About This Flashcard Deck
This flashcard deck contains 5 cards covering key Security & Testing concepts for the AZ-400 exam. Practice DevSecOps and testing strategy concepts for AZ-400. Use active recall by attempting to answer each question before revealing the answer. Research shows that flashcard-based active recall is one of the most effective study techniques for certification exams.
Question
What is shift-left testing?
Click to reveal answer
Answer
Moving testing earlier in the development lifecycle (closer to the developer). Catches defects when they are cheaper to fix.
Click to flip back
All Security & Testing Flashcards
Q: What is shift-left testing?
A: Moving testing earlier in the development lifecycle (closer to the developer). Catches defects when they are cheaper to fix.
Q: What is the difference between SAST and DAST?
A: SAST analyzes source code without executing it (white-box). DAST tests a running application from the outside (black-box).
Q: What is an SBOM?
A: Software Bill of Materials: a comprehensive inventory of all components, libraries, and dependencies in a software artifact. Required for supply chain security.
Q: What are quality gates in a pipeline?
A: Automated checkpoints that block promotion if criteria are not met: code coverage thresholds, zero critical vulnerabilities, passing tests.
Q: How does Key Vault integrate with pipelines?
A: Variable groups link to Key Vault secrets. At pipeline runtime, secrets are fetched and injected as pipeline variables without exposing values in logs.
Effective Azure Flashcard Study Method
For Azure certifications, we recommend the spaced repetition approach: review these flashcards daily for the first week, then every other day for two weeks, then weekly until your exam date. Focus extra time on cards related to Azure service comparisons — understanding when to choose between similar services (e.g., App Service vs. AKS vs. Container Instances) is a common exam pattern.