AZ-400: Designing and Implementing Microsoft DevOps solutions
68%
28 QUESTIONS AS TOTAL
Question 11
You have been tasked with strengthening the security of your team's development process.
You need to suggest a security tool type for the Continuous Integration (CI) phase of the development process.
Which of the following is the option you would suggest?
Penetration testing
Static code analysis
Threat modeling
Dynamic code analysis
Answer is Static code analysis
Static Code Analysis should be performed in the CI pipeline, so that vulnerabilities are not introduced in the main codebase. Penetration testing and Dynamic code analysis can only be performed over a live environment, and threat modeling is obviously wrong.
"With the Microsoft Security Code Analysis extension, teams can add security code analysis to their Azure DevOps continuous integration and delivery (CI/CD) pipelines"
Your company has an Azure DevOps environment that can only be accessed by Azure Active Directory users.
You are instructed to make sure that the Azure DevOps environment can only be accessed from devices connected to the company's on-premises network.
Which of the following actions should you take?
Assign the devices to a security group.
Create a GPO.
Configure Security in Project Settings from Azure DevOps.
Configure conditional access in Azure Active Directory.
Answer is Configure conditional access in Azure Active Directory.
Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions.
Conditional Access policies are enforced after the first-factor authentication has been completed.
Your company hosts a web application in Azure, and makes use of Azure Pipelines for managing the build and release of the application.
When stakeholders report that system performance has been adversely affected by the most recent releases, you configure alerts in Azure Monitor.
You are informed that new releases must satisfy specified performance baseline conditions in the staging environment before they can be deployed to production.
You need to make sure that releases not satisfying the performance baseline are prevented from being deployed.
Which of the following actions should you take?
You should make use of a branch control check.
You should make use of an alert trigger.
You should make use of a gate.
You should make use of an approval check.
Answer is You should make use of a gate.
Gates allow automatic collection of health signals from external services and then promote the release when all the signals are successful or stop the deployment on timeout. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems.
Scenarios and use cases for gates include:
- Quality validation. Query metrics from tests on the build artifacts such as pass rate or code coverage and deploy only if they are within required thresholds.
Use Quality Gates to integrate monitoring into your pre-deployment or post-deployment. This ensures that you are meeting the key health/performance metrics
(KPIs) as your applications move from dev to production and any differences in the infrastructure environment or scale is not negatively impacting your KPIs.
Note: Gates allow automatic collection of health signals from external services, and then promote the release when all the signals are successful at the same time or stop the deployment on timeout. Typically, gates are used in connection with incident management, problem management, change management, monitoring, and external approval systems.
Your company has an Azure DevOps project, which includes a build pipeline that makes use of roughly fifty open source libraries.
You have been tasked with making sure that you are able to scan project for common security weaknesses in the open source libraries.
Which of the following actions should you take?
You should create a build task and use the WhiteSource Bolt service.
You should create a deployment task and use the WhiteSource Bolt service.
You should create a build task and use the Chef service.
You should create a deployment task and use the Chef service.
Answer is You should create a build task and use the WhiteSource Bolt service.
WhiteSource integrates with your CI servers, build tools and repositories to detect all open source components in your software, without ever scanning your code. It provides you with real-time alerts on vulnerable or problematic components, generates comprehensive up-to-date reports in one-click and enables you to streamline your entire open source management process with automated policies.
You need to consider the underlined segment to establish whether it is accurate.
Black Duck can be used to make sure that all the open source libraries conform to your company's licensing criteria.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
No adjustment required.
Maven
Bamboo
CMAKE
Answer is No adjustment required.
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Your company has an application that contains a number of Azure App Service web apps and Azure functions.
You would like to view recommendations with regards to the security of the web apps and functions. You plan to navigate to Compute and Apps to achieve your goal.
Which of the following should you access to make use of Compute and Apps?
Azure Log Analytics
Azure Event Hubs
Azure Advisor
Azure Security Center
Answer is Azure Security Center
Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud.
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.
You need to consider the underlined segment to establish whether it is accurate.
Your company has a multi-tier application that has its front end hosted in Azure App Service.
To pinpoint the average load times of the application pages, you should make use of Azure Event Hubs.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
No adjustment required.
Azure Application Insights
Azure Log Analytics
Azure Advisor
Answer is Azure Application Insights
Application Insights is an extension of Azure Monitor and provides application performance monitoring (APM) features. APM tools are useful to monitor applications from development, through test, and into production in the following ways:
- Proactively understand how an application is performing.
- Reactively review application execution data to determine the cause of an incident.
You are currently developing a project for a client that will be managing work items via Azure DevOps.
You want to make sure that the work item process you use for the client allows for requirements, change requests, risks, and reviews to be tracked.
Which of the following is the option you would choose?
Basic
Agile
Scrum
CMMI
Answer is CMMI
The CMMI process supports the following work item types (WITs) to plan and track work, tests, feedback, and code review. With different WITs you can track different types of work—such as requirements, change requests, tasks, bugs and more. These artifacts are created when you create a project using the CMMI process. They're based on the Capability Maturity Model Integration (CMMI) process.
You need to consider the underlined segment to establish whether it is accurate.
When moving to Azure DevOps, JIRA must be replaced with the build pipelines Azure DevOps service.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
No adjustment required.
repos
release pipelines
boards
Answer is boards
Azure Boards is a standalone service within the Azure DevOps suite that helps teams plan, track, and discuss work across the entire software development process. It provides a flexible, customizable platform for managing work items, such as user stories, bugs, tasks, and issues, so you can track your work item's progress throughout the development lifecycle.
Azure Boards supports agile methodologies, including Scrum and Kanban. It provides a range of features and integrations to help teams collaborate and stay organized with dashboards, reports, and notifications.
You scan a Node.js application using WhiteSource Bolt.
The scan finds numerous libraries with invalid licenses, but are only used during development.
You have to make sure that only production dependencies are scanned by WhiteSource Bolt.
Which of the following is a command you should run?
npm edit
npm publish
npm install
npm update
Answer is npm install
The npm install command will install the devDependencies along other dependencies when run inside a package directory, in a development environment (the default).
npm install --production will only install "dependencies"
npm install --dev will only install "devDependencies"