AZ-400 · Question #375
You have an Azure subscription that contains an Azure pipeline named Pipeline1 and a GitHub repository named Repo1, Repo1 contains Bicep modules. Pipeline1 deploys Azure resources by using the Bicep m
The correct answer is A. Configure a deployment gate for Pipeline1 and include the Azure DevOps Security and. To ensure Azure Policy compliance before deploying Azure resources to production, configure an Azure Pipeline deployment gate that integrates with Azure Policy evaluations.
Question
Options
- AConfigure a deployment gate for Pipeline1 and include the Azure DevOps Security and
- BCreate an Azure DevOps build runs on the creation of a pull request assesses the code tor
- CTo Pipeline1, add a step that runs a What If deployment before the deployment step.
- DConfigure a deployment gate for Pipeline1 that uses Azure Automation to run a What If
How the community answered
(42 responses)- A48% (20)
- B7% (3)
- C29% (12)
- D17% (7)
Why each option
To ensure Azure Policy compliance before deploying Azure resources to production, configure an Azure Pipeline deployment gate that integrates with Azure Policy evaluations.
A deployment gate in Azure Pipelines can pause the release flow until specific conditions are met. The Azure DevOps Security and Compliance gate can integrate with Azure Policy evaluations, scanning the planned deployment against defined policies and failing the gate if non-compliant resources are detected, thereby preventing deployment to production.
Creating a build run on a pull request assesses code changes before they are merged, not before a release is deployed to production, and primarily focuses on code quality rather than live resource policy compliance.
Adding a 'What If' deployment step directly into the pipeline provides a preview of changes but does not inherently enforce Azure Policy compliance as a blocking gate without additional custom logic.
While a deployment gate can use Azure Automation to run a What If deployment, this approach requires custom scripting to interpret What If results against Azure Policies, which is less integrated than using a specialized compliance gate.
Concept tested: Azure Pipelines deployment gates for Azure Policy enforcement
Source: https://learn.microsoft.com/en-us/azure/devops/pipelines/release/deployment-gates
Community Discussion
No community discussion yet for this question.