nerdexam
Microsoft

AZ-400 · Question #527

You use Azure Pipelines pipeline to build and deploy an app named App1. You need to ensure that before App1 is deployed, all the code for the app passes a security validation by using a custom tool. W

The correct answer is A. Add a status check to the policies of the branch used by your company's development. Explanation Option A is correct because adding a status check to the branch policies of the development branch enforces a gate that requires the custom security validation tool to pass before any code can be merged or deployed - this directly integrates external security checks i

Submitted by andres_qro· Mar 6, 2026Design and implement build and release pipelines

Question

You use Azure Pipelines pipeline to build and deploy an app named App1. You need to ensure that before App1 is deployed, all the code for the app passes a security validation by using a custom tool. What should you do?

Options

  • AAdd a status check to the policies of the branch used by your company's development
  • BAdd a status check to the policies of the main branch.
  • CAdd a service hook to the project.
  • DLimit the job authorization scope to the current project for all the release pipelines.

How the community answered

(16 responses)
  • A
    69% (11)
  • B
    6% (1)
  • C
    6% (1)
  • D
    19% (3)

Explanation

Explanation

Option A is correct because adding a status check to the branch policies of the development branch enforces a gate that requires the custom security validation tool to pass before any code can be merged or deployed - this directly integrates external security checks into the pipeline workflow as a required pre-deployment condition.

Option B is wrong because the question specifies the branch used by your company's development team (a feature or development branch), not the main branch; applying the check to main would be too late in the workflow and misses where the validation should occur.

Option C is wrong because a service hook is used to trigger external services in response to pipeline events (like notifications), not to enforce a blocking security gate that must pass before deployment proceeds.

Option D is wrong because limiting the job authorization scope is a security measure that restricts which resources a pipeline job can access - it has nothing to do with running a custom security validation tool before deployment.

Memory Tip

Think of branch policies + status checks as bouncers at the door - they won't let code through (merge/deploy) until the custom tool gives the green light. The key phrase "before deployment" + "custom tool" always points to status checks on branch policies.

Topics

#Azure Pipelines#Branch Policies#Security Validation#Status Checks

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice