Microsoft AZ-400 Microsoft Azure DevOps Solutions Exam Practice Test

Add a slot

1. In the Azure portal, search for and select App Services and select your app az400-11566895-main.

2. In the left pane, select Deployment slots > Add Slot.

3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

4. After the slot is added, select Close to close the dialog box. The new slot is now shown on the Deployment slots page.

With the storage account ready, you can configure backs up in the web app or App Service.

Open the App Serviceaz400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup Configuration blade should appear.

Select the storage account.

Click + to create a private container. You could name this container after the web app or App Service.

Select the container.

If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours

Select your retention. Note that 0 means never delete backups.

Decide if at least onebackup should always be retained.

Choose if any connected databases should be included in the web app backup.

Click Save to finalize the backup configuration.

1.Go to the Azure portal, navigate to Traffic Manager profiles and click on the Add button to create a routing profile.

2. In the Create Traffic Manager profile, enter, or select these settings:

Name: az40011566895n1-tm

Routing method: Geographic

Resource group: RG1lod11566895

Note: Traffic Manager profiles can be configured to use the Geographic routing method so that users are directed to specific endpoints (Azure, External or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important.

To configure your Azure Functionaz400-38443478-functto automatically update whenever new code is committed to the main branch of the specified GitHub repository, you can use GitHub Actions for continuous deployment. Here’s how to set it up:

Create a GitHub Actions Workflow:

In your GitHub repository, navigate to the.github/workflows/directory.

Create a new file for your workflow (e.g.,azure-function-cd.yml).

Define the Workflow:

In the workflow file, define the steps for the build and deployment process.

Use theAzure/functions-actionto deploy to your Azure Function App.

Set up triggers for themainbranch to initiate the workflow on every commit.

Generate Deployment Credentials:

In the Azure Portal, navigate to your Function Appaz400-38443478-funct.

Download the publish profile from theOverviewsection by clicking onGet publish profile.

Store the Publish Profile as a GitHub Secret:

In your GitHub repository, go toSettings>Secrets and variables>Actions.

Create a new secret (e.g.,AZURE_FUNCTIONAPP_PUBLISH_PROFILE) and paste the content of the publish profile.

Configure the Workflow to Use the Secret:

In the workflow file, reference the secret to authenticate the deployment to Azure.

Here’s a sample GitHub Actions workflow snippet:

name: Deploy Azure Function

on:

push:

branches:

- main

jobs:

build-and-deploy:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- name: Set up Python version

uses: actions/setup-python@v2

with:

python-version: '3.x'

- name: Install dependencies

run: |

pip install -r requirements.txt

- name: Deploy to Azure Functions

uses: Azure/functions-action@v1

with:

app-name: az400-38443478-funct

publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }}

package: .

Replace theapp-namewith the name of your Azure Function App and ensure the Python version and dependencies match your application’s requirements.

By following these steps, yourAzure Function will automatically update whenever new code is pushed to the main branch of the GitHub repository. This setup minimizes manual effort and ensures that your function app is always running the latest code.

Step 1: Create an Action Group

Navigate to Azure Portal:

Go to Azure Portal and sign in with your credentials.

Access Azure Monitor:

In the left-hand menu, select Monitor.

Create ActionGroup:

Under Alerts, select Action groups.

Click on + Create.

Configure Basic Settings:

Subscription: Select your subscription.

Resource Group: Select RG1 lod42147S09.

Action Group Name: Enter DevOpsAG.

Display Name: Enter a display name for the action group.

Step 2: Define Actions

Add Email Notifications:

Click on Add action.

Action Type: Select Email/SMS message/Push/Voice.

Action Name: Enter a name for the action (e.g., EmailAdmins).

Email: Enter admin1@contoso.com and admin2@contoso.com.

Click OK.

Notify Resource Owners:

Click on Add action again.

Action Type: Select Email/SMS message/Push/Voice.

Action Name: Enter a name for the action (e.g., NotifyOwners).

Email: Select Notify all owners.

Click OK.

Step 3: Enable Common Alert Schema

Common Alert Schema:

In the Advanced tab, enable the Common alert schema option1.

Step 4: Review and Create

Review:

Review all the settings you have configured.

Create:

Click on Review + create and then Create.

By following these steps, you will have successfully created an action group named DevOpsAG that emails the specified users and notifies resource owners using the common alert schema

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Goto Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Enable Squash Merge for the Main Branch

Navigate to Branch Policies:

Go to Repos > Branches.

Find the main branch and click on the … (ellipsis) next to it.

Select Branch policies.

Enable Squash Merge:

Under Policies, scroll down to the Merge strategy section.

Select Squash merge as the required mergestrategy2.

Save Changes:

Click on Save changes to apply the policies.

Step 3: Verify the Squash Merge Policy

Create a Pull Request:

Make achange in a branch and create a pull request to merge it into the main branch.

Complete the Pull Request:

Ensure that the pull request uses thesquash merge strategy by selecting Squash commit under the Merge type in the Complete pull request dialog

1. Open Microsoft Azure Portal and Log into your Azure account.

2. Select network security group (NSG) named az400-9940427-nsg1

3. Select Settings, Outbound security rules, and click Add

4. Click Advanced

5. Change the following settings:

Destination Port range: 8080

Protocol. TCP

Action: Allow

Note: Bydefault, Azure DevOps Server uses TCP Port 8080.

1. Open Microsoft Azure Portal

2. Log into your Azure account, select App Services in the Azure portal left navigation, and then select configureaz400-9940427-func1.

3. On the app page, select Deployment Center in the left menu.

4. On the Build provider page, select Azure Pipelines (Preview), and then select Continue.

5. On the Configure page, in the Code section:

For GitHub, drop down and select the Organization, Repository, and Branch you want to deploy continuously.

6. Select Continue.

7. On the Test page, choose whether to enable load tests, and then select Continue.

8. Depending on your App Service plan pricing tier, you may see a Deployto staging page. Choose whether to enable deployment slots, and then select Continue.

9. After you configure the build provider, review the settings on the Summary page, and then select Finish.

To ensure that your Azure Web App namedaz400-38443478-maincan retrieve secrets from an Azure Key Vault namedaz400-3844J478-kv1using a system managed identity with the principle of least privilege, follow these detailed steps:

Enable a System Managed Identity for the Azure Web App:

Navigate to the Azure Portal.

Go to the Azure Web Appaz400-38443478-main.

SelectIdentityunder theSettingssection.

In theSystem assignedtab, switch theStatustoOn.

ClickSaveto apply the changes.

Grant the Web App Access to the Key Vault:

Go to the Azure Key Vaultaz400-3844J478-kv1.

SelectAccess policiesunder theSettingssection.

Click onAdd Access Policy.

ChooseSecret permissionsand selectGetandList. This grants the app the ability to read secrets, adhering to the principle of least privilege.

Click onSelect principal, search for your Web App nameaz400-38443478-main, and select it.

ClickAddto add the policy.

Don’t forget to clickSaveto save the access policy changes.

Retrieve Secrets in the Web App Code:

In your Web App’s code, use the Azure SDK to retrieve the secrets.

For example, in a .NET application,you can use theAzure.IdentityandAzure.Security.KeyVault.Secretsnamespaces.

Utilize theDefaultAzureCredentialclass which will automatically use the system managed identity when running on Azure.

using Azure.Identity;

usingAzure.Security.KeyVault.Secrets;

var client = new SecretClient(new Uri(" "), new DefaultAzureCredential());

KeyVaultSecret secret = await client.GetSecretAsync("my-secret-name");

string secretValue =secret.Value;

Replace"my-secret-name"with the actual name of the secret you want to retrieve.

By following these steps, your Azure Web App will be able to securely retrieve secrets from the Azure Key Vault using a system managed identity, without needingto store credentials in the code, and adhering to the principle of least privilege. Remember to replace the placeholder names with the actual names of your Web App and Key Vault.

Step 1: Create a Project Wiki

Navigate to Azure DevOps:

Go to Azure DevOps and sign inwith your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Create a Wiki:

In the left-hand menu, select Wiki.

Click on Create project wiki.

Enter the name Wiki1 and click Create.

Step 2: Add Mermaid Syntax to Render a Diagram

Open the Wiki Page:

Navigate to the newly created Wiki1.

Edit the Wiki Page:

Click on Edit to start editing the wiki page.

Insert Mermaid Diagram:

Use the following Mermaid syntax to render a diagram. For example, to render a simple flowchart, you canuse:

```mermaid

graph TD;

A-->B;

A-->C;

B-->D;

C-->D;

Save the Page:

Click on Save to save your changes.

Step 3: Render the TCP Handshake Diagram

Convert TCPHandshake.png to Mermaid Syntax:

Since you have a sample diagram in C:\Resources\TCPHandshake.png, you need to convert this diagram into Mermaid syntax. Here’s an example of how a TCP handshake might look in Mermaid syntax:

```mermaid

sequenceDiagram

participant Client

participant Server

Client->>Server: SYN

Server-->>Client: SYN-ACK

Client->>Server: ACK

Add the Diagram to the Wiki:

Replace the sample Mermaid syntax with the TCP handshake diagram syntax in the wiki page.

Save the Page:

Click on Save to save your changes.

By following these steps, you will have created a project wiki named Wiki1 and used Mermaid syntax to render a diagram

Task 7: Create a Pipeline to Deploy a Docker Image in a New Branch

Step 1: Create a New Branch

In your Azure DevOps Project (Project1), navigate to Repos.

In the left menu, click on Branches.

Click New branch.

Enter:

Branch name: azure-pipelines

Based on: main (or your default branch)

Click Create.

This creates a new branch named azure-pipelines.

Step 2: Switch to the New Branch

In Repos, click on Files.

In the top-left branch selector, choose azure-pipelines.

Step 3: Use the Predefined Docker Pipeline Template

Azure Pipelines has predefined YAML templates for common tasks, including Docker.

Here’s how to add it:

In the azure-pipelines branch, click New file.

Name the file: azure-pipelines.yml.

Click the Show templates button in the YAML editor (if available).

Search for the Docker template in the list of predefined templates.

Select the Docker template to auto-populate the YAML file.

If the editor doesn’t show the template picker, you can manually add the following basic Docker pipeline template:

yaml

Copy

# Predefined Docker pipeline template

trigger:

- main

resources:

- repo: self

variables:

imageName: 'mydockerimage'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

pool:

vmImage: 'ubuntu-latest'

steps:

- task: Docker@2

displayName: Build and push an image to container registry

inputs:

command: buildAndPush

repository: $(imageName)

dockerfile: '**/Dockerfile'

containerRegistry: ''

tags: |

latest

Replace with your actual Azure Container Registry (ACR) or DockerHub service connection name.

Step 4: Commit the Pipeline to the New Branch

In the YAML editor, review and adjust if needed (like setting the correct container registry service connection).

In the bottom commit message box:

Message: e.g., Add Docker deployment pipeline

Ensure the branch is set to azure-pipelines.

Click Commit (not commit to main).

This creates the pipeline YAML file in the new azure-pipelines branch.

Step 5: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines.

Click New pipeline.

Choose:

Azure Repos Git.

Select your repo.

Select Existing Azure Pipelines YAML file.

In the branch selector, choose the azure-pipelines branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and then Run to validate the pipeline.

Step 1: To create a general-purpose v2 storage account in the Azure portal, follow these steps:

On the Azure portal menu, select All services. In the list of resources,type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.

On the Storage Accounts window that appears, choose Add.

Select the subscription in which to create the storage account.

Under the Resource group field, select RG1lod11566895

Next, enter a name for your storage account named: az400lod11566895stor

Select Create.

Step 2: Enable boot diagnostics on existing virtual machine

To enable Boot diagnostics on an existing virtual machine, follow these steps:

1.Sign in to the Azure portal, and then select the virtual machine VM1.

2. In the Support + troubleshooting section, select Boot diagnostics, then select the Settings tab.

3. In Boot diagnostics settings, change the status to On, and from the Storage account drop-down list, select the storage account az400lod11566895stor.

4. Save the change.

You must restart the virtual machine for the change to take effect.

Task 10: Create a Variable Group in Azure DevOps

Step 1: Navigate to Library

In your Azure DevOps Project (Project1), click on the Pipelines section in the left menu.

In the Pipelines submenu, click on Library.

Step 2: Create a New Variable Group

Click on the + Variable group button.

Enter the Name:

nginx

Copy

varGroup1

Step 3: Add Variables

Add the first variable:

Click Add.

In the Name field, enter:

nginx

Copy

username

In the Value field, enter:

Copy

Userl-48901628

Add the second variable:

Click Add again.

In the Name field, enter:

nginx

Copy

password

In the Value field, enter:

Copy

aFpJ2j+6M!

Check the box Keep this value secret.

Step 4: Save the Variable Group

Click Save at the top to save the variable group.

Task 12: Configure Iterations in Project1 for Azure Boards

Step 1: Navigate to Project Settings

In your Azure DevOps Project (Project1), click on the Project settings gear icon in the lower-left corner.

Step 2: Manage Project Iterations (Sprints)

In the Boards section of the Project settings, click Project configuration.

In the left menu, click on Iterations.

Step 3: Add Iterations

Click on the + New child link to add a new iteration under the root node (e.g., Project1).

Enter the following details:

Name: Sprint 1

Leave the start and end dates empty (or set them as needed for your planning).

Click Save and close.

Repeat the process:

Click + New child again.

Name: Sprint 2

Leave the start and end dates empty.

Click Save and close.

Finally, create Sprint 3 with specific dates:

Click + New child.

Name: Sprint 3

Start date: January 1 of next year (e.g., 2026-01-01).

End date: January 31 of next year (e.g., 2026-01-31).

Click Save and close.

Step 4: Assign Iterations to Work Items

With these iterations created, you can now assign them to work items (e.g., tasks, bugs, features) using Azure Boards.

In Boards, click on Work items.

Open any work item.

In the Iteration Path field, select one of your newly created iterations (Sprint 1, Sprint 2, or Sprint 3).

This ensures that work items can be tracked under the appropriate sprint.

1. Open Microsoft Azure Portal

2. Log intoyour Azure account and go to App Service and look under Monitoring then you will see Alert.

3. Select Add an alert rule

4. Configure the alert rule as per below and click Ok.

Source: Alert on Metrics

Resource Group: az400-9940427-main

Resource: az400-9940427-main

Threshold: 5

Period: Over the last 5 minutes

Webhook:

1. In Azure portal navigate to the az400-9940427-main app.

2. Scroll down to the Settings groupin the left navigation.

3. Select Managed identity.

4. Within the System assigned tab, switch Status to On. Click Save.

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Go to Repos > Files.

If themain branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch.

Step 2: Implement an Approval Process for the Main Branch

Navigate to Branch Policies:

Go to Repos > Branches.

Findthe main branch and click on the … (ellipsis) next to it.

Select Branch policies.

Enable Required Reviewers:

Under Policies, enable Minimum number of reviewers.

Set the minimum number of reviewers to 2 to enforce the four-eyes principle.

Add RequiredReviewers:

Add the users who should review the changes. Ensure that at least one approval is required on every iteration.

Enable Reset Code Reviewer Votes:

Enable the Reset code reviewer votes when there are new changes option to ensure that any new changes require re-approval.

Save Changes:

Click on Save changes to apply the policies.

Step 3: Verify the Approval Process

Create a Pull Request:

Make a change in a branch and create a pull request to merge it into the main branch.

Review and Approve:

Ensurethat the pull request requires at least two reviewers to approve it before it can be merged.

By following these steps, you will have successfully initialized themain branch and implemented an approval process that adheres to the four-eyes principle, ensuring that every iteration has at least one approval

1. Open Microsoft Azure Portal

2. Log into your Azure account and go to App Service and look under Monitoring then you will see Alert.

3. Select Add an alert rule

4. Configure the alert rule as per belowand click Ok.

Source: Alert on Metrics

Resource Group: az400-9940427-main

Resource: az400-9940427-main

Threshold: 5

Period: Over the last 5 minutes

Webhook:

Step 1: Log in to the Azure Portal

Go to .

Log in with your Azure account.

Step 2: Create an Azure App Configuration Instance

In the search bar at the top, type “App Configuration” and select App Configuration from the search results.

Click + Create.

Fill in the required fields:

Subscription: Your Azure subscription.

Resource Group: Create a new one or select an existing one.

Name: Provide a globally unique name (for example, myappconfig-instance).

Location: Choose a region close to your application.

Click Review + Create, then Create.

The instance will take a few seconds to deploy.

Step 3: Access the App Configuration Instance

Once the deployment is complete, click Go to resource.

You are now in the App Configuration resource.

Step 4: Enable Feature Management

In the left menu, click on Feature Manager (Preview).

Click + Add to create a new feature flag.

Step 5: Create the Feature Flag

Provide the following details:

Feature flag name: feature1

Label: (optional)

Description: (optional)

State: Set to Enabled.

Click on the Add filters link if you want to add targeting filters (optional).

Click Save to create the feature flag.

Step 6: Set the Expiration Date for the Feature Flag

In the Feature Manager list, find the newly created feature1 flag.

Click on the three dots (context menu) next to feature1 and select Edit.

In the Edit feature pane, look for the Expiration date setting.If there is no direct UI for expiration date, you can store it as a custom key-value (metadata).

Here’s how to store expiration as metadata:

In the App Configuration left menu, click on Configuration Explorer.

Locate the key: .appconfig.featureflag/feature1.

Click on the key to edit.

Add a new label or add a custom key in the Content type or tags section to store expiration metadata:

Key: expiration

Value: yyyy-MM-dd (set to today + 7 days)

For example, if today is June 4, 2025, set the expiration as 2025-06-11.

Step 1: Create an instance of Azure Application Insights

1. Open Microsoft Azure Portal

2. Log into your Azure account, Select Create a resource > Developer tools > Application Insights.

3. Enter the following settings, and then select Review + create.

Name: az400-9940427-main

Step 2: Configure App Insights SDK

4. Open your ASP.NET Core Web App project in Visual Studio > Right-click on the AppName in theSolution Explorer > Select Add > Application Insights Telemetry.

5. Click the Get Started button

6. Select your account and subscription > Select the Existing resource you created in the Azure portal > Click Register.

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

SelectYour Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Go to Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Install the Microsoft Security DevOps Extension

Navigate to Extensions:

In Azure DevOps, click on the Shopping Bag icon in the top right corner and select Browse Marketplace.

Search for the Extension:

Search for Microsoft Security DevOps.

Install the Extension:

Click on Get it free.

Select your organization (User1-42147509) and click Install.

Follow the prompts to complete the installation2.

Step 3: Create a New Starter Pipeline

Navigate to Pipelines:

Go to Pipelines > New pipeline.

Select the Repository:

Choose Azure Repos Git and select the relevant repository.

Configure the Pipeline:

Select Starter pipeline and replace the default YAML with the following starter code:

trigger:

- starter

pool:

vmImage: 'windows-latest'

steps:

- task: MicrosoftSecurityDevOps@1

inputs:

command: 'run'

policy: 'azuredevops'

publish: true

Save the Pipeline:

Click on Save and enter starter as the branch name.

Click on Save and run to save the pipeline to the new branch named starter3.

By following these steps,you will have successfully initialized the main branch, installed the Microsoft Security DevOps extension, and created a new starter pipeline named starter1 that includes the specified task

To prepare a Network Security Group (NSG) namedaz400-38443478-nsg1for hosting an Azure DevOps pipeline agent, while allowing only the required outbound port for Azure DevOps and denying all other inbound and outbound access to the Internet, follow these steps:

Create the NSG:

Navigate to the Azure Portal.

Go toNetwork Security Groupsand click on+ Create.

Fill in the details, including the nameaz400-38443478-nsg1, and create the NSG.

ConfigureOutbound Security Rules:

Once the NSG is created, go to its settings.

Navigate toOutbound security rules.

Click on+ Addto create a new rule.

Set theDestination port rangesto443, which is the required port for Azure DevOps12.

Set theProtocoltoTCP.

Set theActiontoAllow.

Assign aPrioritynumber (e.g.,100) that does not conflict with existing rules.

Provide a meaningfulNamefor the rule (e.g.,AllowAzureDevOps).

Configure Default Rules to Deny All Other Traffic:

In the sameOutbound security rulessection, edit the default rule to deny alltraffic.

Change theActiontoDenyfor the rule with the lowest priority (highest number).

Ensure that this rule applies to all protocols, source and destination IP ranges, and port ranges.

Associate the NSG with the Appropriate Resource:

Associate the NSGwith the subnet or network interface of the virtual machine or resource where the Azure DevOps pipeline agent will be hosted.

By following these steps, you will ensure that the Azure DevOps pipeline agent can communicate with Azure DevOps services over the required port while blocking all other inbound and outbound Internet access, adhering to the principle of least privilege and security best practices.

Step 1: Navigate to Personal Access Tokens

Sign in to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Access User Settings:

Click on your profile picture in the top right corner.

Select User settings.

Open Personal Access Tokens:

In the user settings menu, select Personalaccess tokens.

Step 2: Create a New Personal Access Token

Create a New Token:

Click on + New Token.

Configure the Token:

Name: Enter Token1.

Organization: Select the organization where you want to use the token.

Expiration: Set the expiration to 60 days.

Set Scopes:

Code: Select Read, Write, & Manage.

Build: Select Read & Execute.

Release: Select Read.

Create the Token:

Click on Create.

Step 3: Save the Token

Copy the Token:

Once the token is created, copy it immediately as it will not be displayed again.

Store the token in a secure location.

By following these steps, you will have successfully created a personal access token named Token1 with the specified capabilities and a 60-day expiration

Step 1: To create a general-purpose v2 storage account in the Azure portal, follow these steps:

On the Azure portal menu, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select Storage Accounts.

On the Storage Accounts window that appears, choose Add.

Select the subscription in which to create thestorage account.

Under the Resource group field, select RG1lod11566895

Next, enter a name for your storage account named: az400lod11566895stor

Select Create.

Step 2: Enable boot diagnostics on existing virtual machine

To enable Boot diagnostics on an existing virtual machine, follow these steps:

Sign in to the Azure portal, and then select the virtual machine VM1.

In the Support + troubleshooting section, select Boot diagnostics, then select the Settings tab.

In Boot diagnostics settings, change the statusto On, and from the Storage account drop-down list, select the storage account az400lod11566895stor.

Save the change.

You must restart the virtual machine for the change to take effect.

Step 1: Sign Up for Azure DevOps

Navigate to Azure DevOps.

Click on Start Free.

Enter the credentials:

Email: UserUsefl-42147509@ExamUsers.com

Password: eWrSalD2!

Follow the prompts to complete the sign-up process using the default settings.

Step 2: Create an Azure DevOps Organization

Once signed in, you will be prompted to create a new organization.

Enter a name for your organization and select your region.

Click on Continue to create the organization.

Step 3: Create a Private Project

In your new organization, click on New Project.

Name the project Project1.

Set the visibility to Private.

Click on Create.

Step 4: Add an External User as a Stakeholder

Go to the Organization Settings.

Under General, select Users.

Click on Add users.

Enter the email address: Usfrr2-42147S09@ExamUsers.com.

Set the access level to Stakeholder.

Add the user to the most restrictive group, which is typically the Readers group.

Click on Add to complete the process.

Step 5: Verify the User Addition

Ensure that the external user has been added successfully by checking the Users list.

Confirm that the user has the Stakeholder access level and is part of the Readers group.

By following thesesteps, you should be able to complete the task successfully. If you encounter any issues, feel free to ask for further assistance!

Task 11: Create an Artifact Feed with Specific Retention Policies

Step 1: Navigate to Artifacts

In your Azure DevOps Project (Project1), click on the Artifacts section in the left menu.

Step 2: Create a New Feed

Click on the + New feed button.

In the Name field, enter:

nginx

Copy

artifact_feed

Choose the visibility of the feed:

Project scoped (only accessible to Project1).

Or Organization scoped (accessible across your Azure DevOps organization).

Leave other settings at default unless you have specific permissions or upstream sources.

Click Create.

This creates a new feed named artifact_feed.

Step 3: Configure Retention Policies

In the Artifacts section, click on the feed named artifact_feed to open its details page.

In the top-right corner, click on the three dots (...) and select Feed settings.

Step 4: Set the Maximum Number of Versions to Retain

In the Feed settings page, find the Retention policies section.

Set Maximum number of versions per package to:

Copy

10

Click Save.

This ensures that only the latest 10 versions of any package are retained in the feed.

Step 5: Set the Downloaded Package Retention Period

In the Feed settings page, under Retention policies, find Downloaded package retention.

Set Number of days to retain downloaded packages to:

Copy

90

Click Save.

This ensures that downloaded packages will be retained in the cache for 90 days before deletion.

Box 1: Azure Boards

Azure Boards can be used to track work with Kanban boards, backlogs, team dashboards, and custom reporting

You can create multiple Trello boards, which are spaces to store tasks (for different work contexts, or even private boards)

You can easily shareTrello boards with another person.

Box 2: Azure Pipelines

You can use Bamboo to implement CI/CD (Continuous Integration and Continuous Delivery) for a simple Azure function app using Atlassian Bamboo. Bamboo does continuous delivery of the project fromsource code to deployment. It has stages including Build, Test and Deploy.

Software teams in every industry are upgrading their continuous delivery pipeline with Bamboo. Easy build import from popular open source tools, user and group import from JIRA, seamless integration with Bitbucket, and native support for Git, Hg, and SVN means you'll be building and deploying like a champ.

Box 3: GitHub repositories

Bitbucket can be used as the Git repository, but you can use any other Git repository (Like TFS Git)for source control of the code.

Scenario: Access to Azure DevOps mustbe restricted to specific IP addresses.

Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins from certain geographies and address ranges.

Scenario: Deploy App2 to an Azure virtual machine named VM1.

A personal access token (PAT) is used as an alternatepassword to authenticate into Azure DevOps.

Setting 1: Threshold value

Set to 80 %

Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:

Be triggered whenaverage CPU usage exceeds 80 percent for 15 minutes.

Calculate CPU usage averages once every minute.

Setting 2: Aggregation granularity

Set to 15 minutes.

Woodgrove Bank plans to implement the following changes to the DevOps environment:

Migrate all the source code from TFS1 to GitHub.

The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.

Woodgrove Bank identifies the following technical requirements:

The Azure DevOps dashboard must display the metrics shown in the following table:

Box 1: Velocity

Velocity displays your team velocity. It shows what your team delivered as compared to plan.

Box 2: Release pipeline overview

Release pipeline overview shows the status of environments in a release definition.

Box 3: Query tile

Query tile displays the total number of results from a query.

QUESTIONNO: 4

You need !0 the merge the POC branch into the default branch. The solution must meet the technical requirements. Which command should you run?

A. it push

B. git merge -- allow-unrelated-histories

C. git rebase

D. git merge --squash

Answer: C

Woodgrove Bank plans to implement the following changes to the identity environment:

Configure App1 to use a service principal.

Scenario: Implement Project3, Project5,Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.

In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.

Step 2: Enable Gates.

Choose thepre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.

Step 3: Add Query Work items.

Choose + Add and select the Query Work Items gate.

Configure the gate by selecting an existing work item query.

Note: A case for release gate is:

Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains10 Azure virtual machines that run Windows Server 2016

Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.

The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.

Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.

Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet

TheImport-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.

Example:

PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName "ResourceGroup01" -SourcePath "C:\DSC\client.ps1" -Force

This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.

Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet

The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.

Scenario:

Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.

Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.

Step 2: Create a personal access token..

A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.

Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.

By running a Azure Pipeline agent in thecluster, we make it possible to test any service, regardless of type.

Scenario:

Step 1: Createa repository

A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a branch

Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.

Step 3: Add a build validation policy

When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.

Scenario:

Implement a code flow strategy for Project2 that will:

Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.

Box 1: A deployment group

When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.

If the target machines are Azure VMs, you can quickly andeasily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically.

Box 2: A deployment group

Use two linked templates, instead of the nested template.

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.

ference:

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.

Contributors have permissions to contribute fully to the project code base and work item tracking. The main permissions they don't have or those that manage or administer resources.

e:

Azure Artifacts introduces the concept of multiple feeds that you can use to organize and control access to your packages.

Packages you host in Azure Artifacts are stored in a feed. Setting permissions on the feed allows you to share your packages with as many or as few people as your scenario requires.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers.

Box 1: A deployment group

When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.

If the target machines are Azure VMs,you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically.

Box 2: A deployment group

(Get PAT, run config)

Unattended config:

The agent can be set up from a script with no human intervention. You must pass--unattended and the answers to all questions.

To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.

Box 1: Get-AzResource

Use the followingcommand to examine the access control mode for all workspaces in the subscription:

PowerShell

Get-Az Resource –Resource Type Microsoft. Operational Insights/workspaces –Expand Properties | for each {s.Name + ": " + $_.Properties.features.enableLogAccessUsingOnlyResourcePermissions

Box 2: -Resource Type

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Box 1: rwx

The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp.

Box 2: /tmp

Deploying DSC to a Linux node uses the /tmp folder.

Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app's App Delete class in the didFinishLaunchingWithOptions method.

MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])

Box 1: A source control system

A source control system, also called a version control system, allows developers to collaborate on code and track changes.Source control is an essential tool for multi-developer projects.

Box 2: A hosted service

To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agentmeets your needs, you can skip setting up a self-hosted macOS agent.

Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.

Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: Current Technical Issue

The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure AutomationState Configuration fails to correct the configurations.

Azure Automation State Configuration nodes are registered by using the following command.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Batching CI runs

If you have many team members uploadingchanges often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built.

Example:

# specific branch build with batching

trigger:

batch: true

branches:

include:

- master

To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into therepository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.

Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.

Box 1: Set the defaultretention policy to 30 days

The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.

Box 2: Set the stage retention policy to 60 days

You may want to retain more releases that have been deployed to specific stages.

Scenario: A branching strategy that supports developing newfunctionality in isolation must be used.

Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.

When you need to work on a particularfeature, it might be a good idea to create a feature branch.

Box 1: Reader

Members of a group named Developers must be able to install packages.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Ownerscan add any type of identity-individuals, teams, and groups-to any access level.

Box 2: Owner

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.