You have a GitHub Enterprise account. You need to enable push protection for secret scanning of the account repositories. What should you do first?
Question 122
DRAG DROP - Your company has a project in Azure DevOps named Project1. All the developers at the company have Windows 10 devices. You need to create a Git repository for Project1. The solution must meet the following requirements: • Support large binary files. • Store binary files outside of the repository. • Use a standard Git workflow to maintain the metadata of the binary files by using commits to the repository. Which three actions should you perform in sequence on each developer’s device? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question 123
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that all the open source libraries comply with your company's licensing standards. Which service should you use?
WhiteSource provides WhiteSource Bolt, a lightweight open source security and management solution developed specifically for integration with Azure DevOps and Azure DevOps Server. Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories. Note: Blackduck would also be a good answer, but it is not an option here. Reference: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/
Question 124
Your company is building a new solution in Java. The company currently uses a SonarQube server to analyze the code of .NET solutions. You need to analyze and monitor the code quality of the Java solution. Which task types should you add to the build pipeline?
SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps Services build task. Reference: https://docs.microsoft.com/en-us/azure/devops/java/sonarqube?view=azure-devops
Question 125
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base. What should you use?
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories. Azure DevOps integration with WhiteSource Bolt will enable you to: 1. Detect and remedy vulnerable open source components. 2. Generate comprehensive open source inventory reports per project or build. 3. Enforce open source license compliance, including dependencies' licenses. 4. Identify outdated open source libraries with recommendations to update. Note: Black duck would also be a good answer, but it is not an option here. Reference: https://www.azuredevopslabs.com/labs/vstsextend/WhiteSource/
Question 126
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base. What should you use?
Secure and Manage Open Source Software Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met. Note: WhiteSource would also be a good answer, but it is not an option here. Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Question 127
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that all the open source libraries comply with your company's licensing standards. Which service should you use?
Secure and Manage Open Source Software Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met. Note: WhiteSource would also be a good answer, but it is not an option here. Reference: https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
Question 128
Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects. You need to recommend a strategy for managing technical debt. Which action should you include in the recommendation?
You can manage technical debt with SonarQube and Azure DevOps. Note: Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Unless they are managed, technical debt can accumulate and hurt the overall quality of the software and the productivity of the development team in the long term SonarQube an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to: - Detect Bugs - Code Smells - Security Vulnerabilities Centralize Quality - - What's covered in this lab Reference: https://azuredevopslabs.com/labs/vstsextend/sonarqube/ Implement Continuous Delivery
Question 129
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. You plan to create a linked service in DF1. The linked service will connect to SQL1 by using Microsoft SQL Server authentication. The password for the SQL Server login will be stored - in KV1. You need to configure DF1 to retrieve the password when the data factory connects to SQL1. The solution must use the principle of least privilege. How should you configure DF1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: Secret - Store credential in Azure Key Vault by reference secret stored in key vault. To reference a credential stored in Azure Key Vault, you need to: 1. Retrieve data factory managed identity 2. Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grant Get permission in Secret permissions dropdown. It allows this designated factory to access secret in key vault. 3. Create a linked service pointing to your Azure Key Vault. 4. Create data store linked service, inside which reference the corresponding secret stored in key vault. Box 2: Access policy - Reference: https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault
Question 130
You have several Azure Active Directory (Azure AD) accounts. You need to ensure that users use multi-factor authentication (MFA) to access Azure apps from untrusted networks. What should you configure in Azure AD?
You can configure a Conditional Access policy that requires MFA for access from untrusted networks. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
