ-400 Develop a security and compliance plan Practice Questions

20+ practice questions focused on Develop a security and compliance plan — one of the most tested topics on the Microsoft Azure DevOps Engineer Expert AZ-400 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Develop a security and compliance plan Practice

Exam Domains

Configure processes and communicationsDesign and implement source controlDesign and implement build and release pipelinesDevelop a security and compliance planImplement an instrumentation strategyDesign and implement a DevOps infrastructureDesign and implement a source control strategyAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Develop a security and compliance plan Questions

Practice all 20+ →
1.

A company uses Azure DevOps for CI/CD. The security team requires that all pipeline runs must use a specific service connection (ServiceConnection-Prod) that has been approved for production deployments. However, developers are accidentally using unapproved connections. You need to enforce that only the approved service connection can be used in any pipeline that deploys to the production environment. What should you do?

A.Define a required template for all pipelines that includes the service connection, and instruct developers to use it.
B.Set up a manual approval gate on the production environment stage in the pipeline.
C.Configure a branch policy on the main branch to require a successful build before merging.
D.Create an Azure Pipeline decorator that validates the service connection used in each task and fails the pipeline if it is not the approved one.

Explanation: Option D is correct because Azure Pipeline decorators inject custom validation logic at runtime, allowing you to inspect each task's service connection and fail the pipeline if it does not match the approved one. This enforces the security requirement centrally without relying on developer compliance or manual gates.

2.

Your organization uses Azure DevOps and Azure Key Vault to manage secrets. You have a pipeline that deploys a web app to Azure App Service. The pipeline uses a variable group linked to Key Vault to retrieve the database connection string. Recently, the build started failing with the error: 'Access to Key Vault is denied. Please ensure the service connection has Get and List permissions on secrets.' The service connection uses a service principal. You have verified that the service principal has the correct Key Vault access policy with Get and List permissions. What is the most likely cause of the failure?

A.The service connection is configured to use the wrong Azure subscription.
B.The secret name in the variable group does not match the secret name in Key Vault.
C.The service principal used by the service connection does not have Contributor role on the Key Vault.
D.The build service identity does not have Get and List permissions on the Key Vault secrets.

Explanation: The error message indicates that the identity attempting to access Key Vault lacks the required permissions. Even though the service principal has the correct access policy, the pipeline may be using a different identity—the build service identity—to authenticate with Key Vault. In Azure DevOps, when a variable group is linked to Key Vault, the pipeline's build service identity (not the service connection's service principal) must have Get and List permissions on the Key Vault secrets. This is a common misconfiguration where the service principal is granted permissions but the build service identity is not.

3.

A company uses Azure DevOps and needs to ensure that all pipelines use approved YAML templates from a central repository. The security team wants to prevent developers from referencing unapproved templates. What is the best way to enforce this?

A.Create a branch policy on the repository that requires all pull requests to be approved by security team members.
B.Configure a variable group with the approved template repository and require it in all pipelines.
C.Use a pipeline decorator to check the template origin and fail the pipeline if unapproved.
D.Set the 'Required template' repository setting in the Azure DevOps project to the approved central repository.

Explanation: Option D is correct because the 'Required template' repository setting in Azure DevOps enforces that all pipelines must use a YAML template from a specified central repository. If a pipeline references a template from any other location, the pipeline will fail at runtime, providing a hard enforcement mechanism that cannot be bypassed by developers. This directly addresses the security team's requirement to prevent unapproved template references.

4.

You are designing a compliance strategy for Azure DevOps pipelines that deploy to production. The company policy requires that all production deployments must be reviewed by a security lead. Additionally, the deployment must use a specific release pipeline that has been pre-approved. How should you implement this?

A.Create a branch policy that requires the security lead to approve the pull request before merging.
B.Define a 'production' environment in Azure DevOps and configure an approval check that requires the security lead. Have the pipeline deploy to that environment.
C.Use a Classic release pipeline with a pre-deployment approval gate for the production stage.
D.Store the approved pipeline definition in a variable group and reference it in all pipelines.

Explanation: Option B is correct because Azure DevOps environments allow you to define approval checks that must be satisfied before a deployment proceeds. By creating a 'production' environment and adding a pre-deployment approval check requiring the security lead, you enforce the mandatory review. The pipeline then deploys to that environment, ensuring only the pre-approved release pipeline is used.

5.

A financial services company uses Azure DevOps and requires that all secrets (e.g., API keys, connection strings) be stored in Azure Key Vault. They have a pipeline that runs automated tests and deploys to staging. The pipeline uses a variable group linked to Key Vault to retrieve secrets. Recently, the pipeline failed with the error: 'Secret 'DbPassword' not found in Key Vault 'kv-prod'. Ensure the secret exists and the service principal has List permission.' The secret exists in the vault. What is the most likely cause?

A.The variable group is linked to the wrong Key Vault instance.
B.The variable name in the variable group does not exactly match the secret name in Key Vault (case-sensitive).
C.The service principal does not have Get permission on the secret.
D.The Key Vault is in a different Azure region than the Azure DevOps organization.

Explanation: Option B is correct because variable groups linked to Azure Key Vault in Azure DevOps require an exact case-sensitive match between the variable name in the variable group and the secret name in Key Vault. Even though the secret 'DbPassword' exists in the vault, if the variable group defines the variable as 'dbpassword' or 'DBPassword', the lookup will fail with the 'not found' error. The error message explicitly states the secret was not found, which is the typical symptom of a case mismatch, not a permissions or connectivity issue.

+15 more Develop a security and compliance plan questions available

Practice all Develop a security and compliance plan questions

How to master Develop a security and compliance plan for AZ-400

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Develop a security and compliance plan. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Develop a security and compliance plan questions on the AZ-400 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many AZ-400 Develop a security and compliance plan questions are on the real exam?

The exact number varies per candidate. Develop a security and compliance plan is tested as part of the Microsoft Azure DevOps Engineer Expert AZ-400 blueprint. Practicing with targeted Develop a security and compliance plan questions ensures you can handle any format or difficulty that appears.

Are these AZ-400 Develop a security and compliance plan practice questions free?

Yes. Courseiva provides free AZ-400 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Develop a security and compliance plan one of the harder AZ-400 topics?

Difficulty is subjective, but Develop a security and compliance plan is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Develop a security and compliance plan practice session with instant scoring and detailed explanations.

Start Develop a security and compliance plan Practice →

Topic Info

Topic

Develop a security and compliance plan

Exam

AZ-400

Questions available

20+