AZ-400 : Microsoft Azure DevOps Solutions : Part 13

AZ-400 : Microsoft Azure DevOps Solutions : Part 13

1. You are designing a build pipeline in Azure Pipelines.

   The pipeline requires a self-hosted agent. The build pipeline will run once daily and will take 30 minutes to complete.

   You need to recommend a compute type for the agent. The solution must minimize costs.

   What should you recommend?

   • an Azure Kubernetes Service (AKS) cluster
   • Azure Container Instances
   • an Azure virtual machine scale set
   • Azure virtual machines

   Explanation:

   If your pipelines are in Azure Pipelines, then you’ve got a convenient option to run your jobs using a Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. Each time you run a pipeline, you get a fresh virtual machine. The virtual machine is discarded after one use. Microsoft-hosted agents can run jobs directly on the VM or in a container.

   Note: You can try a Microsoft-hosted agent for no charge.

2. HOTSPOT

   You are finalizing a release in GitHub.

   You need to apply the following labels to the release:

   – Name
   – Email
   – Release v3.0
   – Release date

   How should you complete the git command? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1; tag
   Tagging. Like most VCSs, Git has the ability to tag specific points in a repository’s history as being important. Typically, people use this functionality to mark release points (v1.0, v2.0 and so on).

   Box 2: -a
   Creating an annotated tag in Git is simple. The easiest way is to specify -a when you run the tag command:

   Example:
   $ git tag -a v1.4 -m “my version 1.4”

   Box 3: -m

3. You have a project in Azure DevOps. You have an Azure Resource Group deployment project in Microsoft Visual Studio that is checked in to the Azure DevOps project.

   You need to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The solution must minimize administrative effort.

   Which task type should you include in the solution?

   • Azure Cloud Service Deployment
   • Azure RM Web App Deployment
   • Azure PowerShell
   • Azure App Service Manage
   Explanation:

   There are two different ways to deploy templates to Azure DevOps Services. Both methods provide the same results, so choose the one that best fits your workflow.
   1. Add a single step to your build pipeline that runs the PowerShell script that’s included in the Azure Resource Group deployment project (Deploy-AzureResourceGroup.ps1). The script copies artifacts and then deploys the template.
   2. Add multiple Azure DevOps Services build steps, each one performing a stage task.

   The first option has the advantage of using the same script used by developers in Visual Studio and providing consistency throughout the lifecycle.

4. DRAG DROP

   Your company has a project in Azure DevOps.

   You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.

   You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.

   What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: An Azure Key Vault access policy

   

   Box 2: RBAC
   Management plane access control uses RBAC.
   The management plane consists of operations that affect the key vault itself, such as:

   – Creating or deleting a key vault.
   – Getting a list of vaults in a subscription.
   – Retrieving Key Vault properties (such as SKU and tags).
   – Setting Key Vault access policies that control user and application access to keys and secrets.

5. DRAG DROP

   As part of your application build process, you need to deploy a group of resources to Azure by using an Azure Resource Manager template located on GitHub.

   Which three action should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

   Explanation:

   Step 1: Create a release pipeline
   You need to create a new pipeline.

   You can integrate Azure Resource Manager templates (ARM templates) with Azure Pipelines for continuous integration and continuous deployment (CI/CD).

   Step 2: Add an Azure Resource Group Deployment task

   Step 3: Set the template parameters

6. You have an Azure DevOps project that contains a release pipeline and a Git repository.

   When a new code revision is committed to the repository, a build and release is triggered.

   You need to ensure that release information for the pipeline is added automatically to the work items associated to the Git commit.

   What should you do?

   • Modify the Integrations options for the pipeline.
   • Modify the post-deployment conditions for the last stage of the pipeline. 
   • Add an agentless job to the pipeline.
   • Modify the service hooks for the project.
   Explanation:

   Configure your release definition to post deployment information to Work items.
   1. Open Pipelines>Releases, choose to edit your release pipeline, then choose Options>Integrations.

   

7. SIMULATION

   You plan to add a new web farm that will be published by using an IP address of 10.0.0.5.

   You need to allow traffic from the web farm to an Azure Database for MySQL server named az400-11566895-mysql.

   To complete this task, sign in to the Microsoft Azure portal.

   • See explanation below.
   Explanation:

   Server-level firewall rules can be used to manage access to an Azure Database for MySQL Server from a specified IP address or a range of IP addresses.

   Create a server-level firewall rule in the Azure portal

   1. On the MySQL server page, under Settings heading, click Connection Security to open the Connection Security page for the Azure Database for MySQL.

   

   2. In the firewall rules for the Azure Database for MySQL, you can specify a single IP address or a range of addresses. If you want to limit the rule to a single IP address, type the same address in the Start IP and End IP fields. Opening the firewall enables administrators, users, and application to access any database on the MySQL server to which they have valid credentials.

   

   3. Click Save on the toolbar to save this server-level firewall rule. Wait for the confirmation that the update to the firewall rules is successful.

8. Your company has a release pipeline in an Azure DevOps project.

   You plan to deploy to an Azure Kubernetes Services (AKS) cluster by using the Helm package and deploy task.

   You need to install a service in the AKS namespace for the planned deployment.

   Which service should you install?

   • Azure Container Registry
   • Chart
   • Kubectl
   • Tiller
   Explanation:

   Before you can deploy Helm in an RBAC-enabled AKS cluster, you need a service account and role binding for the Tiller service.

   Incorrect Answers:
   C: Kubectl is a command line interface for running commands against Kubernetes clusters.

9. SIMULATION

   You need to create a virtual machine template in an Azure DevTest Labs environment named az400-9940427-dtl1. The template must be based on Windows Server 2019 Datacenter. Virtual machines created from the template must include the selenium tool and the Google Chrome browser.

   To complete this task, sign in to the Microsoft Azure portal.

   • See explanation below.
   Explanation:

   1. Open Microsoft Azure Portal
   2. Select All Services, and then select DevTest Labs in the DEVOPS section.

   

   3. From the list of labs, select the az400-9940427-dtl1 lab
   4. On the home page for your lab, select + Add on the toolbar.
   5. Select the Windows Server 2019 Datacenter base image for the VM.
   6. Select automation options at the bottom of the page above the Submit button.
   7. You see the Azure Resource Manager template for creating the virtual machine.
   8. The JSON segment in the resources section has the definition for the image type you selected earlier.

10. HOTSPOT

    You are configuring a release pipeline in Azure DevOps as shown in the exhibit.

    

    Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: 5
    There are five stages: Development, QA, Pre-production, Load Test and Production. They all have triggers.

    Box 2: The Internal Review stage

11. DRAG DROP

    Your company plans to deploy an application to the following endpoints:

    – Ten virtual machines hosted in Azure
    – Ten virtual machines hosted in an on-premises data center environment

    All the virtual machines have the Azure Pipelines agent.

    You need to implement a release strategy for deploying the application to the endpoints.

    What should you recommend using to deploy the application to the endpoints? To answer, drag the appropriate components to the correct endpoints. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: A deployment group
    When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.
    If the target machines are Azure VMs, you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically.

    Box 2: A deployment group

12. You plan to use Terraform to deploy an Azure resource group from a Windows system.

    You need to install the required frameworks to support the planned deployment.

    Which two frameworks should you install? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Vault
    • Terratest
    • Node.js
    • Yeoman
    • Tiller
    Explanation:

    You can use the combination of Terraform and Yeoman. Terraform is a tool for creating infrastructure on Azure. Yeoman makes it easy to create Terraform modules.

    Terratest provides a collection of helper functions and patterns for common infrastructure testing tasks, like making HTTP requests and using SSH to access a specific virtual machine. The following list describes some of the major advantages of using Terratest:
    – Convenient helpers to check infrastructure – This feature is useful when you want to verify your real infrastructure in the real environment.
    – Organized folder structure – Your test cases are organized clearly and follow the standard Terraform module folder structure.
    – Test cases are written in Go – Many developers who use Terraform are Go developers. If you’re a Go developer, you don’t have to learn another programming language to use Terratest.
    – Extensible infrastructure – You can extend additional functions on top of Terratest, including Azure-specific features.

13. SIMULATION

    You plan to implement a CI/CD strategy for an Azure Web App named az400-11566895-main.

    You need to configure a staging environment for az400-11566895-main.

    To complete this task, sign in to the Microsoft Azure portal.

    • See explanation below.
    Explanation:

    Add a slot
    1. In the Azure portal, search for and select App Services and select your app az400-11566895-main.

    

    2. In the left pane, select Deployment slots > Add Slot.

    

    3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

    

    4. After the slot is added, select Close to close the dialog box. The new slot is now shown on the Deployment slots page.

    

14. SIMULATION

    You have several apps that use an Azure SQL Database named db1.

    You need to ensure that queries to db1 are tuned by Azure over time. The solution must only apply to db1.

    To complete this task, sign in to the Microsoft Azure portal.

    • See explanation below.
    Explanation:

    1. To enable automatic tuning on a single database, navigate to the database in the Azure portal and select Automatic tuning.

    

    2. Select the automatic tuning options you want to enable and select Apply.

    Note: Individual automatic tuning settings can be separately configured for each database. You can manually configure an individual automatic tuning option, or specify that an option inherits its settings from the server.

15. HOTSPOT

    You use Azure Pipelines to manage the build and deployment of apps.

    You are planning the release strategies for a new app.

    You need to choose strategies for the following scenarios:

    Releases will be made available to users who are grouped by their tolerance for software faults.
    Code will be deployed to enable functionality that will be available in later releases of the app.
    When a new release occurs, the existing deployment will remain active to minimize recovery time if a return to the previous version is required.

    Which strategy should you choose for each scenario? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Progressive exposure
    Continuous Delivery may sequence multiple deployment “rings” for progressive exposure (also known as “controlling the blast radius”). Progressive exposure groups users who get to try new releases to monitor their experience in “rings.” The first deployment ring is often a “canary” used to test new versions in production before a broader rollout. CD automates deployment from one ring to the next and may optionally depend on an approval step, in which a decision maker signs off on the changes electronically. CD may create an auditable record of the approval in order to satisfy regulatory procedures or other control objectives.

    

    Box 2: Feature flags
    Feature flags support a customer-first DevOps mindset, to enable (expose) and disable (hide) features in a solution, even before they are complete and ready for release.

    Box 3: Blue/green
    Blue/green deployments which means that instead of replacing the previous version (here we refer to this version as blue), we bring up the new version (here referred to as the green version) next to the existing version, but not expose it to the actual users right away. On the condition of having successfully validated that the green version works correctly, we will promote this version to the public version by changing the routing configuration without downtime. If something is wrong with the green version we can revert back without users every noticing interruptions.

16. DRAG DROP

    You have a project in Azure DevOps.

    You need to associate an automated test to a test case.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

    Explanation:

    The process to associate an automated test with a test case is:
    1. Create a test project containing your automated test. What types of tests are supported?
    2. Check your test project into an Azure DevOps or Team Foundation Server (TFS) repository.
    3. Create a build pipeline for your project, ensuring that it contains the automated test. What are the differences if I am still using a XAML build?
    4. Use Visual Studio Enterprise or Professional 2017 or a later version to associate the automated test with a test case as shown below. The test case must have been added to a test plan that uses the build you just defined.

17. DRAG DROP

    You have an Azure Kubernetes Service (AKS) cluster.

    You need to deploy an application to the cluster by using Azure DevOps.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

    Explanation:

    You can set up a CI/CD pipeline to deploy your apps on a Kubernetes cluster with Azure DevOps by leveraging a Linux agent, Docker, and Helm.

    Step 1: Create a service principle in Azure Active Directory (Azure AD)
    We need to assign 3 specific service principals with specific Azure Roles that need to interact with our ACR and our AKS.
    Create a specific Service Principal for our Azure DevOps pipelines to be able to push and pull images and charts of our ACR.
    Create a specific Service Principal for our Azure DevOps pipelines to be able to deploy our application in our AKS.

    Step 2: Add a Helm package and deploy a task to the deployment pipeline
    This is the DevOps workflow with containers:

    

    Step 3: Add a Docker Compose task to the deployment pipeline.
    Dockerfile file is a script leveraged by Docker, composed of various commands (instructions) and arguments listed successively to automatically perform actions on a base image in order to create a new Docker image by packaging the app.

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.

    You have a policy stating that approvals must occur within eight hours.

    You discover that deployment fail if the approvals take longer than two hours.

    You need to ensure that the deployments only fail if the approvals take longer than eight hours.

    Solution: From Post-deployment conditions, you modify the Time between re-evaluation of gates option.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Use a gate From Pre-deployment conditions instead.

19. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.

    You have a policy stating that approvals must occur within eight hours.

    You discover that deployment fail if the approvals take longer than two hours.

    You need to ensure that the deployments only fail if the approvals take longer than eight hours.

    Solution: From Pre-deployment conditions, you modify the Time between re-evaluation of gates option.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    Gates allow automatic collection of health signals from external services, and then promote the release when all the signals are successful at the same time or stop the deployment on timeout. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems.

    Approvals and gates give you additional control over the start and completion of the deployment pipeline. Each stage in a release pipeline can be configured with pre-deployment and post-deployment conditions that can include waiting for users to manually approve or reject deployments, and checking with other automated systems until specific conditions are verified.

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.

    You have a policy stating that approvals must occur within eight hours.

    You discover that deployment fail if the approvals take longer than two hours.

    You need to ensure that the deployments only fail if the approvals take longer than eight hours.

    Solution: From Pre-deployment conditions, you modify the Timeout setting for pre-deployment approvals.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    Use a gate instead of an approval instead.