Microsoft AZ-400 Dumps

Step 1: Create an Action Group

Navigate to Azure Portal:

Go to Azure Portal and sign in with your credentials.

Access Azure Monitor:

In the left-hand menu, select Monitor.

Create ActionGroup:

Under Alerts, select Action groups.

Click on + Create.

Configure Basic Settings:

Subscription: Select your subscription.

Resource Group: Select RG1 lod42147S09.

Action Group Name: Enter DevOpsAG.

Display Name: Enter a display name for the action group.

Step 2: Define Actions

Add Email Notifications:

Click on Add action.

Action Type: Select Email/SMS message/Push/Voice.

Action Name: Enter a name for the action (e.g., EmailAdmins).

Email: Enter admin1@contoso.com and admin2@contoso.com.

Click OK.

Notify Resource Owners:

Click on Add action again.

Action Type: Select Email/SMS message/Push/Voice.

Action Name: Enter a name for the action (e.g., NotifyOwners).

Email: Select Notify all owners.

Click OK.

Step 3: Enable Common Alert Schema

Common Alert Schema:

In the Advanced tab, enable the Common alert schema option1.

Step 4: Review and Create

Review:

Review all the settings you have configured.

Create:

Click on Review + create and then Create.

By following these steps, you will have successfully created an action group named DevOpsAG that emails the specified users and notifies resource owners using the common alert schema

Task 9: Initialize the main branch (if it doesn’t exist) and create a pull request-triggered pipeline for .NET Core build

Step 1: Initialize the main Branch

In your Azure DevOps Project (Project1), navigate to Repos.

In the left menu, click Files.

If you see a message like “This repository is empty,” click Initialize.

Create a README.md file (or another file) and set the default branch name to main.

Click Initialize.

If the main branch already exists, you can skip this step.

Step 2: Create a New Branch for the Pipeline

In Repos > Files, click on the Branches tab.

Click New branch.

Enter:

Branch name: azure-pipelinesT

Based on: main

Click Create.

This creates a new branch named azure-pipelinesT from main.

Step 3: Create the Pipeline YAML File in the New Branch

Switch to the azure-pipelinesT branch.

In Files, click New file.

Name the file: azure-pipelines.yml.

Step 4: Write the YAML Pipeline for .NET Core Build

Here’s a sample YAML file:

trigger: none

pr:

branches:

include:

- main

pool:

vmImage: 'windows-latest'

variables:

buildConfiguration: 'Release'

steps:

- task: UseDotNet@2

displayName: 'Install .NET Core SDK'

inputs:

packageType: 'sdk'

version: '8.x' # Or specify the exact version of .NET Core SDK you need

installationPath: $(Agent.ToolsDirectory)/dotnet

- script: dotnet build src --configuration $(buildConfiguration)

displayName: 'Build .NET Core project'

This pipeline:

Runs only when a pull request is created or updated targeting the main branch.

Uses the windows-latest agent.

Installs the .NET SDK and builds the project in the src directory.

Step 5: Commit the Pipeline File

In the bottom commit message box:

Message: Add PR-triggered pipeline for .NET Core build

Ensure the branch is set to azure-pipelinesT.

Click Commit.

Step 6: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines.

Click New pipeline.

Select:

Azure Repos Git.

Select your repository.

Choose Existing Azure Pipelines YAML file.

In the branch selector, choose the azure-pipelinesT branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and Run to validate.

Step 7: Test the Pipeline Trigger

Create a new branch (e.g., feature/test-pr).

Push a commit and create a pull request targeting main.

Verify that the pipeline runs automatically for this PR in Pipelines.

1. Sign in to the portal,

2. Choose template Deploy-lod9940427

3. Select Edit template, andthen paste your JSON template code into the code window.

4. Change the ASddressPrefixes to 10.0.0.0/24 in order to support only 256 total IP addresses.

addressSpace":{"addressPrefixes": ["10.0.0.0/24"]},

5. Change the firstSubnet addressprefix to 10.0.0.0/26 to support only 64 total IP addresses.

"subnets":[

{

"name":"firstSubnet",

"properties":{

"addressPrefix":"10.0.0.0/24"

}

6. Select Save.

7. Select Editparameters, provide values for the parameters that are shown, and then select OK.

8 Select Subscription. Choose the subscription you want to use, and then select OK.

9. Select Resource group. Choose an existing resource group or create a new one, and then select OK.

10. Select Create. A new tile on the dashboard tracks the progress of your template deployment.

Task 11: Create an Artifact Feed with Specific Retention Policies

Step 1: Navigate to Artifacts

In your Azure DevOps Project (Project1), click on the Artifacts section in the left menu.

Step 2: Create a New Feed

Click on the + New feed button.

In the Name field, enter:

nginx

Copy

artifact_feed

Choose the visibility of the feed:

Project scoped (only accessible to Project1).

Or Organization scoped (accessible across your Azure DevOps organization).

Leave other settings at default unless you have specific permissions or upstream sources.

Click Create.

This creates a new feed named artifact_feed.

Step 3: Configure Retention Policies

In the Artifacts section, click on the feed named artifact_feed to open its details page.

In the top-right corner, click on the three dots (...) and select Feed settings.

Step 4: Set the Maximum Number of Versions to Retain

In the Feed settings page, find the Retention policies section.

Set Maximum number of versions per package to:

Copy

10

Click Save.

This ensures that only the latest 10 versions of any package are retained in the feed.

Step 5: Set the Downloaded Package Retention Period

In the Feed settings page, under Retention policies, find Downloaded package retention.

Set Number of days to retain downloaded packages to:

Copy

90

Click Save.

This ensures that downloaded packages will be retained in the cache for 90 days before deletion.

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Goto Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Enable Squash Merge for the Main Branch

Navigate to Branch Policies:

Go to Repos > Branches.

Find the main branch and click on the … (ellipsis) next to it.

Select Branch policies.

Enable Squash Merge:

Under Policies, scroll down to the Merge strategy section.

Select Squash merge as the required mergestrategy2.

Save Changes:

Click on Save changes to apply the policies.

Step 3: Verify the Squash Merge Policy

Create a Pull Request:

Make achange in a branch and create a pull request to merge it into the main branch.

Complete the Pull Request:

Ensure that the pull request uses thesquash merge strategy by selecting Squash commit under the Merge type in the Complete pull request dialog

1. Open Microsoft Azure Portal

2. Log intoyour Azure account and go to App Service and look under Monitoring then you will see Alert.

3. Select Add an alert rule

4. Configure the alert rule as per below and click Ok.

Source: Alert on Metrics

Resource Group: az400-9940427-main

Resource: az400-9940427-main

Threshold: 5

Period: Over the last 5 minutes

Webhook:

anation:

1. In the Azure portal, navigate to the az400-9940427-main app's management page. In the app's left menu, click Configuration > Application settings.

2. Click New Application settings

3. Enter the following:

Name: MAX_ITEMS

Value: 50

Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation

Step 1: Understand the Requirements

You want to deploy resources in the RGHod489Q1628 resource group.

The service connection must:

Use the ManagedJd1 managed identity.

Use workload identity federation (OIDC-based authentication for enhanced security).

Step 2: Verify Prerequisites

You need to ensure:

The ManagedJd1 managed identity exists in your Azure subscription.

Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).

You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.

Step 3: Assign Role to Managed Identity

Go to the Azure Portal.

In the search bar, type Managed Identities and select Managed Identities.

Locate and click on the ManagedJd1 identity.

In the left menu, click Azure role assignments.

Click + Add role assignment.

Set the following:

Scope: Resource Group

Subscription: Your subscription

Resource Group: RGHod489Q1628

Role: Contributor (or appropriate role)

Click Save.

This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.

Step 4: Create a Federated Credential for Workload Identity Federation

In the Azure Portal, navigate to the ManagedJd1 managed identity.

In the left menu, click Workload identity federation (preview).

Click + Add a federated credential.

Configure as follows:

Federated credential name: devops-oidc

Issuer: (or use the default for Azure DevOps)

Subject identifier: Use the following format for Azure DevOps:

css

Copy

system:azuredevops:{organizationName}:{projectName}

For example:

css

Copy

system:azuredevops:{YourOrganizationName}:{Project1}

Audience: api://AzureADTokenExchange

Click Add.

This federated credential establishes trust between your Azure DevOps project and the managed identity.

Step 5: Create a Service Connection in Azure DevOps

Go to your Azure DevOps project (Project1) in the browser.

In the left menu, click Project settings.

Under Pipelines, click Service connections.

Click New service connection.

Choose Azure Resource Manager.

Choose the authentication method:

Select Workload identity federation.

Configure the service connection:

Scope level: Resource Group.

Resource Group: RGHod489Q1628.

Subscription: Your subscription.

Authentication method: Managed Identity with workload identity federation.

Managed Identity: Enter the client ID or select ManagedJd1.

Service connection name: e.g., Project1-RGHod489Q1628-Conn.

Grant access permission to all pipelines (recommended).

Click Save.

Step 6: Validate the Service Connection

After creation, click on the new service connection to Verify it.

Ensure the connection test is successful.

You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.

Step 1: Sign Up for Azure DevOps

Navigate to Azure DevOps.

Click on Start Free.

Enter the credentials:

Email: UserUsefl-42147509@ExamUsers.com

Password: eWrSalD2!

Follow the prompts to complete the sign-up process using the default settings.

Step 2: Create an Azure DevOps Organization

Once signed in, you will be prompted to create a new organization.

Enter a name for your organization and select your region.

Click on Continue to create the organization.

Step 3: Create a Private Project

In your new organization, click on New Project.

Name the project Project1.

Set the visibility to Private.

Click on Create.

Step 4: Add an External User as a Stakeholder

Go to the Organization Settings.

Under General, select Users.

Click on Add users.

Enter the email address: Usfrr2-42147S09@ExamUsers.com.

Set the access level to Stakeholder.

Add the user to the most restrictive group, which is typically the Readers group.

Click on Add to complete the process.

Step 5: Verify the User Addition

Ensure that the external user has been added successfully by checking the Users list.

Confirm that the user has the Stakeholder access level and is part of the Readers group.

By following thesesteps, you should be able to complete the task successfully. If you encounter any issues, feel free to ask for further assistance!

1. To enable automatictuning on a single database, navigate to the database in the Azure portal and select Automatic tuning.

2. Select the automatic tuning options you want to enable and select Apply.

Note: Individual automatic tuning settings can be separately configuredfor each database. You can manually configure an individual automatic tuning option, or specify that an option inherits its settings from the server.

1. Open Microsoft Azure Portal

2. Select All Services, and then select DevTest Labs in the DEVOPS section.

3. From the list of labs, select the az400-9940427-dtl1 lab

4. On the home page for your lab, select + Add on the toolbar.

5. Select the Windows Server 2016 Datacenter base image for the VM.

6. Select automation options at the bottom of the page above the Submit button.

7. You see the Azure Resource Manager template for creating thevirtual machine.

8. The JSON segment in the resources section has the definition for the image type you selected earlier.

To ensure that the webhook called every time the repository namedaz40038443478acr1receives a new version of an image nameddotnetapp, you can follow these steps to configure a webhook in Azure Container Registry:

Navigate to the Azure Container Registry:

Go to the Azure Portal.

Find and select yourAzure Container Registry instanceaz40038443478acr1.

Create a New Webhook:

UnderServices, selectWebhooks.

Click on+ Addto create a new webhook.

Fill in the form with the following information:

Webhook name: Enter a unique name for your webhook.

ServiceURI:

Custom headers: (Optional) Add any headers you want to pass along with the POST request.

Trigger actions: SelectPushto trigger the webhook on image push events.

Scope: Specify the scope asaz40038443478acr1:dotnetappto target the specific image.

Status: Set toEnabled.

Save the Webhook Configuration:

Review the information and clickCreateto save the webhook.

Once configured, the webhook will send a POST request a new version of thedotnetappimage is pushed to theaz40038443478acr1repository in your Azure Container Registry1.

This setup will automate the notification process, ensuring that the specified webhook is called with each new image version, thus fulfilling the task requirements.

To enable streaming of diagnostic telemetry for asingle or a pooled database, follow these steps:

1. Go to Azure SQL database resource.

2. Select Diagnostics settings.

3. Select Turn on diagnostics if no previous settings exist, or select Edit setting to edit a previous setting. You can create up to three parallel connections to stream diagnostic telemetry.

4. Select Add diagnostic setting to configure parallel streaming of diagnostics data to multiple resources.

5. Enter a setting name for your own reference.

6. Select a destination resource for the streaming diagnostics data: Archive to storage account, Stream to an event hub, or Send to Log Analytics.

7. For the standard, event-based monitoring experience, select the following check boxes for database diagnostics log telemetry: Query Store Runtime Statistics

8. For an advanced, one-minute-based monitoring experience, select the check box for Basic metrics.

9. Select Save.

Set up staging environments in Azure App Service

1. Open Microsoft Azure Portal

2. Log into your Azure account, select your app's resource page, in the left pane, selectDeployment slots > Add Slot.

3. In the Add a slot dialog box, give the slot a name, and select whether to clone an app configuration from another deployment slot. Select Add to continue.

4. After the slot is added, select Close to close the dialogbox. The new slot is now shown on the Deployment slots page. By default, Traffic % is set to 0 for the new slot, with all customer traffic routed to the production slot.

5. Select the new deployment slot to open that slot's resource page.

6. Change TRAFFIC % to 10

Step 1: Navigate to the Project1 Repository

In your browser, go to your Azure DevOps organization:

In the left menu, select the project named Project1.

In the left menu under Repos, click on Files.

Step 2: Initialize the Main Branch (if it doesn’t exist)

If the main branch doesn’t exist (because the repo is empty):

In the Repos > Files view, you’ll see a message: “This repository is empty.”

Click on the Initialize button.

Choose the default branch name as main and create a README file (or any file to initialize).

Click Initialize.

This creates the main branch in your repository.

Step 3: Set Up Branch Protection for the Main Branch

Branch protection ensures that all changes go through a pull request (PR), and that PRs are linked to work items (for traceability).

In the Repos view, click on Branches in the left menu.

Locate the main branch in the list.

Click on the three dots (...) next to main and select Branch policies.

Step 4: Configure Branch Policies for main

In the Branch policies for the main branch:

Require a minimum number of reviewers:

Enable this option and set to 1 or more as per your team’s standards.

Check for linked work items:

Enable the Check for linked work items option.

This ensures that every PR has at least one linked work item.

Require a linked work item:

This enforces the traceability requirement you mentioned.

Optionally, you can also:

Enable build validation if you have a pipeline to validate builds.

Enforce merge strategies (like squash merge).

Click Save changes at the bottom.

To store signed images in an Azure Container Registry (ACR) instance and support your planned images while minimizing costs, you need to modify the SKU of your ACR instance to one that supports content trust and image signing. Here’s how you can do it:

Determine the Appropriate SKU:

Content trust and image signing are features of thePremiumservice tier of Azure ContainerRegistry1.

If cost minimization is a priority, ensure that the Premium tier is necessary for your use case. If you require content trust, the Premium tier is the appropriate choice.

Modify the SKU of the ACR Instance:

Navigate to the Azure Portal.

Go to your ACR instanceaz40038443478act1.

SelectUpdatefrom the overview pane.

Choose thePremiumSKU from the SKU drop-down menu2.

Review the changes and pricing, then save the configuration.

By upgrading to the Premium SKU, you’ll be able to store signed images in your ACR instance. Remember to monitor your usage and costs to ensure they align with your budget and requirements.

Task 12: Configure Iterations in Project1 for Azure Boards

Step 1: Navigate to Project Settings

In your Azure DevOps Project (Project1), click on the Project settings gear icon in the lower-left corner.

Step 2: Manage Project Iterations (Sprints)

In the Boards section of the Project settings, click Project configuration.

In the left menu, click on Iterations.

Step 3: Add Iterations

Click on the + New child link to add a new iteration under the root node (e.g., Project1).

Enter the following details:

Name: Sprint 1

Leave the start and end dates empty (or set them as needed for your planning).

Click Save and close.

Repeat the process:

Click + New child again.

Name: Sprint 2

Leave the start and end dates empty.

Click Save and close.

Finally, create Sprint 3 with specific dates:

Click + New child.

Name: Sprint 3

Start date: January 1 of next year (e.g., 2026-01-01).

End date: January 31 of next year (e.g., 2026-01-31).

Click Save and close.

Step 4: Assign Iterations to Work Items

With these iterations created, you can now assign them to work items (e.g., tasks, bugs, features) using Azure Boards.

In Boards, click on Work items.

Open any work item.

In the Iteration Path field, select one of your newly created iterations (Sprint 1, Sprint 2, or Sprint 3).

This ensures that work items can be tracked under the appropriate sprint.

Step1: Create a New Team Dashboard

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Access Dashboards:

In the left-hand menu, select Dashboards.

Create a New Dashboard:

Click on New Dashboard.

Enter the name Dashboard1.

Ensure the dashboard type is set to Team Dashboard.

Click Create.

Step 2: Add the Team Members Widget

Open the Widget Catalog:

After creating the dashboard, thewidget catalog will open automatically. If it doesn’t, click on Add Widget.

Search for Team Members Widget:

In the widget catalog, search for Team Members.

Add the Widget:

Click on the Team Members widget and then click Add to place it on your dashboard.

Configure the Widget:

Once added, you can resize and move the widget to your preferred location on the dashboard.

Step 3: Save and Share the Dashboard

Save the Dashboard:

Click on Save to save your changes.

Share the Dashboard:

You can share the dashboardURL with your team members or set permissions to control who can view or edit the dashboard.

By following these steps, you will have a new team dashboard named Dashboard1 that displays the members of the default project team for Project1

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Initialize theMain Branch:

Go to Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Create a New Branch for the Pipeline

Navigate to Branches:

Go to Repos > Branches.

Click on New branch.

Create the Branch:

Enter azure-pipelines as the branch name.

Select main as the base branch.

Click Create2.

Step 3: Create a New Azure Pipelines YAML Pipeline

Navigate to Pipelines:

Go to Pipelines > New pipeline.

Select the Repository:

Choose Azure Repos Git and select the relevant repository.

Configure the Pipeline:

Select Starter pipeline.

Replace the default YAML with the ASP.NET template. You can find the ASP.NET template in the Azure Pipelines documentation oruse the following example:

trigger:

- main

pool:

vmImage: 'windows-latest'

variables:

buildConfiguration: 'Release'

steps:

- task: UseDotNet@2

inputs:

packageType: 'sdk'

version: '5.x'

installationPath: $(Agent.ToolsDirectory)/dotnet

- script: |

dotnet build --configuration $(buildConfiguration)

displayName: 'Build project'

- script: |

dotnet test --no-build --configuration $(buildConfiguration)

displayName: 'Run tests'

Save the Pipeline:

Click on Save and enter azure-pipelines as the branch name.

Click on Save and run to save the pipeline to the new branch named azure-pipelines3.

By following these steps, you will have successfully initialized the main branch, created a new branch named azure-pipelines, and set up a new Azure Pipelines YAML pipeline using the ASP.NET template

To create an instance of Azure Application Insights namedaz400-38443478-mainand configure it to receive telemetry data from an Azure web app with the same name, you’ll need to follow these steps:

Create a Log Analytics Workspace:

Go to theAzure Portal.

Search for Log Analytics Workspaces and select Add.

Select a Subscription and either use an existing Resource Group or create a new one.

Provide a unique name for your Log Analytics workspace.

Choose the Region that is appropriate for you.

Review the settings and then selectCreate1.

Create an Azure Application Insights Instance:

In the Azure Portal, navigate to Application Insights.

Click on + Create.

Fill in the instance details, ensuring the name isaz400-38443478-main.

Link the instance to the Log Analytics workspace you created in the previous step.

Review and create the Application Insights instance2.

Configure the Azure Web App to Send Telemetry Data:

Go to the Azure Web Appaz400-38443478-main.

Under Monitoring, selectApplication Insights.

Choose to use an existing resource and select the Application Insights instance you created.

Follow the prompts to set up the connection, which may involve adding the appropriate SDK to your web app and configuring the connection string or instrumentation key.

Verify Telemetry Data Reception:

After setting up, send some test traffic to your web app.

Then, go to the Application Insights instance and check the Overview or Performance sections to see if telemetry data is being received.

Remember to replace placeholder names with the actual names of your resources where necessary. These steps will help you set up Azure Application Insights to monitor your web app effectively.

Step 1: Navigate to the Library

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

Select Your Project:

Choose Project1 from your list of projects.

Access the Library:

In the left-hand menu, select Pipelines > Library.

Step 2: Create a Variable Group

Create a New Variable Group:

On the Library page, click on + Variable group.

Configure the Variable Group:

Name: Enter varGroup1.

Description: Optionally, add a description for thevariable group.

Add Variables:

Click on + Add to add a new variable.

Variable Name: Enter serverName.

Value: Enter server1.

Click OK.

Click on + Add again to add another variable.

Variable Name: Enter dbName.

Value: Enter db1.

Click OK.

Save the Variable Group:

Click on Save to save the variable group.

By following these steps, you will have successfully created a variable groupnamed varGroup1 containing the specified variables

1. In Azure portal navigate to the az400-9940427-main app.

2. Scroll down to the Settings groupin the left navigation.

3. Select Managed identity.

4. Within the System assigned tab, switch Status to On. Click Save.

To enable streaming of diagnostic telemetry for a single or a pooled database, follow these steps:

1. Go to Azure SQL database resource.

2. Select Diagnostics settings.

3.Select Turn on diagnostics if no previous settings exist, or select Edit setting to edit a previous setting. You can create up to three parallel connections to stream diagnostic telemetry.

4. Select Add diagnostic setting to configure parallel streaming ofdiagnostics data to multiple resources.

5. Enter a setting name for your own reference.

6. Select a destination resource for the streaming diagnostics data: Archive to storage account, Stream to an event hub, or Send to Log Analytics.

7. For the standard, event-based monitoring experience, select the following check boxes for database diagnostics log telemetry: QueryStoreRuntimeStatistics

8. For an advanced, one-minute-based monitoring experience, select the check box for Basic metrics.

9. SelectSave.

Step 1: Understand the Requirements

You want to ensure that audit events (such as user actions, project changes, security settings, etc.) from your Azure DevOps organization are logged and available in a Log Analytics workspace in Azure.

This enables centralized monitoring and security compliance.

Step 2: Prerequisites

Before starting, make sure:

You have an Azure subscription.

You have permission to create or use a Log Analytics workspace in the Azure portal.

You are a Project Collection Administrator or Organization Owner in Azure DevOps.

Step 3: Create or Identify a Log Analytics Workspace

Go to the Azure portal.

In the search bar, type Log Analytics workspaces and click the service.

Click + Create to create a new workspace (or select an existing workspace if you have one).

Provide the following:

Subscription: your Azure subscription.

Resource Group: create a new or use an existing one.

Name: a unique name for the workspace (like DevOpsAuditWorkspace).

Region: choose the same region as your Azure DevOps organization if possible.

Click Review + Create, then Create to deploy the workspace.

Step 4: Configure Azure DevOps to Stream Audit Logs

Azure DevOps can stream audit logs to your Log Analytics workspace using the Azure DevOps Audit Stream feature.

In your browser, go to your Azure DevOps organization:

In the bottom-left corner, click on the Organization Settings gear icon.

In the left menu, click on Audit logs.

In the top-right, click on Audit streams.

Click on + Add stream to create a new stream.

In the New audit stream pane, do the following:

Stream type: select Azure Monitor Logs (Log Analytics).

Azure subscription: select the subscription containing your Log Analytics workspace.

Resource group: select the resource group.

Log Analytics workspace: select the workspace created in Step 3.

Click Save.

Step 5: Validate the Audit Stream Connection

Go back to the Audit streams page in Azure DevOps to confirm the stream shows as Connected.

To validate logs:

In the Azure portal, go to your Log Analytics workspace.

In the left menu, click on Logs.

Use the query:

kusto

Copy

AzureDevOpsAuditing

| sort by TimeGenerated desc

You should see audit events from your Azure DevOps organization appear in the results.

Sign in to the Azure portal.

Navigate to the container registry az40010480345acr1.

Under Services, select Webhooks.

Select the existing webhook and double-click on itto get its properties.

For Trigger actions select image push

Example web hook:

Task 7: Create a Pipeline to Deploy a Docker Image in a New Branch

Step 1: Create a New Branch

In your Azure DevOps Project (Project1), navigate to Repos.

In the left menu, click on Branches.

Click New branch.

Enter:

Branch name: azure-pipelines

Based on: main (or your default branch)

Click Create.

This creates a new branch named azure-pipelines.

Step 2: Switch to the New Branch

In Repos, click on Files.

In the top-left branch selector, choose azure-pipelines.

Step 3: Use the Predefined Docker Pipeline Template

Azure Pipelines has predefined YAML templates for common tasks, including Docker.

Here’s how to add it:

In the azure-pipelines branch, click New file.

Name the file: azure-pipelines.yml.

Click the Show templates button in the YAML editor (if available).

Search for the Docker template in the list of predefined templates.

Select the Docker template to auto-populate the YAML file.

If the editor doesn’t show the template picker, you can manually add the following basic Docker pipeline template:

yaml

Copy

# Predefined Docker pipeline template

trigger:

- main

resources:

- repo: self

variables:

imageName: 'mydockerimage'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

pool:

vmImage: 'ubuntu-latest'

steps:

- task: Docker@2

displayName: Build and push an image to container registry

inputs:

command: buildAndPush

repository: $(imageName)

dockerfile: '**/Dockerfile'

containerRegistry: ''

tags: |

latest

Replace with your actual Azure Container Registry (ACR) or DockerHub service connection name.

Step 4: Commit the Pipeline to the New Branch

In the YAML editor, review and adjust if needed (like setting the correct container registry service connection).

In the bottom commit message box:

Message: e.g., Add Docker deployment pipeline

Ensure the branch is set to azure-pipelines.

Click Commit (not commit to main).

This creates the pipeline YAML file in the new azure-pipelines branch.

Step 5: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines.

Click New pipeline.

Choose:

Azure Repos Git.

Select your repo.

Select Existing Azure Pipelines YAML file.

In the branch selector, choose the azure-pipelines branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and then Run to validate the pipeline.

1.Go to the Azure portal, navigate to Traffic Manager profiles and click on the Add button to create a routing profile.

2. In the Create Traffic Manager profile, enter, or select these settings:

Name: az40011566895n1-tm

Routing method: Geographic

Resource group: RG1lod11566895

Note: Traffic Manager profiles can be configured to use the Geographic routing method so that users are directed to specific endpoints (Azure, External or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important.

Step 1: Write the KQL Query

Open Azure Data Explorer:

Navigate to Azure Data Explorer and sign in with your credentials.

Access the Securitylogs Database:

Open the Securitylogs database.

Write the Query:

Use the following KQL query tocount the number of inbound requests for each source IP address:

InboundBrowsing

| where Timestamp between (datetime(2021-10-01) .. datetime(2021-12-31))

| summarize NumberOfRequests = count() by SourceIP

| project SourceIP, NumberOfRequests

Step 2: Export the Query Results

Run the Query:

Execute the query in Azure Data Explorer.

Export the Results:

Once the query results are displayed, click on the Export button.

Choose the export format (e.g., CSV) and specify the export path as C:\Samples.

By following these steps, you will have successfully written a KQL query to count the number of inbound requests for each source IP address during the last three months of 2021 and exported the results to C:\Samples

Step 1: Log in to the Azure Portal

Go to .

Log in with your Azure account.

Step 2: Create an Azure App Configuration Instance

In the search bar at the top, type “App Configuration” and select App Configuration from the search results.

Click + Create.

Fill in the required fields:

Subscription: Your Azure subscription.

Resource Group: Create a new one or select an existing one.

Name: Provide a globally unique name (for example, myappconfig-instance).

Location: Choose a region close to your application.

Click Review + Create, then Create.

The instance will take a few seconds to deploy.

Step 3: Access the App Configuration Instance

Once the deployment is complete, click Go to resource.

You are now in the App Configuration resource.

Step 4: Enable Feature Management

In the left menu, click on Feature Manager (Preview).

Click + Add to create a new feature flag.

Step 5: Create the Feature Flag

Provide the following details:

Feature flag name: feature1

Label: (optional)

Description: (optional)

State: Set to Enabled.

Click on the Add filters link if you want to add targeting filters (optional).

Click Save to create the feature flag.

Step 6: Set the Expiration Date for the Feature Flag

In the Feature Manager list, find the newly created feature1 flag.

Click on the three dots (context menu) next to feature1 and select Edit.

In the Edit feature pane, look for the Expiration date setting.If there is no direct UI for expiration date, you can store it as a custom key-value (metadata).

Here’s how to store expiration as metadata:

In the App Configuration left menu, click on Configuration Explorer.

Locate the key: .appconfig.featureflag/feature1.

Click on the key to edit.

Add a new label or add a custom key in the Content type or tags section to store expiration metadata:

Key: expiration

Value: yyyy-MM-dd (set to today + 7 days)

For example, if today is June 4, 2025, set the expiration as 2025-06-11.

1. Open Microsoft Azure Portal

2. Log into your Azure account and go to App Service and look under Monitoring then you will see Alert.

3. Select Add an alert rule

4. Configure the alert rule as per belowand click Ok.

Source: Alert on Metrics

Resource Group: az400-9940427-main

Resource: az400-9940427-main

Threshold: 5

Period: Over the last 5 minutes

Webhook:

Enable Remote Debugging

Before we start a debugging session to our Azure Function app we need to enable the functionality.

Navigate in the Azure portal to your function app fa-11566895

Go to the “Application settings”

Under “Debugging” set Remote Debugging to On and set Remote Visual Studio version to 2017.

You can usea system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.

Sign in to Azure portal

Locate virtual machine VM1.

Select Identity

Enable the system-assigned identity for VM1 by setting the Status to On.

Note:Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.

To prepare a Network Security Group (NSG) namedaz400-38443478-nsg1for hosting an Azure DevOps pipeline agent, while allowing only the required outbound port for Azure DevOps and denying all other inbound and outbound access to the Internet, follow these steps:

Create the NSG:

Navigate to the Azure Portal.

Go toNetwork Security Groupsand click on+ Create.

Fill in the details, including the nameaz400-38443478-nsg1, and create the NSG.

ConfigureOutbound Security Rules:

Once the NSG is created, go to its settings.

Navigate toOutbound security rules.

Click on+ Addto create a new rule.

Set theDestination port rangesto443, which is the required port for Azure DevOps12.

Set theProtocoltoTCP.

Set theActiontoAllow.

Assign aPrioritynumber (e.g.,100) that does not conflict with existing rules.

Provide a meaningfulNamefor the rule (e.g.,AllowAzureDevOps).

Configure Default Rules to Deny All Other Traffic:

In the sameOutbound security rulessection, edit the default rule to deny alltraffic.

Change theActiontoDenyfor the rule with the lowest priority (highest number).

Ensure that this rule applies to all protocols, source and destination IP ranges, and port ranges.

Associate the NSG with the Appropriate Resource:

Associate the NSGwith the subnet or network interface of the virtual machine or resource where the Azure DevOps pipeline agent will be hosted.

By following these steps, you will ensure that the Azure DevOps pipeline agent can communicate with Azure DevOps services over the required port while blocking all other inbound and outbound Internet access, adhering to the principle of least privilege and security best practices.

Box 1: A source control system

A source control system, also called a version control system, allows developers to collaborate on code and track changes.Source control is an essential tool for multi-developer projects.

Box 2: A hosted service

To build and deploy Xcode apps or Xamarin.iOS projects, you'll need at least one macOS agent. If your pipelines are in Azure Pipelines and a Microsoft-hosted agentmeets your needs, you can skip setting up a self-hosted macOS agent.

Scenario: The investment planning applications suite will include one multi-tier web application and two iOS mobile applications. One mobile application will be used by employees; the other will be used by customers.

Box 1: rwx

The Log Analytics agent for Linux runs as the omsagent user. To grant >write permission to the omsagent user, run the command setfacl -m u:omsagent:rwx /tmp.

Box 2: /tmp

Deploying DSC to a Linux node uses the /tmp folder.

Scenario: A branching strategy that supports developing newfunctionality in isolation must be used.

Feature isolation is a special derivation of the development isolation, allowing you to branch one or more feature branches from main, as shown, or from your dev branches.

When you need to work on a particularfeature, it might be a good idea to create a feature branch.

Box 1: Reader

Members of a group named Developers must be able to install packages.

Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Ownerscan add any type of identity-individuals, teams, and groups-to any access level.

Box 2: Owner

Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds.

Unattended config:

The agent can be set up from a script with no human intervention. You must pass--unattended and the answers to all questions.

To configure an agent, it must know the URL to your organization or collection and credentials of someone authorized to set up agents. All other responses are optional.

Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.

In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.

Insert the following line to start the SDK in your app's App Delete class in the didFinishLaunchingWithOptions method.

MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])

Batching CI runs

If you have many team members uploadingchanges often, you may want to reduce the number of runs you start. If you set batch to true, when a pipeline is running, the system waits until the run is completed, then starts another run with all changes that have not yet been built.

Example:

# specific branch build with batching

trigger:

batch: true

branches:

include:

- master

To clarify this example, let us say that a push A to master caused the above pipeline to run. While that pipeline is running, additional pushes B and C occur into therepository. These updates do not start new independent runs immediately. But after the first run is completed, all pushes until that point of time are batched together and a new run is started.

Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.

Box 1: Set the defaultretention policy to 30 days

The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.

Box 2: Set the stage retention policy to 60 days

You may want to retain more releases that have been deployed to specific stages.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

The commit-msg hook is invoked by git-commit and git-merge, and can be bypassed with the --no-verify option.

Change the ConfigurationMode parameter from ApplyOnly to ApplyAndAutocorrect.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: Current Technical Issue

The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure AutomationState Configuration fails to correct the configurations.

Azure Automation State Configuration nodes are registered by using the following command.

Box 1: Get-AzResource

Use the followingcommand to examine the access control mode for all workspaces in the subscription:

PowerShell

Get-Az Resource –Resource Type Microsoft. Operational Insights/workspaces –Expand Properties | for each {s.Name + ": " + $_.Properties.features.enableLogAccessUsingOnlyResourcePermissions

Box 2: -Resource Type

Scenario:

The first thing to do is to declare your Sonar Qube server as a service endpoint in your VSTS/DevOps project settings.

Scenario: Implement Project4 and configure the project to push Docker images to Azure Container Registry.

You use Azure Container Registry Tasks commands to quickly build, push, and run a Docker container image natively within Azure, showing how to offload your "inner-loop" development cycle to the cloud. ACR Tasks is a suite of features within Azure Container Registry to help you manage and modify container images across the container lifecycle.

The Register-AzureRmAutomationDscNode cmdlet registers an Azure virtual machine as an APS Desired State Configuration (DSC) node in an Azure Automation account.

Scenario: The Azure DevOps organization includes:

The Docker extension

A deployment pool named Pool7 that contains10 Azure virtual machines that run Windows Server 2016

Scenario:

Step 1: Sign in to Azure Develops by using an account that is assigned the Administrator service connection security role.

Note: Under Agent Phase, click Deploy Service Fabric Application. Click Docker Settings and then click Configure Docker settings. In Registry Credentials Source, select Azure Resource Manager Service Connection. Then select your Azure subscription.

Step 2: Create a personal access token..

A personal access token or PAT is required so that a machine can join the pool created with the Agent Pools (read, manage) scope.

Step 3: Install and register the Azure Pipelines agent on an Azure virtual machine.

By running a Azure Pipeline agent in thecluster, we make it possible to test any service, regardless of type.

Step 1: Createa repository

A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.

Step 2: Create a branch

Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.

Step 3: Add a build validation policy

When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.

Scenario:

Implement a code flow strategy for Project2 that will:

Enable Team2 to submit pull requests for Project2.

Enable Team2 to work independently on changes to a copy of Project2.

Ensure that any intermediary changes performed by Team2 on a copy of Project2 will be subject to the same restrictions as the ones defined in the build policy of Project2.

Step 1: Create a Desired State Configuration (DSC) configuration file that has an extension of .ps1.

Step 2: Run the Import-AzureRmAutomationDscConfiguration Azure Powershell cmdlet

TheImport-AzureRmAutomationDscConfiguration cmdlet imports an APS Desired State Configuration (DSC) configuration into Azure Automation. Specify the path of an APS script that contains a single DSC configuration.

Example:

PS C:\>Import-AzureRmAutomationDscConfiguration -AutomationAccountName "Contoso17"-ResourceGroupName "ResourceGroup01" -SourcePath "C:\DSC\client.ps1" -Force

This command imports the DSC configuration in the file named client.ps1 into the Automation account named Contoso17. The command specifies the Force parameter. If there is an existing DSC configuration, this command replaces it.

Step 3: Run the Start-AzureRmAutomationDscCompilationJob Azure Powershell cmdlet

The Start-AzureRmAutomationDscCompilationJob cmdlet compiles an APS Desired State Configuration (DSC) configuration in Azure Automation.

Scenario: Implement Project3, Project5,Project6, and Project7 based on the planned changes

Step 1: Open the release pipeline editor.

In the Releases tab of Azure Pipelines, select your release pipeline and choose Edit to open the pipeline editor.

Step 2: Enable Gates.

Choose thepre-deployment conditions icon for the Production stage to open the conditions panel. Enable gates by using the switch control in the Gates section.

Step 3: Add Query Work items.

Choose + Add and select the Query Work Items gate.

Configure the gate by selecting an existing work item query.

Note: A case for release gate is:

Incident and issues management. Ensure the required status for work items, incidents, and issues. For example, ensure deployment occurs only if no priority zero bugs exist, and validation that there are no active incidents takes place after deployment.

Woodgrove Bank identifies the following technical requirements:

The Azure DevOps dashboard must display the metrics shown in the following table:

Box 1: Velocity

Velocity displays your team velocity. It shows what your team delivered as compared to plan.

Box 2: Release pipeline overview

Release pipeline overview shows the status of environments in a release definition.

Box 3: Query tile

Query tile displays the total number of results from a query.

Setting 1: Threshold value

Set to 80 %

Scenario: An Azure Monitor alert for VM1 must be configured to meet the following requirements:

Be triggered whenaverage CPU usage exceeds 80 percent for 15 minutes.

Calculate CPU usage averages once every minute.

Setting 2: Aggregation granularity

Set to 15 minutes.

Scenario: Deploy App2 to an Azure virtual machine named VM1.

A personal access token (PAT) is used as an alternatepassword to authenticate into Azure DevOps.

Box 1: Azure Boards

Azure Boards can be used to track work with Kanban boards, backlogs, team dashboards, and custom reporting

You can create multiple Trello boards, which are spaces to store tasks (for different work contexts, or even private boards)

You can easily shareTrello boards with another person.

Box 2: Azure Pipelines

You can use Bamboo to implement CI/CD (Continuous Integration and Continuous Delivery) for a simple Azure function app using Atlassian Bamboo. Bamboo does continuous delivery of the project fromsource code to deployment. It has stages including Build, Test and Deploy.

Software teams in every industry are upgrading their continuous delivery pipeline with Bamboo. Easy build import from popular open source tools, user and group import from JIRA, seamless integration with Bitbucket, and native support for Git, Hg, and SVN means you'll be building and deploying like a champ.

Box 3: GitHub repositories

Bitbucket can be used as the Git repository, but you can use any other Git repository (Like TFS Git)for source control of the code.

Woodgrove Bank plans to implement the following changes to the identity environment:

Configure App1 to use a service principal.

QUESTIONNO: 4

You need !0 the merge the POC branch into the default branch. The solution must meet the technical requirements. Which command should you run?

A. it push

B. git merge -- allow-unrelated-histories

C. git rebase

D. git merge --squash

Answer: C

Woodgrove Bank plans to implement the following changes to the DevOps environment:

Migrate all the source code from TFS1 to GitHub.

The Git-TFS tool is a two-way bridge between Team Foundation Version Control and Git, and can be used to perform a migration.

Scenario: Access to Azure DevOps mustbe restricted to specific IP addresses.

Azure DevOps is authenticated through Azure Active Directory. You can use Azure AD's conditional access to prevent logins from certain geographies and address ranges.

Instead use implement continuous integration.

Note: WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Instead you should deploy an Azure self-hosted agent to an on-premises server.

Note: To build your code or deploy your software using Azure Pipelines, you need at least one agent.

If your on-premises environments do nothave connectivity to a Microsoft-hosted agent pool (which is typically the case due to intermediate firewalls), you'll need to manually configure a self-hosted agent on on-premises computer(s).

npm-cache is a command line utility that caches dependencies installed via npm, bower, jspm and composer.

It is useful for build processes that run [npm|bower|composer|jspm] install every time as part of their buildprocess. Since dependencies don't change often, this often means slower build times. npm-cache helps alleviate this problem by caching previously installed dependencies on the build machine.

The following diagram displays the entire app re-signing flow in App Center.

You should use the Pester test framework to perform a unit test and an integration test of the configuration before Project1 is deployed. The Pester test framework is a PowerShell testing framework that can be used tovalidate PowerShell DSC configurations.

Slack is a popular team collaboration service that helps teams be more productive by keeping all communications in one place and easilysearchable from virtually anywhere. All your messages, your files, and everything from Twitter, Dropbox, Google Docs, Azure DevOps, and more all together. Slack also has fully native apps for iOS and Android to give you the full functionality of Slack wherever you go.

Integrated with Azure DevOps

This integration keeps your team informed of activity happening in its Azure DevOps projects. With this integration, code check-ins, pull requests, work item updates, and build events show up directly in your team's Slack channel.

Note: Microsoft Teams would also be a correct answer, but it is not an option here.

Azure Pipelines offers two kinds of templates: includes and extends. Included templates behavelike #include in C++: it's as if you paste the template's code right into the outer file, which references it. To continue the C++ metaphor, extends templates are more like inheritance: the template provides the outer structure of the pipeline and a set of places where the template consumer can make targeted alterations.

Example:

extends:

template: template.yml@templates

parameters:

usersteps:

- script: echo This is my first step

- script: echo This is my second step

You can use the Docker task to sign into ACR and then use a subsequent script to pull an image and scan the container image for vulnerabilities.

Use the docker task in a build or release pipeline. This task can be usedwith Docker or Azure Container registry.

WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.

Azure DevOps integration with WhiteSourceBolt will enable you to:

Detect and remedy vulnerable open source components.

Generate comprehensive open source inventory reports per project or build.

Enforce open source license compliance, including dependencies’ licenses.

Identify outdated open source libraries with recommendations to update.

Box 1: every five minutes at a random location

Test frequency: Sets how often the test is run from each test location. With a default frequency of five minutes and five test locations, your site is tested on average every minute.

Box 2:

Parse dependent requests: Test requests images, scripts, style files, and other files that are part of the web page under test. The recorded response time includes the time taken to get these files. The test fails if any of these resources cannot be successfully downloaded within the timeout for the whole test.

A screenshot of a computer AI-generated content may be incorrect.

Box 1: Progressive exposure

Continuous Delivery may sequence multiple deployment “rings” for progressive exposure (also known as “controlling the blast radius”). Progressive exposure groups users who get to try new releases tomonitor their experience in “rings.” The first deployment ring is often a “canary” used to test new versions in production before a broader rollout. CD automates deployment from one ring to the next and may optionally depend on an approval step, in whicha decision maker signs off on the changes electronically. CD may create an auditable record of the approval in order to satisfy regulatory procedures or other control objectives.

Box 2: Feature flags

Feature flags support a customer-first DevOps mindset, to enable (expose) and disable (hide) features in a solution, even before they are complete and ready for release.

Box 3: Blue/green

Blue/green deployments which means that instead of replacing the previous version (here we refer to this version as blue), we bring up the new version (here referred to as the green version) next to the existing version, but not expose it to the actual users right away. On the condition of having successfully validated that the green version works correctly, we will promote this version to the public version by changing the routing configuration without downtime. If something is wrong with the green version we can revert back without users every noticing interruptions.

System-assigned managed identities enable Azure resources to authenticate to cloud services without storing credentials in code. They also support granting privileges to the identity, making them the ideal choice for this scenario.Source: Microsoft

Box 1: percentile_duration_95

Box 2:resultCode

Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly. These tokens have an expiration date from when they're created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don't already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.

An analytics feature in a monitoring solution would allow you to parse logs from multiple sources and analyzethem to identify the root cause of issues in your Azure pipelines. This feature would typically provide tools for searching, filtering, and visualizing log data, as well as for identifying patterns and anomalies. With analytics, you can also create customdashboards and alerts to monitor your pipelines and quickly identify and troubleshoot any issues.

You can use webhooks to route an Azure alert notification to other systems for post-processing or custom actions. You can use a webhook on an alert to route it to services that send SMS messages, to log bugs, to notify a team via chat or messaging services, or for various other actions.

A close-up of a white background AI-generated content may be incorrect.