ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 7 question 40 discussion

Actual exam question from Microsoft's AZ-400
Question #: 40
Topic #: 7
[All AZ-400 Questions]

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You are configuring a build pipeline in Azure Pipelines that will include a task named Task1. Task1 will authenticate by using an Azure AD service principal.
Which three values should you configure for Task1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. the tenant ID
  • B. the subscription ID
  • C. the client secret
  • D. the app ID
  • E. the object ID
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by wblom at Nov. 5, 2020, 8:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wblom
Highly Voted 3 years, 6 months ago
Should be A. the tenant ID D. the app ID C. the client secret
upvoted 87 times
tom999
3 years, 2 months ago
From https://azuredevopslabs.com/labs/devopsserver/azureserviceprincipal/ (see also the screenshots there) ... 4. Run "az ad sp create-for-rbac --name ServicePrincipalName" 5. Azure will generate an appID, which is the Service principal client ID used by Azure DevOps Server. It will also generate a strong password, which is the Service principal key. The final value of interest is the tenant, which is the Tenant ID... 6. Execute "az account show" 7. The id is the Subscription ID you need to create the service connection. The name is the Subscription name you need. >> I validated this approach . >> Conclusion: The given answer ABD is correct. It is a bit confusing because the fields in Azure Devops "Create service connection" have different names than in the CLI output. But there is no "client secret" and no "object id".
upvoted 27 times
monniq
2 years, 12 months ago
This answer is well supported, and most legit.
upvoted 5 times
...
...
kamyrkon
2 years, 1 month ago
Correct, in task1 we can use powershell for connection, so could use Tenant ID, App ID, secret https://docs.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-7.3.0#sign-in-with-a-service-principal
upvoted 1 times
...
...
kumardeb
Highly Voted 3 years, 5 months ago
A. the tenant ID C. the client secret D. the app ID
upvoted 14 times
...
Dankho
Most Recent 4 months, 1 week ago
Selected Answer: ACD
Service Principal requires manual management of credentials such as client secret or cert. A Managed Identity doesn't. Answer must include a client secret.
upvoted 1 times
...
ieboaix
8 months, 3 weeks ago
ABD verified
upvoted 3 times
...
yana_b
9 months ago
Answer and its explanation are correct, as in Az DevOps we have to input the fileds listed in the explanation. However, the Service principal ID in Az Devops is actually the app ID used for creating the service rpincipal. So when you follow the steps from this link https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure ti fill in the service principal ID you have to paste there the appID -> see Task 2, point 5 of this lab https://azuredevopslabs.com/labs/devopsserver/azureserviceprincipal/
upvoted 1 times
...
BuddhiK
1 year, 4 months ago
I think ABD is correct. If you deploy with SP it will not asked secret when deploying through Azure Pipelines. But if you are deploying through PowerShell you have define secret and app ID. So for this answer should be ABD. Below are the steps for PS deployment: 1. Define tenant 2. Define Subscription 3. Provide App registration details .(APP ID and Password) For Azure Pipeline 1. Tenant is already defined 2. APP ID or SPN 3. Subscription ID
upvoted 2 times
...
Atos
1 year, 7 months ago
The Azure Resource Manager service connection asks for the following config: A. the tenant ID B. the subscription ID C. the client secret D. the app ID To test an azure service principal you will need 1. Service principal application ID. 2. Service principal key. 3. Your Azure AD tenant ID. Therefore i'd be inclined to put: A. the tenant ID C. the client secret D. the app ID
upvoted 3 times
...
giuliohome
1 year, 8 months ago
Selected Answer: ACD
From https://docs.microsoft.com/en-us/learn/modules/authenticate-azure-deployment-pipeline-service-principals/6-exercise-authorize-service-principal-deployments?pivots=powershell#deploy-the-bicep-file-by-using-the-service-principal ...you'll simulate what a pipeline does to deploy ... Use the service principal's application ID and key (so D and C) to get the credentials. Then, to sign in by using the service principal's credentials, you are asked also the tenant id (A)
upvoted 2 times
...
syu31svc
1 year, 8 months ago
Selected Answer: ABD
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops Enter the information about your service principal into the Azure subscription dialog textboxes: Subscription ID ABD is the answer
upvoted 1 times
syu31svc
1 year, 8 months ago
Sorry after reviewing it should be ACD https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals "When you've completed the app registration, you've a globally unique instance of the app (the application object) which lives within your home tenant or directory. You also have a globally unique ID for your app (the app or client ID). In the portal, you can then add secrets or certificates and scopes to make your app work, customize the branding of your app in the sign-in dialog, and more."
upvoted 1 times
...
...
tjeerd
1 year, 9 months ago
Selected Answer: ACD
On exam 20220727. Question was phrased a little different there, with combinations of the different components.
upvoted 2 times
...
Manjubk
1 year, 9 months ago
Selected Answer: ABD
Go to Azure Devops-->Projects Settings-->Service Connection. Then you will see the ✑ Tenant ID ✑ Subscription ID ✑ Subscription name ✑ Service principal ID
upvoted 2 times
...
Redimido
1 year, 10 months ago
Selected Answer: ABD
Having those, anyone can impersonate as your app.
upvoted 1 times
...
Eltooth
1 year, 11 months ago
Selected Answer: ACD
A C & D are correct answers.
upvoted 2 times
...
Lucario95
1 year, 11 months ago
Selected Answer: ACD
Should be A, C, D
upvoted 2 times
...
UnknowMan
1 year, 12 months ago
Selected Answer: ACD
Acd is the correct answer
upvoted 2 times
...
UnknowMan
1 year, 12 months ago
A. the tenant ID C. the client secret D. the app ID
upvoted 2 times
...
rdemontis
2 years, 1 month ago
Selected Answer: ABD
IMHO answer is correct. To allow a build pipeline task to authenticate to AAD with an existing Service Principal you have to follow the procedure "Create an Azure Resource Manager service connection with an existing service principal" in the documented below https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago