The latest Microsoft AZ-400 Designing and Implementing Microsoft DevOps Solutions certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-400 Designing and Implementing Microsoft DevOps Solutions exam and earn Microsoft AZ-400 Designing and Implementing Microsoft DevOps Solutions certification.
Exam Question 61
You plan to share packages that you wrote, tested, validated, and deployed by using Azure Artifacts.
You need to release multiple builds of each package by using a single feeThe solution must limit the release of packages that are in development.
What should you use?
A. local symbols
B. views
C. global symbols
D. upstream sources
Correct Answer:
D. upstream sources
Answer Description:
Upstream sources enable you to manage all of your product’s dependencies in a single feeWe recommend publishing all of the packages for a given product to that product’s feed, and managing that product’s dependencies from remote feeds in the same feed, via upstream sources. This setup has a few benefits:
- Simplicity: your NuGet.config, .npmrc, or settings.xml contains exactly one feed (your feed).
- Determinism: your feed resolves package requests in order, so rebuilding the same codebase at the same commit or changeset uses the same set of packages
- Provenance: your feed knows the provenance of packages it saved via upstream sources, so you can verify that you’re using the original package, not a custom or malicious copy published to your feed
Peace of minpackages used via upstream sources are guaranteed to be saved in the feed on first use; if the upstream source is disabled/removed, or the remote feed goes down or deletes a package you depend on, you can continue to develop and build
References:
Microsoft Docs > Upstream sources
Exam Question 62
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
A. Microsoft Visual SourceSafe
B. PDM
C. WhiteSource
D. OWASP ZAP
Correct Answer:
C. WhiteSource
Answer Description:
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.
Azure DevOps integration with WhiteSource Bolt will enable you to:
- Detect and remedy vulnerable open source components.
- Generate comprehensive open source inventory reports per project or build.
- Enforce open source license compliance, including dependencies’ licenses.
- Identify outdated open source libraries with recommendations to update.
Note: Black duck would also be a good answer, but it is not an option here.
References:
Azure DevOps Labs > Managing Open-source security and license with WhiteSource
Exam Question 63
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
A. Microsoft Visual SourceSafe
B. Code Style
C. Black Duck
D. Jenkins
E. SourceGea
F. OWASP ZAP
Correct Answer:
C. Black Duck
Answer Description:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here.
References:
Visual Studio Marketplace > Black Duck Hub
Exam Question 64
Your company develops an app for iOS. All users of the app have devices that are members of a private distribution group in Microsoft Visual Studio App Center.
You plan to distribute a new release of the app.
You need to identify which certificate file you require to distribute the new release from App Center.
Which file type should you upload to App Center?
A. .cer
B. .pfx
C. .p12
D. .pvk
Correct Answer:
C. .p12
Answer Description:
A successful IOS device build will produce an ipa file. In order to install the build on a device, it needs to be signed with a valid provisioning profile and certificate.
To sign the builds produced from a branch, enable code signing in the configuration pane and upload a provisioning profile (.mobileprovision) and a valid certificate (.p12), along with the password for the certificate.
References:
Microsoft Docs > Building Xamarin apps for iOS
Exam Question 65
You have an application that consists of several Azure App Service web apps and Azure functions.
You need to access the security of the web apps and the functions.
Which Azure features can you use to provide a recommendation for the security of the application?
A. Security & Compliance in Azure Log Analytics
B. Resource health in Azure Service Health
C. Smart Detection in Azure Application Insights
D. Compute & apps in Azure Security Center
Correct Answer:
D. Compute & apps in Azure Security Center
Answer Description:
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.
Recommendations: This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.
Incorrect Answers: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.
References:
Microsoft Docs > Smart Detection in Application Insights
Exam Question 66
You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft Visual Studio App Center.
What should you do?
A. Request the Apple ID associated with the user of each device.
B. Register the devices on the Apple Developer portal.
C. Create an active subscription in App Center Test.
D. Add the device owner to the organization in App Center.
Correct Answer:
B. Register the devices on the Apple Developer portal.
Answer Description:
When releasing an iOS app signed with an ad-hoc or development provisioning profile, you must obtain tester’s device IDs (UDIDs), and add them to the provisioning profile before compiling a release. When you enable the distribution group’s Automatically manage devices setting, App Center automates the before mentioned operations and removes the constraint for you to perform any manual tasks. As part of automating the workflow, you must provide the user name and password for your Apple ID and your production certificate in a .p12 format.
App Center starts the automated tasks when you distribute a new release or one of your testers registers a new device. First, all devices from the target distribution group will be registered, using your Apple ID, in your developer portal and all provisioning profiles used in the app will be generated with both new and existing device IAfterward, the newly generated provisioning profiles are downloaded to App Center servers.
References:
Microsoft Docs > Manage App Center Distribution Groups
Exam Question 67
Your company has a project in Azure DevOps for a new application. The application will be deployed to several Azure virtual machines that run Windows Server 2016.
You need to recommend a deployment strategy for the virtual machines. The strategy must meet the following requirements:
- Ensure that the virtual machines maintain a consistent configuration.
- Minimize administrative effort to configure the virtual machines.
What should you include in the recommendation?
A. Azure Resource Manager templates and the PowerShell Desired State Configuration (DSC) extension for Windows
B. Deployment YAML and Azure pipeline deployment groups
C. Azure Resource Manager templates and the Custom Script Extension for Windows
D. Deployment YAML and Azure pipeline stage templates
Correct Answer:
C. Azure Resource Manager templates and the Custom Script Extension for Windows
Answer Description:
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.
Incorrect Answers: YAML doesn’t work with Azure pipeline deployment groups.
References:
Microsoft Docs > Custom Script Extension for Windows
Exam Question 68
You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.
Solution: Add a code coverage step to the build pipelines.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
Instead implement Continuous Assurance for the project.
References:
Microsoft Docs > Secure DevOps Kit for Azure
Exam Question 69
You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.
Solution: Implement Continuous Integration for the project.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
Instead implement Continuous Assurance for the project.
References:
Microsoft Docs > Secure DevOps Kit for Azure
Exam Question 70
You manage a project in Azure DevOps.
You need to prevent the configuration of the project from changing over time.
Solution: Implement Continuous Assurance for the project.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
A. Yes
Answer Description:
The basic idea behind Continuous Assurance (CA) is to setup the ability to check for “drift” from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a ‘state’ as opposed to a ‘point in time’ achievement. This is particularly important in today’s context when ‘continuous change’ has become a norm.
There can be two types of drift:
- Drift involving ‘baseline’ configuration: This involves settings that have a fixed number of possible states (often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF”¦or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days.
- Drift involving ‘stateful’ configuration: There are settings which cannot be constrained within a finite set of well-known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered ‘secure’ or not. However, once that is done, it is important to ensure that there is no “stateful drift” from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger ‘auto-remediation’ depending on the severity of the change).
References:
Microsoft Docs > Secure DevOps Kit for Azure