Practice Free AZ-400 Microsoft Azure DevOps Solutions Exam Questions Answers With Explanation

Step 1: Navigate to Project Settings

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Access Project Settings:

In the left-hand menu, scroll down and select Project settings.

Step 2: Configure Retention Policies

Navigate to Pipelines Settings:

Under Pipelines, select Settings.

Set Retention Policies:

In the Retention section, set the number of days to keep artifacts, symbols, and attachments to 60 days.

Ensurethat the retention policy is applied to all relevant pipelines and branches.

Save Changes:

Click on Save to apply the retention policy1.

By following these steps, you will have successfully configured theretention policy to retain artifacts, symbols, and attachments for 60 days in Project1

To create an instance of Azure Application Insights namedaz400-38443478-mainand configure it to receive telemetry data from an Azure web app with the same name, you’ll need to follow these steps:

Create a Log Analytics Workspace:

Go to theAzure Portal.

Search for Log Analytics Workspaces and select Add.

Select a Subscription and either use an existing Resource Group or create a new one.

Provide a unique name for your Log Analytics workspace.

Choose the Region that is appropriate for you.

Review the settings and then selectCreate1.

Create an Azure Application Insights Instance:

In the Azure Portal, navigate to Application Insights.

Click on + Create.

Fill in the instance details, ensuring the name isaz400-38443478-main.

Link the instance to the Log Analytics workspace you created in the previous step.

Review and create the Application Insights instance2.

Configure the Azure Web App to Send Telemetry Data:

Go to the Azure Web Appaz400-38443478-main.

Under Monitoring, selectApplication Insights.

Choose to use an existing resource and select the Application Insights instance you created.

Follow the prompts to set up the connection, which may involve adding the appropriate SDK to your web app and configuring the connection string or instrumentation key.

Verify Telemetry Data Reception:

After setting up, send some test traffic to your web app.

Then, go to the Application Insights instance and check the Overview or Performance sections to see if telemetry data is being received.

Remember to replace placeholder names with the actual names of your resources where necessary. These steps will help you set up Azure Application Insights to monitor your web app effectively.

Task 8: Create a Service Hook to Integrate with Azure Storage (queue1)

Step 1: Verify the Storage Account and Queue

In the Azure portal (https://portal.azure.com ):

Go to Storage accounts.

Find the storage48901628 storage account.

In the left menu, click on Queues.

Ensure that a queue named queue1 exists.If not, create it by:

Clicking + Queue.

Enter Name: queue1.

Click OK.

Step 2: Prepare the Storage Account’s Shared Access Signature (SAS)

Azure DevOps uses SAS tokens to send messages to a storage queue.

In the Azure portal, go to the storage48901628 storage account.

In the left menu, click Shared access signature.

Set the following:

Allowed services: Queue.

Allowed resource types: Object.

Allowed permissions: Add, Write.

Start and expiry date/time: Adjust as needed (e.g., 1 year).

Click Generate SAS and connection string.

Copy the Queue SAS URL (e.g., https://storage48901628.queue.core.windows.net/queue1?sv=...).

Step 3: Create the Service Hook in Azure DevOps

In your Azure DevOps Project (Project1):

In the bottom-left, click Project settings.

In the left menu, click Service hooks.

Click + Create subscription.

Step 4: Configure the Azure Storage Service Hook

In the Create a subscription wizard, choose Azure Storage Queues and click Next.

Choose the Trigger:

For example: Code pushed (or other events you want to send to the queue).

Click Next.

Configure the Action:

Queue endpoint URL: The Queue SAS URL you copied in Step 2 (including the queue1 endpoint and SAS token).

Example:

bash

Copy

https://storage48901628.queue.core.windows.net/queue1?sv=...

Step 5: Finalize and Test the Integration

Click Test to ensure Azure DevOps can send a message to the queue.

If the test succeeds, click Finish to create the service hook.

Step 6: Validate in the Azure Portal

In the Azure portal, go to storage48901628 > Queues > queue1.

You should see new messages appear in the queue whenever the configured Azure DevOps event (like push or PR) occurs.

To store signed images in an Azure Container Registry (ACR) instance and support your planned images while minimizing costs, you need to modify the SKU of your ACR instance to one that supports content trust and image signing. Here’s how you can do it:

Determine the Appropriate SKU:

Content trust and image signing are features of thePremiumservice tier of Azure ContainerRegistry1.

If cost minimization is a priority, ensure that the Premium tier is necessary for your use case. If you require content trust, the Premium tier is the appropriate choice.

Modify the SKU of the ACR Instance:

Navigate to the Azure Portal.

Go to your ACR instanceaz40038443478act1.

SelectUpdatefrom the overview pane.

Choose thePremiumSKU from the SKU drop-down menu2.

Review the changes and pricing, then save the configuration.

By upgrading to the Premium SKU, you’ll be able to store signed images in your ACR instance. Remember to monitor your usage and costs to ensure they align with your budget and requirements.

Task 11: Create an Artifact Feed with Specific Retention Policies

Step 1: Navigate to Artifacts

In your Azure DevOps Project (Project1), click on the Artifacts section in the left menu.

Step 2: Create a New Feed

Click on the + New feed button.

In the Name field, enter:

nginx

Copy

artifact_feed

Choose the visibility of the feed:

Project scoped (only accessible to Project1).

Or Organization scoped (accessible across your Azure DevOps organization).

Leave other settings at default unless you have specific permissions or upstream sources.

Click Create.

This creates a new feed named artifact_feed.

Step 3: Configure Retention Policies

In the Artifacts section, click on the feed named artifact_feed to open its details page.

In the top-right corner, click on the three dots (...) and select Feed settings.

Step 4: Set the Maximum Number of Versions to Retain

In the Feed settings page, find the Retention policies section.

Set Maximum number of versions per package to:

Copy

10

Click Save.

This ensures that only the latest 10 versions of any package are retained in the feed.

Step 5: Set the Downloaded Package Retention Period

In the Feed settings page, under Retention policies, find Downloaded package retention.

Set Number of days to retain downloaded packages to:

Copy

90

Click Save.

This ensures that downloaded packages will be retained in the cache for 90 days before deletion.

To ensure that your Azure Web App namedaz400-38443478-mainsupports rolling upgrades and only 10 percent of users connect to the updated version of the app, you can use deployment slots with the followingsteps:

Create a Deployment Slot:

Navigate to the Azure Portal.

Go to your Web Appaz400-38443478-main.

SelectDeployment slotsin the menu.

Click onAdd Slot.

Name the slot (e.g.,staging) and if needed, clone settings from the production slot.

Configure the Traffic Percentage:

In the Deployment Slots menu, you will see a column forTraffic %.

Set the traffic percentage to10%for thestagingslot1.

This will route only 10% of the traffic to the updated version of the app in thestagingslot.

Deploy the Updated App to the Staging Slot:

Deploy yourupdated application to thestagingslot.

Test the application in thestagingslot to ensure it’s working as expected.

Complete the Rolling Upgrade:

Once you’re satisfied with the performance and stability of the app in thestagingslot, you can graduallyincrease the percentage of traffic until you’re ready to swap with the production slot.

To swap slots, go to theDeployment slotsmenu and click onSwapwith the production slot.

By using deployment slots, you can achieve rolling upgrades with minimal administrative effort, as it allows you to test the new version on a subset of users before fully releasing it. Remember to adjust the traffic percentage and monitor the application’s performance throughout the process.

To ensure that your Azure Web App namedaz400-38443478-maincan retrieve secrets from an Azure Key Vault namedaz400-3844J478-kv1using a system managed identity with the principle of least privilege, follow these detailed steps:

Enable a System Managed Identity for the Azure Web App:

Navigate to the Azure Portal.

Go to the Azure Web Appaz400-38443478-main.

SelectIdentityunder theSettingssection.

In theSystem assignedtab, switch theStatustoOn.

ClickSaveto apply the changes.

Grant the Web App Access to the Key Vault:

Go to the Azure Key Vaultaz400-3844J478-kv1.

SelectAccess policiesunder theSettingssection.

Click onAdd Access Policy.

ChooseSecret permissionsand selectGetandList. This grants the app the ability to read secrets, adhering to the principle of least privilege.

Click onSelect principal, search for your Web App nameaz400-38443478-main, and select it.

ClickAddto add the policy.

Don’t forget to clickSaveto save the access policy changes.

Retrieve Secrets in the Web App Code:

In your Web App’s code, use the Azure SDK to retrieve the secrets.

For example, in a .NET application,you can use theAzure.IdentityandAzure.Security.KeyVault.Secretsnamespaces.

Utilize theDefaultAzureCredentialclass which will automatically use the system managed identity when running on Azure.

using Azure.Identity;

usingAzure.Security.KeyVault.Secrets;

var client = new SecretClient(new Uri("https://az400-3844J478-kv1.vault.azure.net/ "), new DefaultAzureCredential());

KeyVaultSecret secret = await client.GetSecretAsync("my-secret-name");

string secretValue =secret.Value;

Replace"my-secret-name"with the actual name of the secret you want to retrieve.

By following these steps, your Azure Web App will be able to securely retrieve secrets from the Azure Key Vault using a system managed identity, without needingto store credentials in the code, and adhering to the principle of least privilege. Remember to replace the placeholder names with the actual names of your Web App and Key Vault.

1. In Azure portal navigate to the az400-9940427-main app.

2. Scroll down to the Settings groupin the left navigation.

3. Select Managed identity.

4. Within the System assigned tab, switch Status to On. Click Save.

1. Open Microsoft Azure Portal, and select the Azure Container Registry instance named az4009940427acr1.

2. Under Policies, select Content Trust > Enabled > Save.

Step 1: Create a Project Wiki

Navigate to Azure DevOps:

Go to Azure DevOps and sign inwith your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Create a Wiki:

In the left-hand menu, select Wiki.

Click on Create project wiki.

Enter the name Wiki1 and click Create.

Step 2: Add Mermaid Syntax to Render a Diagram

Open the Wiki Page:

Navigate to the newly created Wiki1.

Edit the Wiki Page:

Click on Edit to start editing the wiki page.

Insert Mermaid Diagram:

Use the following Mermaid syntax to render a diagram. For example, to render a simple flowchart, you canuse:

```mermaid

graph TD;

A-->B;

A-->C;

B-->D;

C-->D;

Save the Page:

Click on Save to save your changes.

Step 3: Render the TCP Handshake Diagram

Convert TCPHandshake.png to Mermaid Syntax:

Since you have a sample diagram in C:\Resources\TCPHandshake.png, you need to convert this diagram into Mermaid syntax. Here’s an example of how a TCP handshake might look in Mermaid syntax:

```mermaid

sequenceDiagram

participant Client

participant Server

Client->>Server: SYN

Server-->>Client: SYN-ACK

Client->>Server: ACK

Add the Diagram to the Wiki:

Replace the sample Mermaid syntax with the TCP handshake diagram syntax in the wiki page.

Save the Page:

Click on Save to save your changes.

By following these steps, you will have created a project wiki named Wiki1 and used Mermaid syntax to render a diagram

Task 10: Create a Variable Group in Azure DevOps

Step 1: Navigate to Library

In your Azure DevOps Project (Project1), click on the Pipelines section in the left menu.

In the Pipelines submenu, click on Library.

Step 2: Create a New Variable Group

Click on the + Variable group button.

Enter the Name:

nginx

Copy

varGroup1

Step 3: Add Variables

Add the first variable:

Click Add.

In the Name field, enter:

nginx

Copy

username

In the Value field, enter:

Copy

Userl-48901628

Add the second variable:

Click Add again.

In the Name field, enter:

nginx

Copy

password

In the Value field, enter:

Copy

aFpJ2j+6M!

Check the box Keep this value secret.

Step 4: Save the Variable Group

Click Save at the top to save the variable group.

With the storage account ready, you can configure backs up in the web app or App Service.

Open the App Serviceaz400-11566895-main, which you want to protect, in the Azure Portal and browse to Settings > Backups. Click Configure and a Backup Configuration blade should appear.

Select the storage account.

Click + to create a private container. You could name this container after the web app or App Service.

Select the container.

If you want to schedule backups, then set Scheduled Backup to On and configure a schedule: every five hours

Select your retention. Note that 0 means never delete backups.

Decide if at least onebackup should always be retained.

Choose if any connected databases should be included in the web app backup.

Click Save to finalize the backup configuration.

Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app's App Delete class in the didFinishLaunchingWithOptions method.

MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])

Box 1: Get-AzResource

Use the followingcommand to examine the access control mode for all workspaces in the subscription:

PowerShell

Get-Az Resource –Resource Type Microsoft. Operational Insights/workspaces –Expand Properties | for each {s.Name + ": " + $_.Properties.features.enableLogAccessUsingOnlyResourcePermissions

Box 2: -Resource Type

Unattended config:

The agent can be set up from a script with no human intervention. You must pass--unattended and the answers to all questions.

To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.

Box 1: A source control system

A source control system, also called a version control system, allows developers to collaborate on code and track changes.Source control is an essential tool for multi-developer projects.

Box 2: A hosted service

To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agentmeets your needs, you can skip setting up a self-hosted macOS agent.

Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: Current Technical Issue

The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure AutomationState Configuration fails to correct the configurations.

Azure Automation State Configuration nodes are registered by using the following command.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.

Scenario: A branching strategy that supports developing newfunctionality in isolation must be used.

Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.

When you need to work on a particularfeature, it might be a good idea to create a feature branch.

Box 1: Reader

Members of a group named Developers must be able to install packages.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Ownerscan add any type of identity-individuals, teams, and groups-to any access level.

Box 2: Owner

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.

Box 1: Set the defaultretention policy to 30 days

The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.

Box 2: Set the stage retention policy to 60 days

You may want to retain more releases that have been deployed to specific stages.

Batching CI runs

If you have many team members uploadingchanges often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built.

Example:

# specific branch build with batching

trigger:

batch: true

branches:

include:

- master

To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into therepository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Box 1: rwx

The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp.

Box 2: /tmp

Deploying DSC to a Linux node uses the /tmp folder.

Step 1: Write the KQL Query

Open Azure Data Explorer:

Navigate to Azure Data Explorer and sign in with your credentials.

Access the Securitylogs Database:

Open the Securitylogs database.

Write the Query:

Use the following KQL query tocount the number of inbound requests for each source IP address:

InboundBrowsing

| where Timestamp between (datetime(2021-10-01) .. datetime(2021-12-31))

| summarize NumberOfRequests = count() by SourceIP

| project SourceIP, NumberOfRequests

Step 2: Export the Query Results

Run the Query:

Execute the query in Azure Data Explorer.

Export the Results:

Once the query results are displayed, click on the Export button.

Choose the export format (e.g., CSV) and specify the export path as C:\Samples.

By following these steps, you will have successfully written a KQL query to count the number of inbound requests for each source IP address during the last three months of 2021 and exported the results to C:\Samples

Set up staging environments in Azure App Service

1. Open Microsoft Azure Portal

2. Log into your Azure account, select your app's resource page, in the left pane, selectDeployment slots > Add Slot.

3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

4. After the slot is added, select Close to close the dialogbox. The new slot is now shown on the Deployment slots page. By default, Traffic % is set to 0 for the new slot, with all customer traffic routed to the production slot.

5. Select the new deployment slot to open that slot's resource page.

6. Change TRAFFIC % to 10

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize theMain Branch:

Go to Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Create a New Branch for the Pipeline

Navigate to Branches:

Go to Repos > Branches.

Click on New branch.

Create the Branch:

Enter azure-pipelines as the branch name.

Select main as the base branch.

Click Create2.

Step 3: Create a New Azure Pipelines YAML Pipeline

Navigate to Pipelines:

Go to Pipelines > New pipeline.

Select the Repository:

Choose Azure Repos Git and select the relevant repository.

Configure the Pipeline:

Select Starter pipeline.

Replace the default YAML with the ASP.NET template. You can find the ASP.NET template in the Azure Pipelines documentation oruse the following example:

trigger:

- main

pool:

vmImage: 'windows-latest'

variables:

buildConfiguration: 'Release'

steps:

- task: UseDotNet@2

inputs:

packageType: 'sdk'

version: '5.x'

installationPath: $(Agent.ToolsDirectory)/dotnet

- script: |

dotnet build --configuration $(buildConfiguration)

displayName: 'Build project'

- script: |

dotnet test --no-build --configuration $(buildConfiguration)

displayName: 'Run tests'

Save the Pipeline:

Click on Save and enter azure-pipelines as the branch name.

Click on Save and run to save the pipeline to the new branch named azure-pipelines3.

By following these steps, you will have successfully initialized the main branch, created a new branch named azure-pipelines, and set up a new Azure Pipelines YAML pipeline using the ASP.NET template

1. Sign in to the portal,

2. Choose template Deploy-lod9940427

3. Select Edit template, andthen paste your JSON template code into the code window.

4. Change the ASddressPrefixes to 10.0.0.0/24 in order to support only 256 total IP addresses.

addressSpace":{"addressPrefixes": ["10.0.0.0/24"]},

5. Change the firstSubnet addressprefix to 10.0.0.0/26 to support only 64 total IP addresses.

"subnets":[

{

"name":"firstSubnet",

"properties":{

"addressPrefix":"10.0.0.0/24"

}

6. Select Save.

7. Select Editparameters, provide values for the parameters that are shown, and then select OK.

8 Select Subscription. Choose the subscription you want to use, and then select OK.

9. Select Resource group. Choose an existing resource group or create a new one, and then select OK.

10. Select Create. A new tile on the dashboard tracks the progress of your template deployment.

You can usea system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.

Sign in to Azure portal

Locate virtual machine VM1.

Select Identity

Enable the system-assigned identity for VM1 by setting the Status to On.

Note:Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.

Step 1: Assign the node configuration.

You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.

Step 2: Upload a configuration to Azure Automation State Configuration.

You import the configuration into the Automation account.

Step 3: Compiling a configuration into a node configuration

Compiling a configuration in Azure Automation

Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.

Step 4: Onboard the virtual machines to Azure State Configuration

Onboarding an Azure VM for management with Azure Automation State Configuration

Step 5: Check the compliance status of the node.

Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.

On the blade for an individual report, you can see the following status information for the corresponding consistency check:

The report status — whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).

Box 1: Lead time

Lead time measures the total time elapsed from the creation of work items to their completion.

Box 2: Cycle time

Cycle time measures the time it takes for your team to complete work items once they begin actively working onthem.

Box 3: Burndown

Burndown charts focus on remaining work within a specific time period.

You can add the text "AB#" to the title or description of the pull request in GitHub, which will automatically link the request to an existing Azure Boards work item with that number.

Use Pre-deployments conditions instead.

Use a gate instead of an approval instead.

Smart Detection automatically warns you of potential performance problems and failure anomalies in your web application. It performs proactive analysis of the telemetry that your app sends to Application

Insights. If there is a sudden rise in failure rates, or abnormal patterns in client or server performance, you get an alert.

Scenario: Access to Azure DevOps mustbe restricted to specific IP addresses.

Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins from certain geographies and address ranges.

Woodgrove Bank plans to implement the following changes to the DevOps environment:

Migrate all the source code from TFS1 to GitHub.

The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.

QUESTIONNO: 4

You need !0 the merge the POC branch into the default branch. The solution must meet the technical requirements. Which command should you run?

A. it push

B. git merge -- allow-unrelated-histories

C. git rebase

D. git merge --squash

Answer: C

Scenario: Deploy App2 to an Azure virtual machine named VM1.

A personal access token (PAT) is used as an alternatepassword to authenticate into Azure DevOps.

Setting 1: Threshold value

Set to 80 %

Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:

Be triggered whenaverage CPU usage exceeds 80 percent for 15 minutes.

Calculate CPU usage averages once every minute.

Setting 2: Aggregation granularity

Set to 15 minutes.

Performing user interface (UI) testingas part of the release pipeline is a great way of detecting unexpected changes, and need not be difficult. Selenium can be used to test your website during a continuous deployment release and test automation.

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.

There is an Apache Maven PMD Plugin which allows you to automaticallyrun the PMD code analysis tool on your project's source code and generate a site report with its results.

You can use the combination of Terraform and Yeoman. Terraform is a tool for creating infrastructure on Azure. Yeoman makes it easy to create Terraformmodules.

Terratest provides a collection of helper functions and patterns for common infrastructure testing tasks, like making HTTP requests and using SSH to access a specific virtual machine. The following list describes some of the major advantages of using Terratest:

Convenient helpers to check infrastructure - This feature is useful when you want to verify your real infrastructure in the real environment.

Organized folder structure - Your test cases are organized clearly and follow the standard Terraform module folder structure.

Test cases are written in Go - Many developers who use Terraform are Go developers. If you're a Go developer, you don't have to learn another programming language to use Terratest.

Extensible infrastructure - You can extend additional functions on top of Terratest, including Azure-specific features.

Instead use implement continuous integration.

Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated de?nitive database of open source repositories.

An analytics feature in a monitoring solution would allow you to parse logs from multiple sources and analyzethem to identify the root cause of issues in your Azure pipelines. This feature would typically provide tools for searching, filtering, and visualizing log data, as well as for identifying patterns and anomalies. With analytics, you can also create customdashboards and alerts to monitor your pipelines and quickly identify and troubleshoot any issues.

Instead, In Visual Designer you enable continuous integration (CI) by:

Select the Triggers tab.

Enable Continuous integration.

https://docs.microsoft.com/en-us/azure/devops/migrate/security-validation-cicd-pipeline?view=azure-devops &viewFallbackFrom=vsts

So:

PR: Static Code Analysis

CI: Static Code Analysis

CD: PenTest

Customizing Kanban boards

To maximize a team’s ability to consistently deliver high quality software, Kanban emphasize two main practices. The first, visualize the flow of work, requires you to map your team’s workflow stages and configure your Kanban board to match. Your Kanban board turns your backlog into an interactive signboard, providing a visual flow of work.

https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops &tabs=browser#faq

ENABLE DIAGNOSTICS TO LOG ANALYTICS

This configuration is done PER DATABASE

1. Click on Diagnostics Settings and then Turn On Diagnostics

2. Select to Send to Log Analytics and select the Log Analytics workspace. For this sample I will selected only Errors

See the answer in image

Box 1: Windows Feature

Example:

Configuration Website Test {

# Import the module that contains the resources we're using.

Import-Disc Resource –Module Name Ps Desired State Configuration

# The Node statement specifies which targets this configuration will beapplied to.

Node 'localhost' {

# The first resource block ensures that the Web-Server (IIS) feature is enabled.

Windows Feature Web Server {

Ensure = "Present"

Name = "Web-Server"

}

Box 2: File

Example continued:

# The second resource block ensures that the website content copied to the website root folder.

File Website Content {

Ensure = 'Present'

Source Path = 'c:\test\index.htm'

Destination Path = 'c:\inetpub \wwwroot'

}

Scenario:

Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.

Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet

TheImport-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.

Example:

PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName "ResourceGroup01" -SourcePath "C:\DSC\client.ps1" -Force

This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.

Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet

The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.

Step 1: Createa repository

A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a branch

Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.

Step 3: Add a build validation policy

When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.

Scenario:

Implement a code flow strategy for Project2 that will:

Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains10 Azure virtual machines that run Windows Server 2016

Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.

The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.

Scenario:

Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.

Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.

Step 2: Create a personal access token..

A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.

Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.

By running a Azure Pipeline agent in thecluster, we make it possible to test any service, regardless of type.

Scenario: Implement Project3, Project5,Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.

In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.

Step 2: Enable Gates.

Choose thepre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.

Step 3: Add Query Work items.

Choose + Add and select the Query Work Items gate.

Configure the gate by selecting an existing work item query.

Note: A case for release gate is:

Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.