Topic 4: Mix Questions Set
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues. You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base. What should you use?
A. Microsoft Visual SourceSafe
B. PDM
C. WhiteSource
D. OWASP ZAP
WhiteSource is the leader in continuous open source software security and compliance
management. WhiteSource integrates into your build process, irrespective of your
programming languages, build tools, or development environments. It works automatically,
continuously, and silently in the background, checking the security, licensing, and quality of
your open source components against WhiteSource constantly-updated denitive database
of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
Your company has a hybrid cloud between Azure and Azure Stack. The company uses Azure DevOps for its CI/CD pipelines. Some applications are built by using Erlang and Hack. You need to ensure that Erlang and Hack are supported as part of the build strategy across the hybrid cloud. The solution must minimize management overhead. What should you use to execute the build pipeline?
A. AzureDevOps self-hosted agents on Azure DevTest Labs virtual machines.
B. AzureDevOps self-hosted agents on virtual machine that run on Azure Stack
C. AzureDevOps self-hosted agents on Hyper-V virtual machines
D. a Microsoft-hosted agent
Azure Stack offers virtual machines (VMs) as one type of an on-demand, scalable computing resource. You can choose a VM when you need more control over the computing environment.
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries. You need to ensure that all the open source libraries comply with your company’s licensing standards. Which service should you use?
A. Ansible
B. Maven
C. WhiteSource Bolt
D. Helm
WhiteSource provides WhiteSource Bolt, a lightweight open source security and
management solution developed specifically for integration with Azure DevOps and Azure
DevOps Server.
Note: WhiteSource is the leader in continuous open source software security and
compliance management. WhiteSource integrates into your build process, irrespective of
your programming languages, build tools, or development environments. It works
automatically, continuously, and silently in the background, checking the security, licensing,
and quality of your open source components against WhiteSource constantly-updated
denitive database of open source repositories.
Note: Blackduck would also be a good answer, but it is not an option here.
Your company creates a new Azure DevOps team.
D18912E1457D5D1DDCBD40AB3BF70D5D
You plan to use Azure DevOps for sprint planning.
You need to visualize the flow of your work by using an agile methodology.
Which Azure DevOps component should you use?
A. Kanban boards
B. sprint planning
C. delivery plans
D. portfolio backlogs
Explanation:
Customizing Kanban boards
To maximize a team’s ability to consistently deliver high quality software, Kanban
emphasize two main practices. The first, visualize the flow of work, requires you to map
your team’s workflow stages and configure your Kanban board to match. Your Kanban
board turns your backlog into an interactive signboard, providing a visual flow of work.
You have a project in Azure DevOps named Project1 that contains two environments
named environment1 and envkonment2.
When a new version of Project1 is released, the latest version is deployed to environment2,
and the previous version is redeployed to environments.
You need to distribute users across the environments. The solution must meet the following
requirements:
A. web app deployment slots
B. Azure Traffic Manager
C. VIP swapping
D. Azure Load Balancer
You have a GitHub repository that is integrated with Azure Boards Azure Boards has a work item that has the number 715. You need to ensure that when you commit source code in GitHub, the work item is updated automatically. What should you include in the commit comments?
A. @714
B. =715
C. the URL of the work item
D. AB#715
You have an Azure Resource Manager template that deploys a multi-tier application. You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application. What should you use?
A. an Azure Resource Manager parameter file
B. an Azure Storage table
C. an Appsettings.json files
D. Azure Key Vault
E. a Web.config file
Explanation:
When you need to pass a secure value (like a password) as a parameter during
deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by
referencing the key vault and secret in your parameter file. The value is never exposed
because you only reference its key vault ID. The key vault can exist in a different
subscription than the resource group you are deploying to.
You have a project in Azure DevOps named Project1. You implement a Continuous Integration/Continuous Deployment (CI/CD) pipeline that uses PowerShell Desired State Configuration (DSC) to configure the application infrastructure. You need to perform a unit test and an integration test of the configuration before Project1 is deployed. What should you use?
A. the PS Script Analyzer too
B. the Pester test framework
C. the PS Code Health module
D. the Test-Ds Configuration cmdlet
You should use the Pester test framework to perform a unit test and an integration test of the configuration before Project1 is deployed. The Pester test framework is a PowerShell testing framework that can be used to validate PowerShell DSC configurations.
You are deploying a server application that will run on a Server Core installation of
Windows Server 2019.
You create an Azure key vault and a secret.
You need to use the key vault to secure API secrets for third-party integrations.
Which three actions should you perform? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.
D18912E1457D5D1DDCBD40AB3BF70D5D
A. Configure RBAC for the key vault
B. Modify the application to access the key vault.
C. Configure a Key Vault access policy.
D. Deploy an Azure Desired State Configuration (DSC) extension.
E. Deploy a virtual machine that uses a system-assigned managed identity.
BE: An app deployed to Azure can take advantage of Managed identities for Azure
resources, which allows the app to authenticate with Azure Key Vault using Azure AD
authentication without credentials (Application ID and Password/Client Secret) stored in the
app.
You manage build pipelines and deployment pipelines by using Azure DevOps. Your company has a team of 500 developers. New members are added continual lo the team. You need to automate me management of users and licenses whenever possible Which task must you perform manually?
A. modifying group memberships
B. procuring licenses
C. adding users
D. assigning entitlements