AZ-400

Question 1

In Azure DevOps pipelines, what does type: github refer to in this example?

- repository: MyRepo
     type: github
     endpoint: MyServiceConnection
     name: MyOrgOrUser/MyGitHubRepo

Answer 1

GitHub.com

Question 2

In Azure DevOps pipelines, what needs to be changed to use Github Enterprise?

- repository: MyRepo
     type: github
     endpoint: MyServiceConnection
     name: MyOrgOrUser/MyGitHubRepo

Answer 2

type: githubenterprise

Question 3

To what folder and sub folder does code get checked out when using Azure DevOps Pipelines?

Answer 3

For single repo:
“s” subfolder of (Agent.BuildDirectory)

For multi repo:
Subfolder named as the repo, in a subfolder called “s” in a subfolder of (Agent.BuildDirectory)

Question 4

What two methods can you use to authenticate Azure CLI in a Github Action?

Answer 4

Azure Login action with OpenID Connect
Azure Login action with a service principal secret

Question 5

What permission is required to manually validate builds?

Answer 5

Queue builds permission

Question 6

Your company uses self-hosted build agents with Azure Pipelines for projects across the organization. The self-hosted build agents run in Azure Virtual Machines Scale Sets (Azure VMSS) in Ubuntu-based machines. You need to regularly update the tooling installed in the self-hosted build agents to support new projects and security patches by creating a new virtual machine image.

You need to automate the process of building new virtual machine images.

What should you use?

Answer 6

Packer

Question 7

You use Azure DevOps services to build and release software.

You need to implement dynamic security scanning against a running web application as part of the continuous delivery (CD) pipeline.

Which tool should you integrate with your delivery pipelines?

Answer 7

OWASP

You should use Web Application Security Project Zed Attack Proxy (ZAP). OWASP ZAP is a nonprofit foundation that works to improve the security of software. OWASP ZAP is an extension that allows you to perform a dynamic security scan against a running web application. OWASP ZAP requires a continuous delivery pipeline to be in place. The extension pretends to be an attacker and it fiddles the web application with requests to try to identify vulnerabilities.

Question 8

You need to implement a mechanism to allow continuous monitoring of your DevOps release pipeline throughout the software development lifecycle, which will allow you to create appropriate alert mechanisms, and gate or roll back a deployment until an alert is resolved.

What should you integrate with your DevOps pipelines?

Answer 8

Azure Monitor Application Insights

Question 9

A developer uses Service Hooks for a specific consumer service on successful completion of a build process. The developer wants to track the diagnostics settings for troubleshooting event matching using the Azure DevOps Services REST API 6.0 Diagnostics API version 6.0.

You need to implement a solution to meet the requirement.

Which SubscriptionDiagnostics diagnostics setting should you use?

Answer 9

You should use the evaluationTracing diagnostics setting.

Question 10

You are using Azure DevOps services to manage complex software development projects.

You want to perform statistical analysis and visualize results in a chart to identify trends.

You need to author advanced queries in Kusto Query Language.

What should you integrate with your DevOps pipelines?

Answer 10

Azure Data Explorer

You should integrate Azure Data Explorer with your Azure pipelines. Azure Data Explorer - Pipeline Tools is the Azure Pipelines task that enables you to create release pipelines and deploy your database changes to your Azure Data Explorer databases. This extension includes three basic tasks: 1) Azure Data Explorer Command - Run Admin Commands against an Azure Data Explorer cluster, 2) Azure Data Explorer Query - Run Queries against an Azure Data Explorer cluster and parse the results and 3) Azure Data Explorer Query Server Gate - Agentless task to Gate releases depending on the query outcome.

Question 11

When testing with NUnit, does tests with an Order(n) attribute execute before or after tests without this attribute?

Answer 11

Before. Ordered test always executes before non-ordered tests.

Question 12

What is Chef Infra?

Answer 12

Chef Infra is an IaC automation solution that you can use to manage how your infrastructure is configured according to your policies. The Chef server stores all configuration definitions for your infrastructure in cookbooks. Each node managed by this Chef server has a Chef Client agent installed. The agent ensures that the node complies with the configuration stored on the server and corrects or updates the node configuration if necessary.

Question 13

You must ensure that Infrastructure as a Service (IaaS) resources have a specific configuration, such as which services are installed in the virtual machine (VM). What should you use?

Answer 13

Chef Infra

Question 14

You are building an Azure pipeline for a new project. The pipeline requires a Linux self-hosted agent. The pipeline must run twice a day and should take about 15 minutes to complete.

You need to use a compute service that runs this self-hosted agent while minimizing costs.

What should you choose?

Answer 14

Azure Container Instances (ACI)

Question 15

Why can Microsoft-hosted agents be slower than self-hosted agents?

Answer 15

Microsoft-hosted agents create a fresh VM for each run so there is no caching, and configurations are not saved. Therefore, MS-hosted agents will be slower than self-hosted agents.

Question 16

Your company has an Android application and a backend API in Azure App Service.

The backend API has an Application Insights account that centralizes the application logs. The Android application is configured with the App Center Software Development Kit (SDK) to report events to App Center Analytics.

You need to centralize the standard analytics data from the Android app in the Application Insights account.

Which two actions should you perform? Each correct answer presents part of the solution.

Answer 16

Link the Azure subscription with the App Center
Export App Center Analytics to Application Insights

You should link the Azure subscription with the App Center. This will integrate App Center with your Azure subscription and allow you to use a standard export for Application Insights or Blob Storage.

You should also export App Center Analytics to Application Insights. This centralizes the Android Application logs with the Backend Application Insights account.

Question 17

You are designing a traceability strategy for an Azure DevOps project based on the Capability Maturity Model Integration (CMMI) process.

Which type of work item can be used?

Answer 17

A Change request form work item can be defined to track changes and implement traceability.

Question 18

You have a project in Azure DevOps that contains a YAML pipeline.

You need to configure the pipeline to update work items.

Which pipeline action should you configure?

Answer 18

Settings

Using the Settings option in a YAML based pipeline, you can configure how the integration with work items will be implemented, which branch will be affected, among other configurations.

Question 19

Which key performance indicator (KPI) represents a faster outcomes metric associated with an Azure DevOps project?

Answer 19

Only Lead Time is an example of a faster outcomes metric associated with an Azure DevOps project

Question 20

You are creating a project wiki in Azure DevOps.

You need to designate the beginning of a Mermaid element.

What should you use?

Answer 20

:::

Question 21

You need to implement a Git hook that will be triggered automatically in response to a Git commit being run on a Windows server.

To what should you set the first line of the predefined Git hook script so that you can execute the script?

Answer 21

!C:/Program\ Files/Git/usr/bin/sh.exe

Question 22

Your team is working on an Azure DevOps project using a Git repository. The generation of personal access tokens (PAT) are not allowed.

You need to define an authentication method to allow other services and applications to access your Azure DevOps account.

Which authentication method should you implement?

Answer 22

SSH
SSH authentication is used when Git Credential Manager or PATs are not allowed.

OAuth is used for REST APIs only.

Question 23

You need to quickly reduce the size of a GitHub repository by deleting all files that are larger than 50 MB and automatically updating all commits and tags.

What should you use?

Answer 23

he BFG utility is the only one that can quickly delete a subset of repository files based on criteria such as size, as well as automatically update all commits and tags.

Question 24

You need to reduce the size of a GitHub repository that contains a single branch with a long history of changes.

Which two commands should you run? Each correct answer presents a complete solution.

Answer 24

The git filter-branch and git filter-repo commands supports rewriting history on a specific branch, which allows for significantly reducing the repository size in this scenario.

Question 25

You have an Azure DevOps project named MyProject that contains an Azure Repos Git repository named MyRepo and a YAML pipeline. Which protocol prefix must be used? (git or https)

Answer 25

git://

Question 26

You are evaluating the capabilities of Azure Pipelines for use in creating release pipelines.

Which types of Azure Pipelines support release gates?

Answer 26

Release gates are available only in classic release pipelines. They are not available in classic build pipelines and YAML pipelines.

Question 27

You need to create custom availability tests for Azure Monitor.

What should you use?

Answer 27

Azure Functions provides the ability to create and run custom availability tests by relying on the TrackAvailability() method (included in the Azure SDK for .NET).

Question 28

Your organization uses Azure DevOps and Microsoft Teams.

You are working as a release pipeline engineer.

Due to compliance requirements, you need to request approval from users that are not connected to the Azure DevOps organization before the release pipeline is started.

What can you configure to achieve the goal?

Answer 28

Pre-deployment gate

Question 29

You are creating an Azure Pipelines artifact.

You need to provide assurances of backward compatibility.

Which element of semantic versioning should you use?

Answer 29

patch

Given a version number MAJOR.MINOR.PATCH, increment the:

MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backward compatible manner
PATCH version when you make backward compatible bug fixes

Question 30

You need to create an Azure Pipelines pipeline that supports task groups.

Which type of pipeline should you use?

Answer 30

Task groups are available only in classic build and classic release pipelines. For YAML pipelines, you can use templates.

Question 31

You manage an Azure DevOps organization.

You plan to build two configurations, one for x86 Windows computers and the other for x64 Windows computers.

You need to identify which Azure DevOps component will allow you to build the configurations with the minimum amount of duplicate elements.

What should you include in the solution?

Answer 31

Including two jobs allows you to perform two separate builds with the minimum amount of duplication.

Question 32

You are designing a pipeline trigger to start app-ci pipeline runs after the security-lib pipeline completes.

Which property of the YAML pipeline should you use to specify the name of the pipeline that is triggered upon completion of the first pipeline?

Answer 32

source is where the name of pipeline needs to be referenced.

Question 33

You are working on a YAML pipeline in Azure Pipelines.

You need to represent a collection of resources targeted for deployment and define approvals for the resources.

What should you use?

Answer 33

Environment represents a collection of resources targeted for deployment

Question 34

Which Azure Traffic Manager traffic distribution method provides the ability to specify the IPv4 and IPv6 addresses of its endpoints?

Answer 34

MultiValue is the only Traffic Manager traffic distribution method that provides the ability to specify the IPv4 and IPv6 addresses of its endpoints. All others, including Performance, Priority, and Weighted, require that the endpoints be designated as DNS names only.

Question 35

You use Azure Pipelines to deploy applications.

You need to publish reports that show Azure Pipelines analytics by using Microsoft Power BI. The solution must minimize development effort.

What should you create?

Answer 35

An OData feed provides a straightforward approach to publishing reports that show Azure Pipelines analytics.

Question 36

You manage the deployment of an Azure App Service web app named App1 in multiple Azure regions.

You plan to validate the availability of App1 by using Application Insights availability test.

Which type of test should be implemented by using Microsoft Visual Studio?

Answer 36

Multi-step tests in Application Insights must be implemented by using Visual Studio.

Question 37

You implement monitoring of a distributed application named App1 by using Application Insights. App1 has several external dependencies.

You need to identify which requirement must be met for the dependencies to appear on the Application Map for App1.

Which requirement should you identify?

Answer 37

For dependencies of App1 to appear on the Application Map, dependency resources must be accessible via HTTP dependency calls

Question 38

You need to retrieve specific information stored in Azure Key Vault to use in an Azure Pipelines YAML pipeline.

Which argument should you use to specify the value to be retrieved from Key Vault?

Answer 38

secretsFilter provides a default value of *, which allows you to download all the secrets or a comma-separated list of secret names.

Question 39

You are designing an Azure Pipelines continuous integration/continuous deployment (CI/CD) pipeline.

You need to identify the step of the CI/CD pipeline during which you should introduce a passive penetration test. The solution must maximize security.

What should you identify?

Answer 39

Continuous deployment into development should include a passive penetration test, an SSL scan, and an infrastructure scan.

Question 40

You are designing an Azure Pipelines continuous integration/continuous deployment (CI/CD) pipeline.

You need to identify the function of OWASP ZAP in the pipeline.

What should you identify?

Answer 40

Passive penetration tests

OWASP ZAP implements a passive penetration test, not static code analysis, OSS vulnerability scan, or regression test.

Question 41

You manage Azure Pipelines.

You need to implement a self-hosted agent pool.

Which authentication method should you use to connect the agent to Azure Pipelines?

Answer 41

A PAT is used to connect a self-hosted agent to Azure Pipelines

Question 42

You manage GitHub Actions that make extensive use of GitHub secrets.

What is the maximum number of secrets a workflow can have?

Answer 42

100

Question 43

You are implementing the database layer of application code.

You need to perform vulnerability and penetration testing.

What can you use in a pipeline?

Answer 43

OWASP ZAP is designed to run penetration testing against applications, with the ZAP component performing the penetration testing

Question 44

In which Git-based branch workflow does each developer have their own server-side repository?

Answer 44

Forking

Question 45

You are implementing a forking workflow.

What is the minimum number of repositories that each developer should use?

Answer 45

When using a forking workflow, each developer should have two repositories, one private local side and the other public server-side. While it is technically possible to use only a server-side repository, this violates the principle of the forking workflow.

Question 46

You are using the Microsoft Visual Studio Test task.

You need to keep evidence of the code coverage performed in your .NET Core application for further analysis in Visual Studio.

In which section of the pipeline run summary can you get this information?

Answer 46

From Related, you can download coverage extension files to be used as evidence of code coverage

Question 47

You are managing a versioning strategy for a NuGet package.

You need a unique prerelease label based on the date and time of the package.

Which semantic versioning should you implement?

Answer 47

In a case where a unique label is required, a custom scheme must be implemented by using date and time as unique values.

Question 48

You plan to use Azure DevOps Microsoft-hosted agents to run build pipelines that take an extended amount of time to complete.

What is the maximum amount of time the Microsoft-hosted agent can run?

Answer 48

Six hours

Question 49

You detect that a pipeline is blocking deployments due to long execution times.

What should you use to reduce the time consumed by the pipeline?

Answer 49

Multi-job configuration is used for pipeline performance optimization, allowing you to run multiple jobs on multiple agents in parallel.

Question 50

You are implementing a web-based solution by using Azure App Service and Azure DevOps.

You need to track build and release information on an Application Insights dashboard.

What should you use?

Answer 50

Release annotations allow the integration of Azure DevOps and Application Insights, showing build and release-related information to detect performance impact.

Question 51

What provides direct integration with Azure Boards, allowing you to embed its data into work items?

Answer 51

Application Insights provides direct integration with Azure Boards, allowing you to embed its data into work items.

Question 52

You are designing an Azure Pipelines continuous integration/continuous deployment (CI/CD) pipeline.

You need to identify the step of the CI/CD pipeline during which you should introduce static code analysis. The solution must provide the highest level of security.

What should you identify?

Answer 52

Static code analysis should be introduced into a CI/CD pipeline as early as possible, which is during the pull request step, prior to continuous integration (although continuous integration should also include it), rather than during continuous deployment.

Question 53

You plan to control the configuration of Azure virtual machines by using PowerShell Desired State Configuration (DSC).

You created a PowerShell DSC configuration script.

You need to ensure that the script can be applied to the virtual machines from a pull server.

To which format should you convert the script?

Answer 53

PowerShell DSC uses the MOF files. It does not use JSON, XML, or YAML files.

Question 54

You are developing the security validation plan for an application’s lifecycle.

For which activity should you include a passive penetration test?

Answer 54

Continuous deployment should include passive penetration tests as well as SSL and infrastructure scans.

Question 55

You are working in an infrastructure as code (IaC) deployment.

You want to use an inventory of Azure virtual machines to define specific configurations for each of virtual machine in an agentless approach.

What should you use?

Answer 55

Ansible provides the capability to identify Azure resources and send configurations without an agent installed.

(Chef and Puppet require that an agent be installed.)

Question 56

You are working with Azure DevOps on a Scrum project. You need to monitor and count work items as they move to a different state.

What should you use to perform the monitoring activity?

Answer 56

Cumulative flow diagrams (CFD)

https://learn.microsoft.com/en-us/azure/devops/report/dashboards/cumulative-flow?view=azure-devops

Question 57

At which level should you add the parallel jobs?

Answer 57

Parallel jobs are added at the organization level, not the project, build pipeline, or release pipeline levels.

Question 58

Which Azure Traffic Manager traffic distribution method directs incoming requests to the endpoint that is closest to the origin of the request by evaluating network latency?

Select only one answer.

Answer 58

The Performance distribution method directs incoming requests to the endpoint that is closest to the origin of the request by evaluating network latency.

Question 59

You plan to implement an Azure Pipelines release pipeline that will deploy Azure resources to development and production environments.

You need to prevent deployment to the production environment if the Azure platform raises alerts about issues affecting the development environment.

Which integration should you add to the release pipeline?

Answer 59

Azure Monitor can be used in release pipeline to detect whether active alerts are triggered and block or allow the next step

Question 60

A company has an ongoing issue for its code quality. The code quality deteriorated because of time constraint during development of code. As a DevOps Engineer you need to implement STATIC CODE ANALYSIS.

During which phase should you implement static code analysis?

Answer 60

Build time

Question 61

Arrange the actions in the correct order: helm init, kubectl create, helm install

Answer 61

kubectl create
helm init
helm install

Question 62

You want to create a release pipeline that uses Azure SQL Database deployment task to update the Azure SQL database. Which artifact should you deploy?

Answer 62

DACPAC

Question 63

What is the main difference between Lead time and Cycle time?

Answer 63

Cycle time measures time once someone ACTIVELY begin working on them.
Lead time includes time from creation of work item to completion.

Question 64

You need to automate build process for Java-based application. You need to add code coverage testing and publishing the outcomes to the pipeline. What should you use?

Answer 64

JaCoCo

Question 65

You want to integrate GitHub as the repository for an existing project in Azure DevOps. Which authentication method should you use if you want to make sure that Azure Pipelines runs under the AZURE PIPELINES IDENTIFY

Answer 65

Github App

Question 66

Which authentication method should you use to register self-hosted Linux agents?

Answer 66

PAT