Microsoft
AZ-400 · Question #331
You have been tasked with strengthening the security of your team's development process. You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process.
The correct answer is B. Static code analysis. Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process. https://docs.microsoft.com/en-us/azure/devo
Submitted by tyler.j· Mar 6, 2026Develop a security and compliance plan
Question
You have been tasked with strengthening the security of your team's development process. You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process. Which of the following is the option you would suggest?
Exhibit
Options
- APenetration testing
- BStatic code analysis
- CThreat modeling
- DDynamic code analysis
How the community answered
(40 responses)- A3% (1)
- B95% (38)
- D3% (1)
Explanation
Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process. https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd- pipeline?view=vsts
Community Discussion
No community discussion yet for this question.
