Answer:

B

Explanation:
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State
Configuration (DSC) node in an Azure Automation account.
Scenario: The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2019

Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-azurermautomationdscnode

Answer:

Explanation:
Step 1: Create a repository
A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos
on your computer, each stored in their own folder.
Step 2: Create a fork
Step 3: Add a build policy for the fork
Build policies help teams protect their important branches of development. Policies enforce your team's code quality and
change management standards.
Scenario:
Implement a code flow strategy for Project2 that will:
Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions

as the ones defined in the build policy of Project2.

Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/manage-your-branches

Answer:

Explanation:
Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.
Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet
The Import-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration
into Azure Automation.
Specify the path of an APS script that contains a single DSC configuration.
Example:
PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName
"ResourceGroup01" -SourcePath
"C:\DSC\client.ps1" -Force
This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17.
The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.
Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet
The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration
in Azure Automation.
References: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/import-
azurermautomationdscconfiguration https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/start-
azurermautomationdsccompilationjob Implement DevOps Development Processes

Answer:

Explanation:
Box 1: Shared Access Authorization token
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that
has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Box 2: Azure Storage with HTTPS access
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management
system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning application suite will include one multi-tier web application and two iOS mobile application. One
mobile application will be used by employees; the other will be used by customers.
Reference:
https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
Design a DevOps Strategy

Answer:

Explanation:
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that
has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management
system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One
mobile application will be used by employees; the other will be used by customers.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

Answer:

Explanation:
Box 1: Reader
Members of a group named Developers must be able to install packages.
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-
individuals, teams, and groups-to any access level.
Box 2: Owner
Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

Implement Dependency Management

Answer:

C

Explanation:
Scenario: Access to Azure DevOps must be restricted to specific IP addresses.
Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins
from certain geographies and address ranges.
Reference: https://www.rebeladmin.com/2018/08/step-step-guide-configure-location-based-conditional-access-policies/

Answer:

D

Explanation:
Scenario: Deploy App2 to an Azure virtual machine named VM1.
A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-
authenticate

Answer:

Explanation:
Woodgrove Bank plans to implement the following changes to the identity environment: Configure App1 to use a service

principal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Answer:

Explanation:
Scenario:

Continuous integration (CI) triggers cause a build to run whenever a push is made to the specified branches or a specified
tag is pushed.
Box 2: branch filter to include
You can specify branches to include and exclude. For example:
# specific branch build trigger: branches: include: - master - releases/* exclude: - releases/old*
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers

Answer:

C

Explanation:
The first thing to do is to declare your SonarQube server as a service endpoint in your VSTS/DevOps project settings.
Reference: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts-TFS

Answer:

C

Explanation:
Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within
Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within
Azure Container Registry to help you manage and modify container images across the container lifecycle.
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli

Answer:

Explanation:
Scenario:

Step 1: Sign in to Azure Devops by using an account that is assigned the Administrator service connection security role.
Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker
settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure
subscription.
Step 2: Create a personal access token..
A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage)
scope.
Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.
By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.
References:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts
https://mohitgoyal.co/2019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/
Implement Continuous Integration

Answer:

Explanation:
Scenario: Implement Project3, Project5, Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.
In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.
Step 2: Enable Gates.
Choose the pre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the
switch control in the Gates section.
Step 3: Add Query Work items.
Choose + Add and select the Query Work Items gate.
Configure the gate by selecting an existing work item query.

Note: A case for release gate is:
Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure
deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after
deployment.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals?view=azure-
devops#configure-gate Implement Dependency Management

Answer:

A

Explanation:
Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State
Configuration (DSC) node in an Azure Automation account.
Scenario: Current Technical Issue
The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure
Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.

Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-
azurermautomationdscnode?view=azurermps-6.13.0