AZ-400 : Microsoft Azure DevOps Solutions : Part 10

AZ-400 : Microsoft Azure DevOps Solutions : Part 10

1. You plan to create an image that will contain a .NET Core application.

   You have a Dockerfile file that contains the following code. (Line numbers are included for reference only.)

   

   You need to ensure that the image is as small as possible when the image is built.

   Which line should you modify in the file?

   • 1
   • 3
   • 4
   • 7
   Explanation:

   Multi-stage builds (in Docker 17.05 or higher) allow you to drastically reduce the size of your final image, without struggling to reduce the number of intermediate layers and files.

   With multi-stage builds, you use multiple FROM statements in your Dockerfile. Each FROM instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image.

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   Your company has a project in Azure DevOps for a new web application.

   You need to ensure that when code is checked in, a build runs automatically.

   Solution: From the Triggers tab of the build pipeline, you select Batch changes while a build is in progress.

   Does this meet the goal?

   • Yes
   • No
   Explanation:

   Instead, In Visual Designer you enable continuous integration (CI) by:
   1. Select the Triggers tab.
   2. Enable Continuous integration.

   Note: Batch changes
   Select this check box if you have many team members uploading changes often and you want to reduce the number of builds you are running. If you select this option, when a build is running, the system waits until the build is completed and then queues another build of all changes that have not yet been built.

3. HOTSPOT

   You need to deploy Azure Kubernetes Service (AKS) to host an application. The solution must meet the following requirements:

   Containers must only be published internally.
   AKS clusters must be able to create and manage containers in Azure.

   What should you use for each requirement? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Azure Container Registry
   Azure services like Azure Container Registry (ACR) and Azure Container Instances (ACI) can be used and connected from independent container orchestrators like kubernetes (k8s). You can set up a custom ACR and connect it to an existing k8s cluster to ensure images will be pulled from the private container registry instead of the public docker hub.

   Box 2: An Azure service principal
   When you’re using Azure Container Registry (ACR) with Azure Kubernetes Service (AKS), an authentication mechanism needs to be established. You can set up AKS and ACR integration during the initial creation of your AKS cluster. To allow an AKS cluster to interact with ACR, an Azure Active Directory service principal is used.

4. You have 50 Node.js-based projects that you scan by using WhiteSource. Each project includes Package.json, Package-lock.json, and Npm-shrinkwrap.json files.

   You need to minimize the number of libraries reports by WhiteSource to only the libraries that you explicitly reference.

   What should you do?

   • Configure the File System Agent plug-in.
   • Add a devDependencies section to Package-lock.json.
   • Configure the Artifactory plug-in.
   • Delete Package-lock.json.
   Explanation:
   Separate Your Dependencies
   Within your package.json file be sure you split out your npm dependencies between devDependencies and (production) dependencies. The key part is that you must then make use of the –production flag when installing the npm packages. The –production flag will exclude all packages defined in the devDependencies section.

5. Your company deploys applications in Docker containers.

   You want to detect known exploits in the Docker images used to provision the Docker containers.

   You need to integrate image scanning into the application lifecycle. The solution must expose the exploits as early as possible during the application lifecycle.

   What should you configure?

   • a task executed in the continuous integration pipeline and a scheduled task that analyzes the image registry
   • manual tasks performed during the planning phase and the deployment phase
   • a task executed in the continuous deployment pipeline and a scheduled task against a running production container
   • a task executed in the continuous integration pipeline and a scheduled task that analyzes the production container
   Explanation:

   You can use the Docker task to sign into ACR and then use a subsequent script to pull an image and scan the container image for vulnerabilities.
   Use the docker task in a build or release pipeline. This task can be used with Docker or Azure Container registry.

   Incorrect Answers:
   C: We should not wait until deployment. We want to detect the exploits as early as possible.
   D: We should wait until the image is in the product container. We want to detect the exploits as early as possible.

6. Your company has a hybrid cloud between Azure and Azure Stack.

   The company uses Azure DevOps for its full CI/CD pipelines. Some applications are built by using Erlang and Hack.

   You need to ensure that Erlang and Hack are supported as part of the build strategy across the hybrid cloud. The solution must minimize management overhead.

   What should you use to execute the build pipeline?

   • a Microsoft-hosted agent
   • Azure DevOps self-hosted agents on Azure DevTest Labs virtual machines.
   • Azure DevOps self-hosted agents on Hyper-V virtual machines
   • Azure DevOps self-hosted agents on virtual machines that run on Azure Stack
   Explanation:
   Azure Stack offers virtual machines (VMs) as one type of an on-demand, scalable computing resource. You can choose a VM when you need more control over the computing environment.

7. Your company has an Azure DevOps project,

   The source code for the project is stored in an on-premises repository and uses on an on-premises build server.

   You plan to use Azure DevOps to control the build process on the build server by using a self-hosted agent.

   You need to implement the self-hosted agent.

   You download and install the agent on the build server.

   Which two actions should you perform next? Each correct answer presents part of the solution.

   • From Azure, create a shared access signature (SAS).
   • From the build server, create a certificate, and then upload the certificate to Azure Storage.
   • From the build server, create a certificate, and then upload the certificate to Azure Key Vault.
   • From DevOps, create a personal access token (PAT).
   • From the build server, run config.cmd.
   Explanation:

   B: Make sure you install your self-signed ssl server certificate into the OS certificate store.

   E: When you have a self-signed SSL certificate for your on-premises TFS server, make sure to configure the Git we shipped to allow that self-signed SSL certificate.

   Enable git to use SChannel during configure with 2.129.0 or higher version agent Pass –gituseschannel during agent configuration

   ./config.cmd –gituseschannel

8. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.

   You are configuring a build pipeline in Azure Pipelines that will include a task named Task1. Task1 will authenticate by using an Azure AD service principal.

   Which three values should you configure for Task1? Each correct answer presents part of the solution.

   NOTE: Each correct selection is worth one point.

   • the tenant ID
   • the subscription ID
   • the client secret
   • the app ID
   • the object ID
   Explanation:

   Create an Azure Resource Manager service connection with an existing service principal

   AB: Enter the information about your service principal into the Azure subscription dialog textboxes:
   – Tenant ID
   – Subscription ID
   – Subscription name
   – Service principal ID
   Either the service principal client key or, if you have selected Certificate, enter the contents of both the certificate and private key sections of the *.pem file.

   D: To deploy to a specific Azure resource, the task will need additional data about that resource.

   If you’re using the classic editor, select data you need. For example, the App service name.
   If you’re using YAML, then go to the resource in the Azure portal, and then copy the data into your code. For example, to deploy a web app, you would copy the name of the App Service into the WebAppName value.

9. DRAG DROP

   You are deploying a new application that uses Azure virtual machines.

   You plan to use the Desired State Configuration (DSC) extension on the virtual machines.

   You need to ensure that the virtual machines always have the same Windows feature installed.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

   Explanation:

   Step 1: Create a PowerShell configuration file
   You create a simple PowerShell DSC configuration file.

   Step 2: Load the file to Azure Blob storage
   Package and publish the module to a publically accessible blob container URL

   Step 3: Configure the Custom Script Extension on the virtual machines.
   The Custom Script Extension downloads and executes scripts on Azure virtual machines.

10. You need to execute inline testing of an Azure DevOps pipeline that uses a Docker deployment model. The solution must prevent the results from being published to the pipeline.

    What should you use for the inline testing?

    • a single stage Dockerfile
    • an Azure Kubernetes Service (AKS) pod
    • a multi-stage Dockerfile
    • a Docker Compose file
    Explanation:
    Use Docker when running integration tests with Azure Pipelines.

11. You are designing an Azure DevOps strategy for your company’s development team.

    You suspect that the team’s productivity is low due to accumulate technical debt.

    You need to recommend a metric to assess the amount of the team’s technical debt.

    What should you recommend?

    • the number of code modules in an application
    • the number of unit test failures
    • the percentage of unit test failures
    • the percentage of overall time spent on rework
    Explanation:

    Technical Debt is the estimated cost to fix code elements issues.

    Technical Debt Ratio: Ratio between the cost to develop the software and the cost to fix it. The Technical Debt Ratio formula is:

    Remediation cost / Development cost

    Which can be restated as:
    Remediation cost / (Cost to develop 1 line of code * Number of lines of code)

12. You are developing an open source solution that uses a GitHub repository.

    You create a new public project in Azure DevOps.

    You plan to use Azure Pipelines for continuous build. The solution will use the GitHub Checks API.

    Which authentication type should you use?

    • OpenID
    • GitHub App
    • a personal access token (PAT)
    • SAML
    Explanation:

    Write permission for the Checks API is only available to GitHub Apps.

    Note: Authenticating as a GitHub App lets you do a couple of things:
    – You can retrieve high-level management information about your GitHub App.
    – You can request access tokens for an installation of the app.

13. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your company has a project in Azure DevOps for a new web application.

    You need to ensure that when code is checked in, a build runs automatically.

    Solution: From the Continuous deployment trigger settings of the release pipeline, you enable the Pull request trigger setting.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    In Visual Designer you enable continuous integration (CI) by:
    1. Select the Triggers tab.
    2. Enable Continuous integration.

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your company has a project in Azure DevOps for a new web application.

    You need to ensure that when code is checked in, a build runs automatically.

    Solution: From the Pre-deployment conditions settings of the release pipeline, you select After stage.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Instead, In Visual Designer you enable continuous integration (CI) by:
    1. Select the Triggers tab.
    2. Enable Continuous integration.

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your company has a project in Azure DevOps for a new web application.

    You need to ensure that when code is checked in, a build runs automatically.

    Solution: From the Pre-deployment conditions settings of the release pipeline, you select Batch changes while a build is in progress.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Instead, In Visual Designer you enable continuous integration (CI) by:
    1. Select the Triggers tab.
    2. Enable Continuous integration.

16. DRAG DROP

    You have an Azure DevOps release pipeline as shown in the following exhibit.

    

    You need to complete the pipeline to configure OWASP ZAP for security testing.

    Which five Azure CLI tasks should you add in sequence? To answer, move the tasks from the list of tasks to the answer area and arrange them in the correct order.

    

    

    Explanation:

    Defining the Release Pipeline
    Once the application portion of the Release pipeline has been configured, the security scan portion can be defined. In our example, this consists of 8 tasks, primarily using the Azure CLI task to create and use the ACI instance (and supporting structures).

    Otherwise specified, all the Azure CLI tasks are Inline tasks, using the default configuration options.

    

17. HOTSPOT

    You company uses a Git source-code repository.

    You plan to implement GitFlow as a workflow strategy.

    You need to identify which branch types are used for production code and preproduction code in the strategy.

    Which branch type should you identify for each code type? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Master
    The Master branch contains production code. All development code is merged into master in sometime.

    Box 2: Develop
    The Develop branch contains pre-production code. When the features are finished then they are merged into develop.

    Incorrect Answers:
    During the development cycle, a variety of supporting branches are used:
    Feature branches are used to develop new features for the upcoming releases. May branch off from develop and must merge into develop.

18. You have a build pipeline in Azure Pipelines that uses different jobs to compile an application for 10 different architectures.

    The build pipeline takes approximately one day to complete.

    You need to reduce the time it takes to execute the build pipeline.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Move to a blue/green deployment pattern
    • Create a deployment group
    • Increase the number of parallel jobs
    • Reduce the size of the repository
    • Create an agent pool
    Explanation:
    Question: I need more hosted build resources. What can I do?
    Answer: The Azure Pipelines pool provides all Azure DevOps organizations with cloud-hosted build agents and free build minutes each month. If you need more Microsoft-hosted build resources, or need to run more jobs in parallel, then you can either:
    – Host your own agents on infrastructure that you manage.
    – Buy additional parallel jobs.

19. You are creating a build pipeline in Azure Pipelines.

    You define several tests that might fail due to third-party applications.

    You need to ensure that the build pipeline completes successfully if the third-party applications are unavailable.

    What should you do?

    • Configure the build pipeline to use parallel jobs
    • Configure flaky tests
    • Increase the test pass percentage
    • Add the Requirements quality widget to your dashboard
    Explanation:
    Requirements traceability is the ability to relate and document two or more phases of a development process, which can then be traced both forward or backward from its origin. Requirements traceability help teams to get insights into indicators such as quality of requirements or readiness to ship the requirement. A fundamental aspect of requirements traceability is association of the requirements to test cases, bugs and code changes.

20. DRAG DROP

    You have an Azure subscription that contains a resources group named RG1. RG1 contains the following resources:

    Four Azure virtual machines that run Windows Server and have Internet Information Services (IIS) installed.
    SQL Server on an Azure virtual machine.
    An Azure Load Balancer.

    You need to deploy an application to the virtual machines in RG1 by using Azure Pipelines.

    Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.