AZ-400 Free Practice Test

- (Topic 4)
You have a project in Azure DevOps named Project1. Project1 contains a build pipeline named Pipe1 that builds an application named Appl.
You have an agent pool named Pool1 that contains a Windows Server 2019-based self- hosted agent. Pipe1 uses Pool1.
You plan to implement another project named Project2. Project2 will have a build pipeline named Pipe2 that builds an application named App2.
App1 and App2 have conflicting dependencies.
You need to minimize the possibility that the two build pipelines will conflict with each other. The solution must minimize infrastructure costs.
What should you do?

1. A. Create two container jobs.
2. B. Change the self-hosted agent to use Red Hat Enterprise Linux (RHEL) 9.
3. C. Add another self-hosted agent
4. D. Add a Docker Compose task to the build pipelines.

Correct Answer: A

DRAG DROP - (Topic 2)
You need to implement the code flow strategy for Project2 in Azure DevOps.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

DRAG DROP - (Topic 4)
DRAG DROP
You are developing a full Microsoft .NET Framework solution that includes unit tests. You need to configure SonarQube to perform a code quality validation of the C# code as
part of the build pipelines.
Which four tasks should you perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.

Solution:
Step 1: Prepare Analysis Configuration
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
This task is mandatory.
In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Step 2: Visual Studio Build
Reorder the tasks to respect the following order:
Prepare Analysis Configuration task before any MSBuild or Visual Studio Build task.
Step 3: Visual Studio Test
Reorder the tasks to respect the following order:
Run Code Analysis task after the Visual Studio Test task.
Step 4: Run Code Analysis
Run Code Analysis task, to actually execute the analysis of the source code.
This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.
Note:

References: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VST S-TFS

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 4)
You use WhiteSource Bolt to scan a Node.js application.
The WhiteSource Bolt scan identifies numerous libraries that have invalid licenses. The libraries are used only during development and are not part of a production deployment.
You need to ensure that WhiteSource Bolt only scans production dependencies.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Run npm install and specify the --production flag.
2. B. Modify the WhiteSource Bolt policy and set the action for the licenses used by the development tools to Reassign.
3. C. Modify the devDependencies section of the project’s Package.json file.
4. D. Configure WhiteSource Bolt to scan the node_modules directory only.

Correct Answer: AC
A: To resolve NPM dependencies, you should first run "npm install" command on the relevant folders before executing the plugin.
C: All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project. This file is used to give information to npm that allows it to identify the project as well as handle the project's dependencies. It can also
contain other metadata such as a project description, the version of the project in a particular distribution, license information, even configuration data - all of which can be vital to both npm and to the end users of the package.
Reference: https://whitesource.atlassian.net/wiki/spaces/WD/pages/34209870/NPM+Plugin
https://nodejs.org/en/knowledge/getting-started/npm/what-is-the-file-package-json

- (Topic 4)
You use Azure Artifacts to host NuGet packages that you create.
You need to make one of the packages available to anonymous users outside your organization. The solution must minimize the number of publication points.
What should you do?

1. A. Create a new feed for the package
2. B. Publish the package to a public NuGet repository.
3. C. Promote the package to a release view.
4. D. Change the feed URL of the package.

Correct Answer: A
Azure Artifacts introduces the concept of multiple feeds that you can use to organize and control access to your packages.
Packages you host in Azure Artifacts are stored in a feed. Setting permissions on the feed allows you to share your packages with as many or as few people as your scenario requires.
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers.
References: https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed- permissions?view=vsts&tabs=new-nav