SC-200 Certification Practice Question #94

Question

You have an Azure subscription named Sub1 and an Azure DevOps organization named AzDO1. AzDO1 uses Defender for Cloud and contains a project that has a YAML pipeline named Pipeline1.

Pipeline1 outputs the details of discovered open source software vulnerabilities to Defender for Cloud.

You need to configure Pipeline to output the results of secret scanning to Defender for Cloud.

What should you add to Pipeline1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Accepted Answer

Pipeline1 already emits open-source dependency results to Defender for Cloud via the MicrosoftSecurityDevOps@1 task; to add secret scanning you scope the task with `categories: 'secrets'`. In Azure Pipelines task syntax, task-specific arguments live under an `inputs:` block, so Box 1 (the parent key) is `inputs:` and Box 2 (the key paired with the `'secrets'` literal shown in the image) is `categories:`. MS Learn's Defender-for-Cloud MSDO extension guidance shows exactly this two-line addition (`inputs:` followed by `categories: '<value>'`), matching the IaC example which uses `categories: 'IaC'` — here the category value is `'secrets'`. The Highly Voted comment (👍 11) plus two corroborating comments all agree, so confidence is high. (Note: MSDO secret scanning/CredScan was deprecated in favor of GitHub Advanced Security for Azure DevOps, but the certification answer remains the inputs/categories YAML.)

More SC-200 practice questions