AZ-400 Designing and Implementing Microsoft DevOps Solutions - Practice Test 4

Path filter triggers in YAML pipelines allow you to include or exclude specific directories. Each microservice pipeline can set "trigger: paths: include: ['services/my-service/**']" to only trigger when files in that directory change. Branch filters are branch-scoped. Tag filters trigger on tags. Scheduled triggers run on a timer. See more: Design and Implement Build Pipelines

"git log" displays the commit history, showing commit hashes, authors, dates, and messages. Options like --oneline, --graph, and --decorate customize the output. "git status" shows working directory state. "git diff" shows file changes. "git show" displays details of a specific commit. See more: Design and Implement Source Control

Creating User Stories (or a custom work item type) tagged as "tech-debt" and adding them to the backlog provides full visibility, allows prioritization alongside feature work, and enables tracking with queries and dashboards. Spreadsheets are disconnected from the workflow. Comments are hard to track. Orphan tasks lack hierarchy. See more: Configure Processes and Communications

The correct order is: build first (compile the code), then test (run unit tests which generate coverage data), then publish code coverage results, and finally pack the NuGet package. You must build before testing, test before publishing coverage, and generally pack after tests pass. See more: Design and Implement Build Pipelines

The AzureCLI task with "az container create" command deploys containers to Azure Container Instances. There is no dedicated ACI deployment task, so the Azure CLI is the standard approach. KubernetesManifest is for AKS. Docker@2 builds and pushes images. AzureWebApp is for App Service. See more: Design and Implement Release Pipelines

The PublishTestResults task processes test result files (JUnit, NUnit, VSTest, xUnit formats) and publishes them to the build summary's Tests tab. It shows pass/fail counts, test duration, and individual results. PublishCodeCoverageResults handles coverage data. Artifact tasks store files. See more: Design and Implement Build Pipelines

"terraform plan" creates an execution plan showing what actions Terraform will take to reach the desired state defined in the configuration. It shows resources to be created, modified, or destroyed without making any actual changes. "terraform apply" executes changes. "terraform init" initializes. "terraform destroy" removes resources. See more: Design and Implement Infrastructure as Code

App Service Managed Certificates provide free, auto-renewing SSL/TLS certificates for custom domains directly within App Service. Azure manages the certificate lifecycle automatically. Self-signed certificates aren't trusted by browsers. Front Door is for CDN/WAF scenarios. Manual certificates require manual renewal. See more: Deployments, Packages and Test Plans

To reference YAML templates from another repository, define it as a repository resource with an alias, then reference templates using "template: file.yml@repoAlias". This supports template reuse across projects. Downloading scripts is fragile. Copying eliminates reuse benefits. NuGet packages don't support YAML templates. See more: Design and Implement Build Pipelines

The Azure DevOps REST API and CLI (az devops) allow you to script project creation with consistent configurations including area paths, iteration paths, teams, and repositories. Manual creation is error-prone. ARM templates manage Azure resources, not DevOps projects. GitHub Actions can call the API but isn't the specific tool for this. See more: Configure Processes and Communications

The "Query work items" gate runs a work item query and evaluates whether the result count meets a threshold (e.g., zero high-severity bugs). If bugs exist, the gate fails and the deployment waits. Invoke REST API calls HTTP endpoints. Azure Monitor queries check for alerts. Azure Policy checks resource compliance. See more: Design and Implement Release Pipelines

Git uses a distributed version control model where every developer has a full copy of the repository including its complete history. Work can continue offline, and changes are synchronized via push/pull. TFVC and SVN are centralized. Lock-based systems prevent concurrent edits. See more: Design and Implement Source Control

Pinning specific versions prevents automatically pulling compromised updates. Verifying checksums and signatures ensures packages haven't been tampered with. Using "latest" automatically could pull a compromised version. Unrestricted extension installation opens attack vectors. See more: Develop a Security and Compliance Plan

Availability tests in Application Insights send requests to your application from multiple Azure data centers worldwide at regular intervals. They detect downtime and slow responses from different regions. Live Metrics shows real-time data. Application Map shows component dependencies. Profiler analyzes request performance. See more: Implement an Instrumentation Strategy

Linked ARM templates must be accessible via a URI that Azure Resource Manager can reach. They're typically stored in Azure Blob Storage with a SAS token or a public URL. The ARM service fetches them during deployment. Local files aren't accessible to ARM. Key Vault stores secrets, not templates. See more: Design and Implement Infrastructure as Code

A build validation policy triggers a CI build on pull requests. The build includes a script step that validates commit message format using regex. If validation fails, the build fails and the PR cannot be completed. Pipeline variables don't validate commits. Work item policies check linking, not message format. See more: Design and Implement Source Control

Release pipelines (CD - Continuous Delivery/Deployment) deploy built artifacts to target environments like staging and production. Build pipelines (CI) compile code and create artifacts. In YAML multi-stage pipelines, both CI and CD stages can be in one pipeline, but the deployment stages fulfill the CD role. See more: Design and Implement Release Pipelines

Pipeline permissions on environments restrict which pipelines can deploy to that environment. You can grant access to specific pipelines or require approval before granting access to new pipelines. Exclusive lock prevents concurrent deployments. Branch control restricts which branches can deploy. Business hours limits deployment timing. See more: Design and Implement Release Pipelines

Azure Artifacts feed views (like @prerelease, @release, @local) allow you to promote packages through quality stages. You promote a package from @prerelease to @release view after testing, making it available to consumers who subscribe to the release view. Deletion loses the package. Upstream sources proxy external feeds. Deprecation marks packages as outdated. See more: Deployments, Packages and Test Plans

TrackEvent() is used to log custom business events (like "OrderPlaced" or "UserRegistered") with optional properties and metrics. TrackRequest() records HTTP requests. TrackException() records exceptions. TrackMetric() sends numeric measurements. TrackEvent() is the appropriate method for business-level telemetry. See more: Implement an Instrumentation Strategy

The AzureKeyVault task in Azure Pipelines securely downloads secrets and certificates from Azure Key Vault to the agent. Certificates are available as pipeline variables for subsequent tasks. Pipeline variables aren't suitable for binary data. CLI works but the dedicated task is recommended. Repository storage is a security risk. See more: Develop a Security and Compliance Plan

Pipeline artifacts are files or collections of files (compiled binaries, packages, test results, etc.) produced by a build pipeline. They can be published and downloaded by release pipelines for deployment. Artifacts are not configuration settings, triggers, or environments. See more: Design and Implement Build Pipelines

ARM template deployments support a "rollback on error" option that automatically redeploys the last successful deployment if the current deployment fails. This can be combined with either mode. Complete mode deletes resources not in the template. Incremental mode only adds/updates. Validate mode checks without deploying. See more: Design and Implement Infrastructure as Code

GitHub Flow is a simple branching model: create a feature branch from main, make commits, open a pull request for review, and merge back to main after approval. Main is always deployable. Gitflow uses develop/feature/release/hotfix branches. Direct commits bypass review. Long-lived branches are a different strategy. See more: Design and Implement Source Control

Windows Microsoft-hosted agents include browsers like Chrome and Edge pre-installed, supporting Selenium UI testing. Alternatively, self-hosted Windows agents can be configured with specific browser versions. Linux agents may lack GUI support for Selenium. ACI doesn't provide a desktop environment. Azure Functions can't run browsers. See more: Deployments, Packages and Test Plans

Azure Bicep is a domain-specific language (DSL) that transpiles (compiles) to standard ARM JSON templates. It provides a cleaner, more readable syntax while using the same Azure Resource Manager deployment engine. Bicep doesn't replace ARM's engine or relate to Terraform. It works with Azure DevOps, CLI, and PowerShell. See more: Design and Implement Infrastructure as Code

A GitHub service connection in Azure DevOps authenticates using a PAT (Personal Access Token) or a GitHub App installation. It provides secure, scoped access to private repositories. Embedding credentials in YAML is insecure. Making repos public exposes code. Plain-text SSH keys are a security risk. See more: Develop a Security and Compliance Plan

Dashboards in Azure DevOps with Analytics widgets provide interactive reports on work items, pipeline runs, and test results. The Analytics service powers charts like burndown, velocity, lead time, and custom queries. Pipeline runs show build history. Repositories host code. Test Plans manage tests. See more: Configure Processes and Communications

Setting maxParallel to 2 means the deployment group deploys to 2 VMs simultaneously, then moves to the next 2 after completion, rolling through all 10 VMs. maxParallel: 10 deploys to all at once. maxParallel: 1 is sequential. maxParallel: 5 deploys to half at a time. See more: Deployments, Packages and Test Plans

Log search alert rules in Azure Monitor execute KQL queries against Log Analytics workspaces on a defined schedule. When results match the configured criteria, the alert fires and invokes the associated action group. Metric alerts check numeric thresholds. Activity log alerts monitor resource operations. Service Health tracks Azure platform issues. See more: Implement an Instrumentation Strategy

Pipeline decorators are implemented as Azure DevOps extensions that are installed at the organization level. They automatically inject steps (like security scanning) into all pipelines without modifying individual YAML files. They cannot be defined in pipeline YAML, project settings, or agent pools. See more: Design and Implement Build Pipelines

Branch security (branch permissions) in Azure Repos allows you to configure who can contribute, force push, create branches, or manage permissions on specific branch patterns like release/*. Branch policies enforce PR requirements but don't restrict who can push. Organization settings are broader. Pipeline security is for pipelines. See more: Design and Implement Source Control

Azure Test Plans provides tools for managing manual testing, exploratory testing, and test case management. It includes test suites, test cases, shared steps, and test execution tracking. Automated unit tests are run by pipelines. Deployments are handled by release pipelines. Branch management is in Repos. See more: Deployments, Packages and Test Plans

Terraform modules are reusable packages of Terraform configuration that encapsulate resources, variables, and outputs. They can be called from root configurations with different input parameters. Workspaces manage multiple state files. Data sources read existing infrastructure. Provisioners run scripts (generally discouraged). See more: Design and Implement Infrastructure as Code

Cycle time measures the time from when work begins on an item (moves to an active state) to when it is completed. Lead time measures from creation to completion. Velocity tracks story points per sprint. Burndown shows remaining work. Cumulative flow shows work item flow through states over time. See more: Configure Processes and Communications

A separate emergency pipeline with reduced (but not zero) approvals and comprehensive audit logging provides the best balance of speed and governance. All deployments still go through a pipeline, maintaining traceability. Removing all gates is risky. Direct CLI deployment has no audit trail. Auto-approve skips all safety checks. See more: Develop a Security and Compliance Plan

"terraform import" imports an existing Azure resource into the Terraform state file, associating it with a resource defined in your configuration. This allows Terraform to manage resources that were created outside of Terraform. "terraform plan" shows changes. "terraform refresh" updates state from real infrastructure. "terraform state list" shows tracked resources. See more: Design and Implement Infrastructure as Code

Azure Monitor is the comprehensive monitoring service that creates and manages alerts based on metrics, logs, activity logs, and service health. It supports action groups for notifications and automation. Azure Advisor provides recommendations. Security Center (Defender for Cloud) focuses on security. Azure Policy enforces governance. See more: Implement an Instrumentation Strategy

The GitHub CODEOWNERS file combined with branch protection requires that PRs are reviewed by the designated code owners for the changed files. CODEOWNERS maps file patterns to responsible teams or individuals. Azure Repos has "automatically included reviewers" but doesn't auto-detect file ownership the same way. Team permissions don't provide file-level review. Hooks are client-side. See more: Design and Implement Source Control

Variable groups in Azure DevOps have pipeline permissions that control which pipelines can access them, and you can add approval checks that validate branch conditions before granting access. Encryption protects values at rest. There is no versioning or tags feature for variable groups. See more: Develop a Security and Compliance Plan

Pipeline retention policies are configured in Project settings > Pipelines > Settings. You can set how many days to keep builds, releases, and artifacts. Individual pipelines can extend but not exceed the project-level settings. Artifacts feed settings manage package retention separately. See more: Design and Implement Build Pipelines

ConfigurationData in DSC separates configuration logic from node-specific data. It uses a hashtable with AllNodes array where each node can have different parameter values. The configuration script references $Node.PropertyName. Resources define what to configure. LCM manages the local agent. Pull servers distribute configurations. See more: Design and Implement Infrastructure as Code

The Test & Feedback browser extension integrates with Azure Test Plans for exploratory testing. It captures screenshots, screen recordings, annotations, and automatically creates bugs with rich context. Pipeline tests are automated. Boards tracks items but doesn't provide test tools. PR comments are for code review. See more: Deployments, Packages and Test Plans

Pipeline decorators, distributed as Azure DevOps extensions at the organization level, automatically inject steps into all pipelines without requiring changes to individual YAML files. Shared templates require voluntary adoption. Azure Policy enforces Azure resource compliance, not pipeline configuration. Agent pool settings don't inject steps. See more: Design and Implement Build Pipelines

git rebase replays commits from the current branch on top of another branch's tip, creating a linear history. This avoids merge commits and keeps the history clean. It doesn't delete branches, create branches, or undo commits (git revert does that). See more: Design and Implement Source Control

TrackMetric() sends numeric measurements to Application Insights, ideal for tracking custom business metrics like orders per minute, revenue, or queue depth. TrackEvent() logs discrete events. TrackTrace() logs diagnostic messages. TrackDependency() records calls to external services. See more: Implement an Instrumentation Strategy

Custom fields are added through Organization settings > Process, where you create an inherited process from a system process (like Agile) and customize the Bug work item type by adding fields. Board settings customize the board layout. Repos manages source control. Pipeline YAML defines build/release steps. See more: Configure Processes and Communications

Pipeline output variables allow a stage/job to publish values that dependent stages/jobs can consume. The infrastructure stage sets Terraform outputs as pipeline output variables using "##vso[task.setvariable]" with isOutput=true. The app stage references these variables. Committing to Git is inappropriate. Hard-coded values break automation. See more: Design and Implement Infrastructure as Code

WIP limits are set in the Kanban board column settings. Each column can have a maximum number of items. The board highlights when a column exceeds its WIP limit. Sprint settings configure sprint dates. Team capacity tracks hours. Organization policies manage org-wide settings. See more: Configure Processes and Communications

Application Insights uses W3C Trace Context standard for distributed tracing, propagating traceparent and tracestate headers. Each request gets an operation-id that is shared across all related calls, and parent-id links parent-child relationships. Custom headers are non-standard. Session cookies don't work for service-to-service calls. Database correlation is not used. See more: Implement an Instrumentation Strategy