Microsoft Microsoft Certifications AZ-400 Questions & Answers

• Question 71:

  DRAG DROP

  You provision an Azure Kubernetes Service (AKS) cluster that has RBAC enabled. You have a Helm chart for a client application.

  You need to configure Helm and Tiller on the cluster and install the chart.

  Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

  Select and Place:

  

  Correct Answer:

  

  Step 1: Kubectl create

  You can add a service account to Tiller using the --service-account flag while you’re configuring Helm (step 2 below). As a prerequisite, you’ll have to create a role binding which specifies a role and a service account name that have

  been set up in advance.

  Example: Service account with cluster-admin role

  $ kubectl create -f rbac-config.yaml

  serviceaccount "tiller" created

  clusterrolebinding "tiller" created

  $ helm init --service-account tiller

  Step 2: helm init

  To deploy a basic Tiller into an AKS cluster, use the helm init command.

  Step 3: helm install

  To install charts with Helm, use the helm install command and specify the name of the chart to install.

  References:

  https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm

  https://docs.helm.sh/using_helm/#tiller-namespaces-and-rbac

• Question 72:

  DRAG DROP

  You are configuring Azure DevOps build pipelines.

  You plan to use hosted build agents.

  Which build agent pool should you use to compile each application type? To answer, drag the appropriate build agent pools to the correct application types. Each build agent pool may be used once, more than once, or not at all. You may

  need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: Hosted macOS

  Hosted macOS pool (Azure Pipelines only): Enables you to build and release on macOS without having to configure a self-hosted macOS agent. This option affects where your data is stored.

  Box 2: Hosted

  Hosted pool (Azure Pipelines only): The Hosted pool is the built-in pool that is a collection of Microsoft-hosted agents.

  Incorrect Answers:

  Default pool: Use it to register self-hosted agents that you've set up.

  Hosted Windows Container pool (Azure Pipelines only): Enabled you to build and release inside Windows containers. Unless you're building using containers, Windows builds should run in the Hosted VS2017 or Hosted pools.

  References: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-osx

• Question 73:

  DRAG DROP

  You are configuring Azure Pipelines for three projects in Azure DevOps as shown in the following table.

  

  Which version control system should you recommend for each project? To answer, drag the appropriate version control systems to the correct projects. Each version control system may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Project1:Git in Azure Repos

  Project2: Github Enterprise

  GitHub Enterprise is the on-premises version of GitHub.com. GitHub Enterprise includes the same great set of features as GitHub.com but packaged for running on your organization's local network. All repository data is stored on machines

  that you control, and access is integrated with your organization's authentication system (LDAP, SAML, or CAS).

  Project3: Bitbucket cloud

  One downside, however, is that Bitubucket does not include support for SVN but this can be easily amended migrating the SVN repos to Git with tools such as SVN Mirror for Bitbucket .

  Note: SVN is a centralized version control system.

  Incorrect Answers:

  Bitbucket:

  Bitbucket comes as a distributed version control system based on Git.

  Note: A source control system, also called a version control system, allows developers to collaborate on code and track changes. Source control is an essential tool for multi-developer projects.

  Our systems support two types of source control: Git (distributed) and Team Foundation Version Control (TFVC). TFVC is a centralized, client-server system. In both Git and TFVC, you can check in files and organize files in folders, branches,

  and repositories.

  References:

  https://www.azuredevopslabs.com/labs/azuredevops/yaml/

  https://enterprise.github.com/faq

• Question 74:

  DRAG DROP

  Your company has four projects. The version control requirements for each project are shown in the following table.

  

  You plan to use Azure Repos for all the projects.

  Which version control system should you use for each project? To answer, drag the appropriate version control systems to the correct projects. Each version control system may be used once, more than once, or not at all. You may need to

  drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  1 -> TFVS Refer : https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/control-access-team-foundation-version-control?view=azure-devops 2 -> TFVS Refer : https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/add-check-policies?view=azure-devops 3 -> Git Refer : https://docs.microsoft.com/en-us/azure/devops/repos/git/share-your-code-in-git-xcode?view=azure-devops 4 -> TFVS Refer :https://docs.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops#tfvc

  Note: Perforce: Due to its multitenant nature, many groups can work on versioned files. The server tracks changes in a central database of MD5 hashes of file content, along with descriptive meta data and separately retains a master repository of file versions that can be verified through the hashes.

  References: https://searchitoperations.techtarget.com/definition/Perforce-Software https://docs.microsoft.com/en-us/azure/devops/repos/git/share-your-code-in-git-xcode https://docs.microsoft.com/en-us/azure/devops/repos/tfvc/overview

• Question 75:

  DRAG DROP

  You need to recommend a solution for deploying charts by using Helm and Tiller to Azure Kubernetes Service (AKS) in an RBAC-enabled cluster.

  Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

  Select and Place:

  

  Correct Answer:

  

  Step 1: Kubectl create

  You can add a service account to Tiller using the --service-account flag while you’re configuring Helm (step 2 below). As a prerequisite, you’ll have to create a role binding which specifies a role and a service account name that have

  been set up in advance.

  Example: Service account with cluster-admin role

  $ kubectl create -f rbac-config.yaml

  serviceaccount "tiller" created

  clusterrolebinding "tiller" created

  $ helm init --service-account tiller

  Step 2: helm init

  To deploy a basic Tiller into an AKS cluster, use the helm init command.

  Step 3: helm install

  To install charts with Helm, use the helm install command and specify the name of the chart to install.

  References:

  https://docs.microsoft.com/en-us/azure/aks/kubernetes-helm

  https://docs.helm.sh/using_helm/#tiller-namespaces-and-rbac

• Question 76:

  DRAG DROP

  Your company has a project in Azure DevOps.

  You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.

  You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.

  What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: A key Vault advanced access policy

  

  Box 2: RBAC

  Management plane access control uses RBAC.

  The management plane consists of operations that affect the key vault itself, such as:

  1.

  Creating or deleting a key vault.

  2.

  Getting a list of vaults in a subscription.

  3.

  Retrieving Key Vault properties (such as SKU and tags).

  4.

  Setting Key Vault access policies that control user and application access to keys and secrets.

  References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

• Question 77:

  DRAG DROP You need to configure access to Azure DevOps agent pools to meet the following requirements:

  1.

  Use a project agent pool when authoring build or release pipelines.

  2.

  View the agent pool and agents of the organization.

  3.

  Use the principle of least privilege.

  Which role memberships are required for the Azure DevOps organization and the project? To answer, drag the appropriate role memberships to the correct targets. Each role membership may be used once, more than once, or not at all. You

  may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  References: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/pools-queues

• Question 78:

  DRAG DROP

  Your company has a project in Azure DevOps.

  You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.

  You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.

  What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or

  scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: RBAC

  Management plane access control uses RBAC.

  The management plane consists of operations that affect the key vault itself, such as:

  1.

  Creating or deleting a key vault.

  2.

  Getting a list of vaults in a subscription.

  3.

  Retrieving Key Vault properties (such as SKU and tags).

  4.

  Setting Key Vault access policies that control user and application access to keys and secrets.

  Box 2: RBAC

  References:

  https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

• Question 79:

  DRAG DROP

  You need to use Azure Automation State Configuration to manage the ongoing consistency of virtual machine configurations.

  Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

  Select and Place:

  

  Correct Answer:

  

  Step 1: Assign the node configuration.

  You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes.

  Step 2: Upload a configuration to Azure Automation State Configuration.

  You import the configuration into the Automation account.

  Step 3: Compiling a configuration into a node configuration

  Compiling a configuration in Azure Automation

  Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.

  Step 4: Onboard the virtual machines to Azure State Configuration

  Onboarding an Azure VM for management with Azure Automation State Configuration

  Step 5: Check the compliance status of the node.

  Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that

  node.

  On the blade for an individual report, you can see the following status information for the corresponding consistency check:

  The report status — whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).

  References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

• Question 80:

  DRAG DROP

  Your company plans to deploy an application to the following endpoints:

  1.

  Ten virtual machines hosted in Azure

  2.

  Ten virtual machines hosted in an on-premises data center environment

  All the virtual machines have the Azure Pipelines agent.

  You need to implement a release strategy for deploying the application to the endpoints.

  What should you recommend using to deploy the application to the endpoints? To answer, drag the appropriate components to the correct endpoints. Each component may be used once, more than once, or not at all. You may need to drag

  the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: A deployment group

  When authoring an Azure Pipelines or TFS Release pipeline, you can specify the deployment targets for a job using a deployment group.

  If the target machines are Azure VMs, you can quickly and easily prepare them by installing the Azure Pipelines Agent Azure VM extension on each of the VMs, or by using the Azure Resource Group Deployment task in your release pipeline

  to create a deployment group dynamically.

  Box 2: A deployment group

  References: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deployment-groups