nerdexam
Microsoft

AZ-400 · Question #185

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might h

The correct answer is A. Yes. We can create CI without SAST or SCA security tool. The fundamental of DevSecOps is to have security automation being done on CI and shift left to developer by using tool. Whitesource or from paid platform such as Veracode.. Therefore the answer 'Security Testing', if this refer

Submitted by naveen.iyer· Mar 6, 2026Develop a security and compliance plan

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You plan to update the Azure DevOps strategy of your company. You need to identify the following issues as they occur during the company's development process: - Licensing violations - Prohibited libraries Solution: You implement automated security testing. Does this meet the goal?

Options

  • AYes
  • BNo

How the community answered

(50 responses)
  • A
    78% (39)
  • B
    22% (11)

Explanation

We can create CI without SAST or SCA security tool. The fundamental of DevSecOps is to have security automation being done on CI and shift left to developer by using tool. Whitesource or from paid platform such as Veracode.. Therefore the answer 'Security Testing', if this refer to tool such as Whitesource.

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice