- (Exam Topic 2)
You need to ensure that an Azure web app named az400-9940427-main can retrieve secrets from an Azure key vault named az400-9940427-kv1 by using a system managed identity.
The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Azure portal.
Solution:
* 1. In Azure portal navigate to the az400-9940427-main app.
* 2. Scroll down to the Settings group in the left navigation.
* 3. Select Managed identity.
* 4. Within the System assigned tab, switch Status to On. Click Save.
References:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
Does this meet the goal?
Correct Answer:A
- (Exam Topic 2)
Note: This question is part of a ser les of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question m this section, you will NOT be able to return to it As a result, these questions will not appear m the review screen
You integrate a cloud-hosted Jenkins server and a new Azure Dev Ops deployment.
You need Azure Dev Ops lo send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create an email subscription to an Azure DevOps notification. Does this meet the goal?
Correct Answer:B
You can create a service hook for Azure DevOps Services and TFS with Jenkins. References:
https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins
- (Exam Topic 2)
Your company has a project in Azure DevOps for a new application. The application will be deployed to several Azure virtual machines that run Windows Server 2016.
You need to recommend a deployment strategy for the virtual machines. The strategy must meet the following requirements:
• Ensure that the virtual machines maintain a consistent configuration.
• Minimize administrative effort to configure the virtual machines What should you include in the recommendation?
Correct Answer:B
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
- (Exam Topic 2)
Your company uses the following resources:
Windows Server 2019 container images hosted in an Azure Container Registry
Azure virtual machines that run the latest version of Ubuntu An Azure
Log Analytics workspace Azure Active Directory (Azure AD)
An Azure key vault
For which two resources can you receive vulnerability assessments in Azure Security Center? Each correct answer presents part of the solution.
Correct Answer:CE
https://docs.microsoft.com/en-us/azure/security-center/features-paas
- (Exam Topic 2)
You need to configure GitHub to use Azure Active Directory (Azure AD) for authentication. What should you do first?
Correct Answer:D
When you connect to a Git repository from your Git client for the first time, the credential manager prompts for credentials. Provide your Microsoft account or Azure AD credentials.
Note: Git Credential Managers simplify authentication with your Azure Repos Git repositories. Credential managers let you use the same credentials that you use for the Azure DevOps Services web portal. Credential managers support multi-factor authentication through Microsoft account or Azure Active Directory (Azure AD). Besides supporting multi-factor authentication with Azure Repos, credential managers also support two-factor authentication with GitHub repositories.
Reference:
https://docs.microsoft.com/en-us/azure/devops/repos/git/set-up-credential-managers