Created by: Bojan Bogdanovic April, 2023

EXAM AZ-400: Microsoft Azure DevOps

Solutions (Q&A)
Topic I
1. You are configuring project metrics for dashboards in Azure DevOps. You need to configure
a chart widget that measures the elapsed time to complete work items once they become
active. Which of the following is the widget you should use?
A. Cumulative Flow Diagram
B. Burnup
C. Cycle time
D. Burndown

NOTE: Cumulative Flow Diagram shows the number of work items in different states over
time and can be used to monitor progress and identify bottlenecks, but it doesn't
specifically measure elapsed time. Burnup charts show the progress of completed work
items over time and can be used to measure progress towards a goal, but it doesn't
measure elapsed time once work items become active. Burndown charts show the
remaining work over time and can be used to measure progress towards completing a set
of work items, but it doesn't measure elapsed time once work items become active. Cycle
time specifically measures the elapsed time from when a work item becomes active to when
it is completed.
2. You need to consider the underlined segment to establish whether it is accurate. The Burnup
widget measures the elapsed time from creation of work items to their completion. Select
`No adjustment required` if the underlined segment is accurate. If the underlined segment is
inaccurate, select the accurate option.
A. No adjustment required.
B. Lead time
C. Test results trend
D. Burndown
3. You are making use of Azure DevOps manage build pipelines, and also deploy pipelines. The
development team is quite large, and is regularly added to. You have been informed that the
management of users and licenses must be automated when it can be. Which of the
following is a task that can't be automated?
A. Group membership changes
B. License assignment
C. Assigning entitlements
D. License procurement
4. You have been tasked with strengthening the security of your team's development process.
You need to suggest a security tool type for the Continuous Integration (CI) phase of the
development process. Which of the following is the option you would suggest?
A. Penetration testing
B. Static code analysis
C. Threat modeling
D. Dynamic code analysis
5. Your company is currently making use of Team Foundation Server 2013 (TFS 2013), but
intend to migrate to Azure DevOps. You have been tasked with supplying a migration
approach that allows for the preservation of Team Foundation Version Control changesets
dates, as well as the changes dates of work items revisions. The approach should also allow
for the migration of all TFS artifacts, while keeping migration effort to a minimum.You have
suggested upgrading TFS to the most recent RTW release. Which of the following should
also be suggested?
A. Installing the TFS kava SDK
B. Using the TFS Database Import Service to perform the upgrade
C. Upgrading PowerShell Core to the latest version.
D. Using the TFS Integration Platform to perform the upgrade.
6. You have an on-premises Bitbucket Server with a firewall configured to block inbound
Internet traffic. The server is used for Git-based source control. You intend to manage the
build and release processes using Azure DevOps. This plan requires you to integrate Azure
DevOps and Bitbucket. Which of the following will allow for this integration? Answer by
dragging the correct options from the list to the answer area.
7. You are currently developing a project for a client that will be managing work items via Azure
DevOps. You want to make sure that the work item process you use for the client allows for
requirements, change requests, risks, and reviews to be tracked. Which of the following is the
option you would choose?
A. Basic
B. Agile
C. Scrum
D. CMMI
8. [LinkedQuestion-1] You run the Register-AzureRmAutomationDscNode command in your
company's environment. You need to make sure that your company's test servers remain
correctly configured, regardless of configuration drift.
Solution: You set the -ConfigurationMode parameter to ApplyOnly.
Does the solution meet the goal?
A. Yes
B. No
9. [LinkedQuestion-1] You run the Register-AzureRmAutomationDscNode command in your
company's environment. You need to make sure that your company's test servers remain
correctly configured, regardless of configuration drift.
Solution: You set the -ConfigurationMode parameter to ApplyAndMonitor.
Does the solution meet the goal?
A. Yes
B. No
10. [LinkedQuestion-1] You run the Register-AzureRmAutomationDscNode command in your
company's environment. You need to make sure that your company's test servers remain
correctly configured, regardless of configuration drift.
Solution: You set the -ConfigurationMode parameter to ApplyAndAutocorrect.
Does the solution meet the goal?
A. Yes
 B. No
11. You need to consider the underlined segment to establish whether it is accurate. To compile
an Internet Information Services (IIS) web application that runs docker, you should use a
Default build agent pool. Select `No adjustment required` if the underlined segment is
accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. Hosted Windows Container
C. Hosted
D. Hosted macOS
12. Your company has an Azure DevOps environment that can only be accessed by Azure Active
Directory users. You are instructed to make sure that the Azure DevOps environment can
only be accessed from devices connected to the company's on-premises network. Which of
the following actions should you take?
A. Assign the devices to a security group.
B. Create a GPO.
C. Configure Security in Project Settings from Azure DevOps.
D. Configure conditional access in Azure Active Directory.
13. You are making use of Azure DevOps to configure Azure Pipelines for project, named PROJ-
01. You are preparing to use a version control system that allows for source code to be
stored on a managed Windows server located on the company network. Which of the
following is the version control system you should use?
A. Github Enterprise
B. Bitbucket cloud
C. Github Professional
D. Git in Azure Repos
14. You need to consider the underlined segment to establish whether it is accurate. When
moving to Azure DevOps, JIRA must be replaced with the build pipelines Azure DevOps
service. Select `No adjustment required` if the underlined segment is accurate. If the
underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. repos
C. release pipelines
D. boards
15. You scan a Node.js application using WhiteSource Bolt. The scan finds numerous libraries
with invalid licenses, but are only used during development. You have to make sure that only
production dependencies are scanned by WhiteSource Bolt. Which of the following is a
command you should run?
A. npm edit
B. npm publish
C. npm install
D. npm update
16. You are currently defining a release strategy for an app, named APP-01. The strategy should
allow you to keep the time it takes to deploy new releases of the app to a minimum. The
strategy should also allow you to roll back in the shortest time required. Which of the
following is the release strategy you should use?
A. Red/Black deployment
B. Rolling deployment
C. “Big Bang” deployment
D. Canary deployment
17. Your company hosts a web application in Azure, and makes use of Azure Pipelines for
managing the build and release of the application. When stakeholders report that system
performance has been adversely affected by the most recent releases, you configure alerts in
Azure Monitor. You are informed that new releases must satisfy specified performance
baseline conditions in the staging environment before they can be deployed to production.
You need to make sure that releases not satisfying the performance baseline are prevented
from being deployed. Which of the following actions should you take?
A. You should make use of a branch control check.
B. You should make use of an alert trigger.
C. You should make use of a gate.
D. You should make use of an approval check.
18. You need to consider the underlined segment to establish whether it is accurate. To deploy
an application to a number of Azure virtual machines, you should create a universal group.
Select `No adjustment required` if the underlined segment is accurate. If the underlined
segment is inaccurate, select the accurate option.
A. No adjustment required.
B. security
C. deployment
D. resource
19. You are preparing to deploy an Azure resource group via Terraform. To achieve your goal,
you have to install the necessary frameworks. Which of the following are the frameworks you
should use?
20. You intend to make use of Azure Artifacts to share packages that you wrote, tested,
validated, and deployed. You want to use a solitary feed to release several builds of each
package. You have to make sure that the release of packages that are in development is
restricted. Which of the following actions should you take?
A. You should make use of static code analysis.
B. You should make use of views.
C. You should make use of dynamic code analysis.
D. You should make use of upstream sources.
21. You need to consider the underlined segment to establish whether it is accurate. To find
when common open source libraries are added to the code base, you should add Jenkins to
the build pipeline. Select `No adjustment required` if the underlined segment is accurate. If
the underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. SourceGear Vault
C. WhiteSource
D. OWASP ZAP
22. Your company has an Azure DevOps project, which includes a build pipeline that makes use
of roughly fifty open source libraries. You have been tasked with making sure that you are
able to scan project for common security weaknesses in the open source libraries. Which of
the following actions should you take?
A. You should create a build task and use the WhiteSource Bolt service.
B. You should create a deployment task and use the WhiteSource Bolt service.
C. You should create a build task and use the Chef service.
D. You should create a deployment task and use the Chef service.

NOTE: WhiteSource integrates into your build process, irrespective of your programming
languages, build tools, or development environments. It works automatically, continuously,
and silently in the background, checking the security, licensing, and quality of your open
source components against WhiteSource constantly-updated definitive database of open
source repositories.
23. You need to consider the underlined segment to establish whether it is accurate. Black Duck
can be used to make sure that all the open source libraries conform to your company's
licensing criteria. Select `No adjustment required` if the underlined segment is accurate. If the
underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. Maven
C. Bamboo
D. CMAKE
NOTE: Black Duck helps organizations identify and mitigate open source security, license
compliance and code-quality risks across application and container portfolios. Black Duck
Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and
fix open source security vulnerabilities during the build process, so you can proactively
manage risk.

24. You have created an Azure DevOps project for a new application that will be deployed to a
number of Windows Server 2016 Azure virtual machines. You are preparing a deployment
solution that allows for the virtual machines to maintain a uniform configuration, and also
keep administrative effort with regards to configuring the virtual machines to a minimum.
Which of the following should be part of your solution? (Choose two.)
A. Azure Resource Manager templates
B. The PowerShell Desired State Configuration (DSC) extension for Windows
C. Azure pipeline deployment groups
D. The Custom Script Extension for Windows
E. Azure pipeline stage templates
25. Your company has an application that contains a number of Azure App Service web apps
and Azure functions. You would like to view recommendations with regards to the security of
the web apps and functions. You plan to navigate to Compute and Apps to achieve your
goal. Which of the following should you access to make use of Compute and Apps?
A. Azure Log Analytics
B. Azure Event Hubs
C. Azure Advisor
D. Azure Security Center/Microsoft Defender for Cloud
26. You need to consider the underlined segment to establish whether it is accurate.Your
company has a multi-tier application that has its front end hosted in Azure App Service. To
pinpoint the average load times of the application pages, you should make use of Azure
Event Hubs. Select `No adjustment required` if the underlined segment is accurate. If the
underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. Azure Application Insights
C. Azure Log Analytics
D. Azure Advisor
27. [LinkedQuestion-2] Your company makes use of Azure SQL Database Intelligent Insights and
Azure Application Insights for monitoring purposes. You have been tasked with analyzing the
monitoring using ad-hoc queries. You need to utilize the correct query language.
Solution: You use the Contextual Query Language (CQL).
Does the solution meet the goal?
A. Yes
B. No
28. [LinkedQuestion-2] Your company makes use of Azure SQL Database Intelligent Insights and
Azure Application Insights for monitoring purposes. You have been tasked with analyzing the
monitoring using ad-hoc queries. You need to utilize the correct query language.
Solution: You use the Transact SQL(T-SQL).
Does the solution meet the goal?
A. Yes
B. No
29. [LinkedQuestion-2] Your company makes use of Azure SQL Database Intelligent Insights and
Azure Application Insights for monitoring purposes. You have been tasked with analyzing the
monitoring using ad-hoc queries. You need to utilize the correct query language.
Solution: You use the Azure Log Analytics(KQL).
Does the solution meet the goal?
A. Yes
B. No
30. You have recently created a web application for your company. You have been tasked with
making sure that a summary of the exceptions that transpire in the application is
automatically sent to Microsoft Teams on a daily basis. Which of the following Azure services
should you use?
 31. You are in the process of building a mobile app aimed at Android and iOS devices. All work
items and release cycles are managed via Azure DevOps. You want to make sure that crash
reports for issue analysis is collected, and that beta releases are distributed to your testers.
Also, you want to ensure that user feedback on the functionality of new apps is received.
Which of the following must be part of your solution?
A. The Microsoft Test & Feedback extension.
B. OWASP ZAP
C. TFS Integration Platform
D. Code Style

Topic II
1. You need to recommend project metrics for dashboards in Azure DevOps. Which chart
widgets should you recommend for each metric?

2. You plan to create alerts that will be triggered based on the page load performance of a
home page. You have the Application Insights log query shown in the following exhibit.
3. You manage an Azure web app that supports an e-commerce website. You need to increase
the logging level when the web app exceeds normal usage patterns. The solution must
minimize administrative overhead. Which two resources should you include in the solution?
A. an Azure Automation runbook
B. an Azure Monitor alert that has a dynamic threshold
C. an Azure Monitor alert that has a static threshold
D. the Azure Monitor autoscale settings
E. an Azure Monitor alert that uses an action group that has an email action
4. You have an Azure Kubernetes Service (AKS) pod. You need to configure a probe to perform
the following actions:
✑ Confirm that the pod is responding to service requests.
✑ Check the status of the pod four times a minute.
✑ Initiate a shutdown if the pod is unresponsive.
How should you complete the YAML configuration file?
5. You have a Microsoft ASP.NET Core web app in Azure that is accessed worldwide. You need
to run a URL ping test once every five minutes and create an alert when the web app is
unavailable from specific Azure regions. The solution must minimize development time.
What should you do?
A. Create an Azure Monitor Availability metric and alert.
B. Create an Azure Application Insights availability test and alert.
C. Write an Azure function and deploy the function to the specific regions.
D. Create an Azure Service Health alert for the specific regions.
6. You have a multi-tier application. The front end of the application is hosted in Azure App
Service. You need to identify the average load times of the application pages.
What should you use?
A. Azure Application Insights
B. the activity log of the App Service
C. the diagnostics logs of the App Service
D. Azure Advisor
7. SIMULATION -

8. Your company uses ServiceNow for incident management. You develop an application that
runs on Azure. The company needs to generate a ticket in ServiceNow when the application
fails to authenticate. Which Azure Log Analytics solution should you use?
A. Application Insights Connector
B. Automation & Control
C. IT Service Management Connector (ITSM)
D. Insight & Analytics

9. Your company is building a new web application. You plan to collect feedback from pilot
users on the features being delivered. All the pilot users have a corporate computer that has
 Google Chrome and the Microsoft Test & Feedback extension installed. The pilot users will
test the application by using Chrome. You need to identify which access levels are required
to ensure that developers can request and gather feedback from the pilot users. The solution
must use the principle of least privilege. Which access levels in Azure DevOps should you
identify?
10. You use Azure SQL Database Intelligent Insights and Azure Application Insights for
monitoring. You need to write ad-hoc queries against the monitoring data.
Which query language should you use?
A. Kusto Query Language (KQL)
B. PL/pgSQL
C. PL/SQL
D. Transact-SQL
11. Your company creates a web application. You need to recommend a solution that
automatically sends to Microsoft Teams a daily summary of the exceptions that occur in the
application. Which two Azure services should you recommend?
A. Azure Logic Apps
B. Azure Pipelines
C. Microsoft Visual Studio App Center
D. Azure DevOps Project
E. Azure Application Insights
12. Your company wants to use Azure Application Insights to understand how user behaviors
affect an application. Which Application Insights tool should you use to analyze each
behavior?

13. Your company is building a mobile app that targets Android and iOS devices. Your team
uses Azure DevOps to manage all work items and release cycles. You need to recommend a
solution to perform the following tasks:
✑ Collect crash reports for issue analysis.
✑ Distribute beta releases to your testers.
✑ Get user feedback on the functionality of new apps.
What should you include in the recommendation?
A. the Microsoft Test & Feedback extension
B. Microsoft Visual Studio App Center integration
C. Azure Application Insights widgets
 D. Jenkins integration
14. You have an Azure DevOps project named Project1 and an Azure subscription named Sub1.
Sub1 contains an Azure virtual machine scale set named VMSS1. VMSS1 hosts a web
application named WebApp1. WebApp1 uses stateful sessions. The WebApp1 installation is
managed by using the Custom Script extension. The script resides in an Azure Storage
account named sa1. You plan to make a minor change to a UI element of WebApp1 and to
gather user feedback about the change. You need to implement limited user testing for the
new version of WebApp1 on VMSS1. Which three actions should you perform?
A. Modify the load balancer settings of VMSS1.
B. Redeploy VMSS1.
C. Upload a custom script file to sa1.
D. Modify the Custom Script extension settings of VMSS1.
E. Update the configuration of a virtual machine in VMSS1.
15. SIMULATION -
16. SIMULATION -
17. SIMULATION –

18. You have several Azure virtual machines that run Windows Server 2019. You need to identify
the distinct event IDs of each virtual machine as shown in the following table.

How should you complete the Azure Monitor query?

19. You have an Azure web app named Webapp1. You need to use an Azure Monitor query to
create a report that details the top 10 pages of Webapp1 that failed. How should you
complete the query?

20. You are monitoring the health and performance of an Azure web app by using Azure
Application Insights. You need to ensure that an alert is sent when the web app has a sudden
rise in performance issues and failures. What should you use?
A. custom events
B. Application Insights Profiler
C. usage analysis
D. Smart Detection
E. Continuous export

21. You have a project in Azure DevOps named Contoso App that contains pipelines in Azure
Pipelines for GitHub repositories. You need to ensure that developers receive Microsoft
Teams notifications when there are failures in a pipeline of Contoso App. What should you
run in Teams?
22. You have a private GitHub repository. You need to display the commit status of the
repository on Azure Boards. What should you do first?
A. Configure multi-factor authentication (MFA) for your GitHub account.
B. Add the Azure Pipelines app to the GitHub repository.
C. Add the Azure Boards app to the repository.
D. Create a GitHub action in GitHub.
23. You are integrating Azure Pipelines and Microsoft Teams. You install the Azure Pipelines app
in Microsoft Teams. You have an Azure DevOps organization named Contoso that contains a
project name Project1. You subscribe to Project1 in Microsoft Teams. You need to ensure
that you only receive events about failed builds in Microsoft Teams. What should you do
first?
A. From Microsoft Teams, run @azure pipelines subscribe
https://dev.azure.com/Contoso/Project1.
B. From Azure Pipelines, add a Publish Build Artifacts task to Project1.
C. From Microsoft Teams, run @azure pipelines subscriptions.
D. From Azure Pipelines, enable continuous integration for Project1.
24. You have an Azure DevOps organization named Contoso. You need to receive Microsoft
Teams notifications when work items are updated. What should you do?
A. From Azure DevOps, configure a service hook subscription
B. From Microsoft Teams, configure a connector
C. From the Microsoft Teams admin center, configure external access
D. From Microsoft Teams, add a channel
E. From Azure DevOps, install an extension

25. You create an alert rule in Azure Monitor as shown in the following exhibit.
 Which action will trigger an alert?
A. a failed attempt to delete the ASP-9bb7 resource
B. a change to a role assignment for the ASP-9bb7 resource
C. a successful attempt to delete the ASP-9bb7 resource
D. a failed attempt to scale up the ASP-9bb7 resource

26. You have a web app hosted on Azure App Service. The web app stores data in an Azure SQL
database. You need to generate an alert when there are 10,000 simultaneous connections to
the database. The solution must minimize development effort. Which option should you
select in the Diagnostics settings of the database?
A. Send to Log Analytics
B. Stream to an event hub
C. Archive to a storage account

27. You use Azure DevOps to manage the build and deployment of an app named App1. You
have a release pipeline that deploys a virtual machine named VM1. You plan to monitor the
release pipeline by using Azure Monitor. You need to create an alert to monitor the
performance of VM1. The alert must be triggered when the average CPU usage exceeds 70
percent for five minutes. The alert must calculate the average once every minute. How
should you configure the alert rule?
28. You have an Azure virtual machine that is monitored by using Azure Monitor. The virtual
machine has the Azure Log Analytics agent installed. You plan to deploy the Service Map
solution from the Azure Marketplace. What should you deploy to the virtual machine to
support the Service Map solution?
A. the Dependency agent
B. the Telegraf agent
C. the Windows Azure diagnostics extension (WAD)
D. the Azure monitor agent

29. You have a project in Azure DevOps that contains a Continuous Integration/Continuous
Deployment (CI/CD) pipeline. You need to enable detailed logging by defining a pipeline
variable. How should you configure the variable?
30. You build an iOS app. You receive crash reports from Crashlytics. You need to capture the
following data:
✑ Crash-free users
✑ Custom events
✑ Breadcrumbs
What should you do?
A. Configure the xcworkspace file in the project
B. Add the GoogleAnalytics pod to the app.
C. Configure the Crashlytics pod in the app.
D. Import the Firebase module to UIApplicationDelegate.
31. You have multiple teams that work on multiple projects in Azure DevOps. You need to plan
and manage the consumers and producers for each project. The solution must provide an
overview of all the projects. What should you do?
A. Add a Predecessor or Successor link to the feature or user story for the items of each
project.
B. Add a Parent or Child link to the feature or user story for the items of each project.
C. Install the Dependency Tracker extension and create dependencies for each project.
D. Create a custom query to show the consumers and producers and add a widget to a
dashboard.
32. You have a GitHub repository that contains the source code for an app named App1. You
need to create process documentation for App1. The solution must include a diagram that
displays the relationships between the phases of App1 as shown in the following exhibit.

How should you complete the markdown code?

33. You have an Azure web app named webapp1 that uses the .NET Core runtime stack. You
have an Azure Application Insights resource named AppInsights1 that collects telemetry data
generated by webapp1. You plan to deploy webapp1 by using an Azure DevOps pipeline.
You need to modify the sampling rate of the telemetry data processed by AppInsights1
without having to redeploy webapp1 after each modification. What should you do?

34. Your company has multiple microservices-based apps that use the following tracing libraries:
• OpenTelemetry
• OpenCensus
• OpenTracing
• Honeycomb
• Jaeger
The company purchases an Azure subscription and implements Application Insights in Azure
Monitor. You plan to centralize distributed tracing for the apps. You need to identify which
libraries can integrate directly with Application Insights. Which two libraries should you
identify?
A. Honeycomb
B. OpenTracing
C. Jaeger
D. OpenTelemtry
E. OpenCensus
35. You have an Azure web app named webapp1 that uses the .NET Core runtime stack. You
have an Azure Application Insights resource named AppInsights1. Webapp1 sends telemetry
data to AppInsights1. You need to ensure that webapp1 sends the telemetry data at a fixed
sampling rate. What should you do?
A. From the code repository of webapp1, modify the ApplicationInsights.config file.
B. From the code repository of webapp1, modify the Startup.cs file.
C. From AppInsights1, modify the Usage and estimated costs settings.
D. From AppInsights1, configure the Continuous export settings.
 36. You have an app named App1. You have a Log Analytics workspace named Workspace1 that
contains two tables named Events and Logs. App1 manages events in multiple locations and
writes logs to Workspace1. You need to query Workspace1 for all log entries related to Asia
that occurred during the last two days. In which order should you arrange the query
statements?

Topic III
1. You have an Azure subscription that contains multiple Azure services. You need to send an
SMS alert when scheduled maintenance is planned for the Azure services. Which two actions
should you perform?
A. Enable Azure Security Center.
B. Create and configure an Azure Monitor alert rule.
C. Create an Azure Service Health alert.
D. Create and configure an action group.
2. [LinkedQuestion-3] You have an Azure DevOps organization named Contoso and an Azure
subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that
is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1
is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure
that an email alert is generated whenever VMSS1 scales in or out.
Solution: From Azure Monitor, configure the autoscale settings.
Does this meet the goal?
A. Yes
B. No
3. You configure Azure Application Insights and the shared service plan tier for a web app. You
enable Smart Detection. You confirm that standard metrics are visible in the logs, but when
you test a failure, you do not receive a Smart Detection notification. What prevents the Smart
Detection notification from being sent?
A. You must enable the Snapshot Debugger for the web app.
B. Smart Detection uses the first 24 hours to establish the normal behavior of the web
app.
C. The web app is configured to use the shared service plan tier.
D. You must restart the web app before Smart Detection is enabled.
4. You are planning projects for three customers. Each customer's preferred process for work
items is shown in the following table.

The customers all plan to use Azure DevOps for work item management.
Which work item process should you use for each customer?

5. You configure an Azure Application Insights availability test. You need to notify the customer
services department at your company by email when availability is degraded. You create an
Azure logic app that will handle the email and follow up actions. Which type of trigger should
you use to invoke the logic app?
A. an HTTPWebhook trigger
B. an HTTP trigger
C. a Request trigger
D. an ApiConnection trigger
6. You have an Azure DevOps organization named Contoso and an Azure subscription. You
use Azure DevOps to build a containerized app named App1 and deploy App1 to an Azure
container instance named ACI1. You need to restart ACI1 when App1 stops responding.
What should you do?
A. Add a liveness probe to the YAML configuration of App1.
B. Add a readiness probe to the YAML configuration of App1.
C. Use Connection Monitor in Azure Network Watcher.
D. Use IP flow verify in Azure Network Watcher.
7. You have a multi-tier application that has an Azure Web Apps front end and an Azure SQL
Database back end. You need to recommend a solution to capture and store telemetry data.
The solution must meet the following requirements:
✑ Support using ad-hoc queries to identify baselines.
✑ Trigger alerts when metrics in the baseline are exceeded.
✑ Store application and database metrics in a central location.
What should you include in the recommendation?
A. Azure Event Hubs
B. Azure SQL Database Intelligent Insights
C. Azure Application Insights
D. Azure Log Analytics
8. You have an Azure DevOps organization named Contoso and an Azure subscription. The
subscription contains an Azure virtual machine scale set named VMSS1 that is configured for
autoscaling. You use Azure DevOps to build a web app named App1 and deploy App1 to
VMSS1. App1 is used heavily and has usage patterns that vary on a weekly basis. You need
to recommend a solution to detect an abnormal rise in the rate of failed requests to App1.
The solution must minimize administrative effort. What should you include in the
recommendation?
A. the Smart Detection feature in Azure Application Insights
B. the Failures feature in Azure Application Insights
C. an Azure Service Health alert
D. an Azure Monitor alert that uses an Azure Log Analytics query
9. SIMULATION –
10. You have an Azure subscription that contains resources in several resource groups. You need
to design a monitoring strategy that will provide a consolidated view. The solution must
support the following requirements:
✑ Support role-based access control (RBAC) by using Azure Active Directory (Azure AD)
identifies.
✑ Include visuals from Azure Monitor that are generated by using the Kusto query language.
✑ Support documentation written in markdown.
✑ Use the latest data available for each visual.
What should you use to create the consolidated view?
 A. Azure Monitor
B. Microsoft Power BI
C. Azure Data Explorer
D. Azure dashboards
11. You are automating the testing process for your company. You need to automate UI testing
of a web application. Which framework should you use?
A. JaCoco
B. Selenium
C. Xamarin.UITest
D. Microsoft.CodeAnalysis
12. You are building an ASP.NET Core application. You plan to create an application utilization
baseline by capturing telemetry data. You need to add code to the application to capture the
telemetry data. The solution must minimize the costs of storing the telemetry data. Which
two actions should you perform?
A. Add the <InitialSamplingPercentage>99</InitialSamplingPercentage> parameter to
the ApplicationInsights.config file.
B. From the code of the application, enable adaptive sampling.
C. From the code of the application, add Azure Application Insights telemetry.
D. Add the <MaxTelemetryItemsPerSecond>5</MaxTelemetryItemsPerSecond>
parameter to the ApplicationInsights.config file.
E. From the code of the application, disable adaptive sampling.
13. You have an Azure DevOps organization named Contoso and an Azure subscription. The
subscription contains an Azure virtual machine scale set named VMSS1 and an Azure
Standard Load Balancer named LB1. LB1 distributes incoming requests across VMSS1
instances. You use Azure DevOps to build a web app named App1 and deploy App1 to
VMSS1. App1 is accessible via HTTPS only and configured to require mutual authentication
by using a client certificate. You need to recommend a solution for implementing a health
check of App1. The solution must meet the following requirements:
✑ Identify whether individual instances of VMSS1 are eligible for an upgrade operation.
✑ Minimize administrative effort.
What should you include in the recommendation?
A. an Azure Load Balancer health probe
B. Azure Monitor autoscale
C. the Custom Script Extension
D. the Application Health extension
14. You have an application named App1 that has a custom domain of app.contoso.com. You
create a test in Azure Application Insights as shown in the following exhibit.
15. You have a build pipeline in Azure Pipelines that occasionally fails. You discover that a test
measuring the response time of an API endpoint causes the failures. You need to prevent the
build pipeline from failing due to the test. Which two actions should you perform?
A. Set Flaky test detection to Off.
B. Clear Flaky tests included in test pass percentage.
C. Enable Test Impact Analysis (TIA).
D. Manually mark the test as flaky.
E. Enable test slicing.
16. Your company hosts a web application in Azure. The company uses Azure Pipelines for the
build and release management of the application. Stakeholders report that the past few
releases have negatively affected system performance. You configure alerts in Azure Monitor.
You need to ensure that new releases are only deployed to production if the releases meet
defined performance baseline criteria in the staging environment first. What should you use
to prevent the deployment of releases that fall to meet the performance baseline?
A. an Azure Scheduler job
B. a trigger
C. a gate
D. an Azure function
17. [LinkedQuestion-4] You manage a project in Azure DevOps. You need to prevent the
configuration of the project from changing over time.
Solution: Perform a Subscription Health scan when packages are created.
Does this meet the goal?
A. Yes
B. No
18. [LinkedQuestion-4] You manage a project in Azure DevOps. You need to prevent the
configuration of the project from changing over time.
Solution: Add a code coverage step to the build pipelines.
Does this meet the goal?
A. Yes
B. No
19. [LinkedQuestion-4] You manage a project in Azure DevOps. You need to prevent the
configuration of the project from changing over time.
Solution: Implement Continuous Integration for the project.
Does this meet the goal?
A. Yes
B. No
20. [LinkedQuestion-4] You manage a project in Azure DevOps. You need to prevent the
configuration of the project from changing over time.
Solution: Implement Continuous Assurance for the project.
Does this meet the goal?
A. Yes
B. No
21. Your company uses the following resources:
✑ Windows Server 2019 container images hosted in an Azure Container Registry.
✑ Azure virtual machines that run the latest version of Ubuntu
✑ An Azure Log Analytics workspace
✑ Azure Active Directory (Azure AD)
✑ An Azure key vault
For which two resources can you receive vulnerability assessments in Azure Security Center?
A. the Azure Log Analytics workspace
B. the Azure key vault
C. the Azure virtual machines that run the latest version of Ubuntu
D. Azure Active Directory (Azure AD)
E. The Windows Server 2019 container images hosted in the Azure Container Registry.
22. You use Azure Pipelines to manage build pipelines, GitHub to store source code, and
Dependabot to manage dependencies. You have an app named App1. Dependabot detects
a dependency in App1 that requires an update. What should you do first to apply the
update?
A. Create a pull request.
B. Approve the pull request.
C. Create a branch.
D. Perform a commit.
23. You are designing a configuration management solution to support five apps hosted on
Azure App Service. Each app is available in the following three environments: development,
test, and production. You need to recommend a configuration management solution that
meets the following requirements:
✑ Supports feature flags
✑ Tracks configuration changes from the past 30 days
✑ Stores hierarchically structured configuration values
✑ Controls access to the configurations by using role-based access control (RBAC)
permissions
✑ Stores shared values as key/value pairs that can be used by all the apps
Which Azure service should you recommend as the configuration management solution?
A. Azure Cosmos DB
B. Azure App Service
C. Azure App Configuration
D. Azure Key Vault
24. You have a containerized solution that runs in Azure Container Instances. The solution
contains a frontend container named App1 and a backend container named DB1. DB1 loads
a large amount of data during startup. You need to verify that DB1 can handle incoming
requests before users can submit requests to App1.
What should you configure?
A. a liveness probe
B. a performance log
C. a readiness probe
D. an Azure Load Balancer health probe
25. You are designing a strategy to monitor the baseline metrics of Azure virtual machines that
run Windows Server. You need to collect detailed data about the processes running in the
guest operating system. Which two agents should you deploy?
A. the Telegraf agent
B. the Azure Log Analytics agent
C. the Azure Network Watcher Agent for Windows
D. the Dependency agent

26. You use Azure Pipelines to automate Continuous Integration/Continuous Deployment

(CI/CD) for an Azure web app named WebApp1. You configure an Azure Monitor alert that
is triggered when WebApp1 generates an error. You need to configure the alert to forward
details of the error to a third-party system. The solution must minimize administrative effort.
Which three actions should you perform in sequence?
27. [LinkedQuestion-3] You have an Azure DevOps organization named Contoso and an Azure
subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that
is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1
is used to build a web app named App1 and deploy App1 to VMSS1.
You need to ensure that an email alert is generated whenever VMSS1 scales in or out.
Solution: From Azure DevOps, configure the Notifications settings for Project1.
Does this meet the goal?
A. Yes
B. No
28. [LinkedQuestion-3] You have an Azure DevOps organization named Contoso and an Azure
subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that
is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1
is used to build a web app named App1 and deploy App1 to VMSS1.
You need to ensure that an email alert is generated whenever VMSS1 scales in or out.
Solution: From Azure DevOps, configure the Service hooks settings for Project1.
Does this meet the goal?
A. Yes
B. No
 29. [LinkedQuestion-3] You have an Azure DevOps organization named Contoso and an Azure
subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that
is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1
is used to build a web app named App1 and deploy App1 to VMSS1.
You need to ensure that an email alert is generated whenever VMSS1 scales in or out.
Solution: From Azure Monitor, create an action group.
Does this meet the goal?
A. Yes
B. No
30. You are using the Dependency Tracker extension in a project in Azure DevOps. You generate
a risk graph for the project. What should you use in the risk graph to identify the number of
dependencies and the risk level of the project?

Topic IV
1. You have an Azure subscription that contains the resources shown in the following table.

You plan to create a linked service in DF1. The linked service will connect to SQL1 by using
Microsoft SQL Server authentication. The password for the SQL Server login will be stored -
in KV1. You need to configure DF1 to retrieve the password when the data factory connects
to SQL1. The solution must use the principle of least privilege. How should you configure
DF1? To answer, select the appropriate options in the answer area.
2. You have several Azure Active Directory (Azure AD) accounts. You need to ensure that users
use multi-factor authentication (MFA) to access Azure apps from untrusted networks. What
should you configure in Azure AD?
A. access reviews
B. managed identities
C. entitlement management
D. conditional access
3. You plan to provision a self-hosted Linux agent. Which authentication mechanism should you
use to register the self-hosted agent?
A. personal access token (PAT)
B. SSH key
C. Alternate credentials
D. certificate
4. You are building a Microsoft ASP.NET application that requires authentication. You need to
authenticate users by using Azure Active Directory (Azure AD). What should you do first?
A. Assign an enterprise application to users and groups
B. Create an app registration in Azure AD
C. Configure the application to use a SAML endpoint
D. Create a new OAuth token from the application
E. Create a membership database in an Azure SQL database
5. You have an Azure DevOps organization named Contoso.
You need to recommend an authentication mechanism that meets the following
requirements:
✑ Supports authentication from Git
✑ Minimizes the need to provide credentials during authentication
What should you recommend?
A. personal access tokens (PATs) in Azure DevOps
B. Alternate credentials in Azure DevOps
C. user accounts in Azure Active Directory (Azure AD)
D. managed identities in Azure Active Directory (Azure AD)
6. You have an application that consists of several Azure App Service web apps and Azure
functions. You need to assess the security of the web apps and the functions. Which Azure
feature can you use to provide a recommendation for the security of the application?
A. Security & Compliance in Azure Log Analytics
B. Resource health in Azure Service Health
C. Smart Detection in Azure Application Insights
D. Compute & apps in Azure Security Center
7. Your company has a project in Azure DevOps for a new web application. The company
identifies security as one of the highest priorities. You need to recommend a solution to
minimize the likelihood that infrastructure credentials will be leaked. What should you
recommend?
A. Add a Run Inline Azure PowerShell task to the pipeline.
B. Add a PowerShell task to the pipeline and run Set-AzureKeyVaultSecret.
C. Add an Azure Key Vault task to the pipeline.
D. Add Azure Key Vault references to Azure Resource Manger templates.
8. SIMULATION –
9. You create a Microsoft ASP.NET Core application. You plan to use Azure Key Vault to
provide secrets to the application as configuration data. You need to create a Key Vault
access policy to assign secret permissions to the application. The solution must use the
principle of least privilege. Which secret permissions should you use?
A. List only
B. Get only
C. Get and List
10. Your company has a project in Azure DevOps. You plan to create a release pipeline that will
deploy resources by using Azure Resource Manager templates. The templates will reference
secrets stored in Azure Key Vault. You need to recommend a solution for accessing the
secrets stored in the key vault during deployments. The solution must use the principle of
least privilege. What should you include in the recommendation?

11. You need to configure access to Azure DevOps agent pools to meet the following
requirements:
✑ Use a project agent pool when
authoring build or release pipelines.
✑ View the agent pool and agents of
the organization.
✑ Use the principle of least privilege.
Which role memberships are required
for the Azure DevOps organization
and the project?
12. You have a branch policy in a project in Azure DevOps. The policy requires that code always
builds successfully. You need to ensure that a specific user can always merge changes to the
master branch, even if the code fails to compile. The solution must use the principle of least
privilege. What should you do?
A. Add the user to the Build Administrators group.
B. Add the user to the Project Administrators group.
C. From the Security settings of the repository, modify the access control for the user.
D. From the Security settings of the branch, modify the access control for the user.
13. You have an Azure Resource Manager template that deploys a multi-tier application. You
need to prevent the user who performs the deployment from viewing the account
credentials and connection strings used by the application. What should you use?
A. Azure Key Vault
B. a Web.config file
C. an Appsettings.json file
D. an Azure Storage table
E. an Azure Resource Manager parameter file
14. SIMULATION –
15. SIMULATION –
16. Your company has an Azure subscription named Subscription1. Subscription1 is associated
to an Azure Active Directory tenant named contoso.com. You need to provision an Azure
Kubernetes Services (AKS) cluster in Subscription1 and set the permissions for the cluster by
using RBAC roles that reference the identities in contoso.com. Which three objects should
you create in sequence?

17. You manage build and release pipelines by using Azure DevOps. Your entire managed
environment resides in Azure. You need to configure a service endpoint for accessing Azure
Key Vault secrets. The solution must meet the following requirements:
✑ Ensure that the secrets are retrieved by Azure DevOps.
✑ Avoid persisting credentials and tokens in Azure DevOps.
How should you configure the service endpoint?
18. You are deploying a server application that will run on a Server Core installation of Windows
Server 2019. You create an Azure key vault and a secret. You need to use the key vault to
secure API secrets for third-party integrations. Which three actions should you perform?
A. Configure RBAC for the key vault.
B. Modify the application to access the key vault.
C. Configure a Key Vault access policy.
D. Deploy an Azure Desired State Configuration (DSC) extension.
E. Deploy a virtual machine that uses a system-assigned managed identity.
19. Your company is creating a suite of three mobile applications. You need to control access to
the application builds. The solution must be managed at the organization level. What should
you use?

20. You have an Azure DevOps organization named Contoso that contains a project named
Project1. You provision an Azure key vault named Keyvault1. You need to reference
Keyvault1 secrets in a build pipeline of Project1. What should you do first?
A. Add a secure file to Project1.
B. Create an XAML build service.
C. Create a variable group in Project1.
D. Configure the security policy of Contoso.
21. Your company uses Azure DevOps. Only users who have accounts in Azure Active Directory
can access the Azure DevOps environment. You need to ensure that only devices that are
connected to the on-premises network can access the Azure DevOps environment. What
should you do?
A. Assign the Stakeholder access level to all users.
B. In Azure Active Directory, configure risky sign-ins.
C. In Azure DevOps, configure Security in Project Settings.
D. In Azure Active Directory, configure conditional access.
22. You have the following Azure policy.

You assign the policy to the Tenant root group. What is the effect of the policy?
A. prevents all HTTP traffic to existing Azure Storage accounts
B. ensures that all traffic to new Azure Storage accounts is encrypted
C. prevents HTTPS traffic to new Azure Storage accounts when the accounts are
accessed over the Internet
D. ensures that all data for new Azure Storage accounts is encrypted at rest
23. You have an Azure DevOps organization named Contoso, an Azure DevOps project named
Project1, an Azure subscription named Sub1, and an Azure key vault named vault1. You
need to ensure that you can reference the values of the secrets stored in vault1 in all the
pipelines of Project1. The solution must prevent the values from being stored in the pipelines.
What should you do?
A. Create a variable group in Project1.
B. Add a secure file to Project1.
C. Modify the security settings of the pipelines.
D. Configure the security policy of Contoso.
24. You use GitHub Enterprise Server as a source code repository. You create an Azure DevOps
organization named Contoso. In the Contoso organization, you create a project named
Project1. You need to link GitHub commits, pull requests, and issues to the work items of
Project1. The solution must use OAuth-based authentication. Which three actions should you
perform in sequence?
25. You are configuring an Azure DevOps deployment pipeline. The deployed application will
authenticate to a web service by using a secret stored in an Azure key vault. You need to use
the secret in the deployment pipeline. Which three actions should you perform in sequence?

26. You have a private project in Azure DevOps and two users named User1 and User2.
You need to add User1 and User2 to groups to meet the following requirements:
✑ User1 must be able to create a code wiki.
✑ User2 must be able to edit wiki pages.
✑ The solution must use the principle of least privilege.
To which group should you add each user?
27. You use WhiteSource Bolt to scan a Node.js application. The WhiteSource Bolt scan identifies
numerous libraries that have invalid licenses. The libraries are used only during development
and are not part of a production deployment. You need to ensure that WhiteSource Bolt
only scans production dependencies. Which two actions should you perform?
A. Run npm install and specify the --production flag.
B. Modify the WhiteSource Bolt policy and set the action for the licenses used by the
development tools to Reassign.
C. Modify the devDependencies section of the project's Package.json file.
D. Configure WhiteSource Bolt to scan the node_modules directory only.
28. [LinkedQuestion-5] You plan to update the Azure DevOps strategy of your company. You
need to identify the following issues as they occur during the company's development
process:
✑ Licensing violations
✑ Prohibited libraries
Solution: You implement continuous integration.
Does this meet the goal?
A. Yes
B. No
29. [LinkedQuestion-5] You plan to update the Azure DevOps strategy of your company. You
need to identify the following issues as they occur during the company's development
process:
✑ Licensing violations
✑ Prohibited libraries
Solution: You implement pre-deployment gates.
Does this meet the goal?
A. Yes
B. No
30. [LinkedQuestion-5] You plan to update the Azure DevOps strategy of your company. You
need to identify the following issues as they occur during the company's development
process:
✑ Licensing violations
✑ Prohibited libraries
Solution: You implement automated security testing.
Does this meet the goal?
A. Yes
B. No
31. [LinkedQuestion-5] You plan to update the Azure DevOps strategy of your company. You
need to identify the following issues as they occur during the company's development
process:
✑ Licensing violations
✑ Prohibited libraries
Solution: You implement continuous deployment.
Does this meet the goal?
A. Yes
B. No
32. SIMULATION -
33. Your company has an Azure subscription. The company requires that all resource groups in
the subscription have a tag named organization set to a value of Contoso. You need to
implement a policy to meet the tagging requirement. How should you complete the policy?

34. You need to configure GitHub to use Azure Active Directory (Azure AD) for authentication.
What should you do first?
A. Create a conditional access policy in Azure AD.
B. Register GitHub in Azure AD.
C. Create an Azure Active Directory B2C (Azure AD B2C) tenant.
D. Modify the Security settings of the GitHub organization.
35. You have an Azure DevOps project named Project1 and an Azure subscription named Sub1.
You need to prevent releases from being deployed unless the releases comply with the
Azure Policy rules assigned to Sub1. What should you do in the release pipeline of Project1?
A. Add a deployment gate.
B. Modify the Deployment queue settings.
C. Configure a deployment trigger.
D. Create a pipeline variable.
36. You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled. You plan
to use Azure Container Instances as a hosted development environment to run containers in
the AKS implementation. You need to configure Azure Container Instances as a hosted
environment for running the containers in AKS. Which three actions should you perform in
sequence?

37. You have an Azure DevOps project that contains a build pipeline. The build pipeline uses
approximately 50 open source libraries. You need to ensure that all the open source libraries
comply with your company's licensing standards. Which service should you use?
A. Ansible
B. Maven
C. WhiteSource Bolt
D. Helm
38. You are designing the security validation strategy for a project in Azure DevOps. You need to
identify package dependencies that have known security issues and can be resolved by an
update. What should you use?
A. Octopus Deploy
B. Jenkins
C. Gradle
D. SonarQube
39. You administer an Azure DevOps project that includes package feeds. You need to ensure
that developers can unlist and deprecate packages. The solution must use the principle of
least privilege. Which access level should you grant to the developers?
A. Collaborator
B. Contributor
C. Owner
40. You have a project in Azure DevOps that has three teams as shown in the Teams exhibit.
(Click the Teams tab.)

You create a new dashboard named Dash1. You configure the dashboard permissions for the
Contoso project as shown in the Permissions exhibit. (Click the Permissions tab.)
41. Your company is concerned that when developers introduce open source libraries, it creates
licensing compliance issues. You need to add an automated process to the build pipeline to
detect when common open source libraries are added to the code base. What should you
use?
A. Microsoft Visual SourceSafe
B. Code Style
C. Black Duck
D. Jenkins
42. You are implementing a package management solution for a Node.js application by using
Azure Artifacts. You need to configure the development environment to connect to the
package repository. The solution must minimize the likelihood that credentials will be leaked.
Which file should you use to configure each connection?

43. You have an Azure DevOps project that contains a build pipeline. The build pipeline uses
approximately 50 open source libraries. You need to ensure that the project can be scanned
for known security vulnerabilities in the open source libraries. What should you do?

44. You have an Azure DevOps project that contains a build pipeline. The build pipeline uses
approximately 50 open source libraries. You need to ensure that all the open source libraries
comply with your company's licensing standards. Which service should you use?
A. NuGet
B. Maven
C. Black Duck
D. Helm
45. You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images
hosted in a Docker Trusted Registry. You need to recommend a solution for provisioning and
connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom
service principal. Which three commands should you recommend be run in sequence?

46. Your company develops an app for iOS. All users of the app have devices that are members
of a private distribution group in Microsoft Visual Studio App Center. You plan to distribute a
new release of the app. You need to identify which certificate file you require to distribute the
new release from App Center. Which file type should you upload to App Center?
A. .cer
B. .pfx
C. .p12
D. .pvk
47. SIMULATION -
48. You have a project in Azure DevOps named Project1 that contains two Azure DevOps
pipelines named Pipeline1 and Pipeline2. You need to ensure that Pipeline1 can deploy code
successfully to an Azure web app named webapp1. The solution must ensure that Pipeline2
does not have permission to webapp1. Which three actions should you perform in
sequence?
49. You need to increase the security of your team's development process. Which type of
security tool should you recommend for each stage of the development process?

50. Your company is concerned that when developers introduce open source libraries, it creates
licensing compliance issues. You need to add an automated process to the build pipeline to
detect when common open source libraries are added to the code base. What should you
use?
A. OWASP ZAP
B. Jenkins
C. Code Style
D. WhiteSource Bolt
51. You plan to use a NuGet package in a project in Azure DevOps. The NuGet package is in a
feed that requires authentication. You need to ensure that the project can restore the NuGet
package automatically. What should the project use to automate the authentication?
A. an Azure Automation account
B. an Azure Artifacts Credential Provider
C. an Azure Active Directory (Azure AD) account that has multi-factor authentication
(MFA) enabled
D. an Azure Active Directory (Azure AD) service principal
52. You use Azure Pipelines to manage project builds and deployments. You plan to use Azure
Pipelines for Microsoft Teams to notify the legal team when a new build is ready for release.
 You need to configure the Organization Settings in Azure DevOps to support Azure Pipelines
for Microsoft Teams. What should you turn on?
A. Third-party application access via OAuth
B. Azure Active Directory Conditional Access Policy Validation
C. Alternate authentication credentials
D. SSH authentication
53. You have an existing project in Azure DevOps. You plan to integrate GitHub as the repository
for the project. You need to ensure that Azure Pipelines runs under the Azure Pipelines
identity. Which authentication mechanism should you use?
A. personal access token (PAT)
B. GitHub App
C. Azure Active Directory (Azure AD)
D. OAuth

54. You have an Azure subscription that uses Azure Monitor and contains a Log Analytics
workspace. You have an encryption key. You need to configure Azure Monitor to use the key
to encrypt log data. Which five actions should you perform in sequence?

55. You have an Azure Key Vault that contains an encryption key named key1. You plan to
create a Log Analytics workspace that will store logging data. You need to encrypt the
workspace by using key1. Which four actions should you perform in sequence?

56. You use release pipelines in Azure Pipelines to deploy an app. Secrets required be the
pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure
Pipelines agent. You need to prevent the values of the secrets from being logged. What
should you do?
 A. Store the secrets in the environment variables instead of the pipeline variables.
B. Pass the secrets on the command line instead of in the pipeline variables.
C. Apply a prefix of secret to the name of the variables.
D. Echo the values of the secrets to the command line.
57. You need to deploy a new project in Azure DevOps that has the following requirements:
* The lead developer must be able to create repositories, manage permissions, manage
policies, and contribute to the repository.
* Developers must be able to contribute to the repository and create branches, but NOT
bypass policies when pushing builds.
* Project managers must only be able to view the repository.
* The principle of least privilege must be used.
You create a new Azure DevOps project team for each role. To which Azure DevOps groups
should you add each team?

58. You have an Azure subscription that contains a project in Azure DevOps named Project1.
You have three Azure Active Directory (Azure AD) users that require access to Project1 as
shown in the following table.

You need to ensure that the users have the appropriate permissions. The solution must use
the principle of least privilege. To which permission group in Azure DevOps should you add
each user?
59. You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.
A security review indicates that too many users have privileged access to resources. You
need to deploy a privileged access management solution that meets the following
requirements:
• Enforces time limits on the use of privileged access
• Requires approval to activate privileged access
• Minimizes costs
What should you do first?
A. Configure notifications when privileged roles are activated.
B. Configure alerts for the activation of privileged roles.
C. Enforce Azure Multi-Factor Authentication (MFA) for role activation.
D. Upgrade the license of the Azure Active Directory (Azure AD) tenant.

60. You plan to create a GitHub workflow that will use GitHub Actions. The actions will require a
256-KB secret. You need to recommend a solution to store and encrypt the secret. The
secret value must be accessible only to the workflow. The solution must minimize
administrative effort. What should you recommend?
A. Store the secret in the organization-level GitHub secrets.
B. Store the secret in the repository-level GitHub secrets.
C. Encrypt the secret value and store the value in the repository. Store the decryption
key in the repository-level GitHub secrets.
D. Encrypt the secret value and store the value in the repository. Store the decryption
key in the organization-level GitHub secrets.
61. You have a GitHub Enterprise account. You need to enable push protection for secret
scanning of the account repositories. What should you do first?
A. Purchase a GitHub Advanced Security license.
B. Purchase Premium Plus support.
C. Enforce multi-factor authentication (MFA).
D. Create an access policy for secrets.
62. Your company has a project in Azure DevOps named Project1. All the developers at the
company have Windows 10 devices. You need to create a Git repository for Project1. The
solution must meet the following requirements:
• Support large binary files.
 • Store binary files outside of the repository.
• Use a standard Git workflow to maintain the metadata of the binary files by using
commits to the repository.
Which three actions should you perform in sequence on each developer’s device?

Topic V
1. You are designing the development process for your company. You need to recommend a
solution for continuous inspection of the company's code base to locate common code
patterns that are known to be problematic. What should you include in the
recommendation?
A. Microsoft Visual Studio test plans
B. Gradle wrapper scripts
C. SonarCloud analysis
D. the JavaScript task runner
2. [LinkedQuestion-6] The lead developer at your company reports that adding new application
features takes longer than expected due to a large accumulated technical debt. You need to
recommend changes to reduce the accumulated technical debt.
Solution: You recommend reducing the code coupling and the dependency cycles?
Does this meet the goal?
A. Yes
B. No
3. Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-
based projects. You need to recommend a strategy for managing technical debt. Which two
actions should you include in the recommendation?
 A. Configure post-deployment approvals in the deployment pipeline.
B. Configure pre-deployment approvals in the deployment pipeline.
C. Integrate Azure DevOps and SonarQube.
D. Integrate Azure DevOps and Azure DevTest Labs.
4. Your company is building a new solution in Java. The company currently uses a SonarQube
server to analyze the code of .NET solutions. You need to analyze and monitor the code
quality of the Java solution. Which task types should you add to the build pipeline?
A. Gradle
B. CocoaPods
C. Grunt
D. Gulp
5. Your company uses GitHub for source control. GitHub repositories store source code and
store process documentation. The process documentation is saved as Microsoft Word
documents that contain simple flow charts stored as .bmp files. You need to optimize the
integration and versioning of the process documentation and the flow charts. The solution
must meet the following requirements:
✑ Store documents as plain text.
✑ Minimize the number of files that must be maintained.
✑ Simplify the modification, merging, and reuse of flow charts.

6. Your company is building a new solution in Java. The company currently uses a SonarQube
server to analyze the code of .NET solutions. You need to analyze and monitor the code
quality of the Java solution. Which task types should you add to the build pipeline?
A. Grunt
B. Octopus
C. Maven
D. Gulp
7. You are developing a full Microsoft .NET Framework solution that includes unit tests. You
need to configure SonarQube to perform a code quality validation of the C# code as part of
the build pipelines. Which four tasks should you perform in sequence?

8. Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-
based projects. You need to recommend a strategy for managing technical debt. Which
action should you include in the recommendation?
A. Configure post-deployment approvals in the deployment pipeline.
B. Integrate Azure DevOps and SonarQube.
C. Integrate Azure DevOps and Azure DevTest Labs.

9. You need to find and isolate shared code. The shared code will be maintained in a series of
packages. Which three actions should you perform in sequence?

10. You are creating a NuGet package. You plan to distribute the package to your development
team privately. You need to share the package and test that the package can be consumed.
Which four actions should you perform in sequence?
11. During a code review, you discover many quality issues. Many modules contain unused
variables and empty catch blocks. You need to recommend a solution to improve the quality
of the code. What should you recommend?
A. In a Grunt build task, select Enabled from Control Options.
B. In a Maven build task, select Run PMD.
C. In a Xcode build task, select Use xcpretty from Advanced.
D. In a Gradle build task, select Run Checkstyle.

12. Your development team is building a new web solution by using the Microsoft Visual Studio
integrated development environment (IDE). You need to make a custom package available to
all the developers. The package must be managed centrally, and the latest version must be
available for consumption in Visual Studio automatically. Which three actions should you
perform?
A. Publish the package to a feed.
B. Create a new feed in Azure Artifacts.
C. Upload a package to a Git repository.
D. Add the package URL to the Environment settings in Visual Studio.
E. Add the package URL to the NuGet Package Manager settings in Visual Studio.
F. Create a Git repository in Azure Repos.
13. You use GitHub for source control. A file that contains sensitive data is committed
accidentally to the Git repository of a project. You need to delete the file and its history form
the repository. Which two tools can you use?
A. the git filter-branch command
B. BFG Repo-Cleaner
 C. the git rebase command
D. GitHub Desktop
14. Your company uses GitHub for source control. The company has a team that performs code
reviews. You need to automate the assignment of the code reviews. The solution must meet
the following requirements:
✑ Prioritize the assignment of code reviews to team members who have the fewest
outstanding assignments.
✑ Ensure that each team member performs an equal number of code reviews in any 30-day
period.
✑ Prevent the assignment of code reviews to the team leader.
Which two actions should you perform?
A. Clear Never assign certain team members.
B. Select If assigning team members, don't notify the entire team.
C. Select Never assign certain team members.
D. Set Routing algorithm to Round robin.
E. Set Routing algorithm to Load balance.
15. You have a GitHub repository. You create a new repository in Azure DevOps. You need to
recommend a procedure to clone the repository from GitHub to Azure DevOps. What should
you recommend?
A. Create a pull request.
B. Create a webhook.
C. Create a service connection for GitHub.
D. From Import a Git repository, click Import.
E. Create a personal access token in Azure DevOps.

16. [LinkedQuestion-6] The lead developer at your company reports that adding new application
features takes longer than expected due to a large accumulated technical debt. You need to
recommend changes to reduce the accumulated technical debt.
Solution: You recommend increasing the test coverage.
Does this meet the goal?
A. Yes
B. No
17. [LinkedQuestion-6] The lead developer at your company reports that adding new application
features takes longer than expected due to a large accumulated technical debt. You need to
recommend changes to reduce the accumulated technical debt.
Solution: You recommend reducing the code complexity.
Does this meet the goal?
A. Yes
B. No
18. [LinkedQuestion-6] The lead developer at your company reports that adding new application
features takes longer than expected due to a large accumulated technical debt. You need to
recommend changes to reduce the accumulated technical debt.
Solution: You recommend increasing the code duplication.
Does this meet the goal?
A. Yes
B. No
19. During a code review, you discover quality issues in a Java application. You need to
recommend a solution to detect quality issues including unused variables and empty catch
blocks. What should you recommend?
A. In a Maven build task, select Run PMD.
B. In an Xcode build task, select Use xcpretty from Advanced.
C. In a Gulp build task, specify a custom condition expression.
D. In a Grunt build task, select Enabled from Control Options.
20. You use Azure Artifacts to host NuGet packages that you create. You need to make one of
the packages available to anonymous users outside your organization. The solution must
minimize the number of publication points. What should you do?
A. Change the feed URL of the package
B. Create a new feed for the package
C. Promote the package to a release view.
D. Publish the package to a public NuGet repository.

21. You use GitHub for source control and project-related discussions. You receive a notification
when an entry is made to any team discussion. You need to ensure that you receive email
notifications only for discussions in which you commented or in which you are mentioned.
Which two Notifications settings should you clear?
A. Automatically watch teams
B. Participating
C. Automatically watch repositories
D. Watching
22. You have an Azure Automation account that contains a runbook. The runbook is used to
configure the application infrastructure of an Azure subscription. You have a project in Azure
DevOps named Project1. Project1 contains a repository that stores code for the runbook.
You need to ensure that every committed change to the code will update automatically and
publish the runbook to Azure Automation. What should you configure?
A. the Service hooks settings for Project1
B. the Connections settings for the Automation account
 C. the Source control settings for the Automation account
D. the Service connections settings for Project1
23. You use Git for source control. You enable GitHub code scanning. You raise a pull request
from a non-default branch. In the code scanning output, you receive the following error
message: “Analysis not found.” You need to ensure that the code scanning completes
successfully for the pull request. Which two actions should you perform?
A. Add the name of the default branch to the on: push specification in the code
scanning workflow.
B. Add the name of the non-default branch to the on:push specification in the code
scanning workflow.
C. Delete the pull request, and then raise the request again from the default branch.
D. Update the code in the pull request.
E. Add a new workflow for code scanning.
24. You have a GitHub repository named repo1 that
stores the code of an app named App1. You need
deploy a workflow for repo1 by using GitHub
Actions. The solution must meet the following
requirements:
• Scan on pushes to the main branch.
• Scan on pull requests to the main branch.
• Scan on pull requests to any branch that
has a prefix of releases/.
• Scan all the files in the subdirectories of
the src directory.
• Exclude scanning of markdown files.
How should you complete the code?

25. You have a GitHub repository that contains multiple versions of an Azure Pipelines template.
You plan to deploy multiple pipelines that will use a template stored in the repository. You
need to ensure that you use a fixed version of the template. What should you use to
reference which version of the template repository to use?
A. the serial
B. the SHA-based hashes
C. the runner
D. the branch
26. You have the repositories shown in the following table.
 You need to migrate the contents of the GitHub repository to the Azure Repos repository.
The solution must ensure that the Azure Repos repository only contains branches and history
from the GitHub repository. Which three commands should you run in sequence?

27. You have a GitHub repository that contains the code for an app named App1. App1
depends on a library of functions from a repository at https://github.com/contoso/afeed. You
need to keep a clone of the feed repository as a subdirectory of the App1 repository. How
should you complete the Git command?

28. You use Git for source control. You need to optimize the performance of a repository. The
solution must meet the following requirements:
• Permanently remove all items referenced only in the reflog.
• Remove history that is NOT in any current branch.
How should you complete the command?
29. You have an Azure Repos Git repository named repo1. You need to ensure that you can
authenticate to repo1 by using SSH. Which four actions should you perform in sequence?

30. You use Git for source control. You delete a file, commit the changes, and continue to work.
You need to recover the deleted file. Which three commands should you run in sequence?
 31. You use Git for source control. You have an app named App1. In the main branch, you need
to restore the third most recent revision of a file named App.exe.config. How should you
complete the command?

32. You company uses a Git source-code repository. You plan to implement GitFlow as a
workflow strategy. You need to identify which branch types are used for production code
and preproduction code in the strategy. Which branch type should you identify for each
code type?

Topic VI
1. Your company has 60 developers who are assigned to four teams. Each team has 15
members. The company uses an agile development methodology. You need to structure the
work of the development teams so that each team owns their respective work while working
together to reach a common goal. Which parts of the taxonomy should you enable the team
to perform autonomously?
A. Features and Tasks
B. Initiatives and Epics
C. Epics and Features
D. Stories and Tasks
2. Your company creates a new Azure DevOps team. You plan to use Azure DevOps for sprint
planning. You need to visualize the flow of your work by using an agile methodology. Which
Azure DevOps component should you use?

A. Kanban boards

B. sprint planning

C. delivery plans

D. portfolio backlogs

3. Your company implements an Agile development methodology. You plan to implement

retrospectives at the end of each sprint. Which three questions should you include?

A. Who performed well?

B. Who should have performed better?

C. What could have gone better?

D. What went well?

E. What should we try next?

4. Your team uses an agile development approach. You need to recommend a branching
strategy for the team's Git repository. The strategy must meet the following requirements.

✑ Provide the ability to work on multiple independent tasks in parallel.

✑ Ensure that checked-in code remains in a releasable state always.

✑ Ensure that new features can be abandoned at any time.

✑ Encourage experimentation.

What should you recommend?

A. a single long-running branch without forking

B. multiple long-running branches

C. a single fork per team member

D. a single long-running branch with multiple short-lived feature branches

5. You have a project in Azure DevOps that has a release pipeline. You need to integrate work
item tracking and an Agile project management system to meet the following requirements:

✑ Ensure that developers can track whether their commits are deployed to production.

✑ Report the deployment status.

✑ Minimize integration effort.

Which system should you use?

A. Asana

B. Basecamp

C. Trello

D. Jira

6. You plan to onboard 10 new developers. You need to recommend a development

environment that meets the following requirements:

✑ Integrates with GitHub

✑ Provides integrated debugging tools

✑ Supports remote workers and hot-desking environments

✑ Supports developers who use browsers, tablets, and Chromebooks

What should you recommend?

A. VS Code

B. Xamarin Studio

C. MonoDevelop

D. Github Codespaces

7. [LinkedQuestion-7] You integrate a cloud-hosted Jenkins server and a new Azure DevOps
deployment. You need Azure DevOps to send a notification to Jenkins when a developer
commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the build completed event.
Does this meet the goal?

A. Yes

B. No
8. [LinkedQuestion-7] You integrate a cloud-hosted Jenkins server and a new Azure DevOps
deployment. You need Azure DevOps to send a notification to Jenkins when a developer
commits changes to a branch in Azure Repos.
Solution: You create an email subscription to an Azure DevOps notification.
Does this meet the goal?

A. Yes

B. No

9. [LinkedQuestion-7] You integrate a cloud-hosted Jenkins server and a new Azure DevOps
deployment. You need Azure DevOps to send a notification to Jenkins when a developer
commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the code push event.
Does this meet the goal?

A. Yes

B. No

10. [LinkedQuestion-7] You integrate a cloud-hosted Jenkins server and a new Azure DevOps
deployment. You need Azure DevOps to send a notification to Jenkins when a developer
commits changes to a branch in Azure Repos.
Solution: You add a trigger to the build pipeline.
Does this meet the goal?

A. Yes

B. No

11. You plan to create in Azure DevOps. Multiple developers will work on the project. The
developers will work offline frequently and will require access to the full project history while they
are offline. Which version control solution should you use?

A. Team Foundation Version Control

B. Git

C. TortoiseSVN

D. Subversion
12. Your company has a project in Azure DevOps for a new application. The application will be
deployed to several Azure virtual machines that run Windows Server 2019. You need to
recommend a deployment strategy for the virtual machines. The strategy must meet the
following requirements:

✑ Ensure that the virtual machines maintain a consistent configuration.

✑ Minimize administrative effort to configure the virtual machines.

What should you include in the recommendation?

A. Azure Resource Manager templates and the PowerShell Desired State Configuration (DSC)
extension for Windows

B. Deployment YAML and Azure pipeline deployment groups

C. Azure Resource Manager templates and the Custom Script Extension for Windows

D. Deployment YAML and Azure pipeline stage templates

13. You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline. What should
you use?

A. Cobertura

B. Bullseye Coverage

C. MSTest

D. Coverlet

E. NUnit

F. Coverage.py

14. You have an Azure DevOps organization named Contoso and an Azure subscription. You
use Azure DevOps to build and deploy a web app named App1. Azure Monitor is configured to
generate an email notification in response to alerts generated whenever App1 generates a
server-side error. You need to receive notifications in Microsoft Teams whenever an Azure
Monitor alert is generated.

A. Create an Azure Monitor workbook.

B. Create an Azure logic app that has an HTTP request trigger.

C. Create an Azure logic app that has an Azure DevOps trigger.

D. Modify an action group in Azure Monitor.

 E. Modify the Diagnostics settings in Azure Monitor.

15. Your company uses Azure DevOps for Git source control. You have a project in Azure
DevOps named Contoso App that contains the following repositories:

✑ https://dev.azure.com/contoso/contoso-app/core-api

✑ https://dev.azure.com/contoso/contoso-app/core-spa

✑ https://dev.azure.com/contoso/contoso-app/core-db

You need to ensure that developers receive Slack notifications when there are pull requests
created for Contoso App. What should you run in Slack?

16. You have an Azure DevOps organization that contains a project named Project1. You need
to create a published wiki in Project1. What should you do first?

A. Modify the Storage settings of Project1.

B. In Project1, create an Azure DevOps pipeline.

C. In Project1, create an Azure DevOps repository.

D. Modify the Team configuration settings of Project1.

17. Your company plans to use an agile approach to software development. You need to
recommend an application to provide communication between members of the development
team who work in locations around the world. The applications must meet the following
requirements:

✑ Provide the ability to isolate the members of different project teams into separate
communication channels and to keep a history of the chats within those channels.

✑ Be available on Windows 10, Mac OS, iOS, and Android operating systems.

✑ Provide the ability to add external contractors and suppliers to projects.

✑ Integrate directly with Azure DevOps.

What should you recommend?

A. Microsoft Project

B. Bamboo

C. Microsoft Lync

D. Microsoft Teams

18. You are developing a multi-tier application. The application will use Azure App Service web
apps as the front end and an Azure SQL database as the back end. The application will use
Azure functions to write some data to Azure Storage. You need to send the Azure DevOps team
an email message when the front end fails to return a status code of 200. Which feature should
you use?

A. Service Map in Azure Log Analytics

B. availability tests in Azure Application Insights

C. Profiler in Azure Application Insights

D. Application Map in Azure Application Insights

19. You have a project in Azure DevOps named Project1. Project1 contains a published wiki. You
need to change the order of pages in the navigation pane of the published wiki in the Azure
DevOps portal. What should you do?

A. At the root of the wiki, create a file named .order that defines the page hierarchy.

B. At the root of the wiki, create a file named wiki.md that defines the page hierarchy.

C. Rename the pages in the navigation pane.

D. Drag and drop the pages in the navigation pane.

20. You have a GitHub organization named org1 and an Azure tenant named Tenant1. You
need to enable single sign-on (SSO) in Azure Active Directory (Azure AD) for the users in org1.
Which URIs should you use for the SAML configuration in Azure AD?
21. You are creating a container for an ASP.NET Core app. You need to create a Dockerfile file
to build the image. The solution must ensure that the size of the image is minimized. How
should you configure the file?

22. You are designing a YAML template for use with Azure Pipelines. The template will include
the outputfile parameter. Which two methods can you use to reference the parameter?

A. ${{parameters.outputfile}}

B. $(parameters['outputfile'])

C. $(parameters.outputfile)

D. $(parameters[outputfile])

E. ${{parameters['outputfile']}}

23. You have a pipeline named Pipeline1 in Azure Pipelines. You need to create a service
connection to enable Pipeline1 to download a public container image. Which type of service
connection should you create?

A. a Docker host

B. a Docker registry

C. Azure Service Fabric

 D. Azure Kubernetes Service (AKS)

24. You have a project in Azure DevOps named Project1 that contains a Kanban board named
Board1. You create a Microsoft Teams channel and add the Azure Boards app to the channel.
You need to ensure that users can create work items in Board1 from Microsoft Teams. Which
command should you run?

A. @azure boards subscriptions

B. @azure boards create

C. @azure boards sign in

D. @azure boards link

25. You manage a project by using Azure Board, and you manage the project code by using
Azure Repos. You have a bug work item that has an ID of 123. You need to set the work item
state to Resolved. What should you add to the commit message?

A. #123 completes

B. #123 Resolved

C. Completed #123

D. Fixes #123

26. You are designing a configuration management solution to support five apps hosted on
Azure App Service. Each app is available in the following three environments: development, test,
and production. You need to recommend a configuration management solution that meets the
following requirements:

✑ Supports feature flags

✑ Tracks configuration changes from the past 30 days

✑ Stores hierarchically structured configuration values

✑ Controls access to the configurations by using role-based access control (RBAC)

permissions

✑ Stores shared values as key/value pairs that can be used by all the apps

Which Azure service should you recommend as the configuration management solution?
 A. Azure Cosmos DB

B. Azure App Service

C. Azure App Configuration

D. Azure Key Vault

27. You use Exabeam Fusion SIEM and the Azure cloud platform. You need to integrate
Exabeam and Azure. The solution must use OAuth authentication. Which three actions should
you perform in sequence?

28. You use GitHub for source control and Azure Boards for project management. GitHub and
Azure Boards are integrated. You plan to create a pull request in GitHub. You need to
automatically link the request to an existing Azure Boards work item by using the text of AB#. To
which two elements can you add the text? Each correct answer presents a complete solution.

A. milestone

B. label

C. title

D. comment

E. description
Topic VII
1. You have an Azure Kubernetes Service (AKS) pod. You need to configure a probe to perform
the following actions:
✑ Confirm that the pod is responding to service requests.
✑ Check the status of the pod four times a minute.
✑ Initiate a shutdown if the pod is unresponsive.
How should you complete the YAML configuration file?

2. [LinkedQuestion-8] You need to recommend an integration strategy for the build process of
a Java application. The solution must meet the following requirements:
✑ The build must access an on-premises dependency management system.
✑ The build outputs must be stored as Server artifacts in Azure DevOps.
✑ The source code must be stored in a Git repository in Azure DevOps.
Solution: Configure the build pipeline to use a Microsoft-hosted agent pool running the
Windows Server 2019 with Visual Studio 2019 image. Include the Java Tool
 Installer task in the build pipeline.
Does this meet the goal?
A. Yes
B. No

3. You have an Azure solution that contains a build pipeline in Azure Pipelines. You experience
intermittent delays before the build pipeline starts. You need to reduce the time it takes to
start the build pipeline. What should you do?
A. Enable self-hosted build agents.
B. Create a new agent pool.
C. Split the build pipeline into multiple stages.
D. Purchase an additional parallel job.
4. [LinkedQuestion-8] You need to recommend an integration strategy for the build process of
a Java application. The solution must meet the following requirements:
✑ The build must access an on-premises dependency management system.
✑ The build outputs must be stored as Server artifacts in Azure DevOps.
✑ The source code must be stored in a Git repository in Azure DevOps.
Solution: Configure the build pipeline to use a Microsoft-hosted agent pool running a Linux
image. Include the Java Tool Installer task in the build pipeline.
Does this meet the goal?
A. Yes
B. No
5. You store source code in a Git repository in Azure Repos. You use a third-party continuous
integration (CI) tool to control builds. What will Azure DevOps use to authenticate with the
tool?
A. certificate authentication
B. a personal access token (PAT)
C. a Shared Access Signature (SAS) token
D. NTLM authentication
6. You are configuring Azure Pipelines for three projects in Azure DevOps as shown in the
following table.
 Which version control system should you recommend for each project?

7. [LinkedQuestion-8] You need to recommend an integration strategy for the build process of
a Java application. The solution must meet the following requirements:
✑ The build must access an on-premises dependency management system.
✑ The build outputs must be stored as Server artifacts in Azure DevOps.
✑ The source code must be stored in a Git repository in Azure DevOps.
Solution: Configure an Octopus Tentacle on an on-premises machine. Use the Package
Application task in the build pipeline.
Does this meet the goal?
A. Yes
B. No
8. [LinkedQuestion-8] You need to recommend an integration strategy for the build process of
a Java application. The solution must meet the following requirements:
✑ The build must access an on-premises dependency management system.
✑ The build outputs must be stored as Server artifacts in Azure DevOps.
✑ The source code must be stored in a Git repository in Azure DevOps.
Solution: Install and configure a self-hosted build agent on an on-premises machine.
Configure the build pipeline to use the Default agent pool. Include the Java
Tool Installer task in the build pipeline.
Does this meet the goal?
A. Yes
B. No
9. You need to create deployment files for an Azure Kubernetes Service (AKS) cluster. The
deployments must meet the provisioning storage requirements shown in the following table.

Which resource type should you use for each deployment?

DEPRICATED
Secret Store CSI Driver should be used

10. SIMULATION -
11. Your company uses a Git repository in Azure Repos to manage the source code of a web
application. The master branch is protected from direct updates. Developers work on new
features in the topic branches. Because of the high volume of requested features, it is difficult
to follow the history of the changes to the master branch. You need to enforce a pull request
merge strategy. The strategy must meet the following requirements:
✑ Consolidate commit histories.
✑ Merge the changes into a single commit.
Which merge strategy should you use in the branch policy?
A. squash merge
B. fast-forward merge
C. Git fetch
D. no-fast-forward merge
12. Your company uses cloud-hosted Jenkins for builds. You need to ensure that Jenkins can
retrieve source code from Azure Repos. Which three actions should you perform?
A. Create a webhook in Jenkins.
B. Add the Team Foundation Server (TFS) plug-in to Jenkins.
C. Add a personal access token to your Jenkins account.
D. Create a personal access token (PAT) in your Azure DevOps account.
E. Create a service hook in Azure DevOps.
13. Your company has four projects. The version control requirements for each project are
shown in the following table.

You plan to use Azure Repos for all the projects. Which version control system should you
use for each project?

14. You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline. What
should you use?
A. Bullseye Coverage
B. JUnit
C. JaCoCo
D. MSTest
15. You company uses Azure DevOps to deploy infrastructures to Azure. Pipelines are
developed by using YAML. You execute a pipeline and receive the results in the web portal
for Azure Pipelines as shown in the following exhibit.
 Use the drop-down menus to select the answer choice that completes each statement based
on the information presented in the graphic.

16. You are configuring Azure DevOps build pipelines. You plan to use hosted build agents.
Which build agent pool should you use to compile each application type?

17. You are automating the build process for a Java-based application by using Azure DevOps.
You need to add code coverage testing and publish the outcomes to the pipeline. What
should you use?
A. Cobertura
B. Bullseye Coverage
C. MSTest
 D. Coverlet
18. You have an existing build pipeline in Azure Pipelines. You need to use incremental builds
without purging the environment between pipeline executions. What should you use?
A. a self-hosted agent
B. Microsoft-hosted parallel jobs
C. a File Transform task

19. You are designing YAML-based Azure pipelines for the apps shown in the following table.

You need to configure the YAML strategy value for each

app. The solution must minimize app downtime. Which
value should you configure for each app?

20. You have a private project in Azure DevOps. You need to ensure that a project manager can
create custom work item queries to report on the project's progress. The solution must use
the principle of least privilege. To which security group should you add the project manager?
A. Reader
B. Project Collection Administrators
C. Project Administrators
D. Contributor
21. Your company has a project in Azure DevOps for a new application. The application will be
deployed to several Azure virtual machines that run Windows Server 2019. You need to
recommend a deployment strategy for the virtual machines. The strategy must meet the
following requirements:
✑ Ensure that the virtual machines maintain a consistent configuration.
✑ Minimize administrative effort to configure the virtual machines.
What should you include in the recommendation?
A. Azure Resource Manager templates and the PowerShell Desired State
Configuration (DSC) extension for Windows
B. Deployment YAML and Azure pipeline deployment groups
C. Azure Resource Manager templates and the Custom Script Extension for Windows
D. Deployment YAML and Azure pipeline stage templates
22. You have an Azure DevOps project that uses many package feeds. You need to simplify the
project by using a single feed that stores packages produced by your company and
packages consumed from remote feeds. The solution must support public feeds and
authenticated feeds. What should you enable in DevOps?
A. Universal Packages
B. upstream sources
C. views in Azure Artifacts
D. a symbol server

23. You plan to use Terraform to deploy an Azure resource group. You need to install the
required frameworks to support the planned deployment. Which two frameworks should you
install?
A. Vault
B. Terratest
C. Node.js
D. Yeoman
E. Tiller
24. SIMULATION -
25. You are creating a container for an ASP.NET Core app. You need to create a Dockerfile file to
build the image. The solution must ensure that the size of the image is minimized. How
should you configure the file?

26. You are configuring the settings of a new Git repository in Azure Repos. You need to ensure
that pull requests in a branch meet the following criteria before they are merged:
✑ Committed code must compile successfully.
✑ Pull requests must have a Quality Gate status of Passed in SonarCloud.
 Which policy type should you configure for each requirement?

27. You use a Git repository in Azure Repos to manage the source code of a web application.
Developers commit changes directly to the default branch. You need to implement a change
management procedure that meets the following requirements:
✑ The default branch must be protected, and new changes must be built in the
feature branches first.
✑ Changes must be reviewed and approved by at least one release manager before
each merge.
✑ Changes must be brought into the default branch by using pull requests.
What should you configure in Azure Repos?
A. branch policies of the default branch
B. Services in Project Settings
C. Deployment pools in Project Settings
D. branch security of the default branch

28. [LinkedQuestion-9] Your company uses Azure DevOps to manage the build and release
processes for applications. You use a Git repository for applications source control. You need to
implement a pull request strategy that reduces the history volume in the master branch.

Solution: You implement a pull request strategy that uses fast-forward merges.

Does this meet the goal?

A. Yes

B. No

29. [LinkedQuestion-9] Your company uses Azure DevOps to manage the build and release
processes for applications. You use a Git repository for applications source control. You need to
implement a pull request strategy that reduces the history volume in the master branch.

Solution: You implement a pull request strategy that uses squash merges.
Does this meet the goal?

A. Yes

B. No

30. [LinkedQuestion-9] Your company uses Azure DevOps to manage the build and release
processes for applications. You use a Git repository for applications source control. You need to
implement a pull request strategy that reduces the history volume in the master branch.

Solution: You implement a pull request strategy that uses explicit merge.

Does this meet the goal?

A. Yes

B. No

31. [LinkedQuestion-9] Your company uses Azure DevOps to manage the build and release
processes for applications. You use a Git repository for applications source control. You need to
implement a pull request strategy that reduces the history volume in the master branch.

Solution: You implement a pull request strategy that uses three-way merge.

Does this meet the goal?

A. Yes

B. No

32. You need to recommend a Docker container build strategy that meets the following
requirements:

✑ Minimizes image sizes

✑ Minimizes the security surface area of the final image

What should you include in the recommendation?

A. multi-stage builds

B. PowerShell Desired State Configuration (DSC)

C. Docker Swarm

D. single-stage builds

33. You plan to create an image that will contain a .NET Core application. You have a Dockerfile
file that contains the following code. (Line numbers are included for reference only.)
 You need to ensure that the image is as small as possible when the image is built.
Which line should you modify in the file?
A. 1
B. 3
C. 4
D. 7

34. [LinkedQuestion-10] Your company has a project in Azure DevOps for a new web
application. You need to ensure that when code is checked in, a build runs automatically.

Solution: From the Triggers tab of the build pipeline, you select Batch changes while a build is in
progress.

Does this meet the goal?

A. Yes

B. No

35. You need to deploy Azure Kubernetes Service (AKS) to host an application. The solution
must meet the following requirements:

✑ Containers must only be published internally.

✑ AKS clusters must be able to create and manage containers in Azure.

What should you use for each requirement?

37. You have 50 Node.js-based projects that you scan by using WhiteSource. Each project
includes Package.json, Package-lock.json, and Npm-shrinkwrap.json files. You need to
minimize the number of libraries reports by WhiteSource to only the libraries that you
explicitly reference. What should you do?
A. Configure the File System Agent plug-in.
B. Add a devDependencies section to Package-lock.json.
C. Configure the Artifactory plug-in.
D. Delete Package-lock.json.

38. Your company deploys applications in Docker containers. You want to detect known exploits
in the Docker images used to provision the Docker containers. You need to integrate image
scanning into the application lifecycle. The solution must expose the exploits as early as
possible during the application lifecycle. What should you configure?
A. a task executed in the continuous integration pipeline and a scheduled task that
analyzes the image registry
B. manual tasks performed during the planning phase and the deployment phase
C. a task executed in the continuous deployment pipeline and a scheduled task
against a running production container
D. a task executed in the continuous integration pipeline and a scheduled task that
analyzes the production container
39. Your company has a hybrid cloud between Azure and Azure Stack. The company uses Azure
DevOps for its full CI/CD pipelines. Some applications are built by using Erlang and Hack.
You need to ensure that Erlang and Hack are supported as part of the build strategy across
the hybrid cloud. The solution must minimize management overhead. What should you use
to execute the build pipeline?
A. a Microsoft-hosted agent
B. Azure DevOps self-hosted agents on Azure DevTest Labs virtual machines.
C. Azure DevOps self-hosted agents on Hyper-V virtual machines
D. Azure DevOps self-hosted agents on virtual machines that run on Azure Stack
40. Your company has an Azure DevOps project. The source code for the project is stored in an
on-premises repository and uses on an on-premises build server. You plan to use Azure
DevOps to control the build process on the build server by using a self-hosted agent. You
need to implement the self-hosted agent. You download and install the agent on the build
server. Which two actions should you perform next?
A. From Azure, create a shared access signature (SAS).
 B. From the build server, create a certificate, and then upload the certificate to Azure
Storage.
C. From the build server, create a certificate, and then upload the certificate to Azure
Key Vault.
D. From DevOps, create a personal access token (PAT).
E. From the build server, run config.cmd.
41. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You are configuring a build pipeline in Azure Pipelines that will include a task named Task1.
Task1 will authenticate by using an Azure AD service principal. Which three values should
you configure for Task1?
A. the tenant ID
B. the subscription ID
C. the client secret
D. the app ID
E. the object ID
42. You are deploying a new application that uses Azure virtual machines. You plan to use the
Desired State Configuration (DSC) extension on the virtual machines. You need to ensure
that the virtual machines always have the same Windows feature installed. Which three
actions should you perform in sequence?

43. You need to execute inline testing of an Azure DevOps pipeline that uses a Docker
deployment model. The solution must prevent the results from being published to the
pipeline. What should you use for the inline testing?
A. a single stage Dockerfile
B. an Azure Kubernetes Service (AKS) pod
C. a multi-stage Dockerfile
D. a Docker Compose file
44. You are developing an open source solution that uses a GitHub repository. You create a new
public project in Azure DevOps. You plan to use Azure Pipelines for continuous build. The
solution will use the GitHub Checks API. Which authentication type should you use?
A. OpenID
B. GitHub App
C. a personal access token (PAT)
D. SAML
45. [LinkedQuestion-10] Your company has a project in Azure DevOps for a new web
application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Continuous deployment trigger settings of the release pipeline, you
enable the Pull request trigger setting
Does this meet the goal?
A. Yes
B. No

46. [LinkedQuestion-10] Your company has a project in Azure DevOps for a new web
application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select
After stage
Does this meet the goal?
A. Yes
B. No
47. [LinkedQuestion-10] Your company has a project in Azure DevOps for a new web
application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select
Batch changes while a build is in progress
Does this meet the goal?
A. Yes
B. No
48. You have an Azure DevOps release pipeline as shown in the following exhibit.

You need to complete the pipeline to configure OWASP ZAP for security testing. Which five
Azure CLI tasks should you add in sequence?
49. You company uses a Git source-code
repository. You plan to implement GitFlow
as a workflow strategy. You need to identify
which branch types are used for production
code and preproduction code in the
strategy. Which branch type should you
identify for each code type?

50. You have a build pipeline in Azure Pipelines that uses different jobs to compile an application
for 10 different architectures. The build pipeline takes approximately one day to complete.
You need to reduce the time it takes to execute the build pipeline. Which two actions should
you perform?
A. Move to a blue/green deployment pattern
B. Create a deployment group
C. Increase the number of parallel jobs
D. Reduce the size of the repository
E. Create an agent pool
51. You are creating a build pipeline in Azure Pipelines. You define several tests that might fail
due to third-party applications. You need to ensure that the build pipeline completes
successfully if the third-party applications are unavailable. What should you do?
A. Configure the build pipeline to use parallel jobs
B. Configure flaky tests
C. Increase the test pass percentage
D. Add the Requirements quality widget to your dashboard
52. You have an Azure subscription that contains a resources group named RG1. RG1 contains
the following resources:
✑ Four Azure virtual machines that run Windows Server and have Internet
Information Services (IIS) installed.
✑ SQL Server on an Azure virtual machine.
✑ An Azure Load Balancer.
You need to deploy an application to the virtual machines in RG1 by using Azure Pipelines.
Which four actions should you perform in sequence?

53. [LinkedQuestion-10] Your company has a project in Azure DevOps for a new web
application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Triggers tab of the build pipeline, you select Enable continuous
integration.
Does this meet the goal?
A. Yes
B. No
54. You have an Azure DevOps organization named Contoso and an Azure DevOps project
named Project1. You plan to use Microsoft-hosted agents to build container images that will
host full Microsoft .NET Framework apps in a YAML pipeline in Project1. What are two
possible virtual machine images that you can
use for the Microsoft-hosted agent pool?
A. vs2017-win2016
B. ubuntu-16.04
C. win1803
D. macOS-10.13
E. vs.2015-win2012r2
55. You currently use JIRA, Jenkins, and Octopus
as part of your DevOps processes. You plan to
 use Azure DevOps to replace these tools. Which Azure DevOps service should you use to
replace each tool?

56. Your company has a project in Azure DevOps. You need to ensure that when there are
multiple builds pending deployment, only the most recent build is deployed. What should
you use?
A. deployment conditions
B. deployment queue settings
C. release gates
D. pull request triggers

57. Your company develops a client banking application that processes a large volume of data.
Code quality is an ongoing issue for the company. Recently, the code quality has
deteriorated because of an increase in time pressure on the development team. You need to
implement static code analysis. During which phase should you use static code analysis?
A. integration testing
B. staging
C. production release
D. build
58. You have a project in Azure DevOps that uses packages from multiple public feeds. Some of
the feeds are unreliable. You need to consolidate the packages into a single feed. Which
three actions should you perform in sequence?

59. You have the Azure DevOps pipeline shown in the following exhibit. Use the drop-down
menus to select the answer choice that completes each statement based on the information
presented in the graphic.
60. SIMULATION -
61. SIMULATION -
62. You are developing an application. The application source has multiple branches. You make
several changes to a branch used for experimentation. You need to update the main branch
to capture the changes made to the experimentation branch and override the history of the
Git repository. Which Git option should you use?
A. Rebase
B. Fetch
C. Merge
D. Push
63. [LinkedQuestion-11] You use Azure Pipelines to build and test a React.js application. You
have a pipeline that has a single job. You discover that installing JavaScript packages from
npm takes approximately five minutes each time you run the pipeline. You need to
recommend a solution to reduce the pipeline execution time.
Solution: You recommend defining a container job that uses a custom container that has the
JavaScript packages preinstalled.
Does this meet the goal?
A. Yes
B. No
64. [LinkedQuestion-11] You use Azure Pipelines to build and test a React.js application. You
have a pipeline that has a single job. You discover that installing JavaScript packages from
npm takes approximately five minutes each time you run the pipeline. You need to
recommend a solution to reduce the pipeline execution time.
Solution: You recommend enabling pipeline caching.
Does this meet the goal?
A. Yes
 B. No

65. [LinkedQuestion-11] You use Azure Pipelines to build and test a React.js application. You
have a pipeline that has a single job. You discover that installing JavaScript packages from
npm takes approximately five minutes each time you run the pipeline. You need to
recommend a solution to reduce the pipeline execution time.
Solution: You recommend enabling parallel jobs for the pipeline.
Does this meet the goal?
A. Yes
B. No
66. [LinkedQuestion-12] You plan to create a release pipeline that will deploy Azure resources by
using Azure Resource Manager templates. The release pipeline will create the following
resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create two standalone templates, each of which will deploy the resources in its
respective group.
Does this meet the goal?
A. Yes
B. No
67. [LinkedQuestion-12] You plan to create a release pipeline that will deploy Azure resources by
using Azure Resource Manager templates. The release pipeline will create the following
resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a single standalone template that will deploy all the resources.
Does this meet the goal?
A. Yes
B. No

68. [LinkedQuestion-13] You have an Azure DevOps project. Your build process creates
several artifacts. You need to deploy the artifacts to on-premises servers.

Solution: You deploy a Kubernetes cluster on-premises. You deploy a Helm agent to the
cluster. You add a Download Build Artifacts task to the deployment pipeline.
 Does this meet the goal?

A. Yes

B. No

69.[LinkedQuestion-13] You have an Azure DevOps project. Your build process creates
several artifacts. You need to deploy the artifacts to on-premises servers.

Solution: You deploy a Docker build to an on-premises server. You add a Download Build
Artifacts task to the deployment pipeline.

Does this meet the goal?

A. Yes

B. No

70. [LinkedQuestion-13] You have an Azure DevOps project. Your build process creates
several artifacts. You need to deploy the artifacts to on-premises servers.

Solution: You deploy an Azure self-hosted agent to an on-premises server. You add a Copy
and Publish Build Artifacts task to the deployment pipeline.

Does this meet the goal?

A. Yes

B. No

71. You have a project in Azure DevOps named Project1. Project1 contains a pipeline that builds
a container image named Image1 and pushes Image1 to an Azure container registry named
ACR1. Image1 uses a base image stored in Docker Hub. You need to ensure that Image1 is
updated automatically whenever the base image is updated. What should you do?
A. Enable the Azure Event Grid resource provider and subscribe to registry events.
B. Add a Docker Hub service connection to Azure Pipelines.
C. Create and run an Azure Container Registry task.
D. Create a service hook in Project1.
72. [LinkedQuestion-13] You have an Azure DevOps project. Your build process creates several
artifacts. You need to deploy the artifacts to on-premises servers.
Solution: You deploy an Octopus Deploy server. You deploy a polled Tentacle agent to an
on-premises server. You add an Octopus task to the deployment pipeline.
Does this meet the goal?
A. Yes
B. No
73. [LinkedQuestion-12] You plan to create a release pipeline that will deploy Azure resources by
using Azure Resource Manager templates. The release pipeline will create the following
resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that will deploy the resources in one resource group and a
nested template that will deploy the resources in the other resource group.
Does this meet the goal?
A. Yes
B. No

74. [LinkedQuestion-12] You plan to create a release pipeline that will deploy Azure resources by
using Azure Resource Manager templates. The release pipeline will create the following
resources:
✑ Two resource groups
✑ Four Azure virtual machines in one resource group
✑ Two Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that has two linked templates, each of which will deploy the
resources in its respective group.
Does this meet the goal?
A. Yes
B. No
75. You are building an application that has the following assets:
✑ Source code
✑ Logs from automated tests and builds
✑ Large and frequently updated binary assets
✑ A common library used by multiple applications
Where should you store each asset?
76. You plan to share packages that you wrote, tested, validated, and deployed by using Azure
Artifacts. You need to release multiple builds of each package by using a single feed. The
solution must limit the release of packages that are in development. What should you use?
A. local symbols
B. views
C. global symbols
D. upstream sources
77. You have a project in Azure DevOps named Project1. Project1 contains a build pipeline
named Pipe1 that builds an application named App1. You have an agent pool named Pool1
that contains a Windows Server 2019-based self-hosted agent. Pipe1 uses Pool1. You plan to
implement another project named Project2. Project2 will have a build pipeline named Pipe2
that builds an application named App2. App1 and App2 have conflicting dependencies. You
need to minimize the possibility that the two build pipelines will conflict with each other. The
solution must minimize infrastructure costs. What should you do?
A. Add another self-hosted agent.
B. Add a Docker Compose task to the build pipelines.
C. Change the self-hosted agent to use Red Hat Enterprise Linux (RHEL) 8.
D. Create two container jobs.
78. SIMULATION -
79. You manage build pipelines and deployment pipelines by using Azure DevOps. Your
company has a team of 500 developers. New members are added continually to the team.
You need to automate the management of users and licenses whenever possible. Which task
must you perform manually?
A. modifying group memberships
B. adding users
C. assigning entitlements
D. procuring licenses
80. Your company uses Team Foundation Server 2013 (TFS 2013). You plan to migrate to Azure
DevOps. You need to recommend a migration strategy that meets the following
requirements:
✑ Preserves the dates of Team Foundation Version Control changesets
 ✑ Preserves the changed dates of work items revision
✑ Minimizes migration effort -
✑ Migrates all TFS artifacts
What should you recommend?

81. Your company is building a new

solution in Java. The company currently uses a SonarQube server to analyze the code of
.NET solutions. You need to analyze and monitor the code quality of the Java solution. Which
task types should you add to the build pipeline?
A. Octopus
B. Chef
C. CocoaPods
D. Gradle
82. Your company is building a new solution in Java. The company currently uses a SonarQube
server to analyze the code of .NET solutions. You need to analyze and monitor the code
quality of the Java solution. Which task types should you add to the build pipeline?
A. Maven
B. CocoaPods
C. Xcode
D. Gulp
83. You have an Azure subscription named Subscription1 that contains a custom Azure policy
named Policy1. Policy1 is an audit policy that monitors naming convention compliance for
the resources deployed to Subscription1. You have a pipeline named Pipeline1 in Azure
Pipelines. Pipeline1 deploys Azure Resource Manager (ARM) resources to Subscription1. You
need to ensure that the resources deployed by Pipeline1 comply with Policy1. What should
you add to Pipeline1?
A. a pre-deployment task that runs a security and compliance assessment
B. a post-deployment task that runs a security and compliance assessment
C. an ARM template deployment task to assign Policy1 to Subscription1
D. an ARM template deployment task to deploy Policy1 to Subscription1
84. You plan to use Desired State Configuration
(DSC) to maintain the configuration state of
virtual machines that run Windows Server.
You need to perform the following:
✑ Install Internet Information Services (IIS)
on the virtual machines.
✑ Update the default home page of the IIS
web server.
How should you configure the DSC
configuration file?

85. You have a project in Azure DevOps. You need to push notifications about pull requests to a
Microsoft Teams channel. The solution must minimize development effort. What should you
do?
A. Install the Azure Pipelines app for Teams and configure a subscription to receive
notifications in the channel.
B. Use Azure Automation to connect to the Azure DevOps REST API and send
messages to Teams.
C. Install the Azure Repos app for Teams and configure a subscription to receive
notifications in the channel.
D. Use an Azure function to connect to the Azure DevOps REST API and send
messages to Teams.
86. You are creating a YAML-based Azure pipeline to deploy an Azure Data Factory instance
that has the following requirements:
✑ If a Data Factory instance exists already, the instance must be overwritten.
✑ No other resources in a resource group named Fabrikam must be affected.
How should you complete the code?
87. You have an Azure DevOps project that produces Node Package Manager (npm) packages.
Multiple projects consume the packages. You need to configure Azure Artifacts to ensure
that both the latest and pre-release versions of the packages are available for consumption.
What should you do?
A. Create two feed views named @prerelease and @release, Set @release as the
default view. Configure a release pipeline that tags the packages as release after
successful testing.
B. Create a feed view named @prerelease. Configure a release pipeline that tags the
packages as release after successful testing.
C. Create two feed views named @prerelease and @default. Configure a release
pipeline that promotes a package to the @default view after successful testing.
D. Create two feed views named @prerelease and @release. Set @release as the
default view. Configure a release pipeline that promotes a package to the @release
view after successful testing.
88. You have an Azure subscription that contains the resources shown in the following table.
 Project produces npm packages that are published to Feed1. Feed1 is consumed by multiple
projects. You need to ensure that only tested packages are available for consumption. The
solution must minimize development effort.
What should you do?
A. Create a feed view named @release and set @release as the default view. After the
npm packages test successfully, configure a release pipeline that promotes a package
to the @release view.
B. Create a feed view named @release and set @release as the default view. After the
npm packages test successfully, configure a release pipeline that tags the packages as
release.
C. Create a feed view named @default. After the npm packages test successfully,
configure a release pipeline that tags the packages as release.
D. Create a feed view named @default. After the npm packages test successfully,
configure a release pipeline that promotes a package to the @default view.
89. Your company has an Azure DevOps project that produces Node Package Manager (npm)
packages. Multiple projects consume the packages. You need to minimize the amount of disk
space used by older packages in Azure Artifacts. What should you modify?
A. the retention settings of the project’s release
B. the retention settings of the project’s pipeline
C. the retention settings of the project’s tests
D. the retention settings of the company pipeline

90. You have an Azure DevOps pipeline that is used to deploy a Node.js app. You need to
ensure that the dependencies are cached between builds. How should you configure the
deployment YAML?
Topic VIII
1. How should you configure the release retention policy for the investment planning
depletions suite?

2. You are configuring project metrics for dashboards in Azure DevOps. You need to configure
a chart widget that measures the elapsed time to complete work items once they become
active. Which of the following is the widget you should use?
A. Cumulative Flow Diagram
B. Burnup
C. Cycle time
D. Burndown

3. SIMULATION -
4. You are making use of Azure DevOps manage build pipelines, and also deploy pipelines. The
development team is quite large, and is regularly added to. You have been informed that the
management of users and licenses must be automated when it can be. Which of the
following is a task that can't be automated?
A. Group membership changes
B. License assignment
C. Assigning entitlements
D. License procurement
5. You have been tasked with strengthening the security of your team's development process.
You need to suggest a security tool type for the Continuous Integration (CI) phase of the
development process. Which of the following is the option you would suggest?
A. Penetration testing
B. Static code analysis
 C. Threat modeling
D. Dynamic code analysis
6. Your company is currently making use of Team Foundation Server 2013 (TFS 2013), but
intend to migrate to Azure DevOps. You have been tasked with supplying a migration
approach that allows for the preservation of Team Foundation Version Control changesets
dates, as well as the changes dates of work items revisions. The approach should also allow
for the migration of all TFS artifacts, while keeping migration effort to a minimum. You have
suggested upgrading TFS to the most recent RTW release. Which of the following should
also be suggested?
A. Installing the TFS kava SDK
B. Using the TFS Database Import Service to perform the upgrade.
C. Upgrading PowerShell Core to the latest version.
D. Using the TFS Integration Platform to perform the upgrade.
7. SIMULATION -
8. SIMULATION -
9. Your company uses Azure DevOps to manage the build and release processes for
applications. You use a Git repository for applications source control. You plan to create a
new branch from an existing pull request. Later, you plan to merge the new branch and the
target branch of the pull request. You need to use a pull request action to create the new
branch. The solution must ensure that the branch uses only a portion of the code in the pull
request. Which pull request action should you use?
A. Set as default branch
B. Approve with suggestions
C. Cherry-pick
D. Reactivate
E. Revert

10. You manage the Git repository for a large enterprise application. During the development of
the application, you use a file named Config.json. You need to prevent Config.json from
being committed to the source control whenever changes to the application are committed.
Which three actions should you perform in sequence?
11. You need to consider the underlined segment to establish whether it is accurate. To compile
an Internet Information Services (IIS) web application that runs docker, you should use a
Default build agent pool.
A. No adjustment required.
B. Hosted Windows Container
C. Hosted
D. Hosted macOS

NOTE: The Azure Pipelines hosted pool replaces the previous hosted pools that had names
that mapped to the corresponding images. Any jobs you had in the previous hosted pools
are automatically redirected to the correct image in the new Azure Pipelines hosted pool.

12. You are making use of Azure DevOps to automate the build process for a Java-based
application. You are required to include code coverage testing and publish the results to the
pipeline. Which two of the following tools could you use?
A. Cobertura
B. Coverlet
C. JaCoCo
D. Coverage.py

13. Your company has an Azure DevOps environment that can only be accessed by Azure Active
Directory users. You are instructed to make sure that the Azure DevOps environment can
only be accessed from devices connected to the company's on-premises network. Which of
the following actions should you take?
A. Assign the devices to a security group.
B. Create a GPO.
C. Configure Security in Project Settings from Azure DevOps.
D. Configure conditional access in Azure Active Directory.
14. You are making use of Azure DevOps to configure Azure Pipelines for project, named PROJ-
01. You are preparing to use a version control system that allows for source code to be
stored on a managed Windows server located on the company network. Which of the
following is the version control system you should use?
 A. Github Enterprise
B. Bitbucket cloud
C. Github Professional
D. Git in Azure Repos

15. You are in the process of creating a new Java application. You analyze the code of .NET
applications via a SonarQube server. You are preparing to add a task type to the build
pipeline that will allow you to analyze and monitor the code quality of the Java application.
Which two of the following task types could you use?
A. Chef
B. Gradle
C. Maven
D. xCODE
16. You need to consider the underlined segment to establish whether it is accurate. When
moving to Azure DevOps, JIRA must be replaced with the build pipelines Azure DevOps
service.
A. No adjustment required.
B. repos
C. release pipelines
D. boards
17. You scan a Node.js application using WhiteSource Bolt. The scan finds numerous libraries
with invalid licenses, but are only used during development. You have to make sure that only
production dependencies are scanned by WhiteSource Bolt. Which of the following is a
command you should run?
A. npm edit
B. npm publish
C. npm install
D. npm update

18. SIMULATION -
19. [LinkedQuestion-14]You are in the process of configuring the settings of a new Git repository
in Azure Repos.You want to ensure that pull requests in a branch allows for committed code
to be compiled successfully prior to being merged.
Solution: You configure a status policy.
Does the solution meet the goal?
A. Yes
B. No
20. [LinkedQuestion-14] You are in the process of configuring the settings of a new Git
repository in Azure Repos.You want to ensure that pull requests in a branch allows for
committed code to be compiled successfully prior to being merged.
 Solution: You configure a check-in policy.
Does the solution meet the goal?
A. Yes
B. No
21. You are in the process of developing an application, whose source has several branches.
After making a number of alterations to a branch used for testing, you are required to
update the main branch to capture the alterations made to the testing branch and override
the Git repository's history. You need to select the Git option that will achieve this. Which of
the following is the option you should select?
A. Join
B. Fetch
C. Merge
D. Force
22. You are currently defining a release strategy for an app, named APP-01. The strategy should
allow you to keep the time it takes to deploy new releases of the app to a minimum. The
strategy should also allow you to roll back in the shortest time required. Which of the
following is the release strategy you should use?
A. Red/Black deployment
B. Rolling deployment
C. “Big Bang” deployment
D. Canary deployment
23. SIMULATION –

24. [LinkedQuestion-15] Your company has an Azure subscription that includes an Azure SQL
database. Your company also has an Azure DevOps project, named PROJ-01. You plan to
update the Azure SQL database by creating a release pipeline that employs the Azure SQL
Database Deployment task. You need to deploy the necessary artifact.
Solution: You deploy a config file.
Does the solution meet the goal?
A. Yes
B. No
25. [LinkedQuestion-15] Your company has an Azure subscription that includes an Azure SQL
database. Your company also has an Azure DevOps project, named PROJ-01. You plan to
 update the Azure SQL database by creating a release pipeline that employs the Azure SQL
Database Deployment task. You need to deploy the necessary artifact.
Solution: You deploy a LDF file.
Does the solution meet the goal?
A. Yes
B. No
26. [LinkedQuestion-15] Your company has an Azure subscription that includes an Azure SQL
database. Your company also has an Azure DevOps project, named PROJ-01. You plan to
update the Azure SQL database by creating a release pipeline that employs the Azure SQL
Database Deployment task. You need to deploy the necessary artifact.
Solution: You deploy a DACPAC file.
Does the solution meet the goal?
A. Yes
B. No
27. You need to consider the underlined segment to establish whether it is accurate. To deploy
an application to a number of Azure virtual machines, you should create a universal group.
A. No adjustment required.
B. security
C. deployment
D. resource
28. [LinkedQuestion-16] You are responsible for an Azure DevOps project, which contains
package feeds. You are preparing to assign a number of developers access that allows them
to save packages from upstream sources, without giving them more permissions than
necessary.
Solution: You assign the Owner access level.
Does the solution meet the goal?
A. Yes
B. No

29. [LinkedQuestion-16] You are responsible for an Azure DevOps project, which contains
package feeds. You are preparing to assign a number of developers access that allows them
to save packages from upstream sources, without giving them more permissions than
necessary.
Solution: You assign the Reader access level.
Does the solution meet the goal?
A. Yes
B. No
30. [LinkedQuestion-16] You are responsible for an Azure DevOps project, which contains
package feeds. You are preparing to assign a number of developers access that allows them
 to save packages from upstream sources, without giving them more permissions than
necessary.
Solution: You assign the Collaborator access level.
Does the solution meet the goal?
A. Yes
B. No

NOTE: Allowed actions per access level

31. You are defining release strategies for two applications as shown in the following table.

Which release strategy should you use for each application?

32. [LinkedQuestion-17] You have an approval process that contains a condition. The condition
requires that releases be approved by a team leader before they are deployed. You have a
policy stating that approvals must occur within eight hours. You discover that deployment fail
if the approvals take longer than two hours. You need to ensure that the deployments only
fail if the approvals take longer than eight hours.
Solution: From Post-deployment conditions, you modify the Timeout setting for post-
deployment approvals.
Does this meet the goal?
A. Yes
B. No
33. You have an Azure DevOps organization named Contoso. You have 10 Azure virtual
machines that run Windows Server 2019. The virtual machines host an application that you
build and deploy by using Azure Pipelines. Each virtual machine has the Web Server (IIS) role
installed and configured. You need to ensure that the web server configurations on the
virtual machines is maintained automatically. The solution must provide centralized
management of the configuration settings and minimize management overhead. Which four
actions should you perform in sequence?

34. You need to consider the underlined segment to establish whether it is accurate. Black Duck
can be used to make sure that all the open source libraries conform to your company's
licensing criteria.
A. No adjustment required.
B. Maven
C. Bamboo
D. CMAKE
35. SIMULATION –
36. SIMULATION –
37. [LinkedQuestion-18] Your company has an Azure DevOps project that includes a release
pipeline. You want to make use of the Helm package and deploy task to deploy to an Azure
Kubernetes Services (AKS) cluster. To make sure that the intended deployment is successful,
you are required to install the necessary service in the AKS namespace.
Solution: You install the Yeoman service.
Does the solution meet the goal?
A. Yes
B. No
38. [LinkedQuestion-18] Your company has an Azure DevOps project that includes a release
pipeline. You want to make use of the Helm package and deploy task to deploy to an Azure
Kubernetes Services (AKS) cluster. To make sure that the intended deployment is successful,
you are required to install the necessary service in the AKS namespace.
Solution: You install the Tiller service.
Does the solution meet the goal?
A. Yes
B. No
39. You have developed an app for iOS. The devices of all the app users belong to a private
distribution group in Microsoft Visual Studio App Center. You are tasked with distributing a
new release of the app from App Center. You require a specific certificate file to achieve your
goal. Which of the following is the file extension of the certificate file?
A. .crt
B. .pfx
C. .p12
D. .pem

40. You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft
Visual Studio App Center. What should you do?
A. Request the Apple ID associated with the user of each device.
B. Register the devices on the Apple Developer portal.
C. Create an active subscription in App Center Test.
D. Add the device owner to the organization in App Center.
41. You are developing an iOS application by using Azure DevOps. You need to test the
application manually on 10 devices without releasing the application to the public. Which two
actions should you perform?
A. Create a Microsoft Intune device compliance policy.
B. Deploy a certificate from an internal certification authority (CA) to each device.
C. Register the application in the iTunes store.
D. Onboard the devices into Microsoft Intune.
E. Distribute a new release of the application.
F. Register the IDs of the devices in the Apple Developer portal.
42. Your company manages incidents via ServiceNow. You have recently created an application
that runs on Azure. You have to make sure that application authentication failure produces a
ticket in ServiceNow. Which Azure Log Analytics solution should you use?
A. Application Insights Connector
B. Microsoft Azure Connector
C. IT Service Management Connector (ITSM)
D. SQL Server Connector
43. You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft
Visual Studio App Center. What should you do?
A. Select Register devices and sign my app.
B. Create an active subscription in App Center Test.
C. Create an unsigned build.
D. Add the device owner to the collaborators group.
44. SIMULATION
45. Your company uses Git as a source code control system for a complex app named App1.
You plan to add a new functionality to App1. You need to design a branching model for the
new functionality. Which branch lifetime and branch time should you use in the branching

model?
46. Your company has a multi-tier application. The application is configured to have an Azure
Web Apps front end, with an Azure SQL Database back end. You are designing a strategy for
capturing and storing telemetry data. Your strategy should allow for baselines to be
pinpointed via ad-hoc queries. Also, alerts must be triggered once baseline metrics are
surpassed. Furthermore, application and database metrics must be stored centrally. Which of
the following should be part of your strategy?
 A. Azure Advisor
B. Azure Security Center
C. Azure Application Insights
D. Azure Log Analytics
47. You have an Azure virtual machine named VM1 that runs Linux. You plan to deploy the
Desired State Configuration (DSC) extension to VM1. You need to grant the Log Analytics
agent the appropriate directory permissions. How should you complete the command?

48. You are using PowerShell to administer Azure Log Analytics workspaces. You need to list the
available workspaces and their properties. How should you complete the command?

49. You have Azure Pipelines and GitHub integrated as a source code repository. The build
pipeline has continuous integration enabled. You plan to trigger an automated build
whenever code changes are committed to the repository. You need to ensure that the
system will wait until a build completes before queuing another build. What should you
implement?
A. path filters
B. batch changes
C. scheduled builds
D. branch filters

50. You are using GitHub as a source code repository. You create a client-side Git hook on the
commit-msg event. The hook requires that each commit message contain a custom work
item tag. You need to make a commit that does not have a work item tag. Which git commit
parameter should you use?
A. --squash
B. --no-verify
C. --message ''
D. --no-post-rewrite
51. You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft
Visual Studio App Center. What should you do?
A. Select Register devices and sign my app.
B. Create an active subscription in App Center Test.
C. Add the device owner to the organization in App Center.
D. Create an unsigned build.
52. You need to deploy Internet Information Services (IIS) to an Azure virtual machine that runs
Windows Server 2019. How should you complete the Desired State Configuration (DSC)
configuration script?

53. You plan to use Desired State Configuration (DSC) to

maintain the configuration of a server that runs Windows
Server 2019. The server must have the following features
installed:
✑ A web server
✑ An email server
How should you complete the DSC configuration file?

54. You have a private distribution group that contains

provisioned and unprovisioned devices. You need to distribute a new iOS application to the
distribution group by using Microsoft Visual Studio App Center. What should you do?
A. Register the devices on the Apple Developer portal.
B. Add the device owner to the organization in App Center.
C. Create an unsigned build.
D. Add the device owner to the collaborators group.
55. Your company uses Azure Artifacts for package management. You need to configure an
upstream source in Azure Artifacts for Python packages. Which repository type should you
use as an upstream source?
A. npmjs.org
B. PyPI
C. Maven Central
D. third-party trusted Python
56. You have a GitHub repository that contains workflows. The workflows contain steps that
execute predefined actions. Each action has one or more versions. You need to request the
specific version of an action to execute. Which three attributes can you use to identify the
version?
A. the SHA-based hashes
B. the tag
C. the runner
D. the branch
E. the serial
57. You have an Azure subscription that contains multiple Azure pipelines. You need to deploy a
monitoring solution for the pipelines. The solution must meet the following requirements:
✑ Parse logs from multiple sources.
✑ Identify the root cause of issues.
What advanced feature of a monitoring tool should you include in the solution?
A. analytics
B. synthetic monitoring
C. directed monitoring
D. Alert Management
58. [LinkedQuestion-11] You use Azure Pipelines to build and test a React.js application. You
have a pipeline that has a single job. You discover that installing JavaScript packages from
npm takes approximately five minutes each time you run the pipeline. You need to
recommend a solution to reduce the pipeline execution time.
Solution: You recommend using pipeline artifacts.
Does this meet the goal?
A. Yes
B. No

59. You use GitHub for source control of .NET applications. You need to deploy a
documentation solution that meets the following requirements:
✑ Documents will be written in Markdown as developers make code changes.
✑ Changes to the documents will trigger the recompilation of a static website.
✑ Users will access the documents from the static website.
✑ Documents will be stored in a GitHub repository.
 Which two tools can you use to compile the website?
A. Word Press
B. Jekyll
C. DocFX
D. caret
E. Medium
60. You have an on-premises app named App1 that accesses Azure resources by using
credentials stored in a configuration file. You plan to upgrade App1 to use an Azure service
principal. What is required for App1 to programmatically sign in to Azure Active Directory
(Azure AD)?
A. the application ID, a client secret, and the object ID
B. a client secret, the object ID, and the tenant ID
C. the application ID, a client secret, and the tenant ID
D. the application ID, a client secret, and the subscription ID
61. You have a virtual machine that runs Windows Server 2019 and is managed by using Desired
State Configuration (DSC). You have the following DSC configuration.

You have the following Local Configuration Manager (LCM) configuration.

62. You have a web app named App1 that is hosted on multiple servers. App1 uses Application
Insights in Azure Monitor. You need to compare the daily CPU usage from the last week for
all servers. How should you complete the query?

63. You have an Azure subscription that contains 50 virtual machines. You plan to manage the
configuration of the virtual machines by using Azure Automation State Configuration. You
need to create the Desired State Configuration (DSC) configuration files. How should you
structure the code blocks?
A. Node > Configuration > Resource
B. Configuration > Resource > Node
C. Resource > Configuration > Node
D. Configuration > Node > Resource
64. Your team uses Azure Pipelines to deploy applications. You need to ensure that when a
failure occurs during the build or release process, all the team members are notified by using
Microsoft Teams. The solution must minimize development effort. What should you do?
A. Install the Azure Boards app for Teams and configure a subscription to receive
notifications in a channel.
B. Use Azure Automation to connect to the Azure DevOps REST API and notify the team
members.
C. Use an Azure function to connect to the Azure DevOps REST API and notify the team
members.
D. Install the Azure Pipelines app for Teams and configure a subscription to receive
notifications in a channel.
65. You have an app named App1. You have a Log Analytics workspace named Workspace1 that
contains a table named AppEvents. App1 writes logs to Workspace1. You need to query the
AppEvents table. The solution must meet the following requirements:
✑ Only query rows for a column named Name that starts with the following text:
"Clicked Create New Ticket."
✑ Calculate the number of daily clicks per user.
✑ Return the top 10 users based on their number of clicks for any day.
✑ Sort the results based on the highest number of clicks.
✑ Ignore any users who have less than three daily clicks.
In which order should you arrange the query statements?

66. You have an Azure subscription

that contains two resource groups
named ContosoRG and
ContosoDev, an Azure data
factory named Contoso Data
Factory, and a release pipeline in
Azure Pipelines named Pipeline1.
You plan to deploy Contoso Data
Factory to ContosoRG by using
Pipeline1. You add the Azure
Resource Manager (ARM)
template deployment task shown
in the following exhibit. Use the
drop-down menus to select the
answer choice that completes
each statement based on the
information presented in the
graphic
67. You have an Azure Pipeline. You need to store configuration values as variables. At which
four scopes can the variables be defined, and what is the precedence of the variables from
the highest precedence to lowest precedence?

68. You have a project in Azure DevOps named Project1 that contains two environments named
environment1 and environment2. When a new version of Project is released, the latest
version is deployed to environment2, and the previous version is redeployed to
environment1. You need to distribute users across the environments. The solution must meet
the following requirements:
• New releases must be available to only a subset of the users.
• You must gradually increase the number of users that can access environment2.
What should you use?
A. VIP swaping
B. web app deployment slots
C. Azure Load Balancer
D. Azure Traffic Manager
69. You are designing a versioning strategy for Git-based packages. You plan to use a Semantic
Versioning (SemVer)-based strategy. You need to identify when to change the build version.
What should you identify for each scenario?
70. You use Calendar Versioning (CalVer) for code assets. You need to store an optional tag of
beta as part of the version. Which part of the version should you use for the tag?
A. minor
B. major
C. micro
D. modifier
71. You have an Azure subscription that uses Azure Automation State Configuration to manage
the configuration of virtual machines. You need to identify which nodes are noncompliant.
How should you complete the query?

72. You have a project in Azure DevOps named Project1. You need to ensure that all new
pipelines in Project1 execute three specific tasks during pipeline execution. What should you
create?
A. a task group
B. a JSON template
C. a YAML template
D. a PowerShell task
73. You have a project in Azure DevOps that contains a release pipeline. The pipeline contains
two stages named QA and Prod. QA deploys code to an Azure web app named webapp1.
Prod deploys code to an Azure web app named webapp2. You need to ensure that code
deployments to webapp2 are blocked if Azure Application Insights generates Failed requests
alerts following the deployment of new code to webapp1. What should you do for each
stage?
 74. You use Azure DevOps processes to build and deploy code. You need to compare how
much time is spent troubleshooting issues found during development and how much time is
spent troubleshooting issues found in released code. Which KPI should you use?
A. defect escape rate
B. unplanned work rate
C. defect rate
D. rework rate
75. You have a project in Azure DevOps named Project1. You implement a Continuous
Integration/Continuous Deployment (CI/CD) pipeline that uses PowerShell Desired State
Configuration (DSC) to configure the application infrastructure. You need to perform a unit
test and an integration test of the configuration before Project1 is deployed. What should
you use?
A. the PSScriptAnalyzer tool
B. the Pester test framework
C. the PSCodeHealth module
D. the Test-DscConfiguration cmdlet

Topic IX
1. You need to configure the alert for VM1. The solution must meet the technical requirements.
Which two settings should you configure?

80 %

15 minutes
2. You need to implement the code flow strategy for Project2 in Azure DevOps. Which three
actions should you perform in sequence?

3. SIMULATION -
4. You need to implement the code flow strategy for Project2 in Azure DevOps. Which three
actions should you perform in sequence?

5. You need to find and isolate shared code. The shared code will be maintained in a series of
packages. Which three actions should you perform in sequence?
Topic X
1. You are configuring the Azure DevOps dashboard. The solution must meet the technical
requirements. Which widget should you use for each metric?

2. You need to implement the code flow strategy for Project2 in Azure DevOps. Which three
actions should you perform in sequence?
 3. You need to configure Azure Automation for the computers in Pool7. Which three actions
should you perform in sequence?

Topic XI
1. How should you complete the code to initialize App Center in the mobile application?

2. In Azure DevOps, you create Project3. You need to meet the requirements of the project.
What should you do first?
A. From Azure DevOps, modify the build definition.
B. From SonarQube, obtain an authentication token.
C. From Azure DevOps, create a service endpoint.
D. From SonarQube, create a project.

3. You need to implement Project4. What should you do first?

A. Add the FROM instruction in the Dockerfile file.
B. Add a Copy and Publish Build Artifacts task to the build pipeline.
C. Add a Docker task to the build pipeline.
D. Add the MAINTAINER instruction in the Dockerfile file.
 4. You need to recommend a procedure to implement the build agent for Project1. Which
three actions should you recommend be performed in sequence?

Topic XII
1. You add the virtual machines as managed nodes in Azure Automation State Configuration.
You need to configure the managed computers in Pool7. What should you do next?
A. Modify the RefreshMode property of the Local Configuration Manager (LCM).
B. Run the Register-AzureRmAutomationDscNode Azure Powershell cmdlet.
C. Modify the ConfigurationMode property of the Local Configuration Manager (LCM).
D. Install PowerShell Core.

2. You need to implement the code flow strategy for Project2 in Azure DevOps. Which three
actions should you perform in sequence? Implement a code flow strategy for Project2 that
will:
✑ Enable Team2 to submit pull requests for Project2.
✑ Enable Team2 to work independently on changes to a copy of Project2.
✑ Ensure that any intermediary changes performed by Team2 on a copy of Project2
will be subject to the same restrictions as the ones defined in the build policy of
Project2.
 3. You need to configure Azure Automation for the computers in Pool7. Which three actions
should you perform in sequence?

Topic XIII
1. How should you configure the release retention policy for the investment planning
depletions suite?
 2. You need to configure a cloud service to store the secrets required by the mobile
applications to call the share pricing service. What should you include in the solution?

3. Which package feed access levels should be assigned to the Developers and Team Leaders
groups for the investment planning applications suite?

Topic XIV
1. You need to implement Project6. Which three actions should you perform in sequence?
2. You need to configure Azure Pipelines to control App2 builds. Which authentication method
should you use?
1. Windows NTLM
2. certificate
3. SAML
4. personal access token (PAT)

3. You need to configure authentication for App1. The solution must support the planned
changes. Which three actions should you perform in sequence?

4. Your company builds a multi-tier web application. You use Azure DevOps and host the
production application on Azure virtual machines. Your team prepares an Azure Resource
Manager template of the virtual machine that you will use to test new features. You need to
create a staging environment in Azure that meets the following requirements:
✑ Minimizes the cost of Azure hosting
✑ Provisions the virtual machines automatically
✑ Uses the custom Azure Resource Manager template to provision the virtual
machines
What should you do?
1. In Azure Cloud Shell, run Azure CLI commands to create and delete the new virtual
machines in a staging resource group.
2. In Azure DevOps, configure new tasks in the release pipeline to deploy to Azure
Cloud Services.
3. From Azure Cloud Shell, run Azure PowerShell commands to create and delete the
new virtual machines in a staging resource group.
4. In Azure DevOps, configure new tasks in the release pipeline to create and delete the
virtual machines in Azure DevTest Labs.
5. You need to recommend a solution for deploying charts by using Helm and Tiller to Azure
Kubernetes Service (AKS) in an RBAC-enabled cluster. Which three commands should you
recommend be run in sequence:
1. kubectl create
2. helm init
3. helm install

6. You need to configure access to Azure DevOps agent pools to meet the following
requirements:
✑ Use a project agent pool when authoring build or release pipelines.
✑ View the agent pool and agents of the organization.
✑ Use the principle of least privilege.
Which role memberships are required for the Azure DevOps organization and the project?

7. Your company is creating a suite of three mobile applications. You need to control access to
the application builds. The solution must be managed at the organization level. What should
you use?
8. You are configuring Azure DevOps build pipelines. You plan to use hosted build agents.
Which build agent pool should you use to compile each application type?
Answer: Box 1 – Hosted (Azure Pipelines); Box 2 – Hosted (Azure Pipelines);

9. You need to use Azure Automation State Configuration to manage the ongoing consistency
of virtual machine configurations. Which five actions should you perform in sequence?

10. You have a project in Azure DevOps. You plan to create a build pipeline that will deploy
resources by using Azure Resource Manager templates. The templates will reference secrets
stored in Azure Key Vault. You need to ensure that you can dynamically generate the
resource ID of the key vault during template deployment. What should you include in the
template?
Answer: Box 1 – Microsoft.Resources/deployments; Box 2 – templateLink

11. Your company plans to deploy an application to the following endpoints:

✑ Ten virtual machines hosted in Azure
✑ Ten virtual machines hosted in an on-premises data center environment
All the virtual machines have the Azure Pipelines agent. You need to implement a release
strategy for deploying the application to the endpoints. What should you recommend using
to deploy the application to the endpoints?
12. You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled. You plan
to use Azure Container Instances as a hosted development environment to run containers in
the AKS implementation. You need to configure Azure Container Instances as a hosted
environment for running the containers in AKS. Which three actions should you perform in
sequence?
1. kubectl apply - to create the service principle for Tiller
2. helm init - to deploy Tiller in the kubernetes cluster
3. az aks install-connector - to install the connector

13. Your company is building a new web application. You plan to collect feedback from pilot
users on the features being delivered. All the pilot users have a corporate computer that has
Google Chrome and the Microsoft Test & Feedback extension installed. The pilot users will
test the application by using Chrome. You need to identify which access levels are required
to ensure that developers can request and gather feedback from the pilot users. The solution
must use the principle of least privilege. Which access levels in Azure DevOps should you
identify?
14. You are configuring a release pipeline in Azure DevOps as shown in the exhibit.

15. To resolve the current technical issue, what should you do to the Register
AzureRmAutomationDscNode command?
1. Change the value of the ConfigurationMode parameter.
2. Replace the Register-AzureRmAutomationDscNode cmdlet with Register-
AzureRmAutomationScheduledRunbook
3. Add the AllowModuleOverwrite parameter.
4. Add the DefaultProfile parameter.
 16. How should you configure the filters for the Project5 trigger?

Topic XV
1. You need to replace the existing DevOps tools to support the planned changes. What should
you use?

2. You need to the merge the POC branch into the default branch. The solution must meet the
technical requirements. Which command should you run?
A. git rebase
B. git merge --squash
C. git push
D. git merge --allow-unrelated-histories
Topic XVI
1. You need to perform the GitHub code migration. The solution must support the planned
changes for the DevOps environment. What should you use?
A. git clone
B. GitHub Importer
C. Import repository in Azure Repos
D. git-tfs

2. You need to recommend a solution to automate the configuration for the finance
department users. The solution must meet the technical requirements. What should you
include in the recommendation?
A. Azure AD B2C
B. dynamic groups and conditional access policies
C. Azure AD Identity Protection
D. an Azure logic app and the Microsoft Identity Management (MIM) client

Topic XVII
1. Which branching strategy should you recommend for the investment planning applications
suite?
A. release isolation
B. main only
C. development isolation
D. feature isolation
2. What should you use to implement the code quality restriction on the release pipeline for the
investment planning applications suite?
A. a pre-deployment approval
B. a deployment gate
C. a post-deployment approval
D. a trigger
3. Where should the build and release agents for the investment planning applications suite
run?