nerdexam
Microsoft

AZ-400 · Question #404

You use release pipelines in Azure Pipelines to deploy an app. Secrets required be the pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure Pipelines agent. You need

The correct answer is A. Store the secrets in the environment variables instead of the pipeline variables.. We make an effort to mask secrets from appearing in Azure Pipelines output, but you still need to take precautions. Never echo secrets as output. Some operating systems log command line arguments. Never pass secrets on the command line. Instead, we suggest that you map your secre

Submitted by noor.lb· Mar 6, 2026Develop a security and compliance plan

Question

You use release pipelines in Azure Pipelines to deploy an app. Secrets required be the pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure Pipelines agent. You need to prevent the values of the secrets from being logged. What should you do?

Options

  • AStore the secrets in the environment variables instead of the pipeline variables.
  • BPass the secrets on the command line instead of in the pipeline variables.
  • CApply a prefix of secret to the name of the variables.
  • DEcho the values of the secrets to the command line.

How the community answered

(35 responses)
  • A
    80% (28)
  • B
    11% (4)
  • C
    3% (1)
  • D
    6% (2)

Explanation

We make an effort to mask secrets from appearing in Azure Pipelines output, but you still need to take precautions. Never echo secrets as output. Some operating systems log command line arguments. Never pass secrets on the command line. Instead, we suggest that you map your secrets into environment variables. https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure- devops&tabs=classic%2Cbatch

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice