- (Exam Topic 4)
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: A key Vault advanced access policy
Box 2: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as: 
Creating or deleting a key vault. Getting a list of vaults in a subscription. Retrieving Key Vault properties (such as SKU and tags). Setting Key Vault access policies that control user and application access to keys and secrets. References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a multi-tier application. The front end of the application is hosted in Azure App Service. You need to identify the average load times of the application pages.
What should you use?
Correct Answer:
A
Application Insights will tell you about any performance issues and exceptions, and help you find and diagnose the root causes.
Application Insights can monitor both Java and ASP.NET web applications and services, WCF services. They can be hosted on-premises, on virtual machines, or as Microsoft Azure websites.
On the client side, Application Insights can take telemetry from web pages and a wide variety of devices including iOS, Android, and Windows Store apps.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/web-monitor-performance
- (Exam Topic 4)
You are designing the security validation strategy for a project in Azure DevOps.
You need to identify package dependencies that have known security issues and can be resolved by an update.
What should you use?
Correct Answer:
D
With enterprise level of SonarQube you can use OWASP that runs the security scans for known vulnerabilities. https://www.sonarqube.org/features/security/
https://www.sonarqube.org/features/security/owasp/?gclid=Cj0KCQiAzZL-BRDnARIsAPCJs70Teq0-efI2Hd_h
- (Exam Topic 4)
You have a project in Azure DevOps that contains a release pipeline. The pipeline contains two stages named QA and Prod. QA deploys code to an Azure web app named webapp1. Prod deploys code to an Azure web app named webapp2.
You need to ensure that code deployments to webapp2 are blocked if Azure Application Insights generates Failed requests alerts following the deployment of new code to webapp1.
What should you do for each stage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have project in Azure DevOps.
You create the following template named Template1.yml.
You create the following pipeline named File1.yml.
You need to ensure that Template1.yaml runs before File1.yml. How should you update File1.yml?
Correct Answer:
B
