Topic 5, Labs & Tasks

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.
Solution: Implement Continuous Assurance for the project.
Does this meet the goal?

A. Yes

B. No

A.   Yes

Explanation:
The basic idea behind Continuous Assurance (CA) is to setup the ability to check for "drift" from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a 'state' as opposed to a 'point in time' achievement. This is particularly important in today's context when 'continuous change' has become a norm. There can be two types of drift:
Drift involving 'baseline' configuration: This involves settings that have a fixed number of possible states (often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF…or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days.
Drift involving 'stateful' configuration: There are settings which cannot be constrained within a finite set of well-known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered 'secure' or not. However, once that is done, it is important to ensure that there is no "stateful drift" from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger 'auto-remediation' depending on the severity of the change).

You have an Azure subscription that contains resources in several resource groups. You need to design a monitoring strategy that will provide a consolidated view. The solution must support the following requirements:

  • Support role-based access control (RBAC) by using Azure Active Directory (Azure AD) identities.
  • Include visuals from Azure Monitor that are generated by using the Kusto query language.
  • Support documentation written in markdown.
  • Use the latest data available for each visual.
What should you use to create the consolidated view?

A. Azure Data Explorer

B. Azure dashboards

C. Azure Monitor

D. Microsoft Power Bl

A.   Azure Data Explorer

Explanation: There are several tools available for running queries in Azure Data Explorer, including Kusto. Kusto uses a role-based access control (RBAC) model, under which authenticated principals are mapped to roles, and get access according to the roles they're assigned. Note: Azure Data Explorer is a highly scalable and secure analytics service that enables you to do rich exploration of structured and unstructured data for instant insights. Optimized for ad-hoc queries, Azure Data Explorer enables rich data exploration over raw, structured, and semi-structured data delivering fast time to insight. Query with a modern, intuitive query language that offers fast, ad-hoc, and advanced query capabilities over high-rate data volumes and varieties

Your company uses Azure DevOps for Get source control.
You have a project in Azure DevOps named Contoso App that contains the following repositories:
https://dev.azure.com/contoso/contoso-app/core-api
https://dev.azure.com/contoso/contoso-app/core-spa
https://dev.azure.com/contoso/contoso-app/core-db
You need to ensure that developers receive Slack notifications when there are pull requests created for Contoso App.
What should you run in Slack? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table. Project1 produces 9pm packages that are published to Feed1. Feed1 is consumed by multiple projects. You need to ensure that only tested packages are available for consumption. The solution must minimize development effort. What should you do?

A. Create a feed view named @default. After the 9pm packages test successfully, configure a release pipeline that tags the packages as release.

B. Create a feed view named @release and set @release as the default view. After the 9pm packages test successfully, configure a release pipeline that tags the packages as release.

C. Create a feed view named @release and set @release as the default view After the 9pm packages test successfully, configure a release pipeline that promotes a package to the @release view.

D. Create a feed view named @default. After the 9pm packages test successfully, configure a release pipeline that promotes a package to the @default view.

C.   Create a feed view named @release and set @release as the default view After the 9pm packages test successfully, configure a release pipeline that promotes a package to the @release view.

Explanation:
By creating a feed view named "release" and setting it as the default view, packages that are published to the feed will not be immediately available for consumption. After the 9pm packages are tested successfully, you can configure a release pipeline that promotes a package to the @release view. This ensures that only tested packages are available for consumption and minimizes development effort as it doesn't require any additional steps to be taken by the consumer of the feed.

You have an Azure Kubernetes Service (AKSJ pod that hosts an app named App1.
You need to configure the AKS container to restart automatically if the container stops responding. The solution must check the status of App1 once every three seconds.
How should you complete the deployment? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has a project in Azure DevOps for a new web application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select Batch changes while a build is in progress.
Does this meet the goal?

A. Yes

B. No

B.   No

Explanation:
Use a Pull request trigger.
Note: Batch changes
Select this check box if you have a lot of team members uploading changes often and you want to reduce the number of builds you are running. If you select this option, when a build is running, the system waits until the build is completed and then queues another build of all changes that have not yet been built.

You manage build and release pipelines by using Azure DevOps. Your entire managed environment resides in Azure.
You need to configure a service endpoint for accessing Azure Key Vault secrets. The solution must meet the following requirements:
Ensure that the secrets are retrieved by Azure DevOps.
Avoid persisting credentials and tokens in Azure DevOps.
How should you configure the service endpoint? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.




Box 1: Azure Pipelines service connection
Box 2: Managed Service Identity Authentication
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.

Your company hosts a web application in Azure. The company uses Azure Pipelines for the build and release management of the application. Stakeholders report that the past few releases have negatively affected system performance. You configure alerts in Azure Monitor. You need to ensure that new releases are only deployed to production if the releases meet defined performance baseline criteria in the staging environment first. What should you use to prevent the deployment of releases that fall to meet the performance baseline?

A. an Azure Scheduler job

B. a trigger

C. a gate

D. an Azure function

C.   a gate

Explanation:
Scenarios and use cases for gates include:
Quality validation. Query metrics from tests on the build artifacts such as pass rate or code coverage and deploy only if they are within required thresholds.
Use Quality Gates to integrate monitoring into your pre-deployment or post-deployment. This ensures that you are meeting the key health/performance metrics (KPIs) as your applications move from dev to production and any differences in the infrastructure environment or scale is not negatively impacting your KPIs.
Note: Gates allow automatic collection of health signals from external services, and then promote the release when all the signals are successful at the same time or stop the deployment on timeout. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems.

You have an Azure DevOps organization named Contoso. You need to recommend an authentication mechanism that meets the following requirements:

  • Supports authentication from Get
  • Minimizes the need to provide credentials during authentication
What should you recommend?

A. managed identities in Azure Active Directory (Azure AD)

B. personal access tokens (PATs) in Azure DevOps

C. user accounts in Azure Active Directory (Azure AD)

D. Alternate credentials in Azure DevOps

B.   personal access tokens (PATs) in Azure DevOps

Explanation: Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.

You are creating a YAML-based Azure pipeline to deploy an Azure Data factory instance that has the following requirements;
• If a Data Factory instance exists already, the instance must be overwritten.
• No other resources in a resource group named Fabrikam must be affected.
How should you complete the code? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer: see the answer below.

Explanation:
Answer is below
Page 14 out of 49 Pages
PreviousNext
789101112131415161718192021
Microsoft AZ-400 Practice Test Home