nerdexam
Microsoft

AZ-400 · Question #331

You have been tasked with strengthening the security of your team's development process. You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process.

The correct answer is B. Static code analysis. Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process. https://docs.microsoft.com/en-us/azure/devo

Submitted by tyler.j· Mar 6, 2026Develop a security and compliance plan

Question

You have been tasked with strengthening the security of your team's development process. You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process. Which of the following is the option you would suggest?

Exhibit

AZ-400 question #331 exhibit

Options

  • APenetration testing
  • BStatic code analysis
  • CThreat modeling
  • DDynamic code analysis

How the community answered

(40 responses)
  • A
    3% (1)
  • B
    95% (38)
  • D
    3% (1)

Explanation

Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process. https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd- pipeline?view=vsts

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice