- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
The lead developer at your company reports that adding new application features takes longer than expected due to a large accumulated technical debt.
You need to recommend changes to reduce the accumulated technical debt. Solution: You recommend increasing the code duplication.
Does this meet the goal?
Correct Answer:
B
Instead reduce the code complexity. Reference:
https://dzone.com/articles/fight-through-the-pain-how-to-deal-with-technical
- (Exam Topic 1)
You have a project in Azure DevOps.
You plan to deploy a self-hosted agent by using an unattended configuration script.
Which two values should you define in the configuration script? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
AD
Unattended config:
The agent can be set up from a script with no human intervention. You must pass --unattended and the answers to all questions.
To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to update the Azure DevOps strategy of your company.
You need to identify the following issues as they occur during the company’s development process:
Licensing violations 
Prohibited libraries
Solution: You implement continuous integration. Does this meet the goal?
Correct Answer:
A
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
Reference: https://azuredevopslabs.com/labs/vstsextend/whitesource/
- (Exam Topic 4)
You administer an Azure DevOps project that includes package feeds.
You need to ensure that developers can unlist and deprecate packages. The solution must use the principle of least privilege.
Which access level should you grant to the developers?
Correct Answer:
B
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.
Reference:
https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed-permissions
- (Exam Topic 4)
Your company « concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
Correct Answer:
C
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here. References:
https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
