Az-400 Flashcards
1
Q
Examples of static analysis tools
A
Sonarqube
white source bolt
PMD
2
Q
White source bolt
A
provides license and vulnerabilities details on 3rd party packages in your project
3
Q
Dynamic analysis
A
ran against live deployed code. commonly used to run pentests against known vulnerabilities like SQL injection
4
Q
Examples of Dynamic code analysis tools
A
owasp ZED ATTACK PROXY (zap)
5
Q
What should unit tests be built for?
A
testing a single piece or a core function in isolation.
6
Q
What test data should be used in unit tests
A
mock data from a file
7
Q
what data should be used in integration tests
A
data hosted on the same DB system as the production environment
8
Q
When should you make a package
A
when code can be reused across your projects and the code does not need to be changed ofter
9
Q
Symantec versioning
A
in x.x.x format. major breaking change. feature change that is backwards compatible. hotfix or patch
10
Q
Project type that includes change requests, issues, reviews and risk tracking items
A
CMMI
11
Q
what is a burndown report?
A
tracks work completed and remaining work across teams and sprints
12
Q
what is a burnup report?
A
tracks completed work items over teams and sprints
13
Q
what is a
Cumulative Flow Diagram (CFD)
A
shows count of work items in each column of a kanban board
14
Q
lead time
A
how long a work item goes from being created in backlog to completed
15
Q
velocity
A
shows how much work is completed during a sprint
16
Q
You are automating the build process for a Java-based application by using Azure DevOps. You need to add code coverage testing and publish the outcomes to the pipeline. What should you use?
A
java - jacoco, cobertura, clover
c++ - bullseye
python - coverage.py
,net/c# - ncover, dotcover
17
Q
You are designing the development process for your company. You need to recommend a solution for continuous inspection of the company’s code base to locate common code patterns that are known to be problematic. What should you include in the recommendation?
A
SonarCloud analysis
18
Q
What should you use for a code quality restriction on a release pipeline?
A
a pre-deployment approval
19
Q
How to connect github enterprise to azure active directory
A
Admin on github account, and on azure create an sso to github
20
Q
Recommended versioning format
A
semantic + quality of change | ex 2.1.3-release
21
Q
service hooks vs service connectors
A
service hooks: external services act in response to azure devops events
service connector: integrate external services more deeply to azure pipelines
22
Q
common external connection tool authentication methods
A
personal access token api token (aka auth tokens)
23
Q
popular code scanning services
A
white source bolt and snyk - find and fix open-source vulnerabilities
24
Q
What is octopus deploy?
A
devops automation/dependency scanning
25
mutable vs immutable configuration. What is mutable infrastructure
in place updates, keep existing servers, easier to introduce
26
mutable vs immutable configuration. What is immutable infrastructure
zero config drift, easy to diagnose, simple rollback and recovery, easy to scale horizontally
27
declarative vs imperative code. what is Imperative code?
uses statements that change a program’s state. greater form of control, this is the anti-pattern
28
declarative vs imperative code. what is declarative code?
say the end state, great for immutability, code reuse, understandable code, scalable
29
What is a DACPAC?
data application code package, it contains no data from the database, just the schema
30
What is a BACPAC?
backup package for sql. it contains the data and the schema of the database
31
Use this when working with a BACPAC
use export/import for BACPAC
32
Use this when working with a DACPAC
extract/publish for DACPAC
33
What is azure app configuration
it is a way to hold app configurations and pass them to other applications, specifically serverless apps
34
Two types of release gates
pre-deployment and post deployment
35
Use this type of release gate after deploying to a staging environment
post deployment gate
36
What do you need for a blue/green deployment?
Tags, two running environments
37
How to integrate feature flags into a pipeline
Use launch darkly.
38
components of azure ad conditional access
set the scope
determine the conditions
make the decision
39
managed identity
azure resource identity that allows access privileges to other azure resources
40
system-managed identity
tied to your resource or app and is deleted if the resource is deleted
41
user-managed identity
standalone user created identity
42
main way to use azure key vault with azure devops
connect to azure key vault via a service principal
43
What is azure policy used for?
monitor and enforce rules and standards across your azure resources
can be integrated in azure devops
44
What are the components of an azure policy?
needs a policy definition - what to evaluate and what action to take
assignment - scope for the policy
initiative - group related policy definitions together
check condition - evaluates compliance every hour
trigger action - based on evaluation results
45
What is azure defender
security that uses machine learning to determine if there is an attack
46
Where should diagnostic log storage be sent?
to either log analytics workspace or event hub
47
Language that Azure monitor uses
kusto query language (kql)
48
How to setup VM's with azure monitor
install extension on vm
49
How to filter with KQL?
| where
50
How to limit results with KQL?
| take # where # is the number you want.
51
How to sort results with KQL?
| sort
52
VM agent limits for Azure Monitor
windows agents can send logs to multiple workspaces, linux can only send to one workspace
53
What does distributed tracing show?
a unique id to show where the logs came from
54
Information Visual Studio App Center Analytics can show
```
active users
sessions
geographic data
devices
operating systems
languages
```
55
get kubernetes credentials at azure cli
az aks get-credentials -g rg_name -n aks-cluster-name
56
azure monitor integration with dynatrace
provide additional metrics for over 70 types of azure resources
57
What can azure pricing calculator do?
can give estimate of how much things will cost
58
How to connect jira with azure devops?
install the azure pipelines jira extension
59
How to connect github to azure boards?
in az devops click connect to github, provide connection information
60
create azure boards integration from slack/teams
/azboards signin /azboards link, /azboards subscriptions /azboards addareapath
61
agile v scrum vs others
cmmi consists of epics features requirements bugs and tasks. agile has product backlog items, scrum has user stories
62
Components of powershell dsc
needs config file, target node, config data
63
Benefits of using powershell dsc?
powershell dsc can combine with azure automation. it allows you to minimize config drift
64
What is the node line in powershell dsc for?
defining the target nodes of the script. the important bit is the name of the package getting installed.
65
What is the extension a powershell dsc fata file is saved as?
.psd1
66
How are powershell dsc files saved in azure?
dsc files must be saved as zip files and stored in a storage account
67
How to install powershell dsc on a server?
it must be installed as an extension
68
How can a vm communicate with azure automation server?
it needs a registration key
69
Setup powershell dsc via azure automation in windows
ensure latest win management framework 5 is installed, generate dsc meta-configuration, then apply the metaconfiguration settings
70
Setup powershell dsc via azure automation in linux
ensure ps dsc is installed, use register.py command to register with azure automation generate dsc metaconfigruation, apply metaconfiguration
71
basics of arm template
schema, version (version of template),
api (specify to not have to specify on each resource)
parameters (input values, limit of 256),
variables (variables used in the template),
functions (complex structures, can only have parameters defined in function)
resource (actual things getting deployed or updated),
outputs (values returned from deployment)
72
What are the benefits of a parameters file for an arm template?
customize arm templates for specific deployments
| arm templates get deployed with "az deployment group create"
73
reference keyvault secret with arm template
reference the id of the keyvault. ie adminpassword: {reference :{key vault :{ id
74
adding k8s to build pipeline
copy files from source folder to artifactstagingdirectory,
| deploy to k8s with a k8s service connection to the cluster
75
deploying containers to web app on release pipeline
use service connection, give image name including registry
76
how to deploy from release pipeline to k8s
use k8s deployment task, use cluster service connection, give namespace, and the manifest file. do this for each file (you could make this into one large file instead)
77
add helm repo with helm installed
helm repo add stable url_to_repo
78
using helm
helm search repo stable,
| helm install appname
79
azure pipelines system defined variable that is mapped to a folder to copy all the artifacts that have been built, typically mapped to _work/1/a
$(build.artifactStagingDirectory)
80
how to expose artifacts to the release pipeline
use the PublishBuildArtifact task. It puts artifacts in a drop container
81
azure pipelines system defined variable that is the working directory
$(system.defaultWorkingDirectory)
82
release pipeline keyvault task
use a service connection to auth, and add an access policy for the service connection's service principal to the key vault. This will fetch all secrets unless specified by a filter.
83
how to reference a keyvault secret in a pipeline
use service principal to connect to keyvault, give the service principal access on the key vault, then the secret can be referenced via $(secretname)
84
What is the purpose of a variable group
variable groups can be shared across pipelines
85
How do you reference a variable group in a pipeline
you put the variable group in the pipeline then you can reference the variables in the group
variables:
- group: my-variable-group
86
add a keyvault to a variable group
authorize azure devops to access the kv, which gives get and list. then the secrets can be chosen from the kv to add to the variable group and used as normal
87
Can variable groups be linked from build pipelines to release pipelines?
yes
88
What is azure traffic manager?
global service, routes requests from users at a dns level. can go to web apps, vm's, azure lb's on-prem servers, static websites, etc
89
How does azure traffic manager priority routing work?
priority routing will check priority 1, then if its unhealthy go to priority 2, etc
90
How does azure traffic manager weighted routing work?
splits the traffic between multiple targets as defined, used in blue green by setting blue to 100% and green to 0%.
91
How does azure traffic manager performance routing method work?
routes users to closest deployment
92
Difference between azure load balancer and azure traffic manager
azure load balancer is layer 3, azure traffic manager is layer 7
93
Can you add markdown to an azure monitor dashboard?
yes
94
Basics of azure alerts
aggregation granularity is the period you want checked for the alert,
frequency of evaluation is how frequently you want that metric checked to see if the conditions are met
95
What is an azure alerts action group?
what is happening when an alert is triggered
96
possible action group triggered services
logic app, function app, webhook, azure automation runbook
97
What is required for azure alerts to trigger a function
create an http trigger on the function
98
a common azure monitor query
event | where TimeGenerated > ago(12h)
| order by TimeGenerated desc
| summarize count () by Computer
99
How to create work items in an external system based on alert
use the it service management connector
100
What is a liveness probe
check whether the container is in a healthy condition or not and then restart the container as required
101
What is a readiness probe?
used to ensure the container is ready to handle incoming requests.
can be used on containers that have to load data before taking on requests
102
What is visual studio application center used for?
test and distribute apps. apps get distributed via distribution groups. there are public, shared and private distribution groups
103
enable signed images in acr
az acr config content-trust update
104
what is required for github sso from azure ad?
GitHub Enterprise plans.
105
Authenticate to Azure Artifacts from Visual Studio
Visual Studio allows native authentication using a Credential Provider
106
How to increase the number of jobs in Azure pipelines?
Purchase additional parallel jobs
107
Certificate used for android app signing
.jks
108
use this to create a staging environment for an app service
Deployment slots
109
What service can be used for feature flags in azure app service?
Azure App Configuration
110
what is azure stack used for?
hybrid/on-prem deployments
111
what is needed to connect to azure stack from azure devops
a service connection
112
what do you need for an iot release pipeline
azure iot edge release pipeline
113
What are linked work items used for?
Traceability on pull requests
114
What steps are needed for a cdn deployment?
compression and caching before publishing
115
what are feature branches?
creates a branch for each feature. feature flags should be used
116
what is release branching?
a release branch is put in place between main and dev. it supports multiple versions in parallel and customization for a specific customer
117
what are some features of azure app configurations
can hold application configurations.
can hold key mappings
has ui for feature flags
works with key vault on sensitive key pairs
118
types of pipeline gates:
```
check azure policy compliance
invoke azure function
invoke rest api
query azure monitor alerts
query work items
```
there are also agentless jobs that can be used for manual intervention or validation
119
azure policy components
```
policy definition
assignment
initiative - group of policies
check condition - checks compliance every hour
trigger action
```
120
what are container registry quick tasks?
let you build and publish images without using your local machine from the azure cli
121
container registry automatic tasks
automated tasks that are triggered. Possible triggers: code commit (requires public access token), pr, base image change, timer
122
what do kql queries start with?
a tablename
123
how to search in kql
| where . you can search by key:value such as
| "| where Computer == "computername"
124
how to get N number of results in kql
| take N
125
what does | count do in kql?
gives you the number of records that match the pattern that exist
126
What does | project do in KQL?
It lets you filter down to the columns you want to see. You have to provide the names of the columns
127
What is this query doing? | summarize FailedLogons = count() by Computer
this query will summarize all of the failed logins and give a count by the Computer column
128
What is this query doing? | order by FailedLogons
Sorts the highest occurrence of the column to lowest
129
What does whitesource bolt do?
Finds and fixes open source vulnerabilities
130
What does Snyk do?
Find and automatically fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code
131
This tool can be used for dependency scanning
Dependabot
132
What does SonarQube do?
Check for code quality, bugs, performs static analysis of code and checks for vulnerabilities
133
how to connect azure repos to jenkins?
create a jenkins build and a service hook
134
how many run commands can you have in a dockerfile?
1
135
what is required to prepare a TFS server to be migrated to azure devops?
You must update TFS to the latest version
136
where should you store connection strings in an azure app service
in the application settings
137
powershell command to upload an an azure automation dsc?
import-azureRmAutomationDscConfiguration
138
code coverage tool for java
cobertura
139
does servicenow have a direct integration with azure pipelines?
yes
140
this feature of application insights can show you whether users are completing multiple stages within your application
funnels
141
What do user flows do in application insights?
visualize how users navigate between the pages and features of your site
142
what does impact do in application insights?
gives insight into how best to balance optimization and performance to maximize user conversion
143
The start of a command to create a keyvault secret
az keyvault secret set
144
steps to add a package to azure artifacts from azure repos
create personal access token
create feed within azure artifacts
create packages and send to artifacts
145
what is a deployment group?
a logical set of deployment target machines that have agents installed on them. you can specify the deployment targets for a pipeline job using a deployment group
146
deploy arm template with powershell
new-AzResourceGroupDeployment
