ExamGecko
Search Search Login
Home Home / Microsoft / AZ-400

Microsoft AZ-400 Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

SIMULATION Task 8 Initialize the default main branch, if it does not exist already. In Project 1, you need to create a new Azure Pipelines YAML pipeline by using the ASP.NET template. The pipeline must use Azure Repos as the hosting platform and must be created in a new branch named azure-pipelines.
SIMULATION Task 3 You need to create a new team dashboard named Dashboard1 for the default project team of Project1. The dashboard must display the members of the team
You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?
SIMULATION Task 7 Initialize the default main branch, if it does not exist already In the User 1-42147509 organization, you need to install the Microsoft Security DevOps extension. Next, create a new starter pipeline named starter1 that will use the following starter code. Ensure that starter! includes a task that executes the extension and uses the following input*: * Command: run * Policy aruredevops * Publish: true Save the pipeline to a new branch named starter
HOTSPOT You use Azure Pipelines to manage the build and deployment of apps. You are planning the release strategies for a new app. You need to choose strategies for the following scenarios: Releases will be made available to users who are grouped by their tolerance for software faults. Code will be deployed to enable functionality that will be available in later releases of the app. When a new release occurs, the existing deployment will remain active to minimize recovery time if a return to the previous version is required. Which strategy should you choose for each scenario? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SIMULATION You plan to deploy a website that will be hosted in two Azure regions. You need to create an Azure Traffic Manager profile named az40011566895n1-tm in a resource group named RG1lod11566895. The solution must ensure that users will always connect to a copy of the website that is in the same country. To complete this task, sign in to the Microsoft Azure portal.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure pipeline that is used to deploy a web app. The pipeline includes a test suite named TestSuite1. TestSuite1 is used to validate the operations of the web app. TestSuite1 fails intermittently. You identify that the failures are unrelated to changes in the source code and execution environment. You need to minimize troubleshooting effort for the TestSuite1 failures. Solution: You increase code coverage. Does this meet the goal?
Your company has a release pipeline in an Azure DevOps project. You plan to deploy to an Azure Kubernetes Services (AKS) cluster by using the Helm package and deploy task. You need to install a service in the AKS namespace for the planned deployment. Which service should you install?
DRAG DROP You have a project in Azure DevOps. You need to associate an automated test to a test case. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure DevOps organization named Contoso. You need to recommend an authentication mechanism that meets the following requirements: Supports authentication from Git Minimizes the need to provide credentials during authentication What should you recommend?

Question 171

Report
Export
Collapse

DRAG DROP

You are configuring an Azure DevOps deployment pipeline. The deployed application will authenticate to a web service by using a secret stored in an Azure key vault.

You need to use the secret in the deployment pipeline.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 171
Correct answer: Question 171

Explanation:

Step 1: Create a service principal in Azure Active Directory (Azure AD).

You will need a service principal to deploy an app to an Azure resource from Azure Pipelines.

Step 2: Configure an access policy in the key vault.

You need to secure access to your key vaults by allowing only authorized applications and users. To access the data from the vault, you will need to provide read (Get) permissions to the service principal that you will be using for authentication in the pipeline.

Select Access policy and then select + Add Access Policy to setup a new policy.

Step 3: Add an Azure Resource Manager service connection to the pipeline

You need to authorize the pipeline to deploy to Azure:

1. Select Pipelines | Pipelines,

2. Go to Releases under Pipelines and then select and Edit your pipeline.

3. Under Tasks, notice the release definition for Dev stage has a Azure Key Vault task. This task downloads Secrets from an Azure Key Vault. You will need to point to the subscription and the Azure Key Vault resource.

4. Click Manage, this will redirect to the Service connections page.

5. Click on New Service connection -> Azure Resource Manager -> Service Principal (manual). Fill the information from previously created service principal.

Reference:

https://azuredevopslabs.com/labs/vstsextend/azurekeyvault/

Question 172

Report
Export
Collapse

DRAG DROP

You have a private project in Azure DevOps and two users named User1 and User2.

You need to add User1 and User2 to groups to meet the following requirements:

User1 must be able to create a code wiki.

User2 must be able to edit wiki pages.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 172
Correct answer: Question 172

Explanation:

User1: Project Administrators

You must have the permission Create Repository to publish code as wiki. By default, this permission is set for members of the Project Administrators group.

User2: Contributors

Anyone who is a member of the Contributors security group can add or edit wiki pages.

Anyone with access to the team project, including stakeholders, can view the wiki.

Reference:

https://docs.microsoft.com/en-us/azure/devops/project/wiki/wiki-create-repo

Question 173

Report
Export
Collapse

HOTSPOT

Your company has an Azure subscription.

The company requires that all resource group in the subscription have a tag named organization set to a value of Contoso.

You need to implement a policy to meet the tagging requirement.

How should you complete the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 173
Correct answer: Question 173

Explanation:

Box 1: " Microsoft.Resources/subscriptions/resourceGroups"

Box 2: "Deny",

Sample - Enforce tag and its value on resource groups

},

"policyRule": {

"if": {

"allOf": [

{

"field": "type",

"equals": "Microsoft.Resources/subscriptions/resourceGroups"

},

{

"not": {

"field": "[concat('tags[',parameters('tagName'), ']')]",

"equals": "[parameters('tagValue')]"

}

}

]

},

"then": {

"effect": "deny"

}

}

}

}

References:

https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-on-resource-groups

Question 174

Report
Export
Collapse

DRAG DROP

You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled.

You plan to use Azure Container Instances as a hosted development environment to run containers in the AKS implementation.

You need to configure Azure Container Instances as a hosted environment for running the containers in AKS.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 174
Correct answer: Question 174

Explanation:

Step 1: Create a YAML file.

If your AKS cluster is RBAC-enabled, you must create a service account and role binding for use with Tiller. To create a service account and role binding, create a file named rbac-virtual-kubelet.yaml

Step 2: Run kubectl apply.

Apply the service account and binding with kubectl apply and specify your rbac-virtual-kubelet.yaml file.

Step 3: Run helm init.

Configure Helm to use the tiller service account:

helm init --service-account tiller

You can now continue to installing the Virtual Kubelet into your AKS cluster.

References: https://docs.microsoft.com/en-us/azure/aks/virtual-kubelet

Question 175

Report
Export
Collapse

DRAG DROP

You are implementing a package management solution for a Node.js application by using Azure Artifacts.

You need to configure the development environment to connect to the package repository. The solution must minimize the likelihood that credentials will be leaked.

Which file should you use to configure each connection? To answer, drag the appropriate files to the correct connections. Each file may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 175
Correct answer: Question 175

Explanation:

All Azure Artifacts feeds require authentication, so you'll need to store credentials for the feed before you can install or publish packages. npm uses .npmrc configuration files to store feed URLs and credentials. Azure DevOps Services recommends using two .npmrc files.

Feed registry information: The .npmrc file in the project

One .npmrc should live at the root of your git repo adjacent to your project's package.json. It should contain a "registry" line for your feed and it should not contain credentials since it will be checked into git.

Credentials: The .npmrc file in the user's home folder

On your development machine, you will also have a .npmrc in $home for Linux or Mac systems or $env.HOME for win systems. This .npmrc should contain credentials for all of the registries that you need to connect to. The NPM client will look at your project's .npmrc, discover the registry, and fetch matching credentials from $home/.npmrc or $env.HOME/.npmrc.

References:

https://docs.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=windows

Question 176

Report
Export
Collapse

HOTSPOT

You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.

You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 176
Correct answer: Question 176

Explanation:

Box 1: A Build task

Trigger a build

You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.

1. Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build. 2. To view the build in progress status, click on ellipsis and select View build results.

Box 2: WhiteSource Bolt

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated de?nitive database of open source repositories.

References:

https://www.azuredevopslabs.com/labs/vstsextend/whitesource/

Question 177

Report
Export
Collapse

DRAG DROP

You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.

You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.

Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.


Question 177
Correct answer: Question 177

Explanation:

Step 1 : az acr create

An Azure Container Registry (ACR) can also be created using the new Azure CLI.

az acr create

--name <REGISTRY_NAME>

--resource-group <RESOURCE_GROUP_NAME>

--sku Basic

Step 2: az ad sp create-for-rbac

Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.

az ad sp create-for-rbac

--scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME> --role Contributor

--name <SERVICE_PRINCIPAL_NAME>

Step 3: kubectl create

Create a new Kubernetes Secret.

kubectl create secret docker-registry <SECRET_NAME>

--docker-server <REGISTRY_NAME>.azurecr.io

--docker-email <YOUR_MAIL>

--docker-username=<SERVICE_PRINCIPAL_ID>

--docker-password <YOUR_PASSWORD>

References:

https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes

Question 178

Report
Export
Collapse

DRAG DROP

You have a project in Azure DevOps named Project1 that contains two Azure DevOps pipelines named Pipeline1 and Pipeline2. You need to ensure that Pipeline1 can deploy code successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2 does not have permission to webapp1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 178
Correct answer: Question 178

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops

Question 179

Report
Export
Collapse

DRAG DROP

You need to increase the security of your team’s development process.

Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 179
Correct answer: Question 179

Explanation:

Box 1: Threat modeling -

Threat modeling’s motto should be, “The earlier the better, but not too late and never ignore.”

Box 2: Static code analysis -

Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.

Box 3: Penetration testing -

Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.

Reference:

https://docs.microsoft.com/en-us/azure/devops/articles/security-validation-cicd-pipeline?view=vsts

Question 180

Report
Export
Collapse

You configure an Azure Application Insights availability test.

You need to notify the customer services department at your company by email when availability is degraded. You create an Azure logic app that will handle the email and follow up actions.

Which type of trigger should you use to invoke the logic app?

A.
an HTTPWebhook trigger
A.
an HTTPWebhook trigger
Answers
B.
an HTTP trigger
B.
an HTTP trigger
Answers
C.
a Request trigger
C.
a Request trigger
Answers
D.
an ApiConnection trigger
D.
an ApiConnection trigger
Answers
Suggested answer: A

Explanation:

You can use webhooks to route an Azure alert notification to other systems for post-processing or custom actions. You can use a webhook on an alert to route it to services that send SMS messages, to log bugs, to notify a team via chat or messaging services, or for various other actions.

Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-webhooks

Total 482 questions
Go to page: of 49
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms