microsoft az-400 practice test
Microsoft Azure DevOps Solutions
Note: Test Case questions are at the end of the exam
Question 1 Topic 6, Mixed Questions
DRAG DROP
You are configuring the Azure DevOps dashboard. The solution must meet the technical requirements.
Which widget should you use for each metric? To answer, drag the appropriate widgets to the correct metrics. Each widget
may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Answer:
Explanation:
Woodgrove Bank identifies the following technical requirements:
The Azure DevOps dashboard must display the metrics shown in the following table:
Box 1: Velocity
Velocity displays your team velocity. It shows what your team delivered as compared to plan.
Box 2: Release pipeline overview
Release pipeline overview shows the status of environments in a release definition.
Box 3: Query tile
Query tile displays the total number of results from a query.
Reference: https://docs.microsoft.com/en-us/azure/devops/report/dashboards/widget-catalog?view=azure-devops
Question 2 Topic 6, Mixed Questions
You are using GitHub as a source code repository.
You create a client-side Git hook on the commit-msg event. The hook requires that each commit message contain a custom
work item tag.
You need to make a commit that does not have a work item tag.
Which git commit parameter should you use?
- A. --squash
- B. --no-verify
- C. --message ''
- D. --no-post-rewrite
Answer:
B
Explanation:
The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.
Reference:
https://git-scm.com/docs/githooks
Question 3 Topic 6, Mixed Questions
You have Azure Pipelines and GitHub integrated as a source code repository.
The build pipeline has continuous integration enabled.
You plan to trigger an automated build whenever code changes are committed to the repository.
You need to ensure that the system will wait until a build completes before queuing another build.
What should you implement?
- A. path filters
- B. batch changes
- C. scheduled builds
- D. branch filters
Answer:
B
Explanation:
Batching CI runs
If you have many team members uploading changes often, you may want to reduce the number of runs you start. If you set
batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes
that have not yet been built.
Example:
# specific branch build with batching trigger:
batch: true branches: include: - master
To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running,
additional pushes B and C occur into the repository. These updates do not start new independent runs immediately. But after
the first run is completed, all pushes until that point of time are batched together and a new run is started.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github
Question 4 Topic 6, Mixed Questions
HOTSPOT
You are using PowerShell to administer Azure Log Analytics workspaces.
You need to list the available workspaces and their properties.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Get-AzResource
Use the following command to examine the access control mode for all workspaces in the subscription:
PowerShell
Get-AzResource -ResourceType Microsoft.OperationalInsights/workspaces -ExpandProperties | foreach {$_.Name + ": " +
$_.Properties.features.enableLogAccessUsingOnlyResourcePermissions Box 2: -ResourceType
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/manage-access
Question 5 Topic 6, Mixed Questions
HOTSPOT
You have an Azure virtual machine named VM1 that runs Linux.
You plan to deploy the Desired State Configuration (DSC) extension to VM1.
You need to grant the Log Analytics agent the appropriate directory permissions.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: rwx
The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the
command setfacl -m u:omsagent:rwx /tmp.
Box 2: /tmp
Deploying DSC to a Linux node uses the /tmp folder.
Reference: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-onboarding
Question 6 Topic 6, Mixed Questions
You have a project in Azure DevOps.
You plan to deploy a self-hosted agent by using an unattended configuration script.
Which two values should you define in the configuration script? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. authorization credentials
- B. the project name
- C. the deployment group name
- D. the organization URL
- E. the agent pool name
Answer:
A D
Explanation:
Unattended config:
The agent can be set up from a script with no human intervention. You must pass --unattended and the answers to all
questions.
To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set
up agents. All other responses are optional.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows
Question 7 Topic 6, Mixed Questions
HOTSPOT
Your company uses Git as a source code control system for a complex app named App1.
You plan to add a new functionality to App1.
You need to design a branching model for the new functionality.
Which branch lifetime and branch time should you use in the branching model? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Branch lifetime: Short-lived
Branch type: Feature
Feature branches are used when developing a new feature or enhancement which has the potential of a development
lifespan longer than a single deployment. When starting development, the deployment in which this feature will be released
may not be known. No matter when the feature branch will be finished, it will always be merged back into the master branch.
References: https://gist.github.com/digitaljhelms/4287848
Question 8 Topic 6, Mixed Questions
Your company has an on-premises Bitbucket Server that is used for Git-based source control. The server is protected by a
firewall that blocks inbound Internet traffic.
You plan to use Azure DevOps to manage the build and release processes.
Which two components are required to integrate Azure DevOps and Bitbucket? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.
- A. a deployment group
- B. a Microsoft-hosted agent
- C. service hooks
- D. a self-hosted agent
- E. an External Git service connection
Answer:
D E
Explanation:
E: GitLab CI/CD can be used with GitHub or any other Git server such as BitBucket. Instead of moving your entire project to
GitLab, you can connect your external repository to get the benefits of GitLab CI/ CD.
Note: When a pipeline uses a remote, 3rd-party repository host such as Bitbucket Cloud, the repository is configured with
webhooks that notify Azure Pipelines Server or TFS when code has changed and a build should be triggered. Since on-
premises installations are normally protected behind a firewall, 3rd-party webhooks are unable to reach the on-premises
server. As a workaround, you can use the External Git repository type which uses polling instead of webhooks to trigger a
build when code has changed.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/pipeline-options-for-git
Question 9 Topic 6, Mixed Questions
SIMULATION
You plan to deploy a website that will be hosted in two Azure regions.
You need to create an Azure Traffic Manager profile named az400123456789n1-tm in a resource group named
RG1lod123456789. The solution must ensure that users will always connect to a copy of the website that is in the same
country.
To complete this task, sign in to the Microsoft Azure portal.
Answer:
See explanation below.
Explanation:
1. Go to the Azure portal, navigate to Traffic Manager profiles and click on the Add button to create a routing profile.
2, In the Create Traffic Manager profile, enter, or select these settings:
Name: az400123456789n1-tm
Routing method: Geographic
Resource group: RG1lod123456789
Note: Traffic Manager profiles can be configured to use the Geographic routing method so that users are directed to specific
endpoints (Azure, External or Nested) based on which geographic location their DNS query originates from. This empowers
Traffic Manager customers to enable scenarios where knowing a users geographic region and routing them based on that is
important.
Reference:
https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-geographic-routing-capability-in-azure-traffic-
manager/
Question 10 Topic 6, Mixed Questions
You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft Visual Studio App Center.
What should you do?
- A. Select Register devices and sign my app.
- B. Create an active subscription in App Center Test.
- C. Create an unsigned build.
- D. Add the device owner to the collaborators group.
Answer:
A
Explanation:
The following diagram displays the entire app re-signing flow in App Center.
Incorrect Answers:
C: The application build must be signed.
D: The device owner does not need to be added.
Reference:
https://docs.microsoft.com/hu-hu/appcenter/distribution/auto-provisioning
Question 11 Topic 6, Mixed Questions
You are developing an iOS application by using Azure DevOps.
You need to test the application manually on 10 devices without releasing the application to the public.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Create a Microsoft Intune device compliance policy.
- B. Deploy a certificate from an internal certification authority (CA) to each device.
- C. Register the application in the iTunes store.
- D. Onboard the devices into Microsoft Intune.
- E. Distribute a new release of the application.
- F. Register the IDs of the devices in the Apple Developer portal.
Answer:
B F
Explanation:
B: Follow these steps to register the devices:
Select the Register devices button.
A dialog prompts for your username and password used in the Apple Developer portal.
Once you sign in with your Apple username and password, App Center adds the unprovisioned devices to both your Apple
developer account and the releases provisioning profile. Optionally you can upload a .p12 file to re-sign the app and
distribute it to the newly added devices. Read more on how to generate a .p12 file.
F: Registering a device means making it part of the list of devices on the Apple Developer portal that can then be included in
a provisioning profile.
Incorrect Answers:
C: Only register the application in the iTunes store when it is ready for public release.
Reference:
https://docs.microsoft.com/en-us/appcenter/distribution/auto-provisioning
Question 12 Topic 6, Mixed Questions
You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft Visual Studio App Center.
What should you do?
- A. Request the Apple ID associated with the user of each device.
- B. Register the devices on the Apple Developer portal.
- C. Create an active subscription in App Center Test.
- D. Add the device owner to the organization in App Center.
Answer:
B
Explanation:
When releasing an iOS app signed with an ad-hoc or development provisioning profile, you must obtain tester's device IDs
(UDIDs), and add them to the provisioning profile before compiling a release. When you enable the distribution group's
Automatically manage devices setting, App Center automates the before mentioned operations and removes the constraint
for you to perform any manual tasks. As part of automating the workflow, you must provide the user name and password for
your Apple ID and your production certificate in a .p12 format.
App Center starts the automated tasks when you distribute a new release or one of your testers registers a new device. First,
all devices from the target distribution group will be registered, using your Apple
ID, in your developer portal and all provisioning profiles used in the app will be generated with both new and existing device
ID. Afterward, the newly generated provisioning profiles are downloaded to App Center servers.
Reference:
https://docs.microsoft.com/en-us/appcenter/distribution/groups
Question 13 Topic 6, Mixed Questions
Your company develops an application named App1 that is deployed in production.
As part of an application update, a new service is being added to App1. The new service requires access to an application
named App2 that is currently in development.
You need to ensure that you can deploy the update to App1 before App2 becomes available. You must be able to enable the
service in App1 once App2 is deployed.
What should you do?
- A. Implement a feature flag.
- B. Create a fork in the build.
- C. Create a branch in the build.
- D. Implement a branch policy.
Answer:
A
Explanation:
Feature flags support a customer-first DevOps mindset, to enable (expose) and disable (hide) features in a solution, even
before they are complete and ready for release.
Incorrect Answers:
C: Branch policies are an important part of the Git workflow and enable you to:
Isolate work in progress from the completed work in your master branch Guarantee changes build before they get to
master
Reference:
https://docs.microsoft.com/en-us/azure/devops/migrate/phase-features-with-feature-flags
Question 14 Topic 6, Mixed Questions
Your company has a project in Azure DevOps for a new web application.
The company uses ServiceNow for change management.
You need to ensure that a change request is processed before any components can be deployed to the production
environment.
What are two ways to integrate ServiceNow into the Azure DevOps release pipeline? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
- A. Define a deployment control that invokes the ServiceNow REST API.
- B. Define a pre-deployment gate before the deployment to the Prod stage.
- C. Define a deployment control that invokes the ServiceNow SOAP API.
- D. Define a post-deployment gate after the deployment to the QA stage.
Answer:
B D
Explanation:
An example of a release pipeline that can be modeled through a release pipeline in shown below:
In this example, a release of a website is created by collecting specific versions of two builds (artifacts), each from a different
build pipeline. The release is first deployed to a Dev stage and then forked to two QA stages in parallel. If the deployment
succeeds in both the QA stages, the release is deployed to Prod ring 1 and then to Prod ring 2. Each production ring
represents multiple instances of the same website deployed at various locations around the globe.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/release
Question 15 Topic 6, Mixed Questions
HOTSPOT
You have a project in Azure DevOps.
You plan to create a build pipeline that will deploy resources by using Azure Resource Manager templates. The templates
will reference secrets stored in Azure Key Vault.
You need to ensure that you can dynamically generate the resource ID of the key vault during template deployment.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: "Microsoft.Resources/deployments"
Reference a secret with dynamic ID. You need to reference a key vault secret that varies based on the current deployment.
Example:
"resources": [
{
"name": "dynamicSecret",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"templateLink": {
Box 2: "templateLink"
In your parent template, you add the linked template and pass in a parameter that contains the dynamically generated
resource ID.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter