AZ-400 Question #497: Real Exam Question with Answer & Explanation

Sign in or unlock AZ-400 to reveal the answer and full explanation for question #497. The question stem and answer options stay visible for context.

Submitted by kim_seoul· Mar 6, 2026Design and implement a secure DevOps pipeline - specifically managing service connection permissions and roles in Azure DevOps (AZ-400 / DevOps Engineer Expert certification domain: Implement and manage infrastructure and security)

Question

Drag and Drop Question You have a tenant in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. The tenant contains three groups named Group1, Group2, and Group3. You create a new project in Azure DevOps named Project1. You need to secure the service connections for Project1. The solution must meet the following requirements: - The members of Group1 must be able to share and unshare a service connection with other projects. - The members of Group2 must be able to rename a service connection and update the description. - The members of Group3 must be able to use the service connection within build or release pipelines. - The principle of least privilege must be followed. Which permission should you grant to each group? To answer, drag the appropriate permissions to the correct groups. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Unlock AZ-400 to see the answer

You've previewed enough free AZ-400 questions. Unlock AZ-400 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock AZ-400 - $49.99 / 30 days Sign in

Topics

#Azure DevOps#Service Connections#Role-Based Access Control#Principle of Least Privilege

Full AZ-400 Practice Browse All AZ-400 Questions