Topic 4: Mix Questions Set
You plan to provision a self-hosted Linux agent Which authentication mechanism should you use to register the self-hosted agent?
A. SSH key
B. personal access token (PAT)
C. Alternate credentials
D. certificate
Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller.
Task 1
You need to ensure that an Azure Web App named az400-38443478-main can retrieve secrets from an Azure key vault named az400-3844J478-kv1 by using a system managed identity The solution must use the principle of least privilege.
Answer: See the solution below in explanation.
Explanation:
To ensure that your Azure Web App named az400-38443478-main can retrieve secrets from an Azure Key Vault named az400-3844J478-kv1 using a system managed identity with the principle of least privilege, follow these detailed steps: Enable a System Managed Identity for the Azure Web App: uk.co.certification.simulator.questionpool.PList@15f68600 Grant the Web App Access to the Key Vault:
Retrieve Secrets in the Web App Code:
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
var client = new SecretClient(new Uri("https://az400-3844J478-kv1.vault.azure.net/"), new DefaultAzureCredential());
KeyVaultSecret secret = await client.GetSecretAsync("my-secret-name"); string secretValue = secret.Value;
Replace "my-secret-name" with the actual name of the secret you want to retrieve.
By following these steps, your Azure Web App will be able to securely retrieve secrets from the Azure Key Vault using a system managed identity, without needing to store credentials in the code, and adhering to the principle of least privilege. Remember to replace the placeholder names with the actual names of your Web App and Key Vault.
You use GitHub for source control and project-related discussions. You receive a notification when an entry is made to any team discussion. You need to ensure that you receive email notifications only for discussions in which you commented or in which you are mentioned. Which two Notifications settings should you clear? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Participating
B. Automatically watch repositories
C. Automatically watch teams
D. Watching
Task 6
You have an Azure function hosted in an App Service plan named az400-38443478-funct
You need to configure az400 38443478-funcl lo update the functions automatically whenever new code is committed to the main branch of https://githubcom/Azure- Samples/functions-quickstart.
NOTE: Access to GitHub is blocked in the exam environment. Access to GitHub is NOT required to complete the task successfully.
Answer: See the solution below in explanation.
Explanation:
To configure your Azure Function az400-38443478-funct to automatically update whenever new code is committed to the main branch of the specified GitHub repository, you can use GitHub Actions for continuous deployment. Here’s how to set it up:
Create a GitHub Actions Workflow:
uk.co.certification.simulator.questionpool.PList@4179b6fc Define the Workflow:
Generate Deployment Credentials:
Store the Publish Profile as a GitHub Secret:
Configure the Workflow to Use the Secret: Here’s a sample GitHub Actions workflow snippet:
name: Deploy Azure Function
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest steps:
- uses: actions/checkout@v2
- name: Set up Python version uses: actions/setup-python@v2 with:
python-version: '3.x'
- name: Install dependencies run: |
pip install -r requirements.txt
- name: Deploy to Azure Functions uses: Azure/functions-action@v1 with:
app-name: az400-38443478-funct
publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} package: .
Replace the app-name with the name of your Azure Function App and ensure the Python version and dependencies match your application’s requirements.
By following these steps, your Azure Function will automatically update whenever new code is pushed to the main branch of the GitHub repository. This setup minimizes manual effort and ensures that your function app is always running the latest code.
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You need to recommend an integration strategy for the build process of a Java application.
The solution must meet the following requirements:
A. Yes
B. No
Explanation: To build and deploy Windows, Azure, and other Visual Studio solutions you'll need at least one Windows agent. Windows agents can also build Java and Android apps. The Azure Pipelines agent pool offers several virtual machine images to choose from, each including a broad range of tools and software. One such image is Windows Server 2019 with Visual Studio 2019.
Task 1
Navigate to https://dev.azure.com, select Start Free, and specify the following credentials:
•UserUsefl-42147509@ExamUsers.com
•Password: eWrSalD2!
Use the default setting to sign up for Azure DevOps and create an Azure DevOps organization. Once the organization is created. creates private project named Project1.
You need to add an external user that has an email address of Usfrr2- 42147S09@ExamUsers.com as a stakeholder of the User1 -42147509 Azure DevOps organization.
The user must be added to the most restrictive Azure DevOps group.
To complete this task, sign in to the Azure DevOps portal as Userl- 42147509©ExamUsers.com.
Answer: See the solution below in explanation.
Explanation:
Step 1: Sign Up for Azure DevOps Navigate to Azure DevOps. Click on Start Free.
Enter the credentials:
Follow the prompts to complete the sign-up process using the default settings.
Step 2: Create an Azure DevOps Organization
Once signed in, you will be prompted to create a new organization. Enter a name for your organization and select your region.
Click on Continue to create the organization.
Step 3: Create a Private Project
In your new organization, click on New Project. Name the project Project1.
Set the visibility to Private. Click on Create.
Step 4: Add an External User as a Stakeholder
Go to the Organization Settings. Under General, select Users.
Click on Add users.
Enter the email address: Usfrr2-42147S09@ExamUsers.com. Set the access level to Stakeholder.
Add the user to the most restrictive group, which is typically the Readers group. Click on Add to complete the process.
Step 5: Verify the User Addition
Ensure that the external user has been added successfully by checking the Users list.
Confirm that the user has the Stakeholder access level and is part of the Readers group.
By following these steps, you should be able to complete the task successfully. If you encounter any issues, feel free to ask for further assistance!
You have an Azure subscription that contains multiple Azure pipelines.
You need to deploy a monitoring solution for the pi*lines. The solution must meet the
following requirements:
A. directed monitoring
B. synthetic monitoring
C. analytics
D. Alert Management
You have a GitHub repository. You create a new repository in Azure DevOps. You need to recommend a procedure to clone the repository from GitHub to Azure DevOps. What should you recommend?
A. Create a webhook
B. Create a service connection for GitHub
C. From Import a Git repository, click Import
D. Create a pull request
E. Create a personal access token in Azure DevOps
Task 7
Initialize the default main branch, if it does not exist already
In the User 1-42147509 organization, you need to install the Microsoft Security DevOps extension.
Next, create a new starter pipeline named starter1 that will use the following starter code.
Ensure that starter! includes a task that executes the extension and uses the following input*:
•Command: run
•Policy aruredevops
•Publish: true
Save the pipeline to a new branch named starter
Answer: See the solution below in explanation.
Explanation:
Step 1: Initialize the Default Main Branch
Navigate to Azure DevOps:
Select Your Project:
Initialize the Main Branch:
Step 2: Install the Microsoft Security DevOps Extension
Navigate to Extensions: Search for the Extension: Install the Extension:
Step 3: Create a New Starter Pipeline
Navigate to Pipelines: Select the Repository: Configure the Pipeline:
trigger:
- starter
pool:
vmImage: 'windows-latest'
steps:
- task: MicrosoftSecurityDevOps@1 inputs:
command: 'run' policy: 'azuredevops' publish: true
Save the Pipeline:
By following these steps, you will have successfully initialized the main branch, installed the Microsoft Security DevOps extension, and created a new starter pipeline named starter1 that includes the specified task
You need to execute inline testing of an Azure DevOps pipeline that uses a Docker deployment model. The solution must prevent the results from being published to the pipeline. What should you use for the inline testing?
A. a single stage Dockerfile
B. an Azure Kubernetes Service (AKS) pod
C. a multi-stage Dockerfile
D. a Docker Compose file
Explanation: "Build and test with a multi-stage Dockerfile: build and tests execute inside the container using a multi-stage Docker file, as such test results are not published back to the pipeline.
Task 5
You plan to stoic signed images in an Azure Container Registry instance named az40038443478act1.
You need to modify the SKU for az40038443478aa1 to support the planned images. The solution must minimize costs.
Answer: See the solution below in explanation.
Explanation:
To store signed images in an Azure Container Registry (ACR) instance and support your planned images while minimizing costs, you need to modify the SKU of your ACR instance to one that supports content trust and image signing. Here’s how you can do it:
Determine the Appropriate SKU:
uk.co.certification.simulator.questionpool.PList@2a5ef8fe Modify the SKU of the ACR Instance:
By upgrading to the Premium SKU, you’ll be able to store signed images in your ACR instance. Remember to monitor your usage and costs to ensure they align with your budget and requirements.
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a
correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
You need to recommend an integration strategy for the build process of a Java application.
The solution must meet the following requirements:
A. Yes
B. No
Instead use Octopus Tentacle.
| Page 11 out of 41 Pages |
| Previous |