Microsoft AZ-400 問題練習

Question No : 1
You are deploying a server application that will run on a Server Core installation of Windows Server 2019.
You create an Azure key vault and a secret.
You need to use the key vault to secure API secrets for third-party integrations.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
D18912E1457D5D1DDCBD40AB3BF70D5D

• A.Configure RBAC for the key vault.
• B.Modify the application to access the key vault.
• C.Configure a Key Vault access policy.
• D.Deploy an Azure Desired State Configuration (DSC) extension.
• E.Deploy a virtual machine that uses a system-assigned managed identity.

答えを確認する

正解:
Explanation:
BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.
✑ Select Add Access Policy.
✑ Open Secret permissions and provide the app with Get and List permissions.
✑ Select Select principal and select the registered app by name. Select the Select
button.
✑ Select OK.
✑ Select Save.
✑ Deploy the app.
References:
https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration
https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-virtual-machine

Question No : 2
You have an existing build pipeline in Azure Pipelines.
You need to use incremental builds without purging the environment between pipeline executions.
What should you use?

• A.a File Transform task
• B.a self-hosted agent
• C.Microsoft-hosted parallel jobs

答えを確認する

正解:
Explanation:
When you run a pipeline on a self-hosted agent, by default, none of the subdirectories are cleaned in between two consecutive runs. As a result, you can do incremental builds and deployments, provided that tasks are implemented to make use of that. You can override this behavior using the workspace setting on the job.
Reference: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/phases

Question No : 3
Your company is building a new solution in Java.
The company currently uses a SonarQube server to analyze the code of .NET solutions.
You need to analyze and monitor the code quality of the Java solution.
Which task types should you add to the build pipeline?

• A.Chef
• B.Gradle
• C.Octopus
• D.Gulp

答えを確認する

正解:
Explanation:
SonarQube is a set of static analyzers that can be used to identify areas of improvement in
your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps Services build task.
References: https://docs.microsoft.com/en-us/azure/devops/java/sonarqube?view=azure-devops

Question No : 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that m.ght meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you win NOT be able to return to it. As a result, these questions win not appear in the review screen.
You integrate a cloud- hosted Jenkins server and a new Azure DevOps deployment
You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the code pushed event.
Does this meet the goal?

• A.Yes
• B.NO

答えを確認する

正解:
Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins.
References: https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins

Question No : 5
CORRECT TEXT
You plane to store signed images in an Azure Container Registry instance named az4009940427acr1.
You need to modify the SKU for az4009940427acr1 to support the planned images. The solution must minimize costs.
To complete this task, sign in to the Microsoft Azure portal.

答えを確認する

正解:

Question No : 6
During a code review, you discover many quality issues. Many modules contain unused variables and empty catch Modes. You need to recommend a solution to improve the quality o' the code .
What should you recommend?

• A.In a Gradle build task, select Run Checkstyle.
• B.In an Xcode build task, select Use xcpretty from Advanced
• C.In a Grunt build task, select Enabled from Control Options.
• D.In a Maven build task, select Run PM

答えを確認する

正解:
Explanation:
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.
There is an Apache Maven PMD Plugin which allows you to automatically run the PMD code analysis tool on your project's source code and generate a site report with its results.
References: https://pmd.github.io/

Question No : 7
You plan to create a project in Azure DevOps. Multiple developers will work on the project. The developers will work offline frequently and will require access to the full project history while they are offline.
Which version control solution should you use?

• A.TortotseSVN
• B.Team Foundation Version Control
• C.Subversion
• D.Git

答えを確認する

正解:
Explanation:
Git history: File history is replicated on the client dev machine and can be viewed even when not connected to the server. You can view history in Visual Studio and on the web portal.
Note: Azure Repos supports two types of version control: Git and Team Foundation Version Control (TFVC).
Reference: https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/comparison-git-tfvc

Question No : 8
DRAG DROP
You are configuring the settings of a new Git repository in Azure Repos.
You need to ensure that pull requests in a branch meet the following criteria before they are merged:
✑ Committed code must compile successfully.
✑ Pull requests must have a Quality Gate status of Passed in SonarCloud.
Which policy type should you configure for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

答えを確認する

正解:


Explanation:
Box 1: A check-in policy
Administrators of Team Foundation version control can add check-in policy requirements. These check-in policies require the user to take actions when they conduct a check-in to source control.
By default, the following check-in policy types are available:
✑ Builds Requires that the last build was successful before a check-in.
✑ Code Analysis Requires that code analysis is run before check-in.
✑ Work Items Requires that one or more work items be associated with the check-in.
Box 2: Build policy

Question No : 9
Note: This question n part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
You have an approval process that contains a condition. The condition requires that releases be approved by a team leader before they are deployed.
You have a policy stating that approvals must occur within eight hours.
You discover that deployments fail if the approvals lake longer than two hours.
You need to ensure that the deployments only fail if the approvals take longer than eight hours.
Solution: From Pre-deployment conditions, you modify the Timeout setting for pre-deployment approvals.
Does this meet the goal?

• A.Yes
• B.No

答えを確認する

正解:
Explanation:
Use a gate instead of an approval instead.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/approvals/gates

Question No : 10
You have an application that consists of several Azure App Service web apps and Azure m functions.
You need to access the security of the web apps and the functions.
Which Azure features can you use to provide a recommendation for the security of the application?

• A.Security & Compliance in Azure Log Analytics
• B.Resource health in Azure Service Health
• C.Smart Detection in Azure Application Insights
• D.Compute & apps in Azure Security Center

答えを確認する

正解:
Explanation:
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.
Recommendations
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.

Question No : 11
HOTSPOT
Your company uses Team Foundation Server 2013 (TFS 2013).
You plan to migrate to Azure DevOps.
You need to recommend a migration strategy that meets the following requirements:
✑ Preserves the dates of Team Foundation Version Control changesets
✑ Preserves the changes dates of work items revisions
✑ Minimizes migration effort
✑ Migrates all TFS artifacts
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

答えを確認する

正解:


Explanation:
Box 1: Upgrade TFS to the most recent RTM release.
One of the major prerequisites for migrating your Team Foundation Server database is to get your database schema version as close as possible to what is currently deployed in Azure Devops Services.
Box 2: Use the TFS Database Import Service
In Phase 3 of your migration project, you will work on upgrading your Team Foundation Server to one of the supported versions for the Database Import Service in Azure Devops Services.
References: Team Foundation Server to Azure Devops Services Migration Guide

Question No : 12
HOTSPOT
You use Azure DevOps to manage the build and deployment of an app named App1.
You have a release pipeline that deploys a virtual machine named VM1.
You plan to monitor the release pipeline by using Azure Monitor
You need to create an alert to monitor the performance of VM1. The alert must be triggered when the average CPU usage exceeds 70 percent for five minutes. The alert must calculate the average once every minute.
How should you configure the alert rule? To answer, select the appropriate options in the answer area.

答えを確認する

正解:


Explanation:
Box 1: 5 minutes
The alert must calculate the average once every minute.
Note: We [Microsoft] recommend choosing an Aggregation granularity (Period) that is larger than the Frequency of evaluation, to reduce the likelihood of missing the first evaluation of added time series
Box 2: Static
Box 3: Greater than
Example, say you have an App Service plan for your website. You want to monitor CPU usage on multiple instances running your web site/app.
You can do that using a metric alert rule as follows:
✑ Target resource: myAppServicePlan
✑ Metric: Percentage CPU
✑ Condition Type: Static
✑ Dimensions
✑ Instance = InstanceName1, InstanceName2
✑ Time Aggregation: Average
✑ Period: Over the last 5 mins
✑ Frequency: 1 min
✑ Operator: GreaterThan
✑ Threshold: 70
✑ Like before, this rule monitors if the average CPU usage for the last 5 minutes exceeds 70%.
✑ Aggregation granularity

Question No : 13
You use Azure SQL Database Intelligent Insights and Azure Application Insights for monitoring.
You need to write ad-hoc queries against the monitoring data.
Which query language should you use?

• A.Kusto Query Language (KQL)
• B.PL/pgSQL
• C.PL/SQL
• D.Transact-SQL

答えを確認する

正解:
Explanation:
Azure Monitor Logs is based on Azure Data Explorer, and log queries are written using the same Kusto query language (KQL). This is a rich language designed to be easy to read and author, and you should be able to start using it with minimal guidance.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview

Question No : 14
Note: This Question Is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to ft. As a result these questions will not appear in the review screen.
You company has a prefect in Azure DevOps for a new web application.
You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Triggers tab of the build pipeline, you selected Batch changes while a build is in progress
Does this meet the goal?

• A.Yes
• B.No

答えを確認する

正解:

Question No : 15
DRAG DROP
You are configuring an Azure DevOps deployment pipeline. The deployed application will authenticate to a web service by using a secret stored in an Azure key vault.
You need to use the secret in the deployment pipeline.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

答えを確認する

正解:


Explanation:
Creating a service principal
Creating a key vault
Check the Azure Pipeline