AZ-400 Designing and Implementing Microsoft DevOps Solutions - Practice Test 2

The "Require a minimum number of reviewers" branch policy setting allows you to specify how many reviewers must approve a pull request. You set the minimum count (e.g., 2) and optionally allow requestors to approve their own changes. Build validation triggers CI builds; automatically included reviewers adds people but doesn't enforce count; check for linked work items ensures traceability. See more: Design and Implement Source Control

Azure Pipelines is the CI/CD service in Azure DevOps. It supports building, testing, and deploying code to any platform and cloud. Azure Repos provides source control, Azure Boards provides work item tracking, and Azure Artifacts provides package management. See more: Design and Implement Build Pipelines

Linking a variable group to Azure Key Vault provides centralized secret management with rotation capabilities. Secrets are stored in Key Vault and referenced in pipelines through the variable group. Pipeline secret variables are not centrally managed. Secure files are for certificates/keys, not general secrets. Storing secrets in .env files in the repo is a security risk. See more: Develop a Security and Compliance Plan

The command "git checkout -b <branch-name>" creates a new branch and immediately switches to it. Alternatively, "git switch -c <branch-name>" does the same. "git branch" only creates the branch without switching. "git merge" combines branches. "git pull" fetches and integrates remote changes. See more: Design and Implement Source Control

Blue-Green deployment maintains two identical environments (blue and green). One serves production traffic while the other is updated. After validation, traffic is switched to the updated environment. Rolling deployment updates instances incrementally. Canary releases to a small subset first. Feature flags toggle features without deployment changes. See more: Deployments, Packages and Test Plans

In YAML multi-stage pipelines, manual approvals are configured through environment approval checks. You create an environment (e.g., "Production") in Azure DevOps, add approval checks to it, and reference that environment in the deployment job. Gates are for classic release pipelines. Scheduled triggers are time-based. Branch filters restrict which branches can trigger a stage. See more: Design and Implement Release Pipelines

Terraform is a declarative, idempotent Infrastructure as Code tool that uses state files to track deployed resources. It supports Azure through the AzureRM provider and can plan, apply, and destroy infrastructure. Azure CLI scripts are imperative, not declarative. PowerShell DSC configures OS-level state, not Azure infrastructure. Chef is a configuration management tool, not an IaC provisioner. See more: Design and Implement Infrastructure as Code

Selenium is a widely-used framework for automated UI (browser-based) testing that integrates well with Azure Test Plans and Azure Pipelines. Selenium tests can be executed as part of a release pipeline on deployment agents. JUnit and NUnit are unit testing frameworks. Postman is for API testing, not UI testing. See more: Deployments, Packages and Test Plans

Log Analytics workspace uses Kusto Query Language (KQL), a SQL-like language, to query log data collected by Azure Monitor. You can write complex queries to analyze logs, create alerts, and build dashboards. Metrics Explorer is for time-series numeric data. Application Insights is an APM tool. Service Health shows Azure service status. See more: Implement an Instrumentation Strategy

The correct trigger uses "on: pull_request" with "branches: [main]" to filter PRs targeting main, and "paths: ['src/**']" to only trigger when files in src/ are changed. Using "push" would trigger on direct pushes, not PRs. Without "paths", it triggers on all file changes. "workflow_dispatch" is for manual triggers. See more: Design and Implement Build Pipelines

Self-hosted agents are machines you manage and configure with any software your builds require. They give you full control over the environment, installed tools, and machine specs. Deployment groups are for deploying to target servers, not for building. Service connections provide authentication to external services. Pipeline artifacts store build outputs. See more: Design and Implement Build Pipelines

The copy element in ARM templates enables resource iteration, allowing you to deploy multiple instances of a resource with similar configurations using a single resource definition and a count or array. Nested templates are for modular deployments. Variables simplify expressions but don't iterate resources. Outputs return values after deployment. See more: Design and Implement Infrastructure as Code

Azure Artifacts is the package management service in Azure DevOps. It supports NuGet, npm, Maven, Python (pip), and Universal packages. You can create feeds to publish and consume packages within your organization. Azure Repos is for source control, Pipelines for CI/CD, and Boards for work tracking. See more: Deployments, Packages and Test Plans

Azure DevOps service connections support managed identity authentication, which eliminates the need to manage secrets or certificates. The managed identity is assigned to the self-hosted agent VM and used to authenticate to Azure resources. Service principal options require secret or certificate management. See more: Develop a Security and Compliance Plan

SonarCloud provides continuous code quality and security analysis, integrating directly with Azure Pipelines via extensions. WhiteSource Bolt (now Mend) scans for open-source vulnerabilities and license compliance in your dependencies. Azure Traffic Manager is a DNS-based traffic routing service. Azure Load Balancer distributes network traffic. See more: Design and Implement Build Pipelines

The KubernetesManifest task or Kubectl task in Azure Pipelines deploys Kubernetes manifest files to AKS clusters. KubernetesManifest supports canary deployments, rolling updates, and manifest stability checks. AzureWebApp is for App Service. AzureVmssDeployment is for VM Scale Sets. AzureFunctionApp deploys Azure Functions. See more: Design and Implement Release Pipelines

Epics are the highest-level work items in Azure Boards, representing large bodies of work that can span multiple sprints or releases. The hierarchy goes: Epic > Feature > User Story/PBI > Task. Features group related user stories. User Stories describe end-user functionality. Tasks are the smallest units of work. See more: Configure Processes and Communications

The azurerm backend for Terraform stores state in Azure Blob Storage and uses blob leases for state locking. This prevents concurrent modifications and supports state versioning through blob snapshots. Azure File Share, SQL Database, and Cosmos DB are not supported as Terraform backends for Azure. See more: Design and Implement Infrastructure as Code

A metric alert with a static threshold monitors a specific metric (CPU usage) against a fixed value (90%) over a time window (5 minutes). This is ideal for known thresholds. Log search alerts query log data. Activity log alerts trigger on Azure resource operations. Service Health alerts notify about Azure service issues. See more: Implement an Instrumentation Strategy

Pipeline caching (the Cache task) allows you to cache directories like NuGet packages, npm node_modules, or Maven .m2 between pipeline runs. This reduces build times by avoiding re-downloading dependencies. Pipeline artifacts store build outputs. Upstream sources proxy external feeds. Deployment groups deploy to servers. See more: Design and Implement Build Pipelines

A Dockerfile contains a set of instructions (FROM, COPY, RUN, CMD, etc.) that define how to build a Docker container image. Each instruction creates a layer in the image. Kubernetes specs use YAML manifests. Docker networking is configured via CLI or compose. Docker Compose uses docker-compose.yml files. See more: Design and Implement Release Pipelines

The "Invoke REST API" gate calls an HTTP endpoint and evaluates the response. You can configure it to check the health endpoint and validate a 200 status code. Query Azure Monitor alerts checks for active alerts. Query work items validates work item status. Azure Policy checks resource compliance. See more: Design and Implement Release Pipelines

A DSC configuration script defines the desired state of a node declaratively using PowerShell syntax with Configuration blocks. It specifies resources like WindowsFeature to ensure IIS is installed. ARM templates provision infrastructure. Azure Policy evaluates compliance. Automation runbooks execute imperative scripts. See more: Design and Implement Infrastructure as Code

git cherry-pick applies the changes from a specific commit to the current branch, creating a new commit. This is useful for applying hotfixes or specific changes without merging an entire branch. git rebase replays commits on top of another base. git merge combines entire branches. git stash temporarily saves uncommitted changes. See more: Design and Implement Source Control

Azure Container Registry (ACR) is a managed Docker registry service for storing and managing container images and OCI artifacts. It integrates with AKS, App Service, and Azure Pipelines. Azure Container Instances (ACI) runs containers serverlessly. AKS orchestrates containers. ACR Tasks can build images, but ACR's primary purpose is storage and management. See more: Design and Implement Release Pipelines

YAML pipelines are defined as code in azure-pipelines.yml files stored in the repository alongside application code. They are version-controlled, support pull request reviews, and enable pipeline-as-code practices. Classic pipelines use a visual designer and are not stored as code. Task groups reuse task sequences but are not version-controlled pipelines. See more: Design and Implement Build Pipelines

Canary deployment gradually routes an increasing percentage of traffic to the new version (e.g., 5%, 25%, 50%, 100%) while monitoring for errors at each stage. If issues are detected, rollback is immediate. Blue-Green swaps entire environments. Rolling updates instances one at a time. Recreate stops all old instances before starting new ones. See more: Deployments, Packages and Test Plans

Dependabot alerts automatically scan your repository's dependency files (package.json, pom.xml, etc.) for known vulnerabilities and notify you. Dependabot can also create pull requests to update vulnerable dependencies. GitHub Actions runs workflows. Branch protection enforces PR rules. Code owners auto-assigns reviewers. See more: Develop a Security and Compliance Plan

The Docker@2 task with the "buildAndPush" command builds a Docker image and pushes it to a container registry (like ACR) in a single task. You specify the container registry service connection and the Dockerfile path. The other combinations are for different deployment scenarios. See more: Design and Implement Release Pipelines

Delivery Plans provide a timeline view showing work items across multiple teams and iterations on a calendar. They help visualize dependencies, track delivery schedules, and coordinate across teams. Dashboards show widgets and charts. Backlogs list work items. Sprint boards show current sprint work. See more: Configure Processes and Communications

The "values" property on a YAML pipeline template parameter restricts the allowed values to a specific list. If a pipeline passes a value not in the list, validation fails. "default" sets the default value. "type" defines the data type (string, boolean, etc.). "displayName" provides a human-readable label. See more: Design and Implement Build Pipelines

DACPAC (Data-tier Application Package) files contain the database schema and are deployed using the SqlAzureDacpacDeployment task in Azure Pipelines. This task compares the schema in the DACPAC with the target database and generates an update script. Azure Data Factory is for data orchestration. Data Studio is an IDE. Synapse is for analytics. See more: Design and Implement Release Pipelines

Trunk-based development uses a single main branch (trunk) where all developers commit. Feature flags control the visibility of in-progress work. Short-lived feature branches may be used but merge quickly. Gitflow uses develop, feature, release, and hotfix branches. GitHub Flow uses feature branches with PRs. Release branching creates branches per release. See more: Design and Implement Source Control

Azure Automation State Configuration (DSC) continuously monitors and enforces the desired configuration state of VMs. It automatically detects and corrects configuration drift by reapplying the desired state. Runbooks execute scripts on demand or by schedule. Variables store data. Schedules trigger runbook execution on a timer. See more: Design and Implement Infrastructure as Code

GitHub Code Scanning uses CodeQL, a semantic code analysis engine, to find security vulnerabilities and coding errors in source code. It runs as a GitHub Actions workflow and reports findings as alerts. Dependabot scans dependencies. Secret Scanning detects exposed credentials. Branch Protection enforces PR rules. See more: Develop a Security and Compliance Plan

Variable groups in Azure DevOps store sets of variables that can be shared and reused across multiple pipelines. They can be linked to Azure Key Vault for secret management. Variable groups are managed in the Library section. They don't group stages, manage agents, or organize work items. See more: Develop a Security and Compliance Plan

Multi-stage Docker builds use one stage with the full SDK image for building/publishing the app, then copy the published output to a final stage using the smaller runtime-only image. This minimizes the final image size by excluding build tools. A single SDK stage is too large. A single runtime stage can't build. Manual installation adds complexity. See more: Design and Implement Release Pipelines

Traffic routing in App Service allows you to route a percentage of production traffic to a deployment slot. This enables testing-in-production scenarios where a subset of users are directed to the new version. Auto-swap automatically swaps slots after warm-up. Slot settings mark configurations to stay with the slot. Connection string swap is part of the swap process. See more: Deployments, Packages and Test Plans

Dynamic threshold metric alerts use machine learning to analyze historical metric patterns and automatically determine appropriate thresholds. They adapt to seasonal patterns and trends without requiring fixed values. Static alerts require predefined thresholds. Log search alerts query log data. Activity log alerts monitor resource operations. See more: Implement an Instrumentation Strategy

.gitignore specifies patterns for files and directories that Git should not track. Common entries include build output directories, dependency folders, and environment files. .gitconfig stores Git configuration. .gitmodules defines submodule mappings. .gitattributes defines attributes for path names (like line endings or LFS tracking). See more: Design and Implement Source Control

The Custom Script Extension downloads and executes scripts on Azure VMs during or after provisioning. It can install software, configure settings, and perform any custom automation. Diagnostics Extension collects performance data. Disk Encryption Extension enables disk encryption. Network Watcher Extension provides network diagnostics. See more: Design and Implement Infrastructure as Code

The DownloadSecureFile task downloads a secure file from the Library to a temporary location on the build agent. You can then reference the file path using the output variable $(mySecureFile.secureFilePath). Secure files can't be referenced directly by name. Variable groups store key-value pairs, not files. Key Vault is a separate approach. See more: Develop a Security and Compliance Plan

Azure DevOps supports two types of wikis: Project wiki (managed by Azure DevOps, stored in a hidden Git repo) and Code wiki (published from a folder in an existing Git repository). Both use Markdown. There are no separate team, organization, public/private, or HTML wiki types. See more: Configure Processes and Communications

Deployment groups are a collection of on-premises machines with agents installed, used for rolling deployments from Azure Pipelines. You can tag machines and deploy incrementally. Agent pools are for running build agents. Service connections authenticate to external services. Environments with Kubernetes are for AKS deployments. See more: Deployments, Packages and Test Plans

Azure Monitor VM insights, which includes Service Map, provides a visual representation of VM dependencies including running processes, interconnected components, and network connections. It gives detailed performance metrics and health state. Azure Advisor provides recommendations. Network Watcher monitors network connectivity. Activity Log tracks resource operations. See more: Implement an Instrumentation Strategy

The "trigger" keyword in YAML pipelines specifies which branches, paths, or tags cause the pipeline to run automatically when pushed. For example, "trigger: - main" runs the pipeline on pushes to the main branch. Variables are defined with "variables". Agent pools use "pool". Timeouts use "timeoutInMinutes". See more: Design and Implement Build Pipelines

ARM templates (JSON) and Bicep templates are both declarative Infrastructure as Code tools for Azure. Bicep is a domain-specific language that compiles to ARM templates with simpler syntax. Both define the desired state of resources. Azure CLI and PowerShell scripts are imperative approaches where you specify step-by-step commands. See more: Design and Implement Infrastructure as Code

The principle of least privilege requires assigning only the "Work Items (Read)" scope for reading work items. Full access grants permissions to everything. Code (Read) is for repository access. Project and Team (Read) provides project metadata, not work item content. See more: Develop a Security and Compliance Plan

Weighted routing distributes traffic across endpoints based on assigned weights. By adjusting weights, you can gradually shift traffic from the old deployment to the new one (e.g., 90/10, then 70/30, then 0/100). Priority routing directs all traffic to the highest-priority endpoint. Performance routing sends users to the closest endpoint. Geographic routing directs by user location. See more: Deployments, Packages and Test Plans

Splitting plan and apply into separate stages with a manual approval gate between them allows operators to review the planned changes before they are applied. The plan output shows exactly what will be created, modified, or destroyed. Auto-approve skips review. Validate only checks syntax. Running both without review provides no safety gate. See more: Design and Implement Infrastructure as Code