Designing and Implementing Microsoft DevOps Solutions — Question 79

You have an Azure subscription named Subscription1 that contains a custom Azure policy named Policy1. Policy1 is an audit policy that monitors naming convention compliance for the resources deployed to Subscription1.
You have a pipeline named Pipeline1 in Azure Pipelines. Pipeline1 deploys Azure Resource Manager (ARM) resources to Subscription1.
You need to ensure that the resources deployed by Pipeline1 comply with Policy1.
What should you add to Pipeline1?

Answer options

• A. a pre-deployment task that runs a security and compliance assessment
• B. a post-deployment task that runs a security and compliance assessment
• C. an ARM template deployment task to assign Policy1 to Subscription1
• D. an ARM template deployment task to deploy Policy1 to Subscription1

Correct answer: A

Explanation

The correct answer is A because adding a pre-deployment task for a security and compliance assessment allows for checking compliance with Policy1 before the resources are deployed. Options B, C, and D do not ensure compliance prior to deployment; B assesses compliance after deployment, while C and D refer to assigning or deploying the policy itself, which is not needed since the policy already exists.