Practice Free AZ-400 Microsoft Azure DevOps Solutions Exam Questions Answers With Explanation

Step 1: Understand the Requirements

You need to create a self-hosted agent for Azure Pipelines.

It will be hosted in a pod (for example, in Kubernetes).

All pipelines in Project1 should be able to use this agent pool named Pool1 .

Step 2: Create the Agent Pool in Azure DevOps

Go to your Azure DevOps organization : https://dev.azure.com/{YourOrganizationName}

In the bottom-left corner, click on the Organization settings gear icon.

In the left menu, click on Agent pools .

Click on Add pool .

Provide the following:

Pool name: Pool1

Pool type: Self-hosted

Grant access permission to all pipelines: Checked (so that all Project1 pipelines can use this pool)

Click Create .

Now you have an empty agent pool named Pool1 .

Step 3: Prepare the Self-hosted Agent as a Pod

You need to deploy an Azure Pipelines agent container as a pod . Here’s how to do it:

Option 1: Using Kubernetes directly (YAML deployment)

Create a Kubernetes deployment YAML file for the agent pod:

apiVersion: apps/v1

kind: Deployment

metadata:

name: azure-pipelines-agent

labels:

app: azure-pipelines-agent

spec:

replicas: 1

selector:

matchLabels:

app: azure-pipelines-agent

template:

metadata:

labels:

app: azure-pipelines-agent

spec:

containers:

- name: agent

image: mcr.microsoft.com/azure-pipelines/vsts-agent:latest

env:

- name: AZP_URL

value: " https://dev.azure.com/{YourOrganizationName} "

- name: AZP_TOKEN

valueFrom:

secretKeyRef:

name: azure-pipelines-token

key: token

- name: AZP_POOL

value: " Pool1 "

- name: AZP_AGENT_NAME

value: " agent-pod "

Create a Kubernetes secret for the personal access token (PAT) :

kubectl create secret generic azure-pipelines-token --from-literal=token= < your-PAT >

Note:

Replace < your-PAT > with a PAT that has “Agent Pools (Read & manage)” scope.

Replace {YourOrganizationName} with your actual Azure DevOps organization.

Deploy the pod:

bash

Copy

kubectl apply -f azure-pipelines-agent.yaml

Step 4: Validate the Agent Connection

Go back to Organization Settings > Agent pools > Pool1 in Azure DevOps.

You should see the agent pod connected and listed as online .

Step 5: Use the Pool in Pipelines

By default, all pipelines in Project1 will now have access to the Pool1 agent pool because you granted access during the pool creation.

In your pipeline YAML files, specify the pool name to use the self-hosted agent:

yaml

Copy

pool:

name: Pool1

To ensure that your Azure Web App namedaz400-38443478-mainsupports rolling upgrades and only 10 percent of users connect to the updated version of the app, you can use deployment slots with the followingsteps:

Create a Deployment Slot:

Navigate to the Azure Portal.

Go to your Web Appaz400-38443478-main.

SelectDeployment slotsin the menu.

Click onAdd Slot.

Name the slot (e.g.,staging) and if needed, clone settings from the production slot.

Configure the Traffic Percentage:

In the Deployment Slots menu, you will see a column forTraffic %.

Set the traffic percentage to10%for thestagingslot1.

This will route only 10% of the traffic to the updated version of the app in thestagingslot.

Deploy the Updated App to the Staging Slot:

Deploy yourupdated application to thestagingslot.

Test the application in thestagingslot to ensure it’s working as expected.

Complete the Rolling Upgrade:

Once you’re satisfied with the performance and stability of the app in thestagingslot, you can graduallyincrease the percentage of traffic until you’re ready to swap with the production slot.

To swap slots, go to theDeployment slotsmenu and click onSwapwith the production slot.

By using deployment slots, you can achieve rolling upgrades with minimal administrative effort, as it allows you to test the new version on a subset of users before fully releasing it. Remember to adjust the traffic percentage and monitor the application’s performance throughout the process.

Step 1: Understand the Requirements

You want to ensure that audit events (such as user actions, project changes, security settings, etc.) from your Azure DevOps organization are logged and available in a Log Analytics workspace in Azure.

This enables centralized monitoring and security compliance.

Step 2: Prerequisites

Before starting, make sure:

You have an Azure subscription .

You have permission to create or use a Log Analytics workspace in the Azure portal.

You are a Project Collection Administrator or Organization Owner in Azure DevOps.

Step 3: Create or Identify a Log Analytics Workspace

Go to the Azure portal .

In the search bar, type Log Analytics workspaces and click the service.

Click + Create to create a new workspace (or select an existing workspace if you have one).

Provide the following:

Subscription: your Azure subscription.

Resource Group: create a new or use an existing one.

Name: a unique name for the workspace (like DevOpsAuditWorkspace).

Region: choose the same region as your Azure DevOps organization if possible.

Click Review + Create, then Create to deploy the workspace.

Step 4: Configure Azure DevOps to Stream Audit Logs

Azure DevOps can stream audit logs to your Log Analytics workspace using the Azure DevOps Audit Stream feature.

In your browser, go to your Azure DevOps organization : https://dev.azure.com/{YourOrganizationName}

In the bottom-left corner, click on the Organization Settings gear icon.

In the left menu, click on Audit logs .

In the top-right, click on Audit streams .

Click on + Add stream to create a new stream.

In the New audit stream pane, do the following:

Stream type: select Azure Monitor Logs (Log Analytics) .

Azure subscription: select the subscription containing your Log Analytics workspace.

Resource group: select the resource group.

Log Analytics workspace: select the workspace created in Step 3.

Click Save .

Step 5: Validate the Audit Stream Connection

Go back to the Audit streams page in Azure DevOps to confirm the stream shows as Connected .

To validate logs:

In the Azure portal, go to your Log Analytics workspace .

In the left menu, click on Logs .

Use the query:

kusto

Copy

AzureDevOpsAuditing

| sort by TimeGenerated desc

You should see audit events from your Azure DevOps organization appear in the results.

Step 1: Sign Up for Azure DevOps

Navigate to Azure DevOps.

Click on Start Free.

Enter the credentials:

Email: UserUsefl-42147509@ExamUsers.com

Password: eWrSalD2!

Follow the prompts to complete the sign-up process using the default settings.

Step 2: Create an Azure DevOps Organization

Once signed in, you will be prompted to create a new organization.

Enter a name for your organization and select your region.

Click on Continue to create the organization.

Step 3: Create a Private Project

In your new organization, click on New Project.

Name the project Project1.

Set the visibility to Private.

Click on Create.

Step 4: Add an External User as a Stakeholder

Go to the Organization Settings.

Under General, select Users.

Click on Add users.

Enter the email address: Usfrr2-42147S09@ExamUsers.com.

Set the access level to Stakeholder.

Add the user to the most restrictive group, which is typically the Readers group.

Click on Add to complete the process.

Step 5: Verify the User Addition

Ensure that the external user has been added successfully by checking the Users list.

Confirm that the user has the Stakeholder access level and is part of the Readers group.

By following thesesteps, you should be able to complete the task successfully. If you encounter any issues, feel free to ask for further assistance!

Step 1: Navigate to the Library

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Access the Library:

In the left-hand menu, select Pipelines  >  Library.

Step 2: Create a Variable Group

Create a New Variable Group:

On the Library page, click on + Variable group.

Configure the Variable Group:

Name: Enter varGroup1.

Description: Optionally, add a description for thevariable group.

Add Variables:

Click on + Add to add a new variable.

Variable Name: Enter serverName.

Value: Enter server1.

Click OK.

Click on + Add again to add another variable.

Variable Name: Enter dbName.

Value: Enter db1.

Click OK.

Save the Variable Group:

Click on Save to save the variable group.

By following these steps, you will have successfully created a variable groupnamed varGroup1 containing the specified variables

Task 8: Create a Service Hook to Integrate with Azure Storage (queue1)

Step 1: Verify the Storage Account and Queue

In the Azure portal ( https://portal.azure.com ):

Go to Storage accounts .

Find the storage48901628 storage account.

In the left menu, click on Queues .

Ensure that a queue named queue1 exists. If not, create it by:

Clicking + Queue .

Enter Name: queue1.

Click OK .

Step 2: Prepare the Storage Account’s Shared Access Signature (SAS)

Azure DevOps uses SAS tokens to send messages to a storage queue.

In the Azure portal , go to the storage48901628 storage account.

In the left menu, click Shared access signature .

Set the following:

Allowed services: Queue.

Allowed resource types: Object.

Allowed permissions: Add, Write.

Start and expiry date/time: Adjust as needed (e.g., 1 year).

Click Generate SAS and connection string .

Copy the Queue SAS URL (e.g., https://storage48901628.queue.core.windows.net/queue1?sv=...).

Step 3: Create the Service Hook in Azure DevOps

In your Azure DevOps Project (Project1):

In the bottom-left, click Project settings .

In the left menu, click Service hooks .

Click + Create subscription .

Step 4: Configure the Azure Storage Service Hook

In the Create a subscription wizard, choose Azure Storage Queues and click Next .

Choose the Trigger :

For example: Code pushed (or other events you want to send to the queue).

Click Next .

Configure the Action :

Queue endpoint URL: The Queue SAS URL you copied in Step 2 (including the queue1 endpoint and SAS token).

Example:

bash

Copy

https://storage48901628.queue.core.windows.net/queue1?sv=...

Step 5: Finalize and Test the Integration

Click Test to ensure Azure DevOps can send a message to the queue.

If the test succeeds, click Finish to create the service hook.

Step 6: Validate in the Azure Portal

In the Azure portal, go to storage48901628 > Queues > queue1 .

You should see new messages appear in the queue whenever the configured Azure DevOps event (like push or PR) occurs.

Task 11: Create an Artifact Feed with Specific Retention Policies

Step 1: Navigate to Artifacts

In your Azure DevOps Project (Project1), click on the Artifacts section in the left menu.

Step 2: Create a New Feed

Click on the + New feed button.

In the Name field, enter:

nginx

Copy

artifact_feed

Choose the visibility of the feed:

Project scoped (only accessible to Project1).

Or Organization scoped (accessible across your Azure DevOps organization).

Leave other settings at default unless you have specific permissions or upstream sources.

Click Create .

This creates a new feed named artifact_feed.

Step 3: Configure Retention Policies

In the Artifacts section, click on the feed named artifact_feed to open its details page.

In the top-right corner, click on the three dots (...) and select Feed settings .

Step 4: Set the Maximum Number of Versions to Retain

In the Feed settings page, find the Retention policies section.

Set Maximum number of versions per package to:

Copy

10

Click Save .

This ensures that only the latest 10 versions of any package are retained in the feed.

Step 5: Set the Downloaded Package Retention Period

In the Feed settings page, under Retention policies , find Downloaded package retention .

Set Number of days to retain downloaded packages to:

Copy

90

Click Save .

This ensures that downloaded packages will be retained in the cache for 90 days before deletion.

1. Sign in to the portal,

2. Choose template Deploy-lod9940427

3. Select Edit template, andthen paste your JSON template code into the code window.

4. Change the ASddressPrefixes to 10.0.0.0/24 in order to support only 256 total IP addresses.

addressSpace " :{ " addressPrefixes " : [ " 10.0.0.0/24 " ]},

5. Change the firstSubnet addressprefix to 10.0.0.0/26 to support only 64 total IP addresses.

" subnets " :[

{

" name " : " firstSubnet " ,

" properties " :{

" addressPrefix " : " 10.0.0.0/24 "

}

6. Select Save.

7. Select Editparameters, provide values for the parameters that are shown, and then select OK.

8 Select Subscription. Choose the subscription you want to use, and then select OK.

9. Select Resource group. Choose an existing resource group or create a new one, and then select OK.

10. Select Create. A new tile on the dashboard tracks the progress of your template deployment.

1. Open Microsoft Azure Portal

2. Select All Services, and then select DevTest Labs in the DEVOPS section.

3. From the list of labs, select the az400-9940427-dtl1 lab

4. On the home page for your lab, select + Add on the toolbar.

5. Select the Windows Server 2016 Datacenter base image for the VM.

6. Select automation options at the bottom of the page above the Submit button.

7. You see the Azure Resource Manager template for creating thevirtual machine.

8. The JSON segment in the resources section has the definition for the image type you selected earlier.

Set up staging environments in Azure App Service

1. Open Microsoft Azure Portal

2. Log into your Azure account, select your app ' s resource page, in the left pane, selectDeployment slots > Add Slot.

3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

4. After the slot is added, select Close to close the dialogbox. The new slot is now shown on the Deployment slots page. By default, Traffic % is set to 0 for the new slot, with all customer traffic routed to the production slot.

5. Select the new deployment slot to open that slot ' s resource page.

6. Change TRAFFIC % to 10

1.Go to the Azure portal, navigate to Traffic Manager profiles and click on the Add button to create a routing profile.

2. In the Create Traffic Manager profile, enter, or select these settings:

Name: az40011566895n1-tm

Routing method: Geographic

Resource group: RG1lod11566895

Note: Traffic Manager profiles can be configured to use the Geographic routing method so that users are directed to specific endpoints (Azure, External or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important.

Task 9: Initialize the main branch (if it doesn’t exist) and create a pull request-triggered pipeline for .NET Core build

Step 1: Initialize the main Branch

In your Azure DevOps Project (Project1), navigate to Repos .

In the left menu, click Files .

If you see a message like “This repository is empty,” click Initialize .

Create a README.md file (or another file) and set the default branch name to main.

Click Initialize .

If the main branch already exists, you can skip this step.

Step 2: Create a New Branch for the Pipeline

In Repos > Files , click on the Branches tab.

Click New branch .

Enter:

Branch name: azure-pipelinesT

Based on: main

Click Create .

This creates a new branch named azure-pipelinesT from main.

Step 3: Create the Pipeline YAML File in the New Branch

Switch to the azure-pipelinesT branch.

In Files , click New file .

Name the file: azure-pipelines.yml.

Step 4: Write the YAML Pipeline for .NET Core Build

Here’s a sample YAML file:

trigger: none

pr:

branches:

include:

- main

pool:

vmImage: ' windows-latest '

variables:

buildConfiguration: ' Release '

steps:

- task: UseDotNet@2

displayName: ' Install .NET Core SDK '

inputs:

packageType: ' sdk '

version: ' 8.x ' # Or specify the exact version of .NET Core SDK you need

installationPath: $(Agent.ToolsDirectory)/dotnet

- script: dotnet build src --configuration $(buildConfiguration)

displayName: ' Build .NET Core project '

This pipeline:

Runs only when a pull request is created or updated targeting the main branch.

Uses the windows-latest agent.

Installs the .NET SDK and builds the project in the src directory.

Step 5: Commit the Pipeline File

In the bottom commit message box:

Message: Add PR-triggered pipeline for .NET Core build

Ensure the branch is set to azure-pipelinesT .

Click Commit .

Step 6: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines .

Click New pipeline .

Select:

Azure Repos Git .

Select your repository.

Choose Existing Azure Pipelines YAML file .

In the branch selector, choose the azure-pipelinesT branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and Run to validate.

Step 7: Test the Pipeline Trigger

Create a new branch (e.g., feature/test-pr).

Push a commit and create a pull request targeting main.

Verify that the pipeline runs automatically for this PR in Pipelines .

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Go to Repos  >  Files.

If themain branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch.

Step 2: Implement an Approval Process for the Main Branch

Navigate to Branch Policies:

Go to Repos  >  Branches.

Findthe main branch and click on the … (ellipsis) next to it.

Select Branch policies.

Enable Required Reviewers:

Under Policies, enable Minimum number of reviewers.

Set the minimum number of reviewers to 2 to enforce the four-eyes principle.

Add RequiredReviewers:

Add the users who should review the changes. Ensure that at least one approval is required on every iteration.

Enable Reset Code Reviewer Votes:

Enable the Reset code reviewer votes when there are new changes option to ensure that any new changes require re-approval.

Save Changes:

Click on Save changes to apply the policies.

Step 3: Verify the Approval Process

Create a Pull Request:

Make a change in a branch and create a pull request to merge it into the main branch.

Review and Approve:

Ensurethat the pull request requires at least two reviewers to approve it before it can be merged.

By following these steps, you will have successfully initialized themain branch and implemented an approval process that adheres to the four-eyes principle, ensuring that every iteration has at least one approval

1. Open Microsoft Azure Portal and Log into your Azure account.

2. Select network security group (NSG) named az400-9940427-nsg1

3. Select Settings, Outbound security rules, and click Add

4. Click Advanced

5. Change the following settings:

Destination Port range: 8080

Protocol. TCP

Action: Allow

Note: Bydefault, Azure DevOps Server uses TCP Port 8080.

All Azure Artifacts feeds require authentication, so you ' ll need to store credentials for the feed before you can install or publish packages. npm uses .npmrc configuration files to store feed URLs and credentials. Azure DevOps Services recommends using two .npmrc files.

Feed registry information: The .npmrc file in the project

One .npmrc should live at the root of your git repo adjacent to your project ' s package.json. It should contain a " registry " line for your feed and it should not contain credentials since it will be checked into git.

Credentials: The .npmrc file in the user ' s home folder

On your development machine, you will also have a .npmrc in $home for Linux or Mac systems or $env.HOME for win systems. This .npmrc should contain credentials for all of the registries that you need to connect to. The NPM client will look at your project ' s .npmrc, discover the registry, and fetch matching credentials from $home/.npmrc or $env.HOME/.npmrc.

A task group in Azure DevOps is a collection of tasks that can be reused across multiple pipelines. You can create a task group that contains the three specific tasks that you need to execute during pipeline execution, and then reference that task group in all new pipelines in Project1. This way, you can ensure that the three specific tasks are executed in all new pipelines without having to manually add them to each pipeline.

Box 1: Azure Pipelines service connection

Box 2: Managed Service Identity Authentication

The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.

When you run a pipeline on a self-hosted agent, by default, none of the subdirectories are cleaned in between two consecutive runs. As a result, you can do incremental builds and deployments, provided that tasks are implemented to make use of that. You can override this behavior using the workspace setting on the job.

Use a variable group to store values that you want to control and make available across multiple pipelines.

Step 1 : az acr create

An Azure Container Registry (ACR) can also be created using the new Azure CLI.

az acr create

--name < REGISTRY_NAME >

--resource-group < RESOURCE_GROUP_NAME >

--sku Basic

Step 2: az ad sp create-for-rbac

Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.

az ad sp create-for-rbac

--scopes /subscriptions/ < SUBSCRIPTION_ID > /resourcegroups/ < RG_NAME > /providers/Microsoft.ContainerRegistry/registries/ < REGISTRY_NAME >

--role Contributor

--name < SERVICE_PRINCIPAL_NAME >

Step 3: kubectl create

Create a new Kubernetes Secret.

kubectl create secret docker-registry < SECRET_NAME >

--docker-server < REGISTRY_NAME > .azurecr.io

--docker-email < YOUR_MAIL >

--docker-username= < SERVICE_PRINCIPAL_ID >

--docker-password < YOUR_PASSWORD >

Text Description automatically generated

Box 1: User Flows

The User Flows tool visualizes how users navigate between the pages and features of your site. It ' s great for answering questions like:

How do users navigate away from a page on your site?

What do users click on a page on your site?

Where are the places that users churn most from your site?

Are there places where users repeat the same action over and over?

Box 2: Users

Counting Users: The user behavior analytics tools don ' t currently support counting users or sessions based on properties other than anonymous user ID, authenticated user ID, or session ID.

Box 3: Impact

Impact analyzes how load times and other properties influence conversion rates for various parts of your app. To put it more precisely, it discovers how any dimension of a page view, custom event, or request affects the usage of a different page view or custom event.

Set up Advanced Threat Protection in the Azure portal

1. Sign into the Azure portal.

2.Navigate to the configuration page of the server you want to protect. In the security settings, select Advanced Data Security.

3. On the Advanced Data Security configuration page:

4. Enable Advanced Data Security on the server.

Note: Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center,Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials

The defect escape rate is a metric that assesses the collective quality of software releases by evaluating how often errors are discovered and rectified in the pre-production process versus during production.

The defect escape rate is a KPI (Key Performance Indicator) that measures how many defects are found in released code versus how many are found during development. This KPI can help you to compare how much time is spent troubleshooting issues found during development versus how much time is spent troubleshooting issues found in released code. The higher the defect escape rate, the more defects are found in released code, and thus more time is spent troubleshooting issues in released code.

GitHub App uses the Azure Pipelines identity.

User1: Project Administrators

You must have the permission Create Repository to publish code as wiki. By default, this permission is set for members of the Project Administrators group.

User2: Contributors

Anyone who is a member of the Contributors security group can add or edit wiki pages.

Anyone with access to the team project, including stakeholders, can view the wiki.

Set up Advanced Threat Protection in the Azure portal

1. Sign into the Azure portal.

2. Navigate to the configuration page of the server you want to protect. In the security settings, select Advanced Data Security.

3. On the Advanced Data Security configuration page:

4. Enable Advanced Data Security on the server.

Note: Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials

Box 1: Scrum

Choose Scrum when your team practices Scrum. This process works great if you want to track product backlog items (PBIs) and bugs on the Kanban board, or break PBIs and bugs down into tasks on the taskboard.

Box 2: Agile

Choose Agile when your team uses Agile planning methods, including Scrum, and tracks development and test activities separately. This process works great if you want to track user stories and (optionally) bugs on the Kanban board, or track bugs and tasks on the taskboard.

Box 3: CMMI

Choose CMMI when your team follows more formal project methods that require a framework for process improvement and an auditable record of decisions. With this process, you can track requirements, change requests, risks, and reviews.

The " Exploratory Testing " extension is now " Test & Feedback " and is now Generally Available.

Anyone can now test web apps and give feedback, all directly from the browser on any platform: Windows, Mac, or Linux. Available for Google Chrome and Mozilla Firefox (required version 50.0 or above) currently. Support for Microsoft Edge is in the pipeline and will be enabled once Edge moves to a Chromium-compatible web platform.

Box 1: 1

The Cloud agent job only.

Box 2: 4

The pipelines has the four tasks: NuGet restore, Compile Application, Copy Files, and Publish Artifact.

Instead use fast-forward merge.

Note:

No fast-forward merge - This option merges the commit history of the source branch when the pull request closes and creates a merge commit in the target branch.

Instead use fast-forward merge.

Note:

No fast-forward merge - This option merges the commit history of the source branch when the pull request closes and creates a merge commit in the target branch.

To run your jobs, you ' ll need at least one agent. A Linux agent can build and deploy different kinds of apps, including Java and Android apps.

If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a private Linux agent.

The Azure Pipelines agent pool offers several virtual machine images to choose from, each including a broad range of tools and software. We support Ubuntu, Red Hat, and CentOS.

Box 1: A deployment group

When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.

If the target machines are Azure VMs, you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline to create a deployment group dynamically.

Box 2: A deployment group

Timeline Description automatically generated with low confidence

Box 1: percentile_duration_95

Box 2: success

For example –

requests

| project name, url, success

| where success == " False "

This will return all the failed requests in my App Insights within the specified time range.

When a pipeline uses a remote, 3rd-party repository host such as Bitbucket Cloud, the repository is configured with webooks that notify Azure Pipelines Server or TFS when code has changed and a build should be triggered. Since on-premises installations are normally protected behind a firewall, 3rd-party webhooks are unable to reach the on-premises server. As a workaround, you can use the External Git repository type which uses polling instead of webhooks to trigger a build when code has changed.

Slack is a popular team collaboration service that helps teams be more productive by keeping all communications in one place and easily searchable from virtually anywhere. All your messages, your files, and everything from Twitter, Dropbox, Google Docs, Azure DevOps, and more all together. Slack also has fully native apps for iOS and Android to give you the full functionality of Slack wherever you go.

Integrated with Azure DevOps

This integration keeps your team informed of activity happening in its Azure DevOps projects. With this integration, code check-ins, pull requests, work item updates, and build events show up directly in your team ' s Slack channel.

Note: Microsoft Teams would also be a correct answer, but it is not an option here.

Instead reduce the code complexity.

Step 1: Create an instance of Azure Application Insights

1. Open Microsoft Azure Portal

2. Log into your Azure account, Select Create a resource > Developer tools > Application Insights.

3. Enter the following settings, and then select Review + create.

Name: az400-9940427-main

Graphical user interface, application Description automatically generated

Step 2: Configure App Insights SDK

1. Open your ASP.NET Core Web App project in Visual Studio > Right-click on the AppName in the Solution Explorer > Select Add > Application Insights Telemetry.

2. Click the Get Started button

3. Select your account and subscription > Select the Existing resource you created in the Azure portal > Click Register.

Graphical user interface, application Description automatically generated

Box 1: Microsoft Visual Studio App Center distribution Groups

Distribution Groups are used to control access to releases. A Distribution Group represents a set of users that can be managed jointly and can have common access to releases. Example of Distribution Groups can be teams of users, like the QA Team or External Beta Testers or can represent stages or rings of releases, such as Staging.

Box 2: Shared

Shared distribution groups are private or public distribution groups that are shared across multiple apps in a single organization. Shared distribution groups eliminate the need to replicate distribution groups across multiple apps.

Note: With the Deploy with App Center Task in Visual Studio Team Services, you can deploy your apps from Azure DevOps (formerly known as VSTS) to App Center. By deploying to App Center, you will be able to distribute your builds to your users.

Step 1: Create a Project Wiki

Navigate to Azure DevOps:

Go to Azure DevOps and sign inwith your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Create a Wiki:

In the left-hand menu, select Wiki.

Click on Create project wiki.

Enter the name Wiki1 and click Create.

Step 2: Add Mermaid Syntax to Render a Diagram

Open the Wiki Page:

Navigate to the newly created Wiki1.

Edit the Wiki Page:

Click on Edit to start editing the wiki page.

Insert Mermaid Diagram:

Use the following Mermaid syntax to render a diagram. For example, to render a simple flowchart, you canuse:

```mermaid

graph TD;

A-- > B;

A-- > C;

B-- > D;

C-- > D;

Save the Page:

Click on Save to save your changes.

Step 3: Render the TCP Handshake Diagram

Convert TCPHandshake.png to Mermaid Syntax:

Since you have a sample diagram in C:\Resources\TCPHandshake.png, you need to convert this diagram into Mermaid syntax. Here’s an example of how a TCP handshake might look in Mermaid syntax:

```mermaid

sequenceDiagram

participant Client

participant Server

Client- > > Server: SYN

Server-- > > Client: SYN-ACK

Client- > > Server: ACK

Add the Diagram to the Wiki:

Replace the sample Mermaid syntax with the TCP handshake diagram syntax in the wiki page.

Save the Page:

Click on Save to save your changes.

By following these steps, you will have created a project wiki named Wiki1 and used Mermaid syntax to render a diagram

Step 1: Create an instance of Azure Application Insights

1. Open Microsoft Azure Portal

2. Log into your Azure account, Select Create a resource > Developer tools > Application Insights.

3. Enter the following settings, and then select Review + create.

Name: az400-9940427-main

Step 2: Configure App Insights SDK

4. Open your ASP.NET Core Web App project in Visual Studio > Right-click on the AppName in theSolution Explorer > Select Add > Application Insights Telemetry.

5. Click the Get Started button

6. Select your account and subscription > Select the Existing resource you created in the Azure portal > Click Register.

Step 1: Access Azure DevOps

Open your browser and navigate to https://aex.dev.azure.com .

You will be prompted to sign in. Enter the following credentials:

Username: UserUser1-48901628@cxamUsers.com

Password: aFpJ2j-6M!

Click Next or Sign in to proceed.

Note: If you see any Microsoft security challenge (like phone or email verification), follow the instructions to complete it.

Step 2: Sign Up for Azure DevOps

After signing in, you’ll see a prompt to sign up for Azure DevOps.

Use the default settings provided by Azure DevOps for the sign-up process (region, default name, etc.).

Click Continue or Start free with Azure DevOps.

An Azure DevOps Organization is a container for your projects and resources. Default settings are usually fine for new organizations.

Step 3: Create the Organization

Enter a name for your organization. Azure DevOps will suggest a default name (like yourname or org-name), but you can change it if you prefer.

Verify the region is correct.

Click Continue to create the organization.

Your Azure DevOps organization is now created. It’s the top-level container for all your projects.

Step 4: Create a Private Project Named Project1

In your Azure DevOps portal, find the " New Project " button and click it.

Enter the following details:

Project Name: Project1

Description: (optional)

Visibility: Private

Click Create.

A private project means that only users you add can see or access it. This is important for security and privacy.

Step 5: Enforce Maximum File Size for Repositories

By default, Azure DevOps allows files up to 100 MB to be pushed. To ensure the maximum file size for repositories in Project1 is 2 MB, you can enforce this using a pipeline validation.

Azure DevOps does not provide a direct setting for file size limits. However, you can create a pipeline to validate file size on pull requests and block changes if a file exceeds 2 MB.

Here’s how to do it:

Option 1: Enforce with a pipeline validation for pull requests

In your Project1, create a new pipeline.

Use the following YAML for the pipeline:

yaml

Copy

trigger: none

pr:

branches:

include:

- " * "

jobs:

- job: CheckFileSize

pool:

vmImage: ' ubuntu-latest '

steps:

- script: |

echo " Checking file sizes in the PR... "

git fetch origin +refs/pull/*/merge:refs/remotes/origin/pr/*

large_files=$(git diff --cached --name-only | xargs -I{} du -b {} | awk ' $1 > 2097152 {print $2} ' )

if [ -n " $large_files " ]; then

echo " Error: The following files exceed 2 MB: "

echo " $large_files "

exit 1

fi

displayName: ' Check file sizes in PR '

This pipeline will:

Run on pull requests only.

Check the size of all files in the pull request.

If any file is larger than 2 MB (2,097,152 bytes), it will fail the pipeline and block the PR.

Option 2: Local Git configuration (for each developer)

On each developer’s machine, run this command in their local repository:

bash

Copy

git config --local core.bigFileThreshold 2M

This limits the file threshold for checkout, but does not prevent large files from being pushed. Using the pipeline validation (Option 1) is more secure for team environments.

To ensure that your Azure Web App namedaz400-38443478-maincan retrieve secrets from an Azure Key Vault namedaz400-3844J478-kv1using a system managed identity with the principle of least privilege, follow these detailed steps:

Enable a System Managed Identity for the Azure Web App:

Navigate to the Azure Portal.

Go to the Azure Web Appaz400-38443478-main.

SelectIdentityunder theSettingssection.

In theSystem assignedtab, switch theStatustoOn.

ClickSaveto apply the changes.

Grant the Web App Access to the Key Vault:

Go to the Azure Key Vaultaz400-3844J478-kv1.

SelectAccess policiesunder theSettingssection.

Click onAdd Access Policy.

ChooseSecret permissionsand selectGetandList. This grants the app the ability to read secrets, adhering to the principle of least privilege.

Click onSelect principal, search for your Web App nameaz400-38443478-main, and select it.

ClickAddto add the policy.

Don’t forget to clickSaveto save the access policy changes.

Retrieve Secrets in the Web App Code:

In your Web App’s code, use the Azure SDK to retrieve the secrets.

For example, in a .NET application,you can use theAzure.IdentityandAzure.Security.KeyVault.Secretsnamespaces.

Utilize theDefaultAzureCredentialclass which will automatically use the system managed identity when running on Azure.

using Azure.Identity;

usingAzure.Security.KeyVault.Secrets;

var client = new SecretClient(new Uri( " https://az400-3844J478-kv1.vault.azure.net/ " ), new DefaultAzureCredential());

KeyVaultSecret secret = await client.GetSecretAsync( " my-secret-name " );

string secretValue =secret.Value;

Replace " my-secret-name " with the actual name of the secret you want to retrieve.

By following these steps, your Azure Web App will be able to securely retrieve secrets from the Azure Key Vault using a system managed identity, without needingto store credentials in the code, and adhering to the principle of least privilege. Remember to replace the placeholder names with the actual names of your Web App and Key Vault.

Scenario:

Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.

Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.

Step 2: Create a personal access token..

A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.

Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.

By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.

Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your " inner-loop " development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.

Step 1: Create a repository

A Git repository, or repo, is a folder that you ' ve told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a branch

Branch policies help teams protect their important branches of development. Policies enforce your team ' s code quality and change management standards.

Step 3: Add a build validation policy

When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.

Scenario:

Implement a code flow strategy for Project2 that will:

Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.

Scenario: Implement Project3, Project5, Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.

In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.

Step 2: Enable Gates.

Choose the pre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.

Step 3: Add Query Work items.

Choose + Add and select the Query Work Items gate.

Configure the gate by selecting an existing work item query.

Note: A case for release gate is:

Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.

Scenario:

Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.

Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet

The Import-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.

Example:

PS C:\ > Import-AzureRmAutomationDscConfiguration -AutomationAccountName " Contoso17 " -ResourceGroupName " ResourceGroup01 " -SourcePath " C:\DSC\client.ps1 " -Force

This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.

Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet

The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.

The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016

C:\Users\wk\Desktop\mudassar\Untitled.jpg

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Box 1: A source control system

A source control system, also called a version control system, allows developers to collaborate on code and track changes. Source control is an essential tool for multi-developer projects.

Box 2: A hosted service

To build and deploy Xcode apps or Xamarin.iOS projects, you ' ll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a self-hosted macOS agent.

Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: Current Technical Issue

The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.

Azure Automation State Configuration nodes are registered by using the following command.

The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.

Batching CI runs

If you have many team members uploading changes often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built.

Example:

# specific branch build with batching

trigger:

batch: true

branches:

include:

- master

To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into the repository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.

Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app ' s App Delete class in the didFinishLaunchingWithOptions method.

MSAppCenter.start( " {Your App Secret} " , withServices: [MSAnalytics.self, MSCrashes.self])

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Box 1: Get-AzResource

Use the following command to examine the access control mode for all workspaces in the subscription:

PowerShell

Get-Az Resource –Resource Type Microsoft. Operational Insights/workspaces –Expand Properties | for each {s.Name + " : " + $_.Properties.features.enableLogAccessUsingOnlyResourcePermissions

Box 2: -Resource Type

Box 1: Reader

Members of a group named Developers must be able to install packages.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

Box 2: Owner

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

Box 1: rwx

The Log Analytics agent for Linux runs as the omsagent user. To grant > write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp.

Box 2: /tmp

Deploying DSC to a Linux node uses the /tmp folder.

Scenario: A branching strategy that supports developing new functionality in isolation must be used.

Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.

When you need to work on a particular feature, it might be a good idea to create a feature branch.

Unattended config:

The agent can be set up from a script with no human intervention. You must pass --unattended and the answers to all questions.

To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.

Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.

Box 1: Set the default retention policy to 30 days

The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.

Box 2: Set the stage retention policy to 60 days

You may want to retain more releases that have been deployed to specific stages.

Graphical user interface, text, application Description automatically generated

Setting 1: Threshold value

Set to 80 %

Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:

Be triggered when average CPU usage exceeds 80 percent for 15 minutes.

Calculate CPU usage averages once every minute.

Setting 2: Aggregation granularity

Set to 15 minutes.

Graphical user interface, text, application Description automatically generated

Woodgrove Bank plans to implement the following changes to the identity environment:

Configure App1 to use a service principal.

Scenario: Access to Azure DevOps must be restricted to specific IP addresses.

Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD ' s conditional access to prevent logins from certain geographies and address ranges.

Woodgrove Bank plans to implement the following changes to the DevOps environment:

Migrate all the source code from TFS1 to GitHub.

The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.

Scenario: Deploy App2 to an Azure virtual machine named VM1.

A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.

A picture containing text Description automatically generated

Box 1: Azure Boards

Azure Boards can be used to track work with Kanban boards, backlogs, team dashboards, and custom reporting

You can create multiple Trello boards, which are spaces to store tasks (for different work contexts, or even private boards)

You can easily share Trello boards with another person.

Box 2: Azure Pipelines

You can use Bamboo to implement CI/CD (Continuous Integration and Continuous Delivery) for a simple Azure function app using Atlassian Bamboo. Bamboo does continuous delivery of the project from source code to deployment. It has stages including Build, Test and Deploy.

Software teams in every industry are upgrading their continuous delivery pipeline with Bamboo. Easy build import from popular open source tools, user and group import from JIRA, seamless integration with Bitbucket, and native support for Git, Hg, and SVN means you ' ll be building and deploying like a champ.

Box 3: GitHub repositories

Bitbucket can be used as the Git repository, but you can use any other Git repository (Like TFS Git) for source control of the code.

Graphical user interface, text, application Description automatically generated

Woodgrove Bank identifies the following technical requirements:

The Azure DevOps dashboard must display the metrics shown in the following table:

Box 1: Velocity

Velocity displays your team velocity. It shows what your team delivered as compared to plan.

Box 2: Release pipeline overview

Release pipeline overview shows the status of environments in a release definition.

Box 3: Query tile

Query tile displays the total number of results from a query.