Topic 1, Litware inc. Case Study: 1
Overview
Existing Environment
Litware, Inc. an independent software vendor (ISV) Litware has a main office and five branch offices.
Application Architecture
The company’ s primary application is a single monolithic retirement fund management system based on ASP.NE T web forms that use logic written in V8.NET. Some new sections of the application are written in C#.
Variations of the application are created for individual customers. Currently, there are more than 80 have code branches in the application’s code base.
The application was developed by using Microsoft Visual Studio. Source code is stored in Team Foundation Server (TFS) in the main office. The branch offices access of the source code by using TFS proxy servers.
Architectural Issues
Litware focuses on writing new code for customers. No resources are provided to refactor or remove existing code. Changes to the code base take a long time, AS dependencies are not obvious to individual developers.
Merge operations of the code often take months and involve many developers. Code merging frequently introduces bugs that are difficult to locate and resolve.
Customers report that ownership costs of the retirement fund management system increase continually. The need to merge unrelated code makes even minor code changes expensive.
Requirements
Planned Changes
Litware plans to develop a new suite of applications for investment planning. The investment planning Applications will require only minor integration with the easting retirement fund management system.
The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.
Litware plans to move to a more agile development methodology. Shared code will be extracted into a series of package.
Litware has started an internal cloud transformation process and plans to use cloud based services whenever suitable.
Litware wants to become proactive m detecting failures, rather than always waning for customer bug reports.
Technical Requirements
The company’s investment planning applications suite must meet the following technical requirements:
• New incoming connections through the firewall must be minimized.
• Members of a group named Developers must be able to install packages.
• The principle of least privilege must be used for all permission assignments
• A branching strategy that supports developing new functionality in isolation must be used.
• Members of a group named Team leaders must be able to create new packages and edit the permissions of package feeds
• Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
• By default, all App Center must be used to centralize the reporting of mobile application crashes and device types in use.
• Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release.
• The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HUPS.
• The required operating system configuration tor the test servers changes weekly. Azure Automation State Configuration must be used to ensure that the operating system on each test servers configured the same way when the servers are created and checked periodically.
Current Technical
The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.
HOTSPOT
How should you complete the code to initialize App Center in the mobile application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection a worth one point.
Explanation:
Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.
Insert the following line to start the SDK in your app’s App Delete class in the didFinishLaunchingWithOptions method.
MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])
Reference: https://docs.microsoft.com/en-us/appcenter/sdk/getting-started/ios
HOTSPOT
How should you confrere the release retention policy for the investment planning depletions suite? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.
Reference: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
HOTSPOT
You need to configure a cloud service to store the secrets required by the mobile applications to call the share.
What should you include in the solution? To answer, select the appropriate options m the answer area, NOTE: Each correct selection is worth one point.
Explanation:
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.
Reference: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
To resolve the current technical issue, what should you do to the Register-AzureRmAutomationDscNode command?
- A . Change the value of the ConfigurationMode parameter.
- B . Replace the Register-AzureRmAutomationDscNode cmdlet with Register-AzureRmAutomationScheduledRunbook
- C . Add the AllowModuleOverwrite parameter.
- D . Add the DefaultProfile parameter.
A
Explanation:
Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.
Scenario: Current Technical Issue
The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.
References: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-azurermautomationdscnode?view=azurermps-6.13.0
What should you use to implement the code quality restriction on the release pipeline for the investment planning applications suite?
- A . a trigger
- B . a pre deployment approval
- C . a post-deployment approval
- D . a deployment gate
HOTSPOT
How should you configure the release retention policy for the investment planning applications suite? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.
Box 1: Set the default retention policy to 30 days
The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.
Box 2: Set the stage retention policy to 60 days
You may want to retain more releases that have been deployed to specific stages.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/policies/retention
HOTSPOT
Where should the build and release agents for the investment planning application suite run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: A source control system
A source control system, also called a version control system, allows developers to collaborate on code and track changes. Source control is an essential tool for multi-developer projects.
Box 2: A hosted service
To build and deploy Xcode apps or Xamarin.iOS projects, you’ll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a self-hosted macOS agent.
Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-osx?view=azure-devops
Which branching strategy should you recommend for the investment planning applications suite?
- A . release isolation
- B . main only
- C . development isolation
- D . feature isolation
D
Explanation:
Scenario: A branching strategy that supports developing new functionality in isolation must be used.
Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.
When you need to work on a particular feature, it might be a good idea to create a feature branch.
Incorrect Answers:
A: Release isolation introduces one or more release branches from main. The strategy allows concurrent release management, multiple and parallel releases, and codebase snapshots at release time.
B: The Main Only strategy can be folder-based or with the main folder converted to a Branch, to enable additional visibility features. You commit your changes to the main branch and optionally indicate development and release milestones with labels.
C: Development isolation: When you need to maintain and protect a stable main branch, you can branch one or more dev branches from main. It enables isolation and concurrent development. Work can be isolated in development branches by feature, organization, or temporary collaboration.
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/branching-strategies-with-tfvc?view=azure-devops
DRAG DROP
Which package feed access levels should be assigned to the Developers and Team Leaders groups for the investment planning applications suite? To answer, drag the appropriate access levels to the correct groups. Each access level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Reader
Members of a group named Developers must be able to install packages.
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers.
Owners can add any type of identity-individuals, teams, and groups-to any access level.
Box 2: Owner
Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.
You are using GitHub as a source code repository.
You create a client-side Git hook on the commit-msg event. The hook requires that each commit message contain a custom work item tag.
You need to make a commit that does not have a work item tag.
Which git commit parameter should you use?
- A . –squash
- B . –no-verify
- C . –message ”
- D . –no-post-rewrite
B
Explanation:
The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the –no-
verify option.
Reference: https://git-scm.com/docs/githooks
You have Azure Pipelines and GitHub integrated as a source code repository.
The build pipeline has continuous integration enabled.
You plan to trigger an automated build whenever code changes are committed to the repository.
You need to ensure that the system will wait until a build completes before queuing another build.
What should you implement?
- A . path filters
- B . batch changes
- C . scheduled builds
- D . branch filters
B
Explanation:
Batching CI runs
If you have many team members uploading changes often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built. Example:
# specific branch build with batching trigger:
batch: true branches: include:
– master
To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into the repository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github
HOTSPOT
You are using PowerShell to administer Azure Log Analytics workspaces.
You need to list the available workspaces and their properties.
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Get-AzResource
Use the following command to examine the access control mode for all workspaces in the subscription:
PowerShell
Get-Az Resource CResource Type Microsoft. Operational Insights/workspaces CExpand
Properties | for each {s.Name + ": " +
$_.Properties.features.enableLogAccessUsingOnlyResourcePermissions
Box 2: -Resource Type
HOTSPOT
You have an Azure virtual machine named VM1 that runs Linux.
You plan to deploy the Desired State Configuration (DSC) extension to VM1.
You need to grant the Log Analytics agent the appropriate directory permissions.
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: rwx
The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp. Box 2: /tmp
Deploying DSC to a Linux node uses the /tmp folder.
Reference: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-onboarding
You have a project in Azure DevOps.
You plan to deploy a self-hosted agent by using an unattended configuration script.
Which two values should you define in the configuration script? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . authorization credentials
- B . the project name
- C . the deployment group name
- D . the organization URL
- E . the agent pool name
C, E
Explanation:
Unattended config:
The agent can be set up from a script with no human intervention. You must pass –unattended and the answers to all questions.
To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows
Topic 2, Contoso Case Study: 2
Overview
Existing Environment
Contoso, Ltd. is a manufacturing company that has a main office in Chicago.
Contoso plans to improve its IT development and operations processes by implementing Azure DevOps principles. Contoso has an Azure subscription and creates an Azure DevOps organization.
The Azure DevOps organization includes:
• The Docker extension
• A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
The Azure subscription contains an Azure Automation account.
Planned Changes
Contoso plans to create projects in Azure DevOps as shown in the following table.
Technical Requirements
Contoso identities the following technical requirements:
• Implement build agents rot Project 1.
• Whenever possible, use Azure resources
• Avoid using deprecated technologies
• Implement a code flow strategy for Project2 that will:
• Enable Team 2 to submit pull requests for Project2.
• Enable Team 2 to work independently on changes to a copy of Project?
• Ensure that any intermediary changes performed by Tram2 on a copy of Project2 will be subject to the same restrictions as the ones defied in the build policy of Project2.
• Whenever possible. Implement automation and minimize administrative effort.
• Implement Protect3, Project5, Project6, and Project7 based on the planned changes.
• Implement Project4 and configure the project to push Docker images to Azure Container Reentry.
DRAG DROP
You need to configure Azure Automation for the computer in Group7.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.
Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet The Import-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.
Example:
PS C:>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName "ResourceGroup01" -SourcePath "C:DSCclient.ps1" – Force
This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.
Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/import-azurermautomationdscconfiguration
https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/start-azurermautomationdsccompilationjob
You add the virtual machines as managed nodes in Azure Automation State Configuration.
You need to configure the computer in Group7.
What should you do?
- A . Run the Register-AzureRmAutomationDscNode Azure Powershell cmdlet.
- B . Modify the ConfigurationMode property of the Local Configuration Manager (LCM).
- C . Install PowerShell Core.
- D . Modify the RefreshMode property of the Local Configuration Manager (LCM).
A
Explanation:
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.
Scenario: The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016
References: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-azurermautomationdscnode
In Azure DevOps, you create Project3.
You need to meet the requirements of the project.
What should you do first?
- A . From Azure DevOps, create a service endpoint.
- B . From Sonar Qube, obtain an authentication token.
- C . From Azure DevOps, modify the build definition.
- D . From Sonar Qube , create a project.
A
Explanation:
The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.
Reference: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts-TFS
HOTSPOT
How should you configure the filters for the Project5 trigger? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Scenario:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers
DRAG DROP
You need to implement the code flow strategy for Project2 in Azure DevOps.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange in the correct order.
Explanation:
Step 1: Create a repository
A Git repository, or repo, is a folder that you’ve told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.
Step 2: Create a branch
Branch policies help teams protect their important branches of development. Policies enforce your team’s code quality and change management standards.
Step 3: Add a build validation policy
When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.
Scenario:
Implement a code flow strategy for Project2 that will:
– Enable Team2 to submit pull requests for Project2.
– Enable Team2 to work independently on changes to a copy of Project2.
– Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.
References: https://docs.microsoft.com/en-us/azure/devops/repos/git/manage-your-branches
DRAG DROP
You need to configure Azure Automation for the computers in Pool7.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them m the correct order.
DRAG DROP
You need to implement Project6.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them m the correct order.
Explanation:
Scenario: Implement Project3, Project5, Project6, and Project7 based on the planned changes
Step 1: Open the release pipeline editor.
In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.
Step 2: Enable Gates.
Choose the pre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.
Step 3: Add Query Work items.
Choose + Add and select the Query Work Items gate.
Configure the gate by selecting an existing work item query.
Note: A case for release gate is:
Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals?view=azure-devops#configure-gate
DRAG DROP
You need to implement the code flow strategy for Project2 in Azure DevOps.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement Project4.
What should you do first?
- A . Add the FROM instruction in the Dockerfile file.
- B . Add a Copy and Publish Build Artifacts task to the build pipeline.
- C . Add a Docker task to the build pipeline.
- D . Add the MAINTAINER instruction in the Dockerfile file.
C
Explanation:
Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.
You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.
Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli
DRAG DROP
You need to recommend a procedure to implement the build agent for Project1.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Scenario:
Step 1: Sign in to Azure Devops by using an account that is assigned the Administrator service connection security role.
Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.
Step 2: Create a personal access token..
A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.
Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.
By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.
References:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts
https://mohitgoyal.co/2019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/
Topic 3, Woodgrove bank
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Woodgrove Bank is a financial services company that has a main office in the United Kingdom.
Technical Requirements and Planned Changes
Planned Changes
Woodgrove Bank plans to implement the following project management changes:
✑ Implement Azure DevOps for project tracking.
✑ Centralize source code control in private GitHub repositories.
✑ Implement Azure Pipelines for build pipelines and release pipelines.
Woodgrove Bank plans to implement the following changes to the identity environment:
✑ Deploy an Azure AD tenant named woodgrovebank.com.
✑ Sync the Active Directory domain to Azure AD.
✑ Configure App1 to use a service principal.
✑ Integrate GitHub with Azure AD.
Woodgrove Bank plans to implement the following changes to the core apps:
✑ Migrate App1 to ASP.NET Core.
✑ Integrate Azure Pipelines and the third-party build tool used to develop App2.
Woodgrove Bank plans to implement the following changes to the DevOps environment:
✑ Deploy App1 to Azure App Service.
✑ Implement source control for the DB1 schema.
✑ Migrate all the source code from TFS1 to GitHub.
✑ Deploy App2 to an Azure virtual machine named VM1.
✑ Merge the POC branch into the GitHub default branch.
✑ Implement an Azure DevOps dashboard for stakeholders to monitor development progress.
Technical Requirements
Woodgrove Bank identifies the following technical requirements:
✑ The initial databases for new environments must contain both schema and reference data.
✑ An Azure Monitor alert for VM1 must be configured to meet the following requirements:
✑ The commit history of the POC branch must replace the history of the default branch.
✑ The Azure DevOps dashboard must display the metrics shown in the following table.
✑ Access to Azure DevOps must be restricted to specific IP addresses.
✑ Page load times for App1 must be captured and monitored.
✑ Administrative effort must be minimized.
HOTSPOT
You need to configure the alert for VM1. The solution must meet the technical requirements.
Which two settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Setting 1: Threshold value
Set to 80 %
Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:
Be triggered when average CPU usage exceeds 80 percent for 15 minutes.
Calculate CPU usage averages once every minute.
Setting 2: Aggregation granularity
Set to 15 minutes.
You need to meet the technical requirements for controlling access to Azure DevOps.
What should you use?
- A . Azure Multi-Factor Authentication (MFA)
- B . on-premises firewall rules
- C . conditional access policies in Azure AD
- D . Azure role-based access control (Azure RBAC)
B
Explanation:
Scenario: Access to Azure DevOps must be restricted to specific IP addresses.
Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD’s conditional access to prevent logins from certain geographies and address ranges.
Reference: https://www.rebeladmin.com/2018/08/step-step-guide-configure-location-based-conditional-access-policies/
You need to configure Azure Pipelines to control App2 builds.
Which authentication method should you use?
- A . Windows NTLM
- B . certificate
- C . SAML
- D . personal access token (PAT)
D
Explanation:
Scenario: Deploy App2 to an Azure virtual machine named VM1.
A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate
DRAG DROP
You need to replace the existing DevOps tools to support the planned changes.
What should you use? To answer, drag the appropriate tools to the correct targets. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Azure Boards
Azure Boards can be used to track work with Kanban boards, backlogs, team dashboards, and custom reporting
You can create multiple Trello boards, which are spaces to store tasks (for different work contexts, or even private boards)
You can easily share Trello boards with another person.
Box 2: Azure Pipelines
You can use Bamboo to implement CI/CD (Continuous Integration and Continuous Delivery) for a simple Azure function app using Atlassian Bamboo. Bamboo does continuous delivery of the project from source code to deployment. It has stages including Build, Test and Deploy.
Software teams in every industry are upgrading their continuous delivery pipeline with Bamboo. Easy build import from popular open source tools, user and group import from JIRA, seamless integration with Bitbucket, and native support for Git, Hg, and SVN means you’ll be building and deploying like a champ.
Box 3: GitHub repositories
Bitbucket can be used as the Git repository, but you can use any other Git repository (Like TFS Git) for source control of the code.
Reference:
https://www.trustradius.com/compare-products/azure-devops-services-vs-trello
https://marketplace.visualstudio.com/items?itemName=ms-vsts.vss-services-bamboo
https://www.c-sharpcorner.com/article/cicd-implementation-for-an-azure-function-app-using-atlassian-bamboo-server/
DRAG DROP
You need to configure authentication for App1. The solution must support the planned changes.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Woodgrove Bank plans to implement the following changes to the identity environment:
Configure App1 to use a service principal.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
You need to perform the GitHub code migration. The solution must support the planned changes for the DevOps environment.
What should you use?
- A . git clone
- B . GitHub Importer
- C . Import repository in Azure Repos
- D . git-tfs
A
Explanation:
Woodgrove Bank plans to implement the following changes to the DevOps environment:
Migrate all the source code from TFS1 to GitHub.
The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.
Reference: https://docs.microsoft.com/en-us/devops/develop/git/migrate-from-tfvc-to-git
DRAG DROP
You are configuring the Azure DevOps dashboard. The solution must meet the technical requirements.
Which widget should you use for each metric? To answer, drag the appropriate widgets to the correct metrics. Each widget may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Woodgrove Bank identifies the following technical requirements:
✑ The Azure DevOps dashboard must display the metrics shown in the following table:
Box 1: Velocity
Velocity displays your team velocity. It shows what your team delivered as compared to plan.
Box 2: Release pipeline overview
Release pipeline overview shows the status of environments in a release definition.
Box 3: Query tile
Query tile displays the total number of results from a query.
Reference: https://docs.microsoft.com/en-us/azure/devops/report/dashboards/widget-catalog?view=azure-devops
You plan to deploy a new database environment. The solution must meet the technical requirements. You need to prepare the database for the deployment.
How should you format the export?
- A . NDF
- B . MDF
- C . BACPAC
- D . DACPAC
You need to meet the technical requirements for monitoring App1.
What should you use?
- A . Splunk
- B . Azure Application Insights
- C . Azure Advisor
- D . App Service logs
You need !0 the merge the POC branch into the default branch. The solution must meet the technical requirements.
Which command should you run?
- A . it push
- B . git merge — allow-unrelated-histories
- C . git rebase
- D . git merge –squash
Topic 4, Mix Questions Set
Note: This question is part of a series les of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question m this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen
You integrate a cloud-hosted Jenkins server and a new Azure Dev Ops deployment.
You need Azure Dev Ops lo send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create an email subscription to an Azure DevOps notification.
Does this meet the goal?
- A . Yes
- B . NO
B
Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
Reference: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that m.ght meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you win NOT be able to return to it. As a result, these questions win not appear in the review screen.
You integrate a cloud- hosted Jenkins server and a new Azure DevOps deployment
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the code pushed event.
Does this meet the goal?
- A . Yes
- B . NO
A
Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
Reference: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
Note: This question part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the staled goals. Some question sets might have more than one correct solution, whale others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
You integrate a cloud-hosted Jenkins server and a new Azure DevOps depsoyment.
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You add a trigger to the build pipeline.
Does this meet the goal?
- A . Yes
- B . NO
B
Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
Reference: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.
You haw a pokey stating that approvals must occur within eight hours.
You discover that deployments only if the approvals take longer than two hours.
You need to ensure that the deployments only fail if the approvals take longer than hours.
Solution From Post -deployment conditions, you modify the Timeout setting for post-deployment approvals.
Does this meet the goal?
- A . Yes
- B . NO
Note: This question is part of * series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sett might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.
You have a poky stating that approvals must occur within eighthour.
You discover that deployments fail if the approvals take longer than two hours.
You need to ensure that the deployments only fail if the approvals take longer than eight hours. Solution: From Post-deployment conditions, you modify the Time between re-evaluation of gates option.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a gate From Pre-deployment conditions instead.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates
Note: This question n part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.
You have a policy stating that approvals must occur within eight hours.
You discover that deployments fail if the approvals lake longer than two hours.
You need to ensure that the deployments only fail if the approvals take longer than eight hours. Solution: From Pre-deployment conditions, you modify the Timeout setting for pre-deployment approvals.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a gate instead of an approval instead.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a prefect in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: from the Triggers tab of the build pipeline, you select Enable continuous integration
Does the meet the goal?
- A . Yes
- B . No
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started-designer
Note: This Question Is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to ft. As a result these questions will not appear in the review screen.
You company has a prefect in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Triggers tab of the build pipeline, you selected Batch changes while a build is in progress
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen
Your company has a project in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Continuous deployment trigger settings of the release pipeline, you enable the Pull request trigger setting.
Does the meet the goal?
- A . Yes
- B . No
B
Explanation:
In Visual Designer you enable continuous integration (CI) by:
Select the Triggers tab.
Enable Continuous integration.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started-designer
You plan to create an image that will contain a .NET Core application.
You have a Dockerfile file that contains the following code. (Line numbers are included for reference only.)
You need to ensure that the image is as small as possible when the image is built.
Which line should you modify in the file?
- A . 1
- B . 3
- C . 4
- D . 7
B
Explanation:
https://github.com/dotnet/dotnet-docker/blob/master/samples/dotnetapp/README.md
Your company has a hybrid cloud between Azure and Azure Stack.
The company uses Azure DevOps for its CI/CD pipelines. Some applications are built by using Erlang and Hack.
You need to ensure that Erlang and Hack are supported as part of the build strategy across the hybrid cloud. The solution must minimize management overhead.
What should you use to execute the build pipeline?
- A . AzureDevOps self-hosted agents on Azure DevTest Labs virtual machines.
- B . AzureDevOps self-hosted agents on virtual machine that run on Azure Stack
- C . AzureDevOps self-hosted agents on Hyper-V virtual machines
- D . a Microsoft-hosted agent
B
Explanation:
Azure Stack offers virtual machines (VMs) as one type of an on-demand, scalable computing resource. You can choose a VM when you need more control over the computing environment.
Reference: https://do
You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline.
What should you use?
- A . Cobertura
- B . Bullseye Co cs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-compute-overview
verage - C . MSTest
- D . Coverlet
A
Explanation:
Use Publish Code Coverage Results task in a build pipeline to publish code coverage results to Azure Pipelines or TFS, which were produced by a build in Cobertura or JaCoCo format.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-code-coverage-results
You need to recommend a Docker container build strategy that meets the following requirements
• Minimizes image sues
• Minimizes the security surface area of the final image
What should you include m the recommendation?
- A . multi-stage builds
- B . single-stage builds
- C . PowerShell Desired State Configuration (DSC)
- D . Docker Swarm
A
Explanation:
Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain.
Reference: https://docs.docker.com/develop/develop-images/multistage-build/
DRAG DROP
You have an Azure Kubermets Service (AKS) implementation that is RBAC-enabled
You plan to use Azure Container Instances as a hosted development environment to run containers in the AKS implementation.
You need to conjure Azure Container Instances as a hosted environment for running me containers in AKS.
Which three actions should you perform m sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a YAML file.
If your AKS cluster is RBAC-enabled, you must create a service account and role binding for use with Tiller. To create a service account and role binding, create a file named rbac-virtual-kubelet.yaml
Step 2: Run kubectl apply.
Apply the service account and binding with kubectl apply and specify your rbac-virtual-kubelet.yaml file.
Step 3: Run helm init.
Configure Helm to use the tiller service account:
helm init –service-account tiller
You can now continue to installing the Virtual Kubelet into your AKS cluster.
References: https://docs.microsoft.com/en-us/azure/aks/virtual-kubelet
DRAG DROP
You need to use Azure Automation Sure Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices in correct. You writ receive credit for any of the orders you select.
Explanation:
Step 1: Assign the node configuration.
You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.
Step 2: Upload a configuration to Azure Automation State Configuration.
You import the configuration into the Automation account.
Step 3: Compiling a configuration into a node configuration Compiling a configuration in Azure Automation
Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 4: Onboard the virtual machines to Azure State Configuration
Onboarding an Azure VM for management with Azure Automation State Configuration
Step 5: Check the compliance status of the node.
Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ― whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).
References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
Your company builds a multi tier web application.
>You use Azure DevOps and host the production application on Azure virtual machines.
Your team prepares an Azure Resource Manager template of the virtual machine that you mil use to test new features.
You need to create a staging environment in Azure that meets the following requirements:
• Minimizes the cost of Azure hosting
• Provisions the virtual machines automatically
• Use* the custom Azure Resource Manager template to provision the virtual machines
What should you do?
- A . In Azure DevOps, configure new tasks in the release pipeline to create and delete the virtual machines in Azure DevTest Labs.
- B . From Azure Cloud Shell, run Azure PowerShell commands to create and delete the new virtual machines in a staging resource group.
- C . In Azure DevOps, configure new tasks in the release pipeline to deploy to Azure Cloud Services.
- D . In Azure Cloud Shell, run Azure CLI commands to create and delete the new virtual machines in a staging resource group.
A
Explanation:
You can use the Azure DevTest Labs Tasks extension that’s installed in Azure DevOps to easily integrate your CI/CD build-and-release pipeline with Azure DevTest Labs.
The extension installs three tasks:
✑ Create a VM
✑ Create a custom image from a VM
✑ Delete a VM
The process makes it easy to, for example, quickly deploy a "golden image" for a specific test task and then delete it when the test is finished.
References: https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-integrate-ci-cd-vsts
HOTSPOT
You have a project Azure DevOps.
You plan to create a build pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secretes stored in Azure Key Vault.
You need to ensure that you can dynamically generate the resource ID of the key vault during template deployment.
What should you include in the template? To answer, select eh appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: A key Vault advanced access policy
Box 2: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
DRAG DROP
You need to recommend a solution for deploying charts by using Helm and Title to Azure Kubemets Service (AKS) in an RBAC-enabled cluster.
Which three commands should you recommend be run m sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
Step 1: Kubectl create
You can add a service account to Tiller using the –service-account <NAME> flag while you’re configuring Helm (step 2 below). As a prerequisite, you’ll have to create a role binding which specifies a role and a service account name that have been set up in advance.
Example: Service account with cluster-admin role $ kubectl create -f rbac-config.yaml serviceaccount "tiller" created clusterrolebinding "tiller" created $ helm init –service-account tiller
Step 2: helm init
To deploy a basic Tiller into an AKS cluster, use the helm init command.
Step 3: helm install
To install charts with Helm, use the helm install command and specify the name of the chart to install.
Reference:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm
https://docs.helm.sh/using_helm/#tiller-namespaces-and-rbac
You manage build pipelines and deployment pipelines by using Azure DevOps.
Your company has a team of 500 developers. New members are added continual lo the team
You need to automate me management of users and licenses whenever possible
Which task must you perform manually?
- A . modifying group memberships
- B . procuring licenses
- C . adding users
- D . assigning entitlements
B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/migrate-to-group-based-resource-management?view=vsts&tabs=new-nav
https://docs.microsoft.com/en-us/rest/api/azure/devops/memberentitlementmanagement/?view=azure-devops-rest-5.0
During a code review, you discover many quality issues. Many modules contain unused variables and empty catch Modes. You need to recommend a solution to improve the quality o’ the code.
What should you recommend?
- A . In a Gradle build task, select Run Checkstyle.
- B . In an Xcode build task, select Use xcpretty from Advanced
- C . In a Grunt build task, select Enabled from Control Options.
- D . In a Maven build task, select Run PMD.
D
Explanation:
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.
There is an Apache Maven PMD Plugin which allows you to automatically run the PMD code analysis tool on your project’s source code and generate a site report with its results.
Reference: https://pmd.github.io/
DRAG DROP
You need to increase the security of your team’s development process.
Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security toots to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
NOTE: Each correct selection is worth one point.
Explanation:
https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops&viewFallbackFrom=vsts So:
PR: Static Code Analysis
CI: Static Code Analysis
CD: PenTest
Your company plans to use an agile approach to software development
You need to recommend an application to provide communication between members of the development team who work in locations around the world.
The application must meet the following requirements:
• Provide the ability to isolate the members of efferent project teams into separate communication channels and to keep a history of the chats within those channels.
• Be available on Windows 10, Mac OS, iOS, and Android operating systems.
• Provide the ability to add external contractors and suppliers to projects.
• Integrate directly with Azure DevOps.
What should you recommend?
- A . Octopus
- B . Bamboo
- C . Microsoft Project
- D . Slack
D
Explanation:
Slack is a popular team collaboration service that helps teams be more productive by keeping all communications in one place and easily searchable from virtually anywhere. All your messages, your files, and everything from Twitter, Dropbox, Google Docs, Azure DevOps, and more all together. Slack also has fully native apps for iOS and Android to give you the full functionality of Slack wherever you go.
Integrated with Azure DevOps
This integration keeps your team informed of activity happening in its Azure DevOps projects. With this integration, code check-ins, pull requests, work item updates, and build events show up directly in your team’s Slack channel.
Note: Microsoft Teams would also be a correct answer, but it is not an option here.
Reference: https://marketplace.visualstudio.com/items?itemName=ms-vsts.vss-services-slack
Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java based projects. You need to recommend a strategy for managing technical debt.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Integrate Azure DevOps and SonarQube.
- B . Integrates Azure DevelOPs and Azure DevTest Labs.
- C . Configure post-deployment approvals in the deployment pipeline.
- D . Configure pre-deployment approvals in the deployment pipeline.
DRAG DROP
You need to recommend project metrics for dashboards in Azure DevOps.
Which chart widgets should you recommend for each metric? To answer, drag the appropriate chart widgets to the correct metrics. Each chart widget may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Lead time
Lead time measures the total time elapsed from the creation of work items to their completion.
Box 2: Cycle time
Cycle time measures the time it takes for your team to complete work items once they begin actively working on them.
Box 3: Burn down
Burn down charts focus on remaining work within a specific time period.
Incorrect Answers:
Velocity provides a useful metric for these activities:
Support sprint planning
Forecast future sprints and the backlog items that can be completed
A guide for determining how well the team estimates and meets their planned commitments
Reference:
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/velocity-guidance?view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/cycle-time-and-lead-time?view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/configure-burndown-burnup-widgets?view=vsts
HOTSPOT
Your company uses Team Foundation Server 2013 (TFS 2013).
You plan to migrate to Azure DevOps.
You need to recommend a migration strategy that meets the following requirements:
✑ Preserves the dates of Team Foundation Version Control changesets
✑ Preserves the changes dates of work items revisions
✑ Minimizes migration effort
✑ Migrates all TFS artifacts
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Upgrade TFS to the most recent RTM release.
One of the major prerequisites for migrating your Team Foundation Server database is to get your database schema version as close as possible to what is currently deployed in Azure Devops Services.
Box 2: Use the TFS Database Import Service
In Phase 3 of your migration project, you will work on upgrading your Team Foundation Server to one of the supported versions for the Database Import Service in Azure Devops Services.
Reference: Team Foundation Server to Azure Devops Services Migration Guide
Your company deploys applications m Docket containers.
You want to detect known exploits in the Docket images used to provision the Docker containers. You need to integrate image scanning into the application lifecycle. The solution must expose the exploits as early as possible during the application lifecycle.
What should you configure?
- A . a task executed in the continuous deployment pipeline and a scheduled task against a running production container.
- B . a task executed in the continuous integration pipeline and a scheduled task that analyzes the production container.
- C . a task executed in the continuous integration pipeline and a scheduled task that analyzes the image registry
- D . manual tasks performed during the planning phase and the deployment phase
C
Explanation:
You can use the Docker task to sign into ACR and then use a subsequent script to pull an image and scan the container image for vulnerabilities.
Use the docker task in a build or release pipeline. This task can be used with Docker or Azure Container registry.
Reference: https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts
You are developing a multi-tier application. The application will use Azure App Service web apps as the front end and an Azure SQL database as the back end. The application will use Azure functions to write some data to Azure Storage.
You need to send the Azure DevOps team an email message when the front end fails to return a status code of 200.
Which feature should you use?
- A . Service Map in Azure Log Analytics
- B . Profiler in Azure Application Insights
- C . availability tests in Azure Application Insights
- D . Application Map in Azure Application Insights
D
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
DRAG DROP
Your company plans to deploy an application to the following endpoints:
• Ten virtual machines hosted in Azure.
• Ten virtual machines hosted in an on-premises data center environment
All the virtual machines have the- Azure Pipelines agent.
You need to implement a release strategy for deploying the application to the endpoints.
What should you recommend using to deploy the application to the endpoints? To answer, drag the appropriate components to the correct endpoint. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or soon to view content. NOTE: Each correct selection n worth one point.
Explanation:
Box 1: A deployment group
When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.
If the target machines are Azure VMs, you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically.
Box 2: A deployment group
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deployment-groups
DRAG DROP
You need to configure access to Azure DevOps Agent pools to meet the forwarding requirements:
• Use a project agent pool when authoring build release pipelines.
• View the agent pool and agents of the organization.
• Use the principle of least privilege.
Which role memberships are required for the Azure 0e%Oos organization and the project? To answer, drag the appropriate role membership to the correct targets. Each role membership may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to content. NOTE: Each correct selection is worth one point.
Explanation:
project level role: User
Organization level role: Reader
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues
HOTSPOT
You are configuring a release pipeline in Azure DevOps as shown in the exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: 5
There are five stages: Development, QA, Pre-production, Load Test and Production. They all have triggers.
Box 2: The Internal Review stage
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/triggers
Your company has a project in Azure DevOps for a new web application.
The company uses Service Now for change management.
You need to ensure that a change request is processed before any components can be deployed to the production environment.
What are two ways to integrate into the Azure DevOps release pipeline? Each correct answer
presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Define a deployment control that invokes the Service Now SOAP API.
- B . Define a post deployment gate after the deployment to the QA stage.
- C . Define a deployment control that invokes the ServiceNow REST API.
- D . Define a pre deployment gate before the deployment to the Prod stage.
AB
Explanation:
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/servicenow?view=azure-devops
Your company has an on-premises Bitbucket Server that is used for Git-based source control. The server is protected by a firewall that blocks inbound Internet traffic.
You plan to use Azure DevOps to manage the build and release processes.
Which two components are required to integrate Azure DevOps and Bitbucket? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one port.
- A . an External Git service connection
- B . a Microsoft hosted agent
- C . service hooks
- D . a self- hosted agent
- E . a deployment M group
AD
Explanation:
When a pipeline uses a remote, 3rd-party repository host such as Bitbucket Cloud, the repository is configured with webooks that notify Azure Pipelines Server or TFS when code has changed and a build should be triggered. Since on-premises installations are normally protected behind a firewall, 3rd-party webhooks are unable to reach the on-premises server. As a workaround, you can use the External Git repository type which uses polling instead of webhooks to trigger a build when code has changed.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/pipeline-options-for
DRAG DROP
Your company has four projects.
The version control requirements for each project are shown in the following table.
You plan to use Azure Repos for all the projects.
Which version control system should you use for each project? To answer, drag the appropriate version control systems to the correct projects. Each version control system may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
1 -> TFVS Refer: https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/control-access-team-foundation-version-control?view=azure-devops
2 -> TFVS Refer: https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/add-check-policies?view=azure-devops
3 -> Git Refer: https://docs.microsoft.com/en-us/azure/devops/repos/git/share-your-code-in-git-xcode?view=azure-devops
4 -> TFVS Refer: https://docs.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops#tfvc
DRAG DROP
You mc configuring Azure DevOps build pipelines.
You plan to use hosted build agents.
Which build agent pool should you use to compile each application type? To answer, drag the appropriate built agent pools to the correct application types. Each butt agent pool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Hosted macOS
Hosted macOS pool (Azure Pipelines only): Enables you to build and release on macOS without having to configure a self-hosted macOS agent. This option affects where your data is stored.
Box 2: Hosted
Hosted pool (Azure Pipelines only): The Hosted pool is the built-in pool that is a collection of Microsoft-hosted agents.
Incorrect Answers:
Default pool: Use it to register self-hosted agents that you’ve set up.
Hosted Windows Container pool (Azure Pipelines only): Enabled you to build and release inside Windows containers. Unless you’re building using containers, Windows builds should run in the Hosted VS2017 or Hosted pools.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-osx
You have a brand policy in a project in Azure DevOps. The policy requires that code always builds
successfully.
You need to ensure that a specific user can always merge change to the master branch, even if the code fails to compile. The solution must use the principle of least privilege.
What should you do?
- A . From the Security setting of the repository, modify the access control tor the user.
- B . From the Security settings of the branch, modify the access control for the user.
- C . Add the user to the Build Administrators group,
- D . Add the user to the Project Administrators group
B
Explanation:
In some cases, you need to bypass policy requirements so you can push changes to the branch directly or complete a pull request even if branch policies are not satisfied. For these situations, grant the desired permission from the previous list to a user or group. You can scope this permission to an entire project, a repo, or a single branch. Manage this permission along the with other Git permissions.
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies
You have an Azure Resource Manager template that deploys a multi-tier application.
You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application.
What should you use?
- A . an Azure Resource Manager parameter file
- B . an Azure Storage table
- C . an Appsettings.json files
- D . Azure Key Vault
- E . a Web.config file
D
Explanation:
When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are deploying to.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter
HOTSPOT
Your company is creating a suite of three mobile applications.
You need to control access to the application builds. The solution must be managed at the organization level
What should you use? To answer, select the appropriate options m the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Microsoft Visual Studio App Center distribution Groups
Distribution Groups are used to control access to releases. A Distribution Group represents a set of users that can be managed jointly and can have common access to releases. Example of Distribution Groups can be teams of users, like the QA Team or External Beta Testers or can represent stages or rings of releases, such as Staging.
Box 2: Shared
Shared distribution groups are private or public distribution groups that are shared across multiple apps in a single organization. Shared distribution groups eliminate the need to replicate distribution groups across multiple apps.
Note: With the Deploy with App Center Task in Visual Studio Team Services, you can deploy your apps from Azure DevOps (formerly known as VSTS) to App Center. By deploying to App Center, you will be able to distribute your builds to your users.
References: https://docs.microsoft.com/en-us/appcenter/distribution/groups
Your company uses a Git repository in Azure Repos lo manage the source code of a web application. The master branch is protected from direct updates. Developers work on new features in the topic branches.
Because of the high volume of requested features, it is difficult to follow the history of the changes to the master branch.
You need to enforce a pull request merge strategy.
The strategy must meet the following requirements:
• Consolidate commit histories
• Merge tie changes into a tingle commit
Which merge strategy should you use in the branch policy?
- A . Git fetch
- B . no-fast-forward merge
- C . squash merge
- D . fast-forward merge
C
Explanation:
Squash merging is a merge option that allows you to condense the Git history of topic branches when you complete a pull request. Instead of each commit on the topic branch being added to the history of the default branch, a squash merge takes all the file changes and adds them to a single new commit on the default branch.
A simple way to think about this is that squash merge gives you just the file changes, and a regular merge gives you the file changes and the commit history.
Note: Squash merging keeps your default branch histories clean and easy to follow without demanding any workflow changes on your team. Contributors to the topic branch work how they want in the topic branch, and the default branches keep a linear history through the use of squash merges. The commit history of a master branch updated with squash merges will have one commit for each merged branch. You can step through this history commit by commit to find out exactly when work was done.
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/merging-with-squash
Your company uses cloud-hosted Jenkins for builds.
You need to ensure that Jenkins can retrieve source code from Azure Repos.
Which three actions should you perform? Each correct answer presents part of the solution NOTE: Each correct answer selection is worth one point
- A . Add the Team Foundation Server (TFS) plug-in to Jenkins.
- B . Create a personal access token m your Azure DevOps account.
- C . Create a webhook in Jenkins.
- D . Add a domain to your Jenkins account.
- E . Create a service hook m Azure DevOps.
ABE
Explanation:
Reference:
https://blogs.msdn.microsoft.com/devops/2017/04/25/vsts-visual-studio-team-services-integration-with-jenkins/
http://www.aisoftwarellc.com/blog/post/how-to-setup-automated-builds-using-jenkins-and-visual-studio-team-foundation-server/2044
You are developing an open source solution that uses a GitHub repository.
You create a new public project in Azure DevOps.
You plan to use Azure Pipelines for continuous build. The solution will use the GitHub Checks API.
Which authentication type should you use?
- A . a personal access token
- B . SAML
- C . GitHub App
- D . OAuth
C
Explanation:
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml
https://developer.github.com/v3/checks/
You plan to share packages that you wrote, tested, validated, and deployed by using Azure Artifacts.
You need to release multiple builds of each package by using a single feed. The solution must limit the release of packages that are in development.
What should you use?
- A . global symbols
- B . local symbols
- C . upstream sources
- D . views
C
Explanation:
Views enable you to share subsets of the NuGet, npm, Maven, Python and Universal Packages package-versions in your feed with consumers. A common use for views is to share package versions that have been tested, validated, or deployed but hold back packages still under development and packages that didn’t meet a quality bar.
https://docs.microsoft.com/en-us/azure/devops/artifacts/concepts/views?view=azure-devops
You use Azure Artifacts to host NuGet packages that you create.
You need to make one of the packages available to anonymous users outside your organization. The solution must minimize the number of publication points.
What should you do?
- A . Create a new feed for the package
- B . Publish the package to a public NuGet repository.
- C . Promote the package to a release view.
- D . Change the feed URL of the package.
A
Explanation:
Azure Artifacts introduces the concept of multiple feeds that you can use to organize and control access to your packages.
Packages you host in Azure Artifacts are stored in a feed. Setting permissions on the feed allows you to share your packages with as many or as few people as your scenario requires. Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers.
Reference: https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed-permissions?view=vsts&tabs=new-nav
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Code Style
- B . Microsoft Visual SourceSafe
- C . Black Duck
- D . Jenkins
C
Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
You have 50 Node.js-based projects that you scan by using WhiteSource. Each project includes Package.json, Package-lock.json, and Npm-shrinkwrap.json files.
You need to minimize the number of libraries reports by WhiteSource to only the libraries that you explicitly reference.
What should you do?
- A . Configure the File System Agent plug in.
- B . Delete Package lock.json.
- C . Configure the Artifactory plug-in.
- D . Add a devDependencies section to Package-lock.json.
D
Explanation:
Separate Your Dependencies
Within your package.json file be sure you split out your npm dependencies between devDependencies and (production) dependencies. The key part is that you must then make use of the –production flag when installing the npm packages. The –production flag will exclude all packages defined in the devDependencies section.
Reference: https://blogs.msdn.microsoft.com/visualstudioalmrangers/2017/06/08/manage-your-open-source-usage-and-security-as-reported-by-your-cicd-pipeline/
You use Azure SQL Database Intelligent Insights and Azure Application Insights foe monitoring.
You need to write ad-hoc Queries against the monitoring data.
Which Query language should you use?
- A . PL/pgSQL
- B . Transact-SQL
- C . Azure Log Analytics
- D . PL/SQL
C
Explanation:
Data analysis in Azure SQL Analytics is based on Log Analytics language for your custom querying and reporting.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql
Your company uses Service Now for incident management.
You develop an application that runs on Azure.
The company needs to generate a ticket in Service Now when the application fails to authenticate.
Which Azure Log Analytics solution should you use?
- A . Automation & Control
- B . IT Service Management Connector (ITSM)
- C . Application lmiQ.hu Connector
- D . insight & Analytics
B
Explanation:
The IT Service Management Connector (ITSMC) allows you to connect Azure and a supported IT Service Management (ITSM) product/service.
ITSMC supports connections with the following ITSM tools:
✑ ServiceNow
✑ System Center Service Manager
✑ Provance
✑ Cherwell
With ITSMC, you can
✑ Create work items in ITSM tool, based on your Azure alerts (metric alerts, Activity Log alerts and Log Analytics alerts).
✑ Optionally, you can sync your incident and change request data from your ITSM tool to an Azure Log Analytics workspace.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview
HOTSPOT
Your company is building a new web application.
You plan to collect feedback from pilot users on the features being delivered.
All the pilot users have a corporate computer that has Google Chrome and the Microsoft Test & Feedback extension installed. The pilot users will test the application by using Chrome.
You need to identify which access levels are required to ensure that developers can request and gather feedback from the pilot users. The solution must use the principle of least privilege.
Which access levels m Azure DevOps should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Basic
Assign Basic to users with a TFS CAL, with a Visual Studio Professional subscription, and to users for whom you are paying for Azure Boards & Repos in an organization.
Box 2: Stakeholder
Assign Stakeholders to users with no license or subscriptions who need access to a limited set of features.
Note:
You assign users or groups of users to one of the following access levels:
Basic: provides access to most features
VS Enterprise: provides access to premium features
Stakeholders: provides partial access, can be assigned to unlimited users for free
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=vsts
You have multi-tier application that h« an Azure Web Apps front end and art Azure SQL Datable back end.
You need to recommend a solution to capture and store telemetry data.
The solution must meet the following requirements:
• Support using ad-hoc queries to identify baselines.
• Trigger alerts when metrics in the baseline are exceeded.
• Store application and database metrics in a central location.
What should you include in the recommendation?
- A . Azure Application Insights
- B . Azure SQL Database Intelligent Insights
- C . Azure Event Hubs
- D . Azure Log Analytics
A
Explanation:
Azure Platform as a Service (PaaS) resources, like Azure SQL and Web Sites (Web Apps), can emit performance metrics data natively to Log Analytics.
The Premium plan will retain up to 12 months of data, giving you an excellent baseline ability. There are two options available in the Azure portal for analyzing data stored in Log analytics and for creating queries for ad hoc analysis.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-azurepass-posh
Your company creates a web application.
You need to recommend a solution that automatically sends to Microsoft Teams a dairy summary of the exceptions that occur m the application.
Which two Azure services should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Microsoft Visual Studio App Center
- B . Azure DevOps Project
- C . Azure Logic Apps
- D . Azure Pipelines
- E . Azure Application Insights
CE
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/asp-net-exceptions
https://docs.microsoft.com/en-us/azure/azure-monitor/app/automate-custom-reports
Your company plans to use an agile approach to software development.
You need to recommend an application to provide communication between members of the development team who work in locations around the world.
The applications must meet the following requirements:
✑ Provide the ability to isolate the members of different project teams into separate communication channels and to keep a history of the chats within those channels.
✑ Be available on Windows 10, Mac OS, iOS, and Android operating systems.
✑ Provide the ability to add external contractors and suppliers to projects.
✑ Integrate directly with Azure DevOps.
What should you recommend?
- A . Microsoft Project
- B . Bamboo
- C . Microsoft Lync
- D . Microsoft Teams
D
Explanation:
✑ Within each team, users can create different channels to organize their communications by topic. Each channel can include a couple of users or scale to thousands of users.
✑ Microsoft Teams works on Android, iOS, Mac and Windows systems and devices. It also works in Chrome, Firefox, Internet Explorer 11 and Microsoft Edge web browsers.
✑ The guest-access feature in Microsoft Teams allows users to invite people outside their organizations to join internal channels for messaging, meetings and file sharing. This capability helps to facilitate business-to-business project management.
✑ Teams integrates with Azure DevOps.
References: https://searchunifiedcommunications.techtarget.com/definition/Microsoft-Teams
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a project in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select After stage.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Instead, In Visual Designer you enable continuous integration (CI) by:
✑ Select the Triggers tab.
✑ Enable Continuous integration.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started-designer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a project in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select Batch changes while a build is in progress.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a Pull request trigger.
Note: Batch changes
Select this check box if you have a lot of team members uploading changes often and you want to reduce the number of builds you are running. If you select this option, when a build is running, the system waits until the build is completed and then queues another build of all changes that have not yet been built.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.
You have a policy stating that approvals must occur within eight hours.
You discover that deployment fail if the approvals take longer than two hours.
You need to ensure that the deployments only fail if the approvals take longer than eight hours.
Solution: From Pre-deployment conditions, you modify the Time between re-evaluation of gates option.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to create a release pipeline that will deploy Azure resources by using Azure Resource Manager templates.
The release pipeline will create the following resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create two standalone templates, each of which will deploy the resources in its respective group.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to create a release pipeline that will deploy Azure resources by using Azure Resource Manager templates.
The release pipeline will create the following resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that will deploy the resources in one resource group and a nested template that will deploy the resources in the other resource group.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Use two linked templates, instead of the nested template.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to create a release pipeline that will deploy Azure resources by using Azure Resource Manager templates.
The release pipeline will create the following resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that has two linked templates, each of which will deploy the resource in its respective group.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
To deploy your solution, you can use either a single template or a main template with many related templates. The related template can be either a separate file that is linked to from the main template, or a template that is nested within the main template.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
- A . Microsoft Visual SourceSafe
- B . PDM
- C . WhiteSource
- D . OWASP ZAP
C
Explanation:
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
✑ Detect and remedy vulnerable open source components.
✑ Generate comprehensive open source inventory reports per project or build.
✑ Enforce open source license compliance, including dependencies’ licenses.
✑ Identify outdated open source libraries with recommendations to update.
References: https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
You integrate a cloud-hosted Jenkins server and a new Azure DevOps deployment.
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the build completed event.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
However, the service subscription event should use the code pushed event, is triggered when the code is pushed to a Git repository.
Your company develops an app for OS. All users of the app have devices that are members of a private distribution group in Microsoft Visual Studio App Center. You plan to distribute a new release of the app.
You need to identify which certificate file you require to distribute the new release from App Center.
Which file type should you upload to App Center?
- A . .cer
- B . .pvk
- C . .pfx
- D . .p12
D
Explanation:
A successful IOS device build will produce an ipa file. In order to install the build on a device, it needs to be signed with a valid provisioning profile and certificate. To sign the builds produced from a branch, enable code signing in the configuration pane and upload a provisioning profile (.mobileprovision) and a valid certificate (.p12), along with the password for the certificate.
Reference: https://docs.microsoft.com/en-us/appcenter/build/xamarin/ios/
Your company hosts a web application in Azure. The company uses Azure Pipelines for the build and release management of the application.
Stakeholders report that the past few releases have negatively affected system performance.
You configure alerts in Azure Monitor.
You need to ensure that new releases are only deployed to production if the releases meet defined performance baseline criteria in the staging environment first
What should you use to prevent the deployment of releases that fail to meet the performance baseline?
- A . a trigger
- B . an Azure function
- C . a gate
- D . an Azure Scheduler job
C
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/continuous-monitoring
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates?view=azure-devops
Your company is building a mobile app that targets Android devices and OS devices. Your team uses Azure DevOps to manage all work items and release cycles.
You need to recommend a solution to perform the following tasks:
• Collect crash reports for issue analysis
• Distribute beta releases to your testers.
• Get user feedback on the functionality of new apps.
What should you include in the recommendation?
- A . Jenkins integration
- B . Azure Application Insights widgets
- C . the Microsoft Test & Feedback extension
- D . Microsoft Visual Studio App Center integration
D
Explanation:
The "Exploratory Testing" extension is now "Test & Feedback" and is now Generally Available.
Anyone can now test web apps and give feedback, all directly from the browser on any platform: Windows, Mac, or Linux. Available for Google Chrome and Mozilla Firefox (required version 50.0 or above) currently. Support for Microsoft Edge is in the pipeline and will be enabled once Edge moves to a Chromium-compatible web platform.
Reference: https://marketplace.visualstudio.com/items?itemName=ms.vss-exploratorytesting-web
Your company is building a new solution in Java.
The company currently uses a SonarQube server to analyze the code of .NET solutions.
You need to analyze and monitor the code quality of the Java solution.
Which task types should you add to the build pipeline?
- A . Octopus
- B . Chef
- C . Maven
- D . Grunt
Your company has a project in Azure DevOps.
You need to ensure that when there are multiple builds pending deployment only the most recent
build is deployed.
What should you use?
- A . deployment queue settings
- B . deployment conditions
- C . release gates
- D . pull request triggers
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/stages?tabs=classic&view=azure-devops#queuing-policies
Your company develops a client banking application that processes a large volume of data. Code quality is an ongoing issue for the company. Recently, the code quality has deteriorated because of an increase in time pressure on the development team. You need to implement static code analysis.
During which phase should you use static code analysis?
- A . build
- B . production release
- C . staging
- D . integration testing
D
Explanation:
The Secure Development Lifecycle (SDL) Guidelines recommend that teams perform static analysis during the implementation phase of their development cycle.
Note: The company should focus in particular on the implementation of DevOps tests to assess the quality of the software from the planning stage to the implementation phase of the project.
Reference: https://secdevtools.azurewebsites.net/
You have a GitHub repository.
You create a new repository in Azure DevOps.
You need to recommend a procedure to clone the repository from GitHub to Azure DevOps.
What should you recommend?
- A . Create a webhook.
- B . Create a service connection for GitHub.
- C . From Import a Git repository, click Import
- D . Create a pull request.
- E . Create a personal access token in Azure DevOps.