📦 Container Strategy - AZ-400 Practice Questions

Implement container build strategies with Docker, container registries, Kubernetes, and Helm charts.

22Questions Available
1Exam Domains

Practice Containers Questions Now

Start a timed practice session focusing on Container Strategy topics from the AZ-400 question bank.

Start AZ-400 Practice Quiz →

AZ-400 Containers Question Bank (22 Questions)

Browse all 22 practice questions covering Container Strategy for the AZ-400 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Design and implement build and release pipelines

    A team manages a Kubernetes application with Helm charts stored in Azure Container Registry. Which Azure Pipelines task deploys a Helm chart from ACR to AKS?

    AKubectl apply task
    BHelmDeploy@0 task with command: upgrade, chart pointing to ACR OCI reference, and AKS service connection
    CDocker@2 task with Helm command
    DAzureCLI@2 running az aks install-cli

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  2. Question 2Design and implement build and release pipelines

    A pipeline builds a Docker image and pushes it to Azure Container Registry. The ACR credentials must not be hardcoded. Which Azure Pipelines feature stores and injects the credentials securely?

    APipeline YAML variables section
    BAzure Pipelines service connection to ACR (uses managed identity or service principal, no raw credentials in YAML)
    CAzure Key Vault task in the pipeline
    DRepository secrets in Azure Repos

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  3. Question 3Develop a security and compliance plan

    An engineer discovers that a Docker image in ACR contains a critical CVE. The image is used by 3 running services in AKS. What is the incident response process?

    APatch the vulnerability in the running containers
    BRebuild the image with a patched base, push to ACR, trigger redeployment of all 3 services, verify containers are updated, and verify vulnerability is resolved in the new image scan
    CBlock network access to the vulnerable services
    DWait for Microsoft to patch the base image

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  4. Question 4Design and implement build and release pipelines

    A pipeline needs to authenticate to Azure Container Registry to pull a base image during a Docker build without using admin credentials. Which approach is most secure?

    AEnable ACR admin user and store credentials in pipeline secrets
    BUse a service principal or managed identity assigned the AcrPull role on the ACR, referenced via a service connection
    CMake the ACR repository public
    DUse a PAT token for ACR authentication

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  5. Question 5Develop a security and compliance plan

    A company needs to ensure that their Docker images in Azure Container Registry do not contain known high/critical CVEs before being deployed. Which pipeline step implements this gate?

    AManual image review
    BContainer image scanning step using Trivy, Grype, or Microsoft Defender for Containers (ACR scanning), failing the pipeline on HIGH/CRITICAL findings
    CAzure Policy for AKS image compliance
    DDocker Scout in the pipeline

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  6. Question 6Design and implement build and release pipelines

    A team builds and deploys a Python Flask application using Azure Pipelines. They want to package the application as a Docker image and store it in Azure Container Registry. Which YAML pipeline sequence is correct?

    ABuild Python → Push to ACR → Build Docker image
    BDocker@2 buildAndPush (builds the Docker image from the Dockerfile, which installs Python dependencies, and pushes to ACR in one step)
    CPublish Python artifact → Docker@2 build → Push separately
    DUsePythonVersion → pip install → Docker push

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  7. Question 7Design and implement build and release pipelines

    A pipeline deploys to a Kubernetes cluster using Helm. The Helm chart values differ between staging and production. How should environment-specific values be managed in the pipeline?

    AEdit the Helm chart values.yaml for each deployment
    BUse separate values override files (values-staging.yaml, values-prod.yaml) passed to helm upgrade --values
    CHardcode environment values in the pipeline YAML
    DCreate separate Helm charts per environment

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  8. Question 8Design and implement build and release pipelines

    A pipeline has a stage that deploys to an Azure Kubernetes Service cluster. The deployment must be prevented from running if the AKS cluster's health check indicates it is unhealthy. Which Azure Pipelines feature provides this pre-deployment validation?

    APre-deployment approval
    BEnvironment pre-deployment gate querying Azure Monitor or AKS health endpoint
    CPipeline condition on the stage
    DBuild validation policy

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  9. Question 9Design and implement build and release pipelines

    A team uses Azure Container Registry and wants to automatically trigger an Azure Pipelines build whenever a new base image is published to ACR. Which feature enables this?

    AScheduled trigger in the pipeline
    BACR Tasks or Azure Container Registry webhooks triggering the pipeline via a service hook or Azure Event Grid → Logic App → Azure Pipelines REST API
    CDocker Hub webhooks
    DAzure Monitor alert on ACR events

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  10. Question 10Design and implement build and release pipelines

    A team deploys to AKS using a Kubernetes manifest. They want to validate the manifest against the AKS API server before applying it (dry run). Which kubectl command performs this?

    Akubectl apply -f manifest.yaml
    Bkubectl apply -f manifest.yaml --dry-run=server
    Ckubectl validate -f manifest.yaml
    Dkubectl diff -f manifest.yaml

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  11. Question 11Design and implement build and release pipelines

    A team wants to deploy their microservices to AKS using a rolling update strategy to ensure zero downtime during updates. What Kubernetes Deployment configuration achieves this?

    Astrategy: type: Recreate
    Bstrategy: type: RollingUpdate with maxUnavailable: 0 and maxSurge: 1
    Cstrategy: type: Canary (not a native K8s strategy)
    DNo strategy — Kubernetes defaults to Recreate

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  12. Question 12Design and implement build and release pipelines

    A DevOps engineer configures a YAML pipeline to deploy to Azure Kubernetes Service. The deployment uses kubectl apply. Which Kubernetes service connection type is recommended for AKS?

    AAzure Subscription service connection
    BKubernetes service connection using Azure Subscription authentication (uses AAD workload identity or service principal to authenticate to AKS)
    CDocker Registry service connection
    DGeneric service connection with kubeconfig

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  13. Question 13Design and implement build and release pipelines

    A company uses Azure Pipelines and wants to build a Docker image, run a container-based integration test, and then push the image to ACR — all in a single pipeline job. Which Docker Compose approach supports this?

    AThree separate pipeline steps using Docker CLI
    Bdocker-compose.test.yml defining the application and test containers; docker-compose up --exit-code-from runs tests; if successful, docker push the image
    CA custom script combining docker build, run, and push
    DBoth A and C are equivalent; A is more readable

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  14. Question 14Design and implement build and release pipelines

    A team deploys a containerised application to AKS. After deployment, they need to automatically test the application using a test runner that also runs as a container in the cluster. Which Kubernetes resource type runs a container to completion and reports the exit code?

    AKubernetes Pod
    BKubernetes Job — runs one or more pods to completion, returning the exit code of the container
    CKubernetes CronJob
    DKubernetes Deployment

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  15. Question 15Design and implement build and release pipelines

    A company uses Azure Pipelines and wants to scan their Docker images in ACR for known vulnerabilities automatically whenever a new image is pushed. Which Azure service provides automated vulnerability scanning on push to ACR?

    AAzure Container Apps health probes
    BMicrosoft Defender for Containers (formerly Defender for ACR) — scans images for CVEs automatically on push and periodically
    CAzure Monitor Container Insights
    DAzure Policy for container images

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  16. Question 16Design and implement build and release pipelines

    A YAML pipeline deploys to AKS and then runs a kubectl rollout status check. The pipeline should automatically roll back the Kubernetes deployment if the rollout does not succeed within 5 minutes. Which pipeline pattern implements this?

    AManual rollback after timeout
    BRun kubectl rollout status --timeout=5m and capture exit code; if non-zero, run kubectl rollout undo deployment/myapp in a subsequent step with condition: failed()
    CSet Kubernetes readiness probe timeout to 5 minutes
    DUse Azure Monitor alert for rollback

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  17. Question 17Design and implement build and release pipelines

    A team uses Helm for Kubernetes deployments and wants to use Helm chart tests to validate the deployment after it completes. Which pipeline step runs Helm tests?

    Akubectl test command
    Bhelm test <release-name> — runs Kubernetes Jobs defined in the chart's templates/tests/ directory and reports success/failure
    CHelm upgrade --test flag
    Dhelm lint for post-deployment testing

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  18. Question 18Design and implement build and release pipelines

    A team uses Azure Container Registry (ACR) and wants to implement a content trust policy that only allows signed images to be deployed. Which ACR feature provides this?

    AACR geo-replication
    BACR Content Trust with Notary v1 (legacy) or ACR's OCI Referrers API with Notation for image signature enforcement
    CACR Private Link
    DACR Tasks for building signed images

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  19. Question 19Design and implement build and release pipelines

    A team implements GitOps using Flux CD for their AKS cluster. A developer needs to understand why their Kubernetes manifest change hasn't been applied to the cluster after 30 minutes. Where should they look first?

    AAKS cluster events
    BFlux CD Kustomization and GitRepository status (kubectl get kustomizations, kubectl get gitrepositories -n flux-system) to check sync status, reconciliation errors, and last applied commit
    CAzure Pipelines pipeline run logs
    DAzure Monitor Container Insights

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  20. Question 20Design and implement build and release pipelines

    A team uses Azure Pipelines and wants to automatically update base Docker images (e.g., base OS patches) across all their service Dockerfiles. Which Azure Pipelines / ACR feature automates base image updates?

    AManual Dockerfile editing
    BACR Tasks with base image update triggers — automatically rebuilds and pushes dependent images when the base image is updated in ACR
    CAzure Container Apps revision triggers
    DAzure DevOps Dependabot for Dockerfiles

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  21. Question 21Design and implement build and release pipelines

    A company runs a high-availability application on AKS and wants to perform zero-downtime updates using Azure Pipelines. The application uses a Kubernetes Service and Deployment. After updating the image, what validation ensures the rollout succeeded before the pipeline completes?

    AWait for 5 minutes then check manually
    Bkubectl rollout status deployment/<name> --timeout=10m followed by a health check HTTP call to the service
    Ckubectl get pods --watch
    DAKS health check in Azure Portal

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz
  22. Question 22Develop a security and compliance plan

    A company's security team requires that all container images deployed to production come from a specific approved ACR, not from public Docker Hub. Which Azure control enforces this?

    AAzure Pipelines pipeline linting
    BAzure Policy (deny effect) or OPA Gatekeeper admission controller on AKS — blocks deployment of any pod whose image is not from the approved ACR registry
    CACR geo-replication
    DAzure Defender for Containers scanning

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-400 Quiz

Key Containers Concepts for AZ-400

dockercontainer registryacrkubernetesakshelmmulti-stage buildimage scanning

AZ-400 Containers Exam Tips

Container Strategy questions in AZ-400 are typically scenario-based. Focus on DevOps process maturity, release strategy, and secure delivery pipelines. Priority concepts: docker, container registry, acr, kubernetes, aks, helm.

What AZ-400 Expects

  • Anchor your answer in prefer automated, testable, and observable delivery mechanisms across environments.
  • Containers scenarios for AZ-400 are frequently mapped to Domain 3 (50-55%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Containers interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Expert) and vendor best practices.

High-Value Containers Concepts

  • Know the core Containers building blocks cold: docker, container registry, acr, kubernetes.
  • Review the edge-case features and limits for aks, helm; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Containers pairs with Pipelines, IaC in real deployment patterns.
  • For AZ-400, explain why the chosen Containers design meets reliability, security, and cost expectations better than the alternatives.

Common AZ-400 Traps

  • Watch for building pipelines without quality or security gates.
  • Questions in Design and Implement Build and Release Pipelines often include distractors that look correct for Containers but violate least-privilege, compliance, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Containers implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Design and Implement Build and Release Pipelines (50-55%) outcomes for AZ-400?
  • Can you explain security and access boundaries for Containers without relying on default-open assumptions?
  • Can you describe how Containers integrates with Pipelines and IaC during failure, scaling, and monitoring events?

Exam Domains Covering Containers

Domain 3Design and Implement Build and Release Pipelines50-55%

Related Resources

🎯 Free AZ-400 Mock Exam Pipelines Questions IaC Questions

More AZ-400 Study Resources

← AZ-400 Study Hub30-Day Study PlanFull Practice Exam