You need to implement a CI/CD pipeline that validates infrastructure changes before deployment to production. What approach integrates security and compliance validation?

  1. Use version control only without any automated validation
  2. Use Azure Pipelines with Terraform or ARM template validation, policy checks, and security scanning stages ✓
  3. Deploy infrastructure directly to production and monitor for issues
  4. Manually review infrastructure code before deployment

Correct answer: Use Azure Pipelines with Terraform or ARM template validation, policy checks, and security scanning stages

Option B is correct because Azure Pipelines supports multi-stage pipelines where Terraform plan or ARM template validation, Azure Policy compliance checks, and security scanning tools such as Checkov or Microsoft Defender for DevOps can be integrated as stages before any production deployment, enforcing a shift-left security and compliance posture. Option A is wrong because using version control alone provides history and collaboration but performs no automated validation, policy enforcement, or security scanning on infrastructure changes. Option C is wrong because deploying directly to production and monitoring afterward violates the principle of preventing misconfigurations before they reach production, increasing blast radius and recovery costs. Option D is wrong because manual code review is error-prone and does not scale; it lacks the consistency, speed, and coverage of automated policy and security validation stages in a pipeline.

Topic: · azure pipelines, cicd, infrastructure as code, devsecops

Practice Microsoft Azure Solutions Architect (AZ-305) Questions Free