Az-400

Question 1

Examples of static analysis tools

Answer 1

Sonarqube
white source bolt
PMD

Question 2

White source bolt

Answer 2

provides license and vulnerabilities details on 3rd party packages in your project

Question 3

Dynamic analysis

Answer 3

ran against live deployed code. commonly used to run pentests against known vulnerabilities like SQL injection

Question 4

Examples of Dynamic code analysis tools

Answer 4

owasp ZED ATTACK PROXY (zap)

Question 5

What should unit tests be built for?

Answer 5

testing a single piece or a core function in isolation.

Question 6

What test data should be used in unit tests

Answer 6

mock data from a file

Question 7

what data should be used in integration tests

Answer 7

data hosted on the same DB system as the production environment

Question 8

When should you make a package

Answer 8

when code can be reused across your projects and the code does not need to be changed ofter

Question 9

Symantec versioning

Answer 9

in x.x.x format. major breaking change. feature change that is backwards compatible. hotfix or patch

Question 10

Project type that includes change requests, issues, reviews and risk tracking items

Answer 10

CMMI

Question 11

what is a burndown report?

Answer 11

tracks work completed and remaining work across teams and sprints

Question 12

what is a burnup report?

Answer 12

tracks completed work items over teams and sprints

Question 13

what is a

Cumulative Flow Diagram (CFD)

Answer 13

shows count of work items in each column of a kanban board

Question 14

lead time

Answer 14

how long a work item goes from being created in backlog to completed

Question 15

velocity

Answer 15

shows how much work is completed during a sprint

Question 16

You are automating the build process for a Java-based application by using Azure DevOps. You need to add code coverage testing and publish the outcomes to the pipeline. What should you use?

Answer 16

java - jacoco, cobertura, clover
c++ - bullseye
python - coverage.py
,net/c# - ncover, dotcover

Question 17

You are designing the development process for your company. You need to recommend a solution for continuous inspection of the company’s code base to locate common code patterns that are known to be problematic. What should you include in the recommendation?

Answer 17

SonarCloud analysis

Question 18

What should you use for a code quality restriction on a release pipeline?

Answer 18

a pre-deployment approval

Question 19

How to connect github enterprise to azure active directory

Answer 19

Admin on github account, and on azure create an sso to github

Question 20

Recommended versioning format

Answer 20

semantic + quality of change | ex 2.1.3-release

Question 21

service hooks vs service connectors

Answer 21

service hooks: external services act in response to azure devops events
service connector: integrate external services more deeply to azure pipelines

Question 22

common external connection tool authentication methods

Answer 22

personal access token
api token (aka auth tokens)

Question 23

popular code scanning services

Answer 23

white source bolt and snyk - find and fix open-source vulnerabilities

Question 24

What is octopus deploy?

Answer 24

devops automation/dependency scanning

Question 25

mutable vs immutable configuration. What is mutable infrastructure

Answer 25

in place updates, keep existing servers, easier to introduce

Question 26

mutable vs immutable configuration. What is immutable infrastructure

Answer 26

zero config drift, easy to diagnose, simple rollback and recovery, easy to scale horizontally

Question 27

declarative vs imperative code. what is Imperative code?

Answer 27

uses statements that change a program’s state. greater form of control, this is the anti-pattern

Question 28

declarative vs imperative code. what is declarative code?

Answer 28

say the end state, great for immutability, code reuse, understandable code, scalable

Question 29

What is a DACPAC?

Answer 29

data application code package, it contains no data from the database, just the schema

Question 30

What is a BACPAC?

Answer 30

backup package for sql. it contains the data and the schema of the database

Question 31

Use this when working with a BACPAC

Answer 31

use export/import for BACPAC

Question 32

Use this when working with a DACPAC

Answer 32

extract/publish for DACPAC

Question 33

What is azure app configuration

Answer 33

it is a way to hold app configurations and pass them to other applications, specifically serverless apps

Question 34

Two types of release gates

Answer 34

pre-deployment and post deployment

Question 35

Use this type of release gate after deploying to a staging environment

Answer 35

post deployment gate

Question 36

What do you need for a blue/green deployment?

Answer 36

Tags, two running environments

Question 37

How to integrate feature flags into a pipeline

Answer 37

Use launch darkly.

Question 38

components of azure ad conditional access

Answer 38

set the scope
determine the conditions
make the decision

Question 39

managed identity

Answer 39

azure resource identity that allows access privileges to other azure resources

Question 40

system-managed identity

Answer 40

tied to your resource or app and is deleted if the resource is deleted

Question 41

user-managed identity

Answer 41

standalone user created identity

Question 42

main way to use azure key vault with azure devops

Answer 42

connect to azure key vault via a service principal

Question 43

What is azure policy used for?

Answer 43

monitor and enforce rules and standards across your azure resources
can be integrated in azure devops

Question 44

What are the components of an azure policy?

Answer 44

needs a policy definition - what to evaluate and what action to take

assignment - scope for the policy

initiative - group related policy definitions together

check condition - evaluates compliance every hour

trigger action - based on evaluation results

Question 45

What is azure defender

Answer 45

security that uses machine learning to determine if there is an attack

Question 46

Where should diagnostic log storage be sent?

Answer 46

to either log analytics workspace or event hub

Question 47

Language that Azure monitor uses

Answer 47

kusto query language (kql)

Question 48

How to setup VM’s with azure monitor

Answer 48

install extension on vm

Question 49

How to filter with KQL?

Answer 49

where

Question 50

How to limit results with KQL?

Answer 50

take # where # is the number you want.

Question 51

How to sort results with KQL?

Answer 51

sort

Question 52

VM agent limits for Azure Monitor

Answer 52

windows agents can send logs to multiple workspaces, linux can only send to one workspace

Question 53

What does distributed tracing show?

Answer 53

a unique id to show where the logs came from

Question 54

Information Visual Studio App Center Analytics can show

Answer 54

active users
sessions
geographic data
devices
operating systems
languages

Question 55

get kubernetes credentials at azure cli

Answer 55

az aks get-credentials -g rg_name -n aks-cluster-name

Question 56

azure monitor integration with dynatrace

Answer 56

provide additional metrics for over 70 types of azure resources

Question 57

What can azure pricing calculator do?

Answer 57

can give estimate of how much things will cost

Question 58

How to connect jira with azure devops?

Answer 58

install the azure pipelines jira extension

Question 59

How to connect github to azure boards?

Answer 59

in az devops click connect to github, provide connection information

Question 60

create azure boards integration from slack/teams

Answer 60

/azboards signin /azboards link, /azboards subscriptions /azboards addareapath

Question 61

agile v scrum vs others

Answer 61

cmmi consists of epics features requirements bugs and tasks. agile has product backlog items, scrum has user stories

Question 62

Components of powershell dsc

Answer 62

needs config file, target node, config data

Question 63

Benefits of using powershell dsc?

Answer 63

powershell dsc can combine with azure automation. it allows you to minimize config drift

Question 64

What is the node line in powershell dsc for?

Answer 64

defining the target nodes of the script. the important bit is the name of the package getting installed.

Question 65

What is the extension a powershell dsc fata file is saved as?

Answer 65

.psd1

Question 66

How are powershell dsc files saved in azure?

Answer 66

dsc files must be saved as zip files and stored in a storage account

Question 67

How to install powershell dsc on a server?

Answer 67

it must be installed as an extension

Question 68

How can a vm communicate with azure automation server?

Answer 68

it needs a registration key

Question 69

Setup powershell dsc via azure automation in windows

Answer 69

ensure latest win management framework 5 is installed, generate dsc meta-configuration, then apply the metaconfiguration settings

Question 70

Setup powershell dsc via azure automation in linux

Answer 70

ensure ps dsc is installed, use register.py command to register with azure automation generate dsc metaconfigruation, apply metaconfiguration

Question 71

basics of arm template

Answer 71

schema, version (version of template),

api (specify to not have to specify on each resource)

parameters (input values, limit of 256),

variables (variables used in the template),

functions (complex structures, can only have parameters defined in function)

resource (actual things getting deployed or updated),

outputs (values returned from deployment)

Question 72

What are the benefits of a parameters file for an arm template?

Answer 72

customize arm templates for specific deployments

arm templates get deployed with “az deployment group create”

Question 73

reference keyvault secret with arm template

Answer 73

reference the id of the keyvault. ie adminpassword: {reference :{key vault :{ id

Question 74

adding k8s to build pipeline

Answer 74

copy files from source folder to artifactstagingdirectory,

deploy to k8s with a k8s service connection to the cluster

Question 75

deploying containers to web app on release pipeline

Answer 75

use service connection, give image name including registry

Question 76

how to deploy from release pipeline to k8s

Answer 76

use k8s deployment task, use cluster service connection, give namespace, and the manifest file. do this for each file (you could make this into one large file instead)

Question 77

add helm repo with helm installed

Answer 77

helm repo add stable url_to_repo

Question 78

using helm

Answer 78

helm search repo stable,

helm install appname

Question 79

azure pipelines system defined variable that is mapped to a folder to copy all the artifacts that have been built, typically mapped to _work/1/a

Answer 79

$(build.artifactStagingDirectory)

Question 80

how to expose artifacts to the release pipeline

Answer 80

use the PublishBuildArtifact task. It puts artifacts in a drop container

Question 81

azure pipelines system defined variable that is the working directory

Answer 81

$(system.defaultWorkingDirectory)

Question 82

release pipeline keyvault task

Answer 82

use a service connection to auth, and add an access policy for the service connection’s service principal to the key vault. This will fetch all secrets unless specified by a filter.

Question 83

how to reference a keyvault secret in a pipeline

Answer 83

use service principal to connect to keyvault, give the service principal access on the key vault, then the secret can be referenced via $(secretname)

Question 84

What is the purpose of a variable group

Answer 84

variable groups can be shared across pipelines

Question 85

How do you reference a variable group in a pipeline

Answer 85

you put the variable group in the pipeline then you can reference the variables in the group

variables:
- group: my-variable-group

Question 86

add a keyvault to a variable group

Answer 86

authorize azure devops to access the kv, which gives get and list. then the secrets can be chosen from the kv to add to the variable group and used as normal

Question 87

Can variable groups be linked from build pipelines to release pipelines?

Answer 87

yes

Question 88

What is azure traffic manager?

Answer 88

global service, routes requests from users at a dns level. can go to web apps, vm’s, azure lb’s on-prem servers, static websites, etc

Question 89

How does azure traffic manager priority routing work?

Answer 89

priority routing will check priority 1, then if its unhealthy go to priority 2, etc

Question 90

How does azure traffic manager weighted routing work?

Answer 90

splits the traffic between multiple targets as defined, used in blue green by setting blue to 100% and green to 0%.

Question 91

How does azure traffic manager performance routing method work?

Answer 91

routes users to closest deployment

Question 92

Difference between azure load balancer and azure traffic manager

Answer 92

azure load balancer is layer 3, azure traffic manager is layer 7

Question 93

Can you add markdown to an azure monitor dashboard?

Answer 93

yes

Question 94

Basics of azure alerts

Answer 94

aggregation granularity is the period you want checked for the alert,
frequency of evaluation is how frequently you want that metric checked to see if the conditions are met

Question 95

What is an azure alerts action group?

Answer 95

what is happening when an alert is triggered

Question 96

possible action group triggered services

Answer 96

logic app, function app, webhook, azure automation runbook

Question 97

What is required for azure alerts to trigger a function

Answer 97

create an http trigger on the function

Question 98

a common azure monitor query

Answer 98

event | where TimeGenerated > ago(12h)
| order by TimeGenerated desc
| summarize count () by Computer

Question 99

How to create work items in an external system based on alert

Answer 99

use the it service management connector

Question 100

What is a liveness probe

Answer 100

check whether the container is in a healthy condition or not and then restart the container as required

Question 101

What is a readiness probe?

Answer 101

used to ensure the container is ready to handle incoming requests.

can be used on containers that have to load data before taking on requests

Question 102

What is visual studio application center used for?

Answer 102

test and distribute apps. apps get distributed via distribution groups. there are public, shared and private distribution groups

Question 103

enable signed images in acr

Answer 103

az acr config content-trust update

Question 104

what is required for github sso from azure ad?

Answer 104

GitHub Enterprise plans.

Question 105

Authenticate to Azure Artifacts from Visual Studio

Answer 105

Visual Studio allows native authentication using a Credential Provider

Question 106

How to increase the number of jobs in Azure pipelines?

Answer 106

Purchase additional parallel jobs

Question 107

Certificate used for android app signing

Answer 107

.jks

Question 108

use this to create a staging environment for an app service

Answer 108

Deployment slots

Question 109

What service can be used for feature flags in azure app service?

Answer 109

Azure App Configuration

Question 110

what is azure stack used for?

Answer 110

hybrid/on-prem deployments

Question 111

what is needed to connect to azure stack from azure devops

Answer 111

a service connection

Question 112

what do you need for an iot release pipeline

Answer 112

azure iot edge release pipeline

Question 113

What are linked work items used for?

Answer 113

Traceability on pull requests

Question 114

What steps are needed for a cdn deployment?

Answer 114

compression and caching before publishing

Question 115

what are feature branches?

Answer 115

creates a branch for each feature. feature flags should be used

Question 116

what is release branching?

Answer 116

a release branch is put in place between main and dev. it supports multiple versions in parallel and customization for a specific customer

Question 117

what are some features of azure app configurations

Answer 117

can hold application configurations.
can hold key mappings
has ui for feature flags
works with key vault on sensitive key pairs

Question 118

types of pipeline gates:

Answer 118

check azure policy compliance
invoke azure function
invoke rest api
query azure monitor alerts
query work items

there are also agentless jobs that can be used for manual intervention or validation

Question 119

azure policy components

Answer 119

policy definition
assignment
initiative - group of policies
check condition - checks compliance every hour
trigger action

Question 120

what are container registry quick tasks?

Answer 120

let you build and publish images without using your local machine from the azure cli

Question 121

container registry automatic tasks

Answer 121

automated tasks that are triggered. Possible triggers: code commit (requires public access token), pr, base image change, timer

Question 122

what do kql queries start with?

Answer 122

a tablename

Question 123

how to search in kql

Answer 123

| “| where Computer == “computername”

where . you can search by key:value such as

Question 124

how to get N number of results in kql

Answer 124

take N

Question 125

what does | count do in kql?

Answer 125

gives you the number of records that match the pattern that exist

Question 126

What does | project do in KQL?

Answer 126

It lets you filter down to the columns you want to see. You have to provide the names of the columns

Question 127

What is this query doing? | summarize FailedLogons = count() by Computer

Answer 127

this query will summarize all of the failed logins and give a count by the Computer column

Question 128

What is this query doing? | order by FailedLogons

Answer 128

Sorts the highest occurrence of the column to lowest

Question 129

What does whitesource bolt do?

Answer 129

Finds and fixes open source vulnerabilities

Question 130

What does Snyk do?

Answer 130

Find and automatically fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code

Question 131

This tool can be used for dependency scanning

Answer 131

Dependabot

Question 132

What does SonarQube do?

Answer 132

Check for code quality, bugs, performs static analysis of code and checks for vulnerabilities

Question 133

how to connect azure repos to jenkins?

Answer 133

create a jenkins build and a service hook

Question 134

how many run commands can you have in a dockerfile?

Answer 134

1

Question 135

what is required to prepare a TFS server to be migrated to azure devops?

Answer 135

You must update TFS to the latest version

Question 136

where should you store connection strings in an azure app service

Answer 136

in the application settings

Question 137

powershell command to upload an an azure automation dsc?

Answer 137

import-azureRmAutomationDscConfiguration

Question 138

code coverage tool for java

Answer 138

cobertura

Question 139

does servicenow have a direct integration with azure pipelines?

Answer 139

yes

Question 140

this feature of application insights can show you whether users are completing multiple stages within your application

Answer 140

funnels

Question 141

What do user flows do in application insights?

Answer 141

visualize how users navigate between the pages and features of your site

Question 142

what does impact do in application insights?

Answer 142

gives insight into how best to balance optimization and performance to maximize user conversion

Question 143

The start of a command to create a keyvault secret

Answer 143

az keyvault secret set

Question 144

steps to add a package to azure artifacts from azure repos

Answer 144

create personal access token
create feed within azure artifacts
create packages and send to artifacts

Question 145

what is a deployment group?

Answer 145

a logical set of deployment target machines that have agents installed on them. you can specify the deployment targets for a pipeline job using a deployment group

Question 146

deploy arm template with powershell

Answer 146

new-AzResourceGroupDeployment