- (Exam Topic 4)
You manage build and release pipelines by using Azure DevOps. Your entire managed environment resides in Azure.
You need to configure a service endpoint for accessing Azure Key Vault secrets. The solution must meet the following requirements:
Ensure that the secrets are retrieved by Azure DevOps. Avoid persisting credentials and tokens in Azure DevOps.
How should you configure the service endpoint? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Azure Pipelines service connection
Box 2: Managed Service Identity Authentication
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You plan to deploy a runbook that will create Azure AD user accounts.
You need to ensure that runbooks can run the Azure PowerShell cmdlets for Azure Active Directory. To complete this task, sign in to the Microsoft Azure portal.
Solution:
Azure Automation now ships with the Azure PowerShell module of version 0.8.6, which introduced the ability to non-interactively authenticate to Azure using OrgId (Azure Active Directory user) credential-based authentication. Using the steps below, you can set up Azure Automation to talk to Azure using this authentication type.
Step 1: Find the Azure Active Directory associated with the Azure subscription to manage:
* 1. Log in to the Azure portal as the service administrator for the Azure subscription you want to manage using
Azure Automation. You can find this user by logging in to the Azure portal as any user with access to this Azure subscription, then clicking Settings, then Administrators.
* 2. Note the name of the directory associated with the Azure subscription you want to manage. You can find this directory by clicking Settings, then Subscriptions.
Step 2: Create an Azure Active Directory user in the directory associated with the Azure subscription to manage:
You can skip this step if you already have an Azure Active Directory user in this directory. and plan to use this OrgId to manage Azure.
* 1. In the Azure portal click on Active Directory service.
* 2. Click the directory name that is associated with this Azure subscription.
* 3. Click on the Users tab and then click the Add User button.
* 4. For type of user, select “New user in your organization.” Enter a username for the user to create.
* 5. Fill out the user’s profile. For role, pick “User.” Don’t enable multi-factor authentication. Multi-factor accounts cannot be used with Azure Automation.
* 6. Click Create.
* 7. Jot down the full username (including part after @ symbol) and temporary password. Step 3: Allow this Azure Active Directory user to manage this Azure subscription.
* 1. Click on Settings (bottom Azure tab under StorSimple)
* 2. Click Administrators
* 3. Click the Add button. Type the full user name (including part after @ symbol) of the Azure Active Directory user you want to set up to manage Azure. For subscriptions, choose the Azure subscriptions you want this user to be able to manage. Click the check mark.
Step 4: Configure Azure Automation to use this Azure Active Directory user to manage this Azure subscription
Create an Azure Automation credential asset containing the username and password of the Azure Active Directory user that you have just created. You can create a credential asset in Azure Automation by clicking into an Automation Account and then clicking the Assets tab, then the Add Setting button.
Note: Once you have set up the Azure Active Directory credential in Azure and Azure Automation, you can now manage Azure from Azure Automation runbooks using this credential.
References:
https://azure.microsoft.com/sv-se/blog/azure-automation-authenticating-to-azure-using-azure-active-directory/
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You need to deploy Internet Information Services (IIS) to an Azure virtual machine that runs Windows Server 2019.
How should you complete the Desired State Configuration (DSQ configuration script? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Configuration
The following example shows a simple example of a configuration. configuration IISInstall
{
node "localhost"
{
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
}
}
Box 2: WindowsFeature Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You need to execute inline testing of an Azure DevOps pipeline that uses a Docker deployment model. The solution must prevent the results from being published to the pipeline.
What should you use for the inline testing?
Correct Answer:
C
"Build and test with a multi-stage Dockerfile: build and tests execute inside the container using a multi-stage Docker file, as such test results are not published back to the pipeline."
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/test/publish-test-results?view=azure-devops&tabs
- (Exam Topic 1)
You are using GitHub as a source code repository.
You create a client-side Git hook on the commit-msg event. The hook requires that each commit message contain a custom work item tag.
You need to make a commit that does not have a work item tag. Which git commit parameter should you use?
Correct Answer:
B
The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.
Reference:
https://git-scm.com/docs/githooks
