nerdexam
Microsoft

AZ-400 · Question #310

Drag and Drop Question You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2. You need to ensure that Pipeline1 can deploy code succe

The correct answer is Create a service principal in Azure Active Directory.; In Project1, create a service connection.; In Pipeline1, authorize the service connection.. To enable Pipeline1 to deploy to webapp1 while restricting Pipeline2, you must first create a service principal in Azure Active Directory to represent the identity with permissions to the web app. Next, you create a service connection in Project1 that uses that service principal

Submitted by hans_de· Mar 6, 2026Design and implement a release strategy – specifically configuring pipeline permissions and service connections to control resource access in Azure DevOps (AZ-400 / DevOps Engineer Expert)

Question

Drag and Drop Question You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2. You need to ensure that Pipeline1 can deploy code successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2 does not have permission to webapp1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

Exhibits

AZ-400 question #310 exhibit 1
AZ-400 question #310 exhibit 2

Answer Area

Drag items

Create a service principal in Azure Active Directory.In Project1, create a service connection.In Pipeline1, authorize the service connection.Create a system-assigned managed identity in Azure Active Directory.In Project1, configure permissions.In Pipeline1, create a variable.

Correct arrangement

  • Create a service principal in Azure Active Directory.
  • In Project1, create a service connection.
  • In Pipeline1, authorize the service connection.

Explanation

To enable Pipeline1 to deploy to webapp1 while restricting Pipeline2, you must first create a service principal in Azure Active Directory to represent the identity with permissions to the web app. Next, you create a service connection in Project1 that uses that service principal to authenticate to Azure. Finally, you authorize the service connection specifically for Pipeline1 (not project-wide), ensuring only Pipeline1 can use it and Pipeline2 is excluded by default.

Topics

#Azure DevOps Pipelines#Service Connections#Azure Active Directory#Pipeline Security

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice