View AZ-400 Exam Questions

Q: 1

DRAG DROP You use an Azure pipeline to build a .NET app that has NuGet dependencies. You need to ensure that the pipeline caches required NuGet packages. How should you configure thepipeline? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Microsoft AZ 400 question

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

$(Agent.Id)
$(Agent.OS)
$(Build.ArtifactStaging Directory)
$(Build.SourcesDirectory)/**/packages.lock.json'
$(NUGET_PACKAGES)
cache/packages

Q: 2

HOTSPOT Your company uses Git as a source code control system for a complex app named App1. You plan to add a new functionality to App1. You need to design a branching model for the new functionality. Which branch lifetime and branch time should you use in the branching model? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

Your Answer

Discussion

Chloe S. Mar 3, 2026 11:01 am

Is anyone using long-lived branches for this kind of work anymore, or is it always short-lived feature branches now? Just trying to see if there's a situation where that's not the best approach.

SanjayR Feb 28, 2026 11:49 am

Short-lived feature branch here. Main reason is you only need the branch until the new functionality is done, then merge back to main. Long-lived branches are mostly for major ongoing streams or releases, which isn't the case. Sometimes people pick release branch by mistake but that's not for features. Pretty sure this matches what you'd see in real projects.

Drew P. Feb 17, 2026 5:02 am

Yeah, this is short-lived for lifetime and feature for type. Pretty standard for Git workflows.

Mia Q. Feb 14, 2026 11:10 am

Ugh, always these branching model questions. short-lived feature branch is what they want here.

Emma Feb 18, 2026 7:06 am

Wouldn't this be a solid case for making a short-lived feature branch? Seems like the normal pattern for adding new functionality in Git unless there's something unusual in the requirements.

Mia Q. Mar 6, 2026 12:24 am

Had something like this in a mock, and it was definitely about using a short-lived feature branch for new functionality. This setup lines up with agile workflows, makes merging less painful, and keeps the main branch stable. So for lifetime it's short-lived, for type it's feature. Pretty sure that's what they're after here. Agree?

AnitaY Feb 24, 2026 9:48 am

Makes sense to pick short-lived for the branch lifetime and feature for the type here.

Jack N. Mar 5, 2026 5:21 pm

short-lived feature branch

Taylor Z. Feb 22, 2026 6:52 am

Why wouldn't it be a short-lived feature branch in this scenario? Unless the new functionality was huge and needed to live across multiple releases, I don't see a case for anything else.

Reese Feb 27, 2026 7:52 pm

Really clear scenario, thanks for that. Would this be a short-lived feature branch model here?

Be respectful. No spam.

Q: 3

HOTSPOT Your company is building a new web application. You plan to collect feedback from pilot users on the features being delivered. All the pilot users have a corporate computer that has Google Chrome and the Microsoft Test & Feedback extension installed. Thepilot users will test the application by using Chrome. You need to identify which access levels are required to ensure that developers can request and gather feedback from the pilot users. The solution must use the principle of least privilege. Which access levels m Azure DevOps should you identify? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

Your Answer

Discussion

PracticalLead7970 Feb 28, 2026 9:17 pm

Basic for both. Saw this trap on a similar question where Stakeholder looks ok for pilot users, but with the Chrome extension and full feedback workflow, they also need Basic. I think that's right here but open to discussion.

Vikram N. Mar 6, 2026 3:05 pm

Extension in Connected mode flips it, so both need Basic access.

Riley Mar 4, 2026 1:52 pm

Basic for both roles here.

FocusedAnalyst8783 Feb 26, 2026 11:27 pm

Why not Stakeholder for pilot users? The extension in connected mode seems to require Basic, Stakeholder is a trap here.

Drew R. Mar 3, 2026 3:49 pm

Basic for both roles. Not certain if Stakeholder could ever work for the extension, but here Basic fits the least privilege requirement.

Ben I. Feb 25, 2026 1:15 am

Stakeholder for pilot users should be enough. Saw something similar on an official practice test and docs.

Leo Z. Mar 6, 2026 1:28 pm

Basic for both developer and pilot user is my pick here. The Test & Feedback extension in connected mode cuts off the Stakeholder access workaround, so Basic is the minimum needed. Pretty sure that's in line with least privilege for this scenario. Let me know if I missed something.

CuriousConsultant1651 Feb 27, 2026 9:33 pm

Not sure I'd pick Basic for the pilot users, Stakeholder seems like a trap here since it's almost enough for feedback.

Anita Mar 1, 2026 1:04 am

Is Stakeholder for pilot users not enough in this scenario since they're just giving feedback, or is Basic still required here?

QuietArchitect1329 Feb 27, 2026 3:51 am

I think both should have Basic. Stakeholder is too limited for collecting feedback via the extension.

Be respectful. No spam.

Q: 4

DRAG DROP You need to replace the existing DevOps tools to support the planned changes. What should you use? To answer, drag the appropriate tools to the correct targets. Each tool may be usedonce, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE:Each correct selection is worth one point.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

Azure Boards
Azure Artifacts
GitHub Actions
Azure Pipelines
Azure Test Plans
GitHub repositories

Discussion

Ajay G. Feb 20, 2026 4:01 am

Trello: Azure Boards, Bamboo: Azure Pipelines, BitBucket: GitHub repositories. This matches how the tools line up by function. I think that's what they're looking for but not 100% locked in, open to another view.

FocusedReviewer1142 Mar 4, 2026 10:59 am

Yeah, same here: Trello goes to Azure Boards, Bamboo to Azure Pipelines, BitBucket to GitHub repositories.

Quinn B. Mar 1, 2026 1:42 am

Trello -> Azure Boards, Bamboo -> Azure Pipelines, BitBucket -> GitHub repositories. Saw the same mappings in the official practice test. I think that's what MS expects here, but I'm open if someone saw something different.

Sanjay G. Feb 17, 2026 6:19 am

Trello to Azure Boards, Bamboo to Azure Pipelines, BitBucket to GitHub repositories. Official docs and AZ-400 labs match this.

NathanO Feb 16, 2026 8:06 am

Trello → Azure Boards, Bamboo → Azure Pipelines, BitBucket → GitHub repositories. I don’t think Azure Artifacts or Test Plans fit here, since they aren’t core replacements for those tools. Pretty sure this mapping is what MS wants but curious if anyone mapped BitBucket differently.

CuriousLearner2741 Feb 21, 2026 5:28 am

Trello → Azure Boards, Bamboo → Azure Pipelines, BitBucket → GitHub repositories. I don’t see how Azure Artifacts or Test Plans would fit here since they don’t match what those tools do. Sometimes folks mix up BitBucket with Azure Repos, but since that’s not an option, GitHub repos is the correct move. If anyone matched Bamboo with something else I’d be interested to hear why.

Casey N. Mar 1, 2026 12:47 pm

Trello: Azure Boards, Bamboo: Azure Pipelines, BitBucket: GitHub repositories. That's how I'd map it since each one lines up with the functionality of the tool it's replacing. Not 100% sure but this feels like the best fit for what they're asking.

Adam Q. Feb 20, 2026 11:25 pm

Trello -> Azure Boards, Bamboo -> Azure Pipelines, BitBucket -> GitHub repositories (seen this mapping on similar exam Qs).

Neha K. Feb 15, 2026 12:31 am

Trello: Azure Artifacts, Bamboo: GitHub Actions, BitBucket: Azure Test Plans

Luke Z. Feb 23, 2026 10:22 am

Trello → Azure Boards, Bamboo → Azure Pipelines, BitBucket → GitHub repositories. I don't think Bamboo matches anything but Pipelines here. BitBucket could trick some people if they expect Repos, but that's not an option. Nearly certain but someone may see it another way.

Be respectful. No spam.

Correct Answer:

Answer Areas Trello: A. Azure Boards Bamboo: D. Azure Pipelines BitBucket: F. GitHub repositories

Explanation

Trello is a project management tool known for its Kanban boards. Azure Boards is the direct Azure DevOps equivalent, providing Kanban boards, backlogs, and work item tracking to replace Trello's functionality.

Bamboo is a Continuous Integration and Continuous Delivery (CI/CD) server. Azure Pipelines is the dedicated CI/CD service within Azure DevOps used to build, test, and deploy applications, serving as the standard replacement for Bamboo in Microsoft-centric migrations (as specified in standard AZ-400 case studies like Woodgrove Bank).

BitBucket is a web-based version control repository hosting service. GitHub repositories is the correct replacement for source control hosting in this scenario, as Azure Repos is not provided as an option and the exam context frequently involves migrating source code to GitHub while using Azure DevOps for management and pipelines.

References

Microsoft Learn - Azure Boards: "Azure Boards provides software development teams with the interactive and customizable tools they need to manage their software projects." (Functionally replaces Trello).

Microsoft Learn - Azure Pipelines: "Azure Pipelines automatically builds and tests code projects to make them available to others." (Functionally replaces Bamboo).

Microsoft Learn - Woodgrove Bank Case Study (AZ-400): "Planned Changes: Implement Azure DevOps for project tracking [Azure Boards]. Centralize source code control in private GitHub repositories [GitHub repositories]. Implement Azure Pipelines for build pipelines and release pipelines [Azure Pipelines]."

Q: 5

You have a project in Azure DevOps named Project1. Project1 contains a build pipeline named Pipe1 that builds an application namedAppl. You have an agent pool named Pool1 that contains a Windows Server 2019-based self-hosted agent. Pipe1 uses Pool1. You plan to implement another project named Project2. Project2 will have a build pipeline named Pipe2 that builds an application namedApp2. App1 and App2 have conflicting dependencies. You need to minimize the possibility that the two build pipelines will conflict with each other. The solution must minimize infrastructure costs. What should you do?

Options

Discussion

Ishaan T. Mar 3, 2026 9:10 pm

Option A. not C. Adding another agent would cost more, trap option if you aren't careful.

Ishaan O. Feb 19, 2026 1:51 am

A. Container jobs isolate dependencies on one agent, so no extra infra needed. Pretty sure that's the cheapest fix here.

Sofia E. Feb 22, 2026 3:49 am

A B is a distraction since switching OS doesn’t solve conflicting dependencies. Container jobs keep builds isolated on same agent and are cheaper than adding more agents.

Olivia M. Mar 3, 2026 1:42 pm

Its A, official docs stress container jobs for isolation without extra infra. Seen similar on practice exams.

Zoe B. Mar 5, 2026 11:55 pm

Has anyone checked the official docs or tried labs for container jobs in Azure DevOps for this scenario?

Morgan N. Mar 4, 2026 12:47 pm

A imo, saw something super similar in a practice test. Container jobs give isolation without any extra cost.

Casey M. Feb 25, 2026 10:35 am

I don't think it's C here. Having two agents would isolate, but the question wants to minimize cost. A (container jobs) lets you use one agent and keep dependencies separate. Anyone pick C for a different reason?

Aaron X. Feb 21, 2026 4:55 am

A tbh

Jordan Feb 22, 2026 11:59 pm

Its A since container jobs let you isolate dependencies without extra agents, so cheaper overall. I think that's what the question's after but let me know if you see it different.

Luke Feb 24, 2026 9:16 am

Not C, definitely A in this scenario. Adding another agent (C) bumps up costs, which the question wants to avoid. Container jobs (A) let both pipelines run isolated on one agent. Saw a similar trick on some practice sets.

Be respectful. No spam.

Correct Answer:

Explanation

The most effective solution is to use container jobs. By configuring each pipeline to run its job within a container, you ensure a clean, isolated environment for every build. The container provides a consistent runtime with specific dependencies, which is created at the start of the job and discarded upon completion. This prevents the conflicting dependencies of App1 and App2 from interfering with each other on the shared, self-hosted agent. This approach utilizes the existing agent, thereby adhering to the requirement of minimizing infrastructure costs.

Why Incorrect

B. Change the self-hosted agent to use Red Hat Enterprise Linux (RHEL) 9.

Changing the agent's operating system does not solve the underlying problem of shared state and potential dependency conflicts between different build jobs running on the same machine.

C. Add another self-hosted agent.

This would solve the isolation problem but would directly violate the requirement to minimize infrastructure costs, as it involves provisioning and maintaining a new virtual machine.

D. Add a Docker Compose task to the build pipelines.

Docker Compose is designed for defining and running multi-container applications. This is overly complex for isolating a single build job, for which a standard container job is the more direct and appropriate feature.

References

1. Microsoft Docs

Azure DevOps

"Container jobs": "Containers provide a lightweight abstraction over the host operating system. You can select the exact versions of operating systems

tools

and dependencies that your build requires. When you specify a container in your pipeline

the agent will first fetch and start the container. Then

each step of the job will run inside the container." This directly supports using containers for dependency isolation.

Source: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/container-jobs?view=azure-devops

Section: "Prerequisites" and "Single job".

2. Microsoft Docs

Azure DevOps

"YAML schema reference for Azure Pipelines": The official schema defines the container property for a job

which specifies the container image to use. This confirms that running a job in a container is a first-class

intended feature for controlling the build environment.

Source: https://learn.microsoft.com/en-us/azure/devops/pipelines/yaml-schema/jobs-job-container?view=azure-pipelines

Section: "jobs.job.container".

3. Microsoft Docs

Azure DevOps

"Agents": The documentation on self-hosted agents implies that the agent's state is persistent. "If you're running your pipelines on self-hosted agents

you can incrementally improve performance by doing incremental builds and caching... However

because the state of the agent is preserved between runs

this can also cause problems." This highlights the exact problem that container jobs solve by providing an ephemeral

clean environment for each run.

Source: https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops

Section: "Clean".

Q: 6

DRAG DROP You have a GitHub organization. You ate creating a GitHub Actions workflow. You need to perform authenticated AP1 requests by using a GitHub app name App1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

Create an app manifest.
Generate an installation access token.
Register App1 and store the app ID as a GitHub Actions secret.
Generate a private key and store the key as a secret.
Install App1 in your organization.
Generate a JSON Web Token (JWT).

Discussion

Jamie J. Feb 22, 2026 7:28 am

I remember a similar scenario from labs on a practice test, sequence is: Register App1 and store app ID, generate private key as secret, install App1 in org, then generate installation access token. That hits each setup stage for GitHub Apps with Actions. I think that's right here but let me know if anyone saw it different on their exam!

Grace R. Feb 22, 2026 6:58 am

Register App1 and store the app ID, generate a private key as secret, install App1 in org, generate installation access token.

Jason Y. Feb 18, 2026 10:21 pm

Register App1 and store app ID, then private key secret, install App1, lastly generate installation access token. That fits what I've seen in the docs, but correct me if I missed a step!

HannahN Feb 16, 2026 1:22 am

Register App1 and store app ID, then generate private key, install App1 in the org, finally generate installation access token. That's the order from similar practice questions, pretty sure it's right but open if anyone disagrees.

Emma S. Feb 22, 2026 9:44 am

Saw this pop up on a practice exam, order matches: Register App1 and store app ID, generate private key, install in org, then generate installation access token. That's what worked for me but correct me if I'm wrong.

PracticalTester2906 Mar 2, 2026 1:05 am

Kinda tricky, if the question listed JWT in the sequence then you'd need to slip that step right after generating the private key. But here it's just register App1 and store app ID, generate private key as secret, install in org, then get installation access token. Happened on a mock once-tiny change flips order.

Mason Y. Feb 28, 2026 8:41 am

Yeah, you start with registering App1 and storing the app ID, then generate the private key as a secret, install App1 in the org, and finally generate the installation access token. Pretty sure that’s the usual GitHub App flow for Actions.

Maya G. Mar 3, 2026 6:29 am

Same order as most GitHub Apps setups: Register App1 and save the app ID, generate the private key and store as a secret, install App1 to your org, then generate the installation access token. That lines up with what I've done in practice, but if JWT was in the list, might need to adjust. Does this make sense?

Maya Feb 22, 2026 9:07 pm

Register App1 and store app ID, then generate private key as secret, install App1 in org, finally generate installation access token. Only catch is if they wanted JWT explicitly before token, that could adjust the order in some rare variants.

Avery E. Feb 20, 2026 10:52 pm

Generate a JWT, register App1 and store app ID, generate private key as secret, install App1.

Be respectful. No spam.

Correct Answer:

Answer Areas Target 1: C. Register App1 and store the app ID as a GitHub Actions secret. Target 2: D. Generate a private key and store the key as a secret. Target 3: E. Install App1 in your organization. Target 4: B. Generate an installation access token.

Explanation

To perform authenticated API requests using a GitHub App in a workflow, you must follow a specific setup and runtime sequence:

Register: First, you must create (register) the GitHub App to establish its identity and obtain an App ID. This ID is required for authentication and should be stored as a secret.
Credentials: You must generate a private key for the registered app. This key is used to sign the JSON Web Tokens (JWTs) that prove the app's identity. This must also be stored as a secret.
Install: The app must be installed in the organization or repository. This grants the app actual access permissions and generates an installation_id. Without installation, the app has no scope to act.
Token Generation: Finally, within the workflow (runtime), you exchange the credentials (JWT) for an installation access token. This token is the actual credential used to perform authenticated API requests against the repository.

References

GitHub Docs: Authenticating with GitHub Apps

Section: Authenticating as an installation

Quote: "To authenticate as an installation, you must generate an installation access token... You can use an installation access token to authenticate API requests."

URL: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation

GitHub Docs: Making authenticated API requests with a GitHub App in a GitHub Actions workflow

Section: Prerequisites

Quote: "You must have created a GitHub App... generated a private key... installed the app on your repository."

URL: https://docs.github.com/en/actions/security-for-github-actions/security-guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow

Q: 7

DRAG DROP Your company plans to deploy an application to the following endpoints: • Ten virtual machines hosted in Azure. • Ten virtual machines hosted in an on-premises data center environment All the virtual machines have the- Azure Pipelines agent. You need to implement a release strategy for deploying the application to the endpoints. What should you recommend using to deploy the application to the endpoints? To answer, drag the appropriate components to the correct endpoint. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or soon to view content NOTE: Each correct selection n worth one point.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

A deployment group
A management group
A resource group
Application roles

Discussion

Luna H. Mar 1, 2026 4:03 pm

Makes sense to use deployment groups for both the Azure and on-prem VMs here since all have the Pipeline agent. Management group/resource group don’t work across hybrid, and deployment group fits this setup. Pretty sure this is what Microsoft wants.

Daniel T. Mar 3, 2026 11:30 pm

Ten Azure VMs: deployment group, On-prem VMs: deployment group. Resource group is tempting but only makes sense for Azure resources.

Ryan Mar 6, 2026 2:35 pm

Both Azure and on-prem VMs: deployment group for each. That's what fits if all have agents, right?

Ben E. Feb 16, 2026 8:58 am

Ten virtual machines hosted in Azure → A deployment group, Ten virtual machines hosted in an on-premises data center environment → A deployment group

Skyler W. Feb 26, 2026 3:55 pm

Tired of the group naming in Azure DevOps, but yeah-deployment group for both Azure and on-prem VMs.

ChrisT Mar 2, 2026 9:40 pm

Makes sense to use deployment group for both Azure and on-prem VMs since they've all got the pipeline agent installed. Resource groups wouldn't cover the on-prem machines, and management/app roles don't handle deployment targeting. Pretty sure this is the right mapping. Anyone see it differently?

Ten virtual machines hosted in Azure → A deployment group
Ten virtual machines hosted in an on-premises data center environment → A deployment group

Alex C. Feb 27, 2026 8:33 pm

Seriously wish they'd stop mixing up all these 'groups', but it's deployment group for both endpoints here.

AnitaE Feb 23, 2026 1:19 pm

Ten Azure VMs -> deployment group, On-prem VMs -> deployment group. All have agents so both get grouped the same way here.

Ben S. Feb 15, 2026 5:14 am

I don’t think deployment group is right for on-prem here. Resource group for both Azure and on-prem makes more sense to me.

Olivia C. Feb 25, 2026 2:17 pm

Deployment group for Azure VMs, resource group for on-prem VMs.

Be respectful. No spam.

Correct Answer:

Answer Areas Ten virtual machines hosted in Azure: A. A deployment group Ten virtual machines hosted in an on-premises data center environment: A. A deployment group

Explanation

Deployment groups are the correct recommendation for both scenarios because the question specifies that all virtual machines have the Azure Pipelines agent installed. A deployment group is a logical set of deployment target machines (both cloud and on-premises) with agents installed on each one. It allows you to organize servers into environments (e.g., "Production") and execute deployment tasks on all grouped machines in parallel.

While Resource groups are used to manage Azure resources, they do not apply to on-premises environments and are not the primary mechanism for coordinating agent-based application deployments within Azure Pipelines. Management groups are for governance scope, and Application roles relate to security/access control, not deployment orchestration.

References

Microsoft Learn. (2022). Provision deployment groups. Azure DevOps. Retrieved from https://learn.microsoft.com/en-us/azure/devops/pipelines/release/deployment-groups/

Quote: "A deployment group is a logical set of deployment target machines that have agents installed on each one. Deployment groups represent the physical environments; for example, 'Dev', 'Test', 'UAT', and 'Production'."

Relevance: Confirms that deployment groups are the organizational unit for machines with agents.

Microsoft Learn. (2023). Deployment group jobs. Azure DevOps. Retrieved from https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-group-phases

Quote: "A deployment group job runs on the machines in a deployment group... You can specify the deployment group and the tags to filter the machines."

Relevance: Validates the use of deployment groups for executing deployment strategies across multiple endpoints.

Q: 8

DRAG DROP You have a project in Azure DevOps named Project1 that has a release pipeline in Azure Pipeline named ReleaseP1. you need toensure that when a new release is generated for ReleaseP1, a new release note document is created. The release notes must contain new features and bug fixes. Which three actions should you perform in sequence? To answer, move the appropriate actions from the Most of actions to the answer area and arrange them r the correct order. NOTE: More than one order of answer choices is correct You will receive credit for any of the correct orders you select

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

Add a dashboard widget that retrieves the feature and bug fix information.
Create a PowerShell task in ReleaseP1 that writes the retrieved data to a markdown file.
Create a service principal.
Create a personal access token (PAT).
Create a query that retrieves the feature and bug fix information.

Discussion

Daniel A. Feb 26, 2026 5:55 am

Actually, mapping should be: Create a query to pull features/bugs, then create the PAT for auth, then use a PowerShell task to write to markdown. Widget isn't needed if the requirement is generating a file. Anyone think otherwise?

Nathan F. Feb 17, 2026 5:07 am

Yeah, dashboard widget first (to fetch info), then create PAT so the script can access the data, and finish by adding a PowerShell task to actually build the markdown file. Pretty sure that covers the release note workflow here. If anyone thinks using the query step changes things let me know.

Quinn V. Feb 28, 2026 8:25 pm

Add dashboard widget, then create PAT, then PowerShell task. Looks like the flow they're testing.

CuriousSec9691 Feb 21, 2026 2:37 am

Add dashboard widget, create PAT, then PowerShell task is the order here.

PreciseMentor2332 Feb 26, 2026 8:57 pm

Tricky detail here: you actually need to create the query first (to define what counts as features/bugs), then set up a PAT for script auth, and last add the PowerShell task. Widget isn’t for outputting to markdown. Query -> PAT -> PowerShell task is the sequence I’ve seen in labs. If someone got it working by starting with the widget let me know, but pretty sure this is it.

Neha G. Feb 16, 2026 1:22 pm

Pretty sure the right flow is: Create a query to get new features and bug fixes, then generate a PAT so the script can authenticate, then add a PowerShell task in ReleaseP1 to write it all out as markdown. This matches how release notes are typically automated. Let me know if you see it differently!

Create a query for features/bugs
Create PAT
Create PowerShell task to write markdown file

CarefulLead7717 Mar 4, 2026 7:59 pm

Nah, I don't think starting with the widget is right. For generating release notes as a markdown file, you want to create the query first, then set up the PAT for API access, and finally use a PowerShell task to write the file. Widget is more about dashboard display, which feels like a trap here.

Nathan Feb 24, 2026 5:06 pm

I might swap the order a bit, so Add dashboard widget, then PAT, then PowerShell task.

Anita Feb 27, 2026 5:55 pm

Add dashboard widget, then create PAT, then PowerShell task.
Widget as first step looks right to me-seems like the intention is to fetch and show info before automating the file creation. PAT then script after makes sense if you want it all connected. I might be missing a trick with the query step but this way lines up with similar practice tests. Maybe the widget is a trap but I think this order works. Agree?

Sean Feb 26, 2026 7:01 am

I think it should be: Add dashboard widget, then PAT, then PowerShell task. Not 100% sure, anyone disagree?

Be respectful. No spam.

Correct Answer:

Answer Areas Target 1: A. Add a dashboard widget that retrieves the feature and bug fix information. Target 2: D. Create a personal access token (PAT). Target 3: B. Create a PowerShell task in ReleaseP1 that writes the retrieved data to a markdown file.

Explanation

To programmatically generate release notes that include specific work items (features and bugs), you must follow this logical workflow:

Define the Data (Query): First, you must create a Work Item Query in Azure Boards (e.g., using WIQL) to identify exactly which items (e.g., Work Item Type = Bug/Feature AND State = Closed) should be included in the release notes.
Authenticate (PAT): To retrieve this data from a script running in a pipeline, you need to authenticate against the Azure DevOps REST API. While the System.AccessToken is a modern alternative, Personal Access Tokens (PATs) are the standard mechanism referenced in these exam scenarios for authenticating custom PowerShell scripts to the Azure DevOps instance.
Execute (PowerShell Task): Finally, you configure a PowerShell task in the release pipeline. This script utilizes the PAT for authentication and the Query ID to fetch the relevant work items via the REST API, processes the JSON response, and writes the formatted content to a markdown file.

References

Microsoft Learn - Azure DevOps REST API:

Documentation on how to interact with Azure DevOps resources (like Work Items) using the REST API and authentication methods.

Reference: "To use the REST APIs, you need to authenticate... Personal access tokens (PATs) are an easy way to get started."

Microsoft Learn - Define queries in Azure Boards:

Explains the necessity of creating queries to filter work items (Bugs/Features) which serves as the data source for the API call.

Reference: "You can use the Query Editor to define a flat list query... to list work items."

Microsoft Learn - PowerShell task:

Describes using the PowerShell task to run scripts within a pipeline, which is the vehicle for generating the file.

Reference: "Use this task to run a PowerShell script... on Windows, macOS, or Linux."

Q: 9

DRAG DROP You have a protect in Azure DevOps. You need to associate an automated testto a test case. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Drag & Drop

Enable JavaScript to use the Drag & Drop feature.

Create a test project.
Create a work item.
Debug the project.
Check in a project to the Azure DevOps repository.
Add the automated test to a build pipeline.

Discussion

Anita S. Mar 5, 2026 6:46 pm

Create a test project → Check in the project to Azure DevOps → Add the automated test to a build pipeline.

Ava E. Feb 25, 2026 12:21 pm

Create a test project → Check in the project → Add the automated test to a build pipeline. Had something like this in a mock and this order matched their process, pretty sure that's it.

Sean I. Feb 17, 2026 1:44 am

Nah, 'Create a work item' is the trick-they throw that in on purpose but it's not needed for associating automated tests. You need to create the test project, check it into your DevOps repo, then hook it up in the build pipeline. Seen this order on similar exam dumps.

MethodicalTester8476 Mar 2, 2026 2:16 pm

Create a test project → Check in to Azure DevOps → Add to build pipeline. I don't think 'Create a work item' is needed here, that's a classic distractor on similar exam questions.

Skyler X. Feb 16, 2026 6:02 am

Create a work item → Create a test project → Add the automated test to a build pipeline. I think starting with the work item makes sense since you usually plan/tests before building them out, even if that's a bit of a trap here.

PracticalEngineer3794 Feb 21, 2026 3:19 pm

Not sure-I'd start with 'Create a work item' before the test project, then check in, then add the test. The work item feels like a common real-world first step even if it usually isn't needed here.

Ryan Mar 1, 2026 6:06 pm

Create a test project → Check in the project → Add to build pipeline. Not 100% but that matches how automated tests get associated from what I've seen.

Rowan M. Feb 15, 2026 6:57 am

Create a work item → Create a test project → Check in a project to the Azure DevOps repo. I thought you always start by tracking requirements, so work item first makes sense to me. Then set up the test project, and commit it for version control. Maybe not perfect but matches how I'd see it in practice exams or the official guide. If someone disagrees let me know.

Vikram J. Feb 20, 2026 12:28 pm

Always frustrating-I'd map it as Create a work item, Create a test project, Check in to repo.

Be respectful. No spam.

Q: 10

HOTSPOT You have an Azure subscription that contains an Azure key vault named Vault1. an Azure pipeline named Pipeline1, and an Azure SQL database named DB1. Pipeline1 is used to deploy an app that will authenticate to DB1 by using a password. You need to store the password in Vault1. The solution must ensure that the password can be accessed by Pipeline1. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Your Answer

Discussion

Jason U. Feb 23, 2026 12:14 am

Ugh, Azure loves to switch up between policies and RBAC in these questions. For this one, it's store as a secret and adjust access policies, since no RBAC requirement is mentioned. Seen similar on other practice sets.

Zoe V. Mar 1, 2026 6:06 am

Store as secret and update access policies, not RBAC. RBAC is a trap unless required specifically.

PreciseAuditor5412 Feb 23, 2026 3:42 pm

Store as a secret, not as a key or certificate, since passwords are best kept under "Secrets" in Key Vault. Granting Pipeline1 access via policies is the more typical approach unless it specifically asks for RBAC. I think some pick RBAC out of habit, but here policies fit the scenario.

Emma Feb 25, 2026 10:33 am

This was almost identical in my last mock. Store the password as a secret, then update the access policies so Pipeline1 can pull it. Makes sense since secrets are meant for things like passwords and policies are how you give specific access in Key Vault. Pretty sure that's what they're testing here, but open if anyone sees another angle.

Avery G. Feb 17, 2026 1:39 pm

Store as a secret, set access via policies.

Reese Mar 5, 2026 1:01 am

Tricky, but unless the question specifically calls for RBAC, storing as a secret and granting access via policies is right. RBAC only flips the answer if it’s required by scenario wording.

FriendlySec5328 Feb 17, 2026 4:37 pm

Store the password as a secret, then grant Pipeline1 access by updating Vault1's policies. That's the common way in Azure Key Vault for pipelines-secrets hold passwords, and policies control access. Saw similar steps in the official docs and practice labs.

Noah C. Feb 24, 2026 3:45 pm

Store as a secret, then update the access policies. That's all you need for this pipeline setup in the scenario.

Cameron I. Feb 14, 2026 1:15 pm

Watch for wording like "RBAC required." Without that, stick with storing as a secret and modifying the access policies.

Logan Feb 26, 2026 9:43 am

Store as secret, set permissions with access policies. Passwords should go in Key Vault secrets, not keys or certificates-tripped up on that first time too. RBAC is only needed if the question says so. Anyone pick RBAC here by mistake?

Be respectful. No spam.

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE