Questions for the AZ-400 were updated on : Oct 04 ,2024
You add the virtual machines as managed nodes in Azure Automation State Configuration.
You need to configure the managed computers in Pool7.
What should you do next?
B
Explanation:
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State
Configuration (DSC) node in an Azure Automation account.
Scenario: The Azure DevOps organization includes:
The Docker extension
A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2019
Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-azurermautomationdscnode
DRAG DROP
You need to implement the code flow strategy for Project2 in Azure DevOps.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a repository
A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos
on your computer, each stored in their own folder.
Step 2: Create a fork
Step 3: Add a build policy for the fork
Build policies help teams protect their important branches of development. Policies enforce your team's code quality and
change management standards.
Scenario:
Implement a code flow strategy for Project2 that will:
Enable Team2 to submit pull requests for Project2.
Enable Team2 to work independently on changes to a copy of Project2.
Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions
as the ones defined in the build policy of Project2.
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/manage-your-branches
DRAG DROP
You need to configure Azure Automation for the computers in Pool7.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:
Explanation:
Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.
Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet
The Import-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration
into Azure Automation.
Specify the path of an APS script that contains a single DSC configuration.
Example:
PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName
"ResourceGroup01" -SourcePath
"C:\DSC\client.ps1" -Force
This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17.
The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.
Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet
The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration
in Azure Automation.
References: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/import-
azurermautomationdscconfiguration https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/start-
azurermautomationdsccompilationjob Implement DevOps Development Processes
HOTSPOT
How should you configure the release retention policy for the investment planning depletions suite? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: Shared Access Authorization token
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that
has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Box 2: Azure Storage with HTTPS access
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management
system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning application suite will include one multi-tier web application and two iOS mobile application. One
mobile application will be used by employees; the other will be used by customers.
Reference:
https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
Design a DevOps Strategy
HOTSPOT
You need to configure a cloud service to store the secrets required by the mobile applications to call the share pricing
service.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Every request made against a storage service must be authorized, unless the request is for a blob or container resource that
has been made available for public or signed access. One option for authorizing a request is by using Shared Key.
Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management
system. Until the system is upgraded, the service will only support basic authentication over HTTPS.
The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One
mobile application will be used by employees; the other will be used by customers.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
DRAG DROP
Which package feed access levels should be assigned to the Developers and Team Leaders groups for the investment
planning applications suite? To answer, drag the appropriate access levels to the correct groups. Each access level may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Explanation:
Box 1: Reader
Members of a group named Developers must be able to install packages.
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-
individuals, teams, and groups-to any access level.
Box 2: Owner
Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.
Implement Dependency Management
You need to meet the technical requirements for controlling access to Azure DevOps.
What should you use?
C
Explanation:
Scenario: Access to Azure DevOps must be restricted to specific IP addresses.
Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins
from certain geographies and address ranges.
Reference: https://www.rebeladmin.com/2018/08/step-step-guide-configure-location-based-conditional-access-policies/
You need to configure Azure Pipelines to control App2 builds.
Which authentication method should you use?
D
Explanation:
Scenario: Deploy App2 to an Azure virtual machine named VM1.
A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.
Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-
authenticate
DRAG DROP
You need to configure authentication for App1. The solution must support the planned changes.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area
and arrange them in the correct order.
Select and Place:
Explanation:
Woodgrove Bank plans to implement the following changes to the identity environment: Configure App1 to use a service
principal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
HOTSPOT
How should you configure the filters for the Project5 trigger? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Scenario:
Continuous integration (CI) triggers cause a build to run whenever a push is made to the specified branches or a specified
tag is pushed.
Box 2: branch filter to include
You can specify branches to include and exclude. For example:
# specific branch build trigger: branches: include: - master - releases/* exclude: - releases/old*
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers
In Azure DevOps, you create Project3.
You need to meet the requirements of the project.
What should you do first?
C
Explanation:
The first thing to do is to declare your SonarQube server as a service endpoint in your VSTS/DevOps project settings.
Reference: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts-TFS
You need to implement Project4.
What should you do first?
C
Explanation:
Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.
You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within
Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within
Azure Container Registry to help you manage and modify container images across the container lifecycle.
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli
DRAG DROP
You need to recommend a procedure to implement the build agent for Project1.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.
Select and Place:
Explanation:
Scenario:
Step 1: Sign in to Azure Devops by using an account that is assigned the Administrator service connection security role.
Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker
settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure
subscription.
Step 2: Create a personal access token..
A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage)
scope.
Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.
By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.
References:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts
https://mohitgoyal.co/2019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/
Implement Continuous Integration
DRAG DROP
You need to implement Project6.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:
Explanation:
Scenario: Implement Project3, Project5, Project6, and Project7 based on the planned changes
Step 1: Open the release pipeline editor.
In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.
Step 2: Enable Gates.
Choose the pre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the
switch control in the Gates section.
Step 3: Add Query Work items.
Choose + Add and select the Query Work Items gate.
Configure the gate by selecting an existing work item query.
Note: A case for release gate is:
Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure
deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after
deployment.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals?view=azure-
devops#configure-gate Implement Dependency Management
To resolve the current technical issue, what should you do to the Register-AzureRmAutomationDscNode command?
A
Explanation:
Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.
The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State
Configuration (DSC) node in an Azure Automation account.
Scenario: Current Technical Issue
The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure
Automation State Configuration fails to correct the configurations.
Azure Automation State Configuration nodes are registered by using the following command.
Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-
azurermautomationdscnode?view=azurermps-6.13.0