Microsoft Azure DevOps Solutions v1.0 (AZ-400)

Page:    1 / 13   
Total 186 questions

Your company uses cloud-hosted Jenkins for builds.
You need to ensure that Jenkins can retrieve source code from Azure Repos.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a webhook in Jenkins.
  • B. Add the Team Foundation Server (TFS) plug-in to Jenkins.
  • C. Add the dev.azure.com hostname to your Jenkins account.
  • D. Create a personal access token in your Azure DevOps account.
  • E. Create a service hook in Azure DevOps.


Answer : BDE

Explanation:
B: Jenkins’ built-in Git Plugin or Team Foundation Server Plugin can poll a Team Services repository every few minutes and queue a job when changes are detected.
D: Use Azure DevOps/ Visual Studio Team Services to create an access token, and use th
E: For those who need tighter integration, Team Services provides two additional ways to achieve it: 1) the Jenkins Service Hook, and 2) Jenkins build and release tasks.)
Reference:
https://blogs.msdn.microsoft.com/devops/2017/04/25/vsts-visual-studio-team-services-integration-with-jenkins/ http://www.aisoftwarellc.com/blog/post/how-to-setup-automated-builds-using-jenkins-and-visual-studio-team-foundation-server/2044

DRAG DROP -
Your company has four projects. The version control requirements for each project are shown in the following table.


You plan to use Azure Repos for all the projects.
Which version control system should you use for each project? To answer, drag the appropriate version control systems to the correct projects. Each version control system may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:



Answer :

Explanation:
Box 1: Team Foundation Version Control
TFVC lets you apply granular permissions and restrict access down to a file level.

Box 2: Git -
Git is the default version control provider for new projects. You should use Git for version control in your projects unless you have a specific need for centralized version control features in TFVC.

Box 3: Subversion -
Note: Xcode is an integrated development environment (IDE) for macOS containing a suite of software development tools developed by Apple

Box 4: Git -
Note: Perforce: Due to its multitenant nature, many groups can work on versioned files. The server tracks changes in a central database of MD5 hashes of file content, along with descriptive meta data and separately retains a master repository of file versions that can be verified through the hashes.
References:
https://searchitoperations.techtarget.com/definition/Perforce-Software https://docs.microsoft.com/en-us/azure/devops/repos/git/share-your-code-in-git-xcode https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/overview

You have an Azure Resource Manager template that deploys a multi-tier application.
You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application.
What should you use?

  • A. Azure Key Vault
  • B. a Web.config file
  • C. an Appsettings.json file
  • D. an Azure Storage table
  • E. an Azure Resource Manager parameter file


Answer : A

Explanation:
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter

You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline.
What should you use?

  • A. Bullseye Coverage
  • B. JUnit
  • C. JaCoCo
  • D. NUnit


Answer : C

Explanation:
Use Publish Code Coverage Results task in a build pipeline to publish code coverage results to Azure Pipelines or TFS, which were produced by a build in
Cobertura or JaCoCo format.
Incorrect Answers:
A: Bullseye Coverage is used for C++ code, and not for Java.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-code-coverage-results

SIMULATION -
Your company plans to implement a new compliance strategy that will require all Azure web apps to be backed up every five hours.
You need to back up an Azure web app named az400-11566895-main every five hours to an Azure Storage account in your resource group.
To complete this task, sign in to the Microsoft Azure portal.



Answer : See solution below.

Explanation:
With the storage account ready, you can configure backs up in the web app or App Service.
1. Open the App Service az400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup
Configuration blade should appear.
2. Select the storage account.
3. Click + to create a private container. You could name this container after the web app or App Service.
4. Select the container.
5. If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours
6. Select your retention. Note that 0 means never delete backups.
7. Decide if at least one backup should always be retained.
8. Choose if any connected databases should be included in the web app backup.
9. Click Save to finalize the backup configuration.


Reference:
https://petri.com/backing-azure-app-service

SIMULATION -
You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv.
To complete this task, sign in to the Microsoft Azure portal.



Answer : See solution below.

Explanation:
You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.
1. Sign in to Azure portal
2. Locate virtual machine VM1.
3. Select Identity
4. Enable the system-assigned identity for VM1 by setting the Status to On.


Note: Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad

SIMULATION -
You need to ensure that Microsoft Visual Studio 2017 can remotely attach to an Azure Function named fa-11566895.
To complete this task, sign in to the Microsoft Azure portal.



Answer : See solution below.

Explanation:

Enable Remote Debugging -
Before we start a debugging session to our Azure Function app we need to enable the functionality.
1. Navigate in the Azure portal to your function app fa-11566895
2. Go to the “Application settingsâ€
3. Under “Debugging†set Remote Debugging to On and set Remote Visual Studio version to 2017.
Reference:
https://www.locktar.nl/uncategorized/azure-remote-debugging-manually-in-visual-studio-2017/

HOTSPOT -
You company uses Azure DevOps to deploy infrastructures to Azure.
Pipelines are developed by using YAML.
You execute a pipeline and receive the results in the web portal for Azure Pipelines as shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://dev.to/rajikaimal/azure-devops-ci-cd-yaml-pipeline-4glj

DRAG DROP -
Your company has an Azure subscription named Subscription1. Subscription1 is associated to an Azure Active Directory tenant named contoso.com.
You need to provision an Azure Kubernetes Services (AKS) cluster in Subscription1 and set the permissions for the cluster by using RBAC roles that reference the identities in contoso.com.
Which three objects should you create in sequence? To answer, move the appropriate objects from the list of objects to the answer area and arrange them in the correct order.
Select and Place:




Answer :

Explanation:

Step 1: Create an AKS cluster -
Step 2: a system-assigned managed identity
To create an RBAC binding, you first need to get the Azure AD Object ID.
1. Sign in to the Azure portal.
2. In the search field at the top of the page, enter Azure Active Directory.
3. Click Enter.
4. In the Manage menu, select Users.
5. In the name field, search for your account.
6. In the Name column, select the link to your account.
7. In the Identity section, copy the Object ID.



Step 3: a RBAC binding -
Reference:
https://docs.microsoft.com/en-us/azure/developer/ansible/aks-configure-rbac

HOTSPOT -
You manage build and release pipelines by using Azure DevOps. Your entire managed environment resides in Azure.
You need to configure a service endpoint for accessing Azure Key Vault secrets. The solution must meet the following requirements:
Ensure that the secrets are retrieved by Azure DevOps.


-> Avoid persisting credentials and tokens in Azure DevOps.
How should you configure the service endpoint? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Box 1: Azure Pipelines service connection
Box 2: Managed Service Identity Authentication
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure
AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

You are deploying a server application that will run on a Server Core installation of Windows Server 2019.
You create an Azure key vault and a secret.
You need to use the key vault to secure API secrets for third-party integrations.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Configure RBAC for the key vault.
  • B. Modify the application to access the key vault.
  • C. Configure a Key Vault access policy.
  • D. Deploy an Azure Desired State Configuration (DSC) extension.
  • E. Deploy a virtual machine that uses a system-assigned managed identity.


Answer : BCE

Explanation:
BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using
Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.
C:
1. Select Add Access Policy.
2. Open Secret permissions and provide the app with Get and List permissions.
3. Select Select principal and select the registered app by name. Select the Select button.
4. Select OK.
5. Select Save.
6. Deploy the app.
References:
https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration
Implement Continuous Integration

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has a main office in Chicago.

Existing Environment -
Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.
The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
The Azure subscription contains an Azure Automation account.

Requirements -

Planned changes -
Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements -
Contoso identifies the following technical requirements:
Implement build agents for Project1.
Whenever possible, use Azure resources.
Avoid using deprecated technologies.
Implement a code flow strategy for Project2 that will:
-Enable Team2 to submit pull requests for Project2.
-Enable Team2 to work independently on changes to a copy of Project2.
-Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.
Implement Project3, Project5, Project6, and Project7 based on the planned changes.
Implement Project4 and configure the project to push Docker images to Azure Container Registry.



HOTSPOT -
How should you configure the filters for the Project5 trigger? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Scenario:


Continuous integration (CI) triggers cause a build to run whenever a push is made to the specified branches or a specified tag is pushed.

Box 2: branch filter to include -
You can specify branches to include and exclude. For example:
# specific branch build
trigger:
branches:
include:
- master
- releases/*
exclude:
- releases/old*
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has a main office in Chicago.

Existing Environment -
Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.
The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
The Azure subscription contains an Azure Automation account.

Requirements -

Planned changes -
Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements -
Contoso identifies the following technical requirements:
Implement build agents for Project1.
Whenever possible, use Azure resources.
Avoid using deprecated technologies.
Implement a code flow strategy for Project2 that will:
-Enable Team2 to submit pull requests for Project2.
-Enable Team2 to work independently on changes to a copy of Project2.
-Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.
Implement Project3, Project5, Project6, and Project7 based on the planned changes.
Implement Project4 and configure the project to push Docker images to Azure Container Registry.


In Azure DevOps, you create Project3.
You need to meet the requirements of the project.
What should you do first?

  • A. From Azure DevOps, modify the build definition.
  • B. From SonarQube, obtain an authentication token.
  • C. From Azure DevOps, create a service endpoint.
  • D. From SonarQube, create a project.


Answer : C

Explanation:
The first thing to do is to declare your SonarQube server as a service endpoint in your VSTS/DevOps project settings.
References:
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts-TFS

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has a main office in Chicago.

Existing Environment -
Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.
The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
The Azure subscription contains an Azure Automation account.

Requirements -

Planned changes -
Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements -
Contoso identifies the following technical requirements:
Implement build agents for Project1.
Whenever possible, use Azure resources.
Avoid using deprecated technologies.
Implement a code flow strategy for Project2 that will:
-Enable Team2 to submit pull requests for Project2.
-Enable Team2 to work independently on changes to a copy of Project2.
-Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.
Implement Project3, Project5, Project6, and Project7 based on the planned changes.
Implement Project4 and configure the project to push Docker images to Azure Container Registry.


You need to implement Project4.
What should you do first?

  • A. Add the FROM instruction in the Dockerfile file.
  • B. Add a Copy and Publish Build Artifacts task to the build pipeline.
  • C. Add a Docker task to the build pipeline.
  • D. Add the MAINTAINER instruction in the Dockerfile file.


Answer : C

Explanation:
Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.


You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your
"inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.
References:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a manufacturing company that has a main office in Chicago.

Existing Environment -
Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.
The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
The Azure subscription contains an Azure Automation account.

Requirements -

Planned changes -
Contoso plans to create projects in Azure DevOps as shown in the following table.



Technical requirements -
Contoso identifies the following technical requirements:
Implement build agents for Project1.
Whenever possible, use Azure resources.
Avoid using deprecated technologies.
Implement a code flow strategy for Project2 that will:
-Enable Team2 to submit pull requests for Project2.
-Enable Team2 to work independently on changes to a copy of Project2.
-Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
Whenever possible, implement automation and minimize administrative effort.
Implement Project3, Project5, Project6, and Project7 based on the planned changes.
Implement Project4 and configure the project to push Docker images to Azure Container Registry.



DRAG DROP -
You need to recommend a procedure to implement the build agent for Project1.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:



Answer :

Explanation:
Scenario:


Step 1: Sign in to Azure Devops by using an account that is assigned the Administrator service connection security role.
Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.
Step 2: Create a personal access token..
A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.
Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.
By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.
References:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts https://mohitgoyal.co/2019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/
Implement Continuous Integration

Page:    1 / 13   
Total 186 questions