Microsoft AZ-400 Dumps

Graphical user interface, text, application Description automatically generated

Woodgrove Bank identifies the following technical requirements:

• The Azure DevOps dashboard must display the metrics shown in the following table:

Box 1: Velocity

Velocity displays your team velocity. It shows what your team delivered as compared to plan.

Box 2: Release pipeline overview

Release pipeline overview shows the status of environments in a release definition.

Box 3: Query tile

Query tile displays the total number of results from a query.

Graphical user interface, text, application Description automatically generated

Woodgrove Bank plans to implement the following changes to the identity environment:

• Configure App1 to use a service principal.

Graphical user interface, text, application Description automatically generated

Setting 1: Threshold value

Set to 80 %

Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:

• Be triggered when average CPU usage exceeds 80 percent for 15 minutes.
• Calculate CPU usage averages once every minute.

Setting 2: Aggregation granularity

Set to 15 minutes.

Woodgrove Bank plans to implement the following changes to the DevOps environment:

• Migrate all the source code from TFS1 to GitHub.

The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.

A picture containing text Description automatically generated

Box 1: Azure Boards

Azure Boards can be used to track work with Kanban boards, backlogs, team dashboards, and custom reporting

You can create multiple Trello boards, which are spaces to store tasks (for different work contexts, or even private boards)

You can easily share Trello boards with another person.

Box 2: Azure Pipelines

You can use Bamboo to implement CI/CD (Continuous Integration and Continuous Delivery) for a simple Azure function app using Atlassian Bamboo. Bamboo does continuous delivery of the project from source code to deployment. It has stages including Build, Test and Deploy.

Software teams in every industry are upgrading their continuous delivery pipeline with Bamboo. Easy build import from popular open source tools, user and group import from JIRA, seamless integration with Bitbucket, and native support for Git, Hg, and SVN means you'll be building and deploying like a champ.

Box 3: GitHub repositories

Bitbucket can be used as the Git repository, but you can use any other Git repository (Like TFS Git) for source control of the code.

Scenario: Deploy App2 to an Azure virtual machine named VM1.

A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps.

Scenario: Access to Azure DevOps must be restricted to specific IP addresses.

Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins from certain geographies and address ranges.

Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app's App Delete class in the didFinishLaunchingWithOptions method.

MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])

References:

The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.

Box 1: Reader

Members of a group named Developers must be able to install packages.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

Box 2: Owner

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: Current Technical Issue

The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations.

Azure Automation State Configuration nodes are registered by using the following command.

References: utomationdscnode?view=azurermps-6.13.0

Box 1: Get-AzResource

Use the following command to examine the access control mode for all workspaces in the subscription:

PowerShell

Get-Az Resource –Resource Type Microsoft. Operational Insights/workspaces –Expand Properties | for each {s.Name + ": " + $_.Properties.features.enableLogAccessUsingOnlyResourcePermissions

Box 2: -Resource Type

Scenario: A branching strategy that supports developing new functionality in isolation must be used.

Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.

When you need to work on a particular feature, it might be a good idea to create a feature branch.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

References:

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

References: uthorize-with-shared-key

Batching CI runs

If you have many team members uploading changes often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built.

Example:

# specific branch build with batching

trigger:

batch: true

branches:

include:

- master

To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into the repository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.

Box 1: rwx

The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp.

Box 2: /tmp

Deploying DSC to a Linux node uses the /tmp folder.

Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.

Box 1: Set the default retention policy to 30 days

The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.

Box 2: Set the stage retention policy to 60 days

You may want to retain more releases that have been deployed to specific stages.

References:

Unattended config:

The agent can be set up from a script with no human intervention. You must pass --unattended and the answers to all questions.

To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.

Box 1: A source control system

A source control system, also called a version control system, allows developers to collaborate on code and track changes. Source control is an essential tool for multi-developer projects.

Box 2: A hosted service

To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agent meets your needs, you can skip setting up a self-hosted macOS agent.

Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

References:

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains 10 Azure virtual machines that run Windows Server 2016

References: https://docs.microsoft.com/en-us/powershell/module/azurerm.automation/register-azurermautomationdscnode

Step 1: Create a repository

A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a branch

Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.

Step 3: Add a build validation policy

When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.

Scenario:

Implement a code flow strategy for Project2 that will:

Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.

References: age-your-branches

Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.

Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet

The Import-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.

Example:

PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName "ResourceGroup01" -SourcePath "C:\DSC\client.ps1" -Force

This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.

Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet

The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.

References:

com/en-us/powershell/module/azurerm.automation/import-azurermautomationdscconfiguration

hell/module/azurerm.automation/start-azurermautomationdsccompilationjob

Scenario: Implement Project3, Project5, Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.

In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.

Step 2: Enable Gates.

Choose the pre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.

Step 3: Add Query Work items.

Choose + Add and select the Query Work Items gate.

Configure the gate by selecting an existing work item query.

Note: A case for release gate is:

Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.

References:

https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals?view=azure-devops#configure-gate

Scenario:

References:

C:\Users\wk\Desktop\mudassar\Untitled.jpg

The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.

References: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+vsts-TFS

Scenario:

Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.

Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.

Step 2: Create a personal access token..

A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.

Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.

By running a Azure Pipeline agent in the cluster, we make it possible to test any service, regardless of type.

References:

s.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-deploy-container-app-with-cicd-vsts

019/01/10/run-azure-devops-private-agents-in-kubernetes-clusters/

Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.

References:

cs.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli

Instead reduce the code complexity.

Note: Technical debt is the accumulation of sub-optimal technical decisions made over the lifetime of an application. Eventually, it gets harder and harder to change things: it’s the ‘sand in the gears’ that sees IT initiatives grind to a halt.

Box 1: Basic

Assign Basic to users with a TFS CAL, with a Visual Studio Professional subscription, and to users for whom you are paying for Azure Boards & Repos in an organization.

Box 2: Stakeholder

Assign Stakeholders to users with no license or subscriptions who need access to a limited set of features.

Note:

You assign users or groups of users to one of the following access levels:

Basic: provides access to most features

VS Enterprise: provides access to premium features

Stakeholders: provides partial access, can be assigned to unlimited users for free

References: s/azure/devops/organizations/security/access-levels?view=vsts

Step 1: Kubectl create

You can add a service account to Tiller using the --service-account flag while you’re configuring Helm (step 2 below). As a prerequisite, you’ll have to create a role binding which specifies a role and a service account name that have been set up in advance.

Example: Service account with cluster-admin role

$ kubectl create -f rbac-config.yaml

serviceaccount "tiller" created

clusterrolebinding "tiller" created

$ helm init --service-account tiller

Step 2: helm init

To deploy a basic Tiller into an AKS cluster, use the helm init command.

Step 3: helm install

To install charts with Helm, use the helm install command and specify the name of the chart to install.

References:

soft.com/en-us/azure/aks/kubernetes-helm

m/#tiller-namespaces-and-rbac

Text Description automatically generated with medium confidence

Jira Software is a development tool used by agile teams to plan, track, and manage software releases. Using Azure Pipelines, teams can configure CI/CD pipelines for applications of any language, deploying to any platform or any cloud.

Note: Microsoft and Atlassian have partnered together to build an integration between Azure Pipelines and Jira Software.

This integration connects the two products, providing full tracking of how and when the value envisioned with an issue is delivered to end users. This enables teams to setup a tight development cycle from issue creation through release. Key development milestones like builds and deployments associated to a Jira issue can then be tracked from within Jira Software.

Data analysis in Azure SQL Analytics is based on Log Analytics language for your custom querying and reporting.

References: ql

You can create a service hook for Azure DevOps Services and TFS with Jenkins.

References:

s/services/jenkins

A task group in Azure DevOps is a collection of tasks that can be reused across multiple pipelines. You can create a task group that contains the three specific tasks that you need to execute during pipeline execution, and then reference that task group in all new pipelines in Project1. This way, you can ensure that the three specific tasks are executed in all new pipelines without having to manually add them to each pipeline.

Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.

Recommendations

This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.

A. Jekyll is a static site generator that can be used to generate a static website from Markdown files stored in a GitHub repository. Jekyll supports the use of Markdown for writing documentation, and it can automatically recompile the website whenever changes are made to the documentation.

E. Doc FX is another tool that can be used to compile a static website from Markdown files stored in a GitHub repository. It is an open-source tool that can be used to generate API documentation, reference documentation, and other types of documentation from source code and other files. Doc FX supports the use of Markdown for writing documentation and it can automatically recompile the website whenever changes are made to the documentation.

Step 1: Kubectl create

You can add a service account to Tiller using the --service-account flag while you’re configuring Helm (step 2 below). As a prerequisite, you’ll have to create a role binding which specifies a role and a service account name that have been set up in advance.

Example: Service account with cluster-admin role

$ kubectl create -f rbac-config.yaml

serviceaccount "tiller" created

clusterrolebinding "tiller" created

$ helm init --service-account tiller

Step 2: helm init

To deploy a basic Tiller into an AKS cluster, use the helm init command.

Step 3: helm install

To install charts with Helm, use the helm install command and specify the name of the chart to install.

References:

-us/azure/aks/kubernetes-helm

lm.sh/using_helm/#tiller-namespaces-and-rbac

Before you can deploy Helm in an RBAC-enabled AKS cluster, you need a service account and role binding for the Tiller service.

You can add the text "AB#" to the title or description of the pull request in GitHub, which will automatically link the request to an existing Azure Boards work item with that number.

Octopus Deploy is an automated deployment server that makes it easy to automate deployment of ASP.NET web applications, Java applications, NodeJS application and custom scripts to multiple environments.

Octopus can be installed on various platforms including Windows, Mac and Linux. It can also be integrated with most version control tools including VSTS and GIT.

When you deploy software to Windows servers, you need to install Tentacle, a lightweight agent service, on your Windows servers so they can communicate with the Octopus server.

When defining your deployment process, the most common step type will be a package step. This step deploys your packaged application onto one or more deployment targets.

When deploying a package you will need to select the machine role that the package will be deployed to.

References:

nt-examples/package-deployments

https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models

Graphical user interface, text, application, chat or text message Description automatically generated

Box 1: Lead time

Lead time measures the total time elapsed from the creation of work items to their completion.

Box 2: Cycle time

Cycle time measures the time it takes for your team to complete work items once they begin actively working on them.

Box 3: Burn down

Burn down charts focus on remaining work within a specific time period.

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.

Instead reduce the code complexity.

Enable Remote Debugging

Before we start a debugging session to our Azure Function app we need to enable the functionality.

• Navigate in the Azure portal to your function app fa-11566895

• Go to the “Application settings”
• Under “Debugging” set Remote Debugging to On and set Remote Visual Studio version to 2017.

npm-cache is a command line utility that caches dependencies installed via npm, bower, jspm and composer.

It is useful for build processes that run [npm|bower|composer|jspm] install every time as part of their build process. Since dependencies don't change often, this often means slower build times. npm-cache helps alleviate this problem by caching previously installed dependencies on the build machine.

Instead use fast-forward merge.

Note:

No fast-forward merge - This option merges the commit history of the source branch when the pull request closes and creates a merge commit in the target branch.

Set up staging environments in Azure App Service

1. Open Microsoft Azure Portal

2. Log into your Azure account, select your app's resource page, in the left pane, select Deployment slots > Add Slot.

3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

4. After the slot is added, select Close to close the dialog box. The new slot is now shown on the Deployment slots page. By default, Traffic % is set to 0 for the new slot, with all customer traffic routed to the production slot.

5. Select the new deployment slot to open that slot's resource page.

6. Change TRAFFIC % to 10

References:

cs.microsoft.com/en-us/azure/app-service/deploy-staging-slots

Use a gate instead of an approval instead.

References: azure/devops/pipelines/release/approvals/gates

Topic branches, however, are useful in projects of any size. A topic branch is a short-lived branch that you create and use for a single particular feature or related work. This is something you’ve likely never done with a VCS before because it’s generally too expensive to create and merge branches. But in Git it’s common to create, work on, merge, and delete branches several times a day.

Box 1: Secret

Store credential in Azure Key Vault by reference secret stored in key vault.

To reference a credential stored in Azure Key Vault, you need to:

• Retrieve data factory managed identity
• Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grant Get permission in Secret permissions dropdown. It allows this designated factory to access secret in key vault.
• Create a linked service pointing to your Azure Key Vault.
• Create data store linked service, inside which reference the corresponding secret stored in key vault.

Box 2: Access policy

References: osoft.com/en-us/azure/azure-resource-manager/resource-group-linked-templates