Practice Free AZ-400 Exam Online Questions
DRAG DROP
You are preparing to deploy an Azure resource group via Terraform.
To achieve your goal, you have to install the necessary frameworks.
Which of the following are the frameworks you should use? Answer by dragging the correct options from the list to the answer area.
Explanation:
You can use the combination of Terraform and Yeoman. Terraform is a tool for creating infrastructure on Azure. Yeoman makes it easy to create Terraform modules.
Terratest provides a collection of helper functions and patterns for common infrastructure testing tasks, like making HTTP requests and using SSH to access a specific virtual machine.
The following list describes some of the major advantages of using Terratest:
✑ Convenient helpers to check infrastructure – This feature is useful when you want to verify your real infrastructure in the real environment.
✑ Organized folder structure – Your test cases are organized clearly and follow the standard Terraform module folder structure.
Test cases are written in Go – Many developers who use Terraform are Go developers. If you’re a Go developer, you don’t have to learn another programming
✑ language to use Terratest.
✑ Extensible infrastructure – You can extend additional functions on top of Terratest, including Azure-speci c features.
Reference:
https: //docs.microsoft.com/en-us/azure/developer/terraform/create-base-template-using-yeoman
https: //docs.microsoft.com/en-us/azure/developer/terraform/test-modules-using-terratest
DRAG DROP
You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.
You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.
Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
Step 1: az acr create
An Azure Container Registry (ACR) can also be created using the new Azure CLI. az acr create –name <REGISTRY_NAME>
–resource-group <RESOURCE_GROUP_NAME>
–sku Basic
Step 2: az ad sp create-for-rbac
Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret. az ad sp create-for-rbac –scopes
/subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME> –role Contributor
–name <SERVICE_PRINCIPAL_NAME>
Step 3: kubectl create
Create a new Kubernetes Secret.
kubectl create secret docker-registry <SECRET_NAME>
–docker-server <REGISTRY_NAME>.azurecr.io
–docker-email <YOUR_MAIL>
–docker-username=<SERVICE_PRINCIPAL_ID>
–docker-password <YOUR_PASSWORD>
Reference: https: //thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes
DRAG DROP
You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled.
You plan to use Azure Container Instances as a hosted development environment to run containers in the AKS implementation.
You need to configure Azure Container Instances as a hosted environment for running the containers in AKS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a YAML file.
If your AKS cluster is RBAC-enabled, you must create a service account and role binding for use with Tiller. To create a service account and role binding, create a file named rbac-virtual-kubelet.yaml
Step 2: Run kubectl apply.
Apply the service account and binding with kubectl apply and specify your rbac-virtual-kubelet.yaml file.
Step 3: Run helm init.
Configure Helm to use the tiller service account:
helm init –service-account tiller
You can now continue to installing the Virtual Kubelet into your AKS cluster.
References: https: //docs.microsoft.com/en-us/azure/aks/virtual-kubelet
DRAG DROP
You have an Azure Kubernetes Service (AKS) implementation that is RBAC-enabled.
You plan to use Azure Container Instances as a hosted development environment to run containers in the AKS implementation.
You need to configure Azure Container Instances as a hosted environment for running the containers in AKS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: Create a YAML file.
If your AKS cluster is RBAC-enabled, you must create a service account and role binding for use with Tiller. To create a service account and role binding, create a file named rbac-virtual-kubelet.yaml
Step 2: Run kubectl apply.
Apply the service account and binding with kubectl apply and specify your rbac-virtual-kubelet.yaml file.
Step 3: Run helm init.
Configure Helm to use the tiller service account:
helm init –service-account tiller
You can now continue to installing the Virtual Kubelet into your AKS cluster.
References: https: //docs.microsoft.com/en-us/azure/aks/virtual-kubelet
You use an Azure Pipelines pipeline to build and test an app named App1.
Your company’s development department works in the feature branches.
You need to ensure that a pull request will merge into the main branch only when testing covers more than 90 percent of the code.
What should you do?
- A . Configure a branch policy for the feature branches.
- B . Configure a branch policy for the main branch.
- C . Create a Publish Test Results task,
- D . Create a code coverage configuration YAML le.
DRAG DROP –
You have an Azure DevOps release pipeline as shown in the following exhibit.
You need to complete the pipeline to configure OWASP ZAP for security testing.
Which five Azure CLI tasks should you add in sequence? To answer, move the tasks from the list of tasks to the answer area and arrange them in the correct order.
Explanation:
Defining the Release Pipeline
Once the application portion of the Release pipeline has been configured, the security scan portion can be defined. In our example, this consists of 8 tasks, primarily using the Azure CLI task to create and use the ACI instance (and supporting structures). Otherwise specified, all the Azure CLI tasks are Inline tasks, using the default configuration options.
Reference: Questionhttps: //devblogs#49.microsoft.com/premier-developer/azure-devops-pipelines-leveraging-owasp-zap-in-the-release-pipeline/
DRAG DROP –
You have an Azure DevOps release pipeline as shown in the following exhibit.
You need to complete the pipeline to configure OWASP ZAP for security testing.
Which five Azure CLI tasks should you add in sequence? To answer, move the tasks from the list of tasks to the answer area and arrange them in the correct order.
Explanation:
Defining the Release Pipeline
Once the application portion of the Release pipeline has been configured, the security scan portion can be defined. In our example, this consists of 8 tasks, primarily using the Azure CLI task to create and use the ACI instance (and supporting structures). Otherwise specified, all the Azure CLI tasks are Inline tasks, using the default configuration options.
Reference: Questionhttps: //devblogs#49.microsoft.com/premier-developer/azure-devops-pipelines-leveraging-owasp-zap-in-the-release-pipeline/
HOTSPOT
You use Azure DevOps to manage the build and deployment of an app named App1.
You have a release pipeline that deploys a virtual machine named VM1.
You plan to monitor the release pipeline by using Azure Monitor.
You need to create an alert to monitor the performance of VM1. The alert must be triggered when the average CPU usage exceeds 70 percent for five minutes.
The alert must calculate the average once every minute.
How should you configure the alert rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: 5 minutes
The alert must calculate the average once every minute.
Note: We [Microsoft] recommend choosing an Aggregation granularity (Period) that is larger than the Frequency of evaluation, to reduce the likelihood of missing the first evaluation of added time series
Box 2: Static
Box 3: Greater than
Example, say you have an App Service plan for your website. You want to monitor CPU usage on multiple instances running your web site/app.
You can do that using a metric alert rule as follows:
✑ Target resource: myAppServicePlan
✑ Metric: Percentage CPU
✑ Condition Type: Static
✑ Dimensions
✑ Instance = InstanceName1, InstanceName2
✑ Time Aggregation: Average
✑ Period: Over the last 5 mins
✑ Frequency: 1 min
✑ Operator: GreaterThan
✑ Threshold: 70
✑ Like before, this rule monitors if the average CPU usage for the last 5 minutes exceeds 70%.
✑ Aggregation granularity
Reference: https: //docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric-overview
You plan to use a NuGet package in a project in Azure DevOps. The NuGet package is in a feed that requires authentication.
You need to ensure that the project can restore the NuGet package automatically.
What should the project use to automate the authentication?
- A . an Azure Automation account
- B . an Azure Artifacts Credential Provider
- C . an Azure Active Directory (Azure AD) account that has multi-factor authentication (MFA) enabled
- D . an Azure Active Directory (Azure AD) service principal
You have a build pipeline in Azure Pipelines that occasionally fails.
You discover that a test measuring the response time of an API endpoint causes the failures.
You need to prevent the build pipeline from failing due to the test.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Set Flaky test detection to Off.
- B . Clear Flaky tests included in test pass percentage.
- C . Enable Test Impact Analysis (TIA).
- D . Manually mark the test as aky.
- E . Enable test slicing.