nerdexam
Microsoft

AZ-400 · Question #523

Drag and Drop Question You have an Azure Repos repository named Repo1 that is used for source control. You need to configure code scanning for Repo1. Which three tasks should the pipeline perform in s

The correct answer is Advanced Security Initialize CodeQL; Advanced Security AutoBuild; Advanced Security Perform CodeQL Analysis. GitHub Advanced Security for Azure DevOps requires a specific three-step CodeQL scanning pipeline sequence: first, 'Advanced Security Initialize CodeQL' sets up the CodeQL environment and database, then 'Advanced Security AutoBuild' compiles the code so CodeQL can trace the build

Submitted by kim_seoul· Mar 6, 2026Design and Implement Security (Configure pipelines to use security scanning tools such as GitHub Advanced Security and CodeQL)

Question

Drag and Drop Question You have an Azure Repos repository named Repo1 that is used for source control. You need to configure code scanning for Repo1. Which three tasks should the pipeline perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order. Answer:

Exhibit

AZ-400 question #523 exhibit

Answer Area

Drag items

Advanced Security Dependency ScanningAdvanced Security Initialize CodeQLAdvanced Security AutoBuildMicrosoft Purview ScanAdvanced Security Perform CodeQL Analysis

Correct arrangement

  • Advanced Security Initialize CodeQL
  • Advanced Security AutoBuild
  • Advanced Security Perform CodeQL Analysis

Explanation

GitHub Advanced Security for Azure DevOps requires a specific three-step CodeQL scanning pipeline sequence: first, 'Advanced Security Initialize CodeQL' sets up the CodeQL environment and database, then 'Advanced Security AutoBuild' compiles the code so CodeQL can trace the build process and understand code structure, and finally 'Advanced Security Perform CodeQL Analysis' runs the actual security queries against the compiled CodeQL database to detect vulnerabilities. This sequence is mandatory because each step depends on the output of the previous one - analysis cannot occur without initialization and a successful build trace.

Topics

#GitHub Advanced Security#Azure DevOps#CodeQL#Pipeline Configuration

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice