ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 4 question 48 discussion

Actual exam question from Microsoft's AZ-400
Question #: 48
Topic #: 4
[All AZ-400 Questions]

DRAG DROP -
You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2.
You need to ensure that Pipeline1 can deploy code successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2 does not have permission to webapp1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops
by SSTan at July 1, 2021, 5:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AhmedAbouhamed
Highly Voted 3 years, 1 month ago
the correct answer is below: 1- create a service principle 2- in project 1 create a service connection ( ARM / Manual ) and provide the service principle details created in step 1 3- in pipeline 1, authorize the service connection. this way only pipeline 1 will get access to the webapp and pipeline2 not. also, project permissions id for users and groups not for pipelines. I'm 100 % sure from the answer as it's repeated steps in all LABs.
upvoted 116 times
Dankho
5 months, 2 weeks ago
You make a valid point, "project permissions id for users and groups not for pipelines.". Authorize it is.
upvoted 1 times
...
icedog
1 year, 7 months ago
the thing is you can straight create a service connection and have it create the SPN automatically.
upvoted 1 times
...
hebertpena88
2 years, 4 months ago
I agree with you, I do this all the time
upvoted 5 times
...
[Removed]
3 years ago
I agree fully with you! Below comments are fake, i dont know why people upvote ..
upvoted 5 times
...
Load full discussion...
...
fanq10
Highly Voted 3 years, 5 months ago
The given answer is correct, verified in azure devops
upvoted 11 times
ZodiaC
3 years, 5 months ago
Just did it on Devops its correct
upvoted 3 times
...
...
ozbonny
Most Recent 9 months, 3 weeks ago
Given answer correct
upvoted 1 times
frvr
3 months, 2 weeks ago
Nope. The third option is Authorize.
upvoted 1 times
...
...
vsvaid
12 months ago
--Create service principle, Make sure to uncheck the box "Grant access permission to all pipelines". This way we have not granted permission to any pipeline --Click on the newly created service connection. Open security of security of pipeline. Under pipeline, add the pipeline you want .
upvoted 1 times
...
varinder82
1 year ago
Final answer after going through all the comments - Answer provided by examtopic is correct
upvoted 3 times
...
resonant
1 year, 4 months ago
Why not creating a system-assigned managed identity? Aren't managed identities superior to service principals and encouraged by Microsoft as long as you can use it? You create the managed identity for the Azure web app, don't you?
upvoted 3 times
Bear_Polar
1 year, 2 months ago
You cannot use managed identity with pipeline (except the case that you use VMs as build agents then you can use managed identity assigned to VMs). In this case, you have 2 options: 1. automatic authentication using signed-in credentials or 2. using custom service principle.
upvoted 4 times
...
...
icedog
1 year, 7 months ago
Suggested answer is correct. Configure the permissions part is explained here: https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=classic#secure-a-service-connection
upvoted 3 times
...
syu31svc
2 years, 4 months ago
1) Create service principal 2) Create service connection 3) Authorize connection https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=classic "To authorize a service connection for a specific pipeline, open the pipeline by selecting Edit and queue a build manually. You see a resource authorization error and an "Authorize resources" action on the error. Choose this action to explicitly add the pipeline as an authorized user of the service connection."
upvoted 5 times
...
Govcomm
2 years, 4 months ago
service principal project 1 --> service connection pipeline 1 --> authorize the service connection
upvoted 4 times
...
[Removed]
3 years ago
So when creating a SP in AZ DevOps manual or automatic (Security checkbox - Grant access permission to all pipelines) is not checked! Configuring permission in Project1 will not help here because permissions are for users and access to the project itself. So the most logical and correct answer would be to create SP in AD, then in Project1 create a Service Connection, and then in Project1 you authorize the SP, that way only pipeline where you authorised SP will be able to use it and not other.
upvoted 5 times
...
Aelx
3 years, 4 months ago
1. Create Service connection 2. Project level permissions 3. Authorize the service connection https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=classic
upvoted 5 times
...
Sandy_29
3 years, 5 months ago
I guess D B C any suggestion?
upvoted 2 times
...
SSTan
3 years, 5 months ago
what could be the answer?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel