DRAG DROP - Your company plans to deploy an application to the following endpoints: Ten virtual machines hosted in Azure - Ten virtual machines hosted in an on-premises data center environment All the virtual machines have the Azure Pipelines agent. You need to implement a release strategy for deploying the application to the endpoints. What should you recommend using to deploy the application to the endpoints? To answer, drag the appropriate components to the correct endpoints. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Box 1: A deployment group - When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group. If the target machines are Azure VMs, you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically. Box 2: A deployment group - References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deployment-groups
Question 132
You plan to provision a self-hosted Linux agent. Which authentication mechanism should you use to register the self-hosted agent?
A. personal access token (PAT)
B. SSH key
C. Alternate credentials
D. certificate
Note: PAT Supported only on Azure Pipelines and TFS 2017 and newer. After you choose PAT, paste the PAT token you created into the command prompt window. Use a personal access token (PAT) if your Azure DevOps Server or TFS instance and the agent machine are not in a trusted domain. PAT authentication is handled by your Azure DevOps Server or TFS instance instead of the domain controller. Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux
Question 133
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed. You have a policy stating that approvals must occur within eight hours. You discover that deployment fail if the approvals take longer than two hours. You need to ensure that the deployments only fail if the approvals take longer than eight hours. Solution: From Pre-deployment conditions, you modify the Time between re-evaluation of gates option. Does this meet the goal?
A. Yes
B. No
Gates allow automatic collection of health signals from external services, and then promote the release when all the signals are successful at the same time or stop the deployment on timeout. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems. Approvals and gates give you additional control over the start and completion of the deployment pipeline. Each stage in a release pipeline can be configured with pre-deployment and post-deployment conditions that can include waiting for users to manually approve or reject deployments, and checking with other automated systems until specific conditions are verified. References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates
Question 134
You are building a Microsoft ASP.NET application that requires authentication. You need to authenticate users by using Azure Active Directory (Azure AD). What should you do first?
A. Assign an enterprise application to users and groups
B. Create an app registration in Azure AD
C. Configure the application to use a SAML endpoint
D. Create a new OAuth token from the application
E. Create a membership database in an Azure SQL database
Register your application to use Azure Active Directory. Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents. Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/developer-guidance-for-integrating-applications
Question 135
Your company has a project in Azure DevOps for a new web application. The company uses ServiceNow for change management. You need to ensure that a change request is processed before any components can be deployed to the production environment. What are two ways to integrate ServiceNow into the Azure DevOps release pipeline? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Define a deployment control that invokes the ServiceNow REST API.
B. Define a pre-deployment gate before the deployment to the Prod stage.
C. Define a deployment control that invokes the ServiceNow SOAP API.
D. Define a post-deployment gate after the deployment to the QA stage.
An example of a release pipeline that can be modeled through a release pipeline in shown below: In this example, a release of a website is created by collecting specific versions of two builds (artifacts), each from a different build pipeline. The release is first deployed to a Dev stage and then forked to two QA stages in parallel. If the deployment succeeds in both the QA stages, the release is deployed to Prod ring 1 and then to Prod ring 2. Each production ring represents multiple instances of the same website deployed at various locations around the globe. References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release
Question 136
You have an Azure DevOps organization named Contoso. You need to recommend an authentication mechanism that meets the following requirements: - Supports authentication from Git - Minimizes the need to provide credentials during authentication What should you recommend?
A. personal access tokens (PATs) in Azure DevOps
B. Alternate credentials in Azure DevOps
C. user accounts in Azure Active Directory (Azure AD)
D. managed identities in Azure Active Directory (Azure AD)
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential. Incorrect Answers: B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, we [Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens). Reference: https://docs.microsoft.com/en-us/azure/devops/repos/git/auth-overview
Question 137
You have an application that consists of several Azure App Service web apps and Azure functions. You need to assess the security of the web apps and the functions. Which Azure feature can you use to provide a recommendation for the security of the application?
A. Security & Compliance in Azure Log Analytics
B. Resource health in Azure Service Health
C. Smart Detection in Azure Application Insights
D. Compute & apps in Azure Security Center
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each. Recommendations - This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue. Incorrect Answers: C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics
Question 138
Your company has a project in Azure DevOps for a new web application. The company identifies security as one of the highest priorities. You need to recommend a solution to minimize the likelihood that infrastructure credentials will be leaked. What should you recommend?
A. Add a Run Inline Azure PowerShell task to the pipeline.
B. Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
C. Add an Azure Key Vault task to the pipeline.
D. Add Azure Key Vault references to Azure Resource Manger templates.
Azure Key Vault provides a way to securely store credentials and other keys and secrets. The Set-AzureKeyVaultSecret cmdlet creates or updates a secret in a key vault in Azure Key Vault. Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecret
Question 139
SIMULATION - You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity. The solution must use the principle of least privilege. To complete this task, sign in to the Microsoft Azure portal.
1. In Azure portal navigate to the az400-9940427-main app. 2. Scroll down to the Settings group in the left navigation. 3. Select Managed identity. 4. Within the System assigned tab, switch Status to On. Click Save. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
Question 140
SIMULATION - You need to ensure that an Azure web app named az400-123456789-main can retrieve secrets from an Azure key vault named az400-123456789-kv1 by using a system managed identity. The solution must use the principle of least privilege. To complete this task, sign in to the Microsoft Azure portal.
1. In Azure portal navigate to the az400-123456789-main app. 2. Scroll down to the Settings group in the left navigation. 3. Select Managed identity. 4. Within the System assigned tab, switch Status to On. Click Save. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
