AZ-400 · topic practice

Design and implement a DevOps infrastructure practice questions

Practise Microsoft Azure DevOps Engineer Expert AZ-400 Design and implement a DevOps infrastructure practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Design and implement a DevOps infrastructure

What the exam tests

What to know about Design and implement a DevOps infrastructure

Design and implement a DevOps infrastructure questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Design and implement a DevOps infrastructure exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Design and implement a DevOps infrastructure questions

20 questions · select your answer, then reveal the explanation

A team wants to enforce that all Azure resource groups in a subscription are tagged with 'CostCenter' and 'Environment'. They need a solution that automatically applies these tags to any new resource group and ensures compliance without manual intervention. What should they use?

A company uses Azure DevOps for CI/CD. They have multiple pipelines that deploy to different environments. They want to ensure that secrets like API keys are not exposed in pipeline logs. What is the best approach?

A company uses Azure Pipelines to build a .NET Core application. The build takes 45 minutes due to dependency restoration. They want to reduce build time. What is the most effective strategy?

A team wants to automatically destroy a temporary test environment after a pull request is merged or closed. What Azure DevOps feature should they use?

A company uses Azure Pipelines to deploy a web app to Azure App Service. They want to ensure that the deployment is first validated in a staging slot before swapping to production. What should they configure?

A team uses Terraform to manage Azure infrastructure. They want to store the Terraform state file securely and enable collaboration. What is the recommended approach?

A company uses Azure DevOps to manage code. They want to enforce that all changes to the main branch must go through a pull request with at least two reviewers. What should they configure?

A company uses Azure Pipelines to deploy microservices to Azure Kubernetes Service (AKS). They want to implement a canary deployment strategy. What should they use?

Which THREE of the following are valid methods to securely store and use secrets in Azure DevOps pipelines?

Which TWO of the following are benefits of using Infrastructure as Code (IaC) over manual infrastructure management?

Which THREE of the following are prerequisites for implementing a CI/CD pipeline for a .NET Core application?

Which TWO of the following are valid ways to trigger a pipeline in Azure DevOps when a pull request is created?

An Azure Policy is defined as shown in the exhibit. You attempt to create a storage account with HTTPS traffic only set to false. What will happen?

Exhibit

Refer to the exhibit.

```
{
  "properties": {
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
            "equals": "false"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}
```

You run the Azure CLI command shown in the exhibit. What is the output?

Network Topology
$ az vm listquery "[?location=='eastus'].{Name:nameoutput tableRefer to the exhibit.```Name ResourceGroupvm1 rg-prodvm2 rg-dev

Your organization uses Azure DevOps to manage a large-scale microservices application deployed to Azure Kubernetes Service (AKS). The application consists of 20 microservices, each with its own code repository and CI/CD pipeline. Recently, the team has been experiencing frequent build failures due to dependency conflicts between microservices when multiple pipelines run simultaneously and try to use the same build agent. The team is using Microsoft-hosted agents with a single agent pool. The builds take an average of 30 minutes each, and there are often 10+ builds queued at the same time. The team wants to reduce build failures and improve build throughput without significant increase in cost. What should they do?

A team is designing a release pipeline for a .NET Core web application. They want to deploy to Azure App Service using a blue-green deployment strategy to minimize downtime. Which Azure App Service feature should they use to implement this?

An organization uses an on-premises Jenkins server to build Docker images and push them to Azure Container Registry (ACR). The security team requires that all images be scanned for vulnerabilities before deployment. The DevOps team needs to automate this scanning after each push. What is the most efficient way to meet this requirement?

A DevOps engineer needs to ensure that only approved Azure Resource Manager (ARM) templates are used for deployments. They want to enforce this at the subscription level. Which Azure service should they use?

A company uses Azure DevOps for CI/CD. They have a multi-stage YAML pipeline that builds a Java application, runs unit tests, and deploys to a test environment. The test environment uses an Azure SQL Database. The pipeline currently runs successfully but the team notices that the test database schema is not always up-to-date. They want to apply database migrations automatically as part of the pipeline. Which tool or task should they integrate?

A company is designing an Azure DevOps strategy for a microservices application. They need to ensure that each microservice can be built, tested, and deployed independently. They also want to reuse pipeline components across services. Which TWO practices should they implement?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Design and implement a DevOps infrastructure sessions

Start a Design and implement a DevOps infrastructure only practice session

Every question in these sessions is drawn from the Design and implement a DevOps infrastructure domain — nothing else.

Related practice questions

Related AZ-400 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AZ-400 exam test about Design and implement a DevOps infrastructure?
Design and implement a DevOps infrastructure questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Design and implement a DevOps infrastructure questions in a focused session?
Yes — the session launcher on this page draws every question from the Design and implement a DevOps infrastructure domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AZ-400 topics?
Use the topic links above to move to related areas, or go back to the AZ-400 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AZ-400 exam covers. They are not copied from any real exam or dump site.