Free Practice Questions for Microsoft AZ-400 Exam

Step 1: Initialize the Default Main Branch

Navigate to Azure DevOps:

Go to Azure DevOps and sign in with your credentials.

SelectYour Project:

Choose Project1 from your list of projects.

Initialize the Main Branch:

Go to Repos > Files.

If the main branch does not exist, you will see an option to initialize it. Click on Initialize and follow the prompts to create the main branch1.

Step 2: Install the Microsoft Security DevOps Extension

Navigate to Extensions:

In Azure DevOps, click on the Shopping Bag icon in the top right corner and select Browse Marketplace.

Search for the Extension:

Search for Microsoft Security DevOps.

Install the Extension:

Click on Get it free.

Select your organization (User1-42147509) and click Install.

Follow the prompts to complete the installation2.

Step 3: Create a New Starter Pipeline

Navigate to Pipelines:

Go to Pipelines > New pipeline.

Select the Repository:

Choose Azure Repos Git and select the relevant repository.

Configure the Pipeline:

Select Starter pipeline and replace the default YAML with the following starter code:

trigger:

- starter

pool:

vmImage: 'windows-latest'

steps:

- task: MicrosoftSecurityDevOps@1

inputs:

command: 'run'

policy: 'azuredevops'

publish: true

Save the Pipeline:

Click on Save and enter starter as the branch name.

Click on Save and run to save the pipeline to the new branch named starter3.

By following these steps,you will have successfully initialized the main branch, installed the Microsoft Security DevOps extension, and created a new starter pipeline named starter1 that includes the specified task

Task 9: Initialize the main branch (if it doesn’t exist) and create a pull request-triggered pipeline for .NET Core build

Step 1: Initialize the main Branch

In your Azure DevOps Project (Project1), navigate to Repos.

In the left menu, click Files.

If you see a message like “This repository is empty,” click Initialize.

Create a README.md file (or another file) and set the default branch name to main.

Click Initialize.

If the main branch already exists, you can skip this step.

Step 2: Create a New Branch for the Pipeline

In Repos > Files, click on the Branches tab.

Click New branch.

Enter:

Branch name: azure-pipelinesT

Based on: main

Click Create.

This creates a new branch named azure-pipelinesT from main.

Step 3: Create the Pipeline YAML File in the New Branch

Switch to the azure-pipelinesT branch.

In Files, click New file.

Name the file: azure-pipelines.yml.

Step 4: Write the YAML Pipeline for .NET Core Build

Here’s a sample YAML file:

trigger: none

pr:

branches:

include:

- main

pool:

vmImage: 'windows-latest'

variables:

buildConfiguration: 'Release'

steps:

- task: UseDotNet@2

displayName: 'Install .NET Core SDK'

inputs:

packageType: 'sdk'

version: '8.x' # Or specify the exact version of .NET Core SDK you need

installationPath: $(Agent.ToolsDirectory)/dotnet

- script: dotnet build src --configuration $(buildConfiguration)

displayName: 'Build .NET Core project'

This pipeline:

Runs only when a pull request is created or updated targeting the main branch.

Uses the windows-latest agent.

Installs the .NET SDK and builds the project in the src directory.

Step 5: Commit the Pipeline File

In the bottom commit message box:

Message: Add PR-triggered pipeline for .NET Core build

Ensure the branch is set to azure-pipelinesT.

Click Commit.

Step 6: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines.

Click New pipeline.

Select:

Azure Repos Git.

Select your repository.

Choose Existing Azure Pipelines YAML file.

In the branch selector, choose the azure-pipelinesT branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and Run to validate.

Step 7: Test the Pipeline Trigger

Create a new branch (e.g., feature/test-pr).

Push a commit and create a pull request targeting main.

Verify that the pipeline runs automatically for this PR in Pipelines.

Azure Automation now ships with the Azure PowerShell module of version 0.8.6, which introduced the ability to non-interactively authenticate to Azure using OrgId (Azure Active Directory user) credential-based authentication. Using the steps below, you can set up Azure Automation to talk to Azure using this authentication type.

Step 1: Find the Azure Active Directory associated with the Azure subscription to manage:

1. Log in to the Azure portal as the service administrator for the Azure subscription you want to manage using Azure Automation. You can find this user by logging in to the Azure portal as any user with access to this Azure subscription, then clicking Settings, then Administrators.

2. Note the name of the directory associated with the Azure subscription you want to manage. You can find this directory by clicking Settings, then Subscriptions.

Step 2: Create an Azure Active Directory user in the directory associated with the Azure subscription to manage:

You can skip this step if you already have an Azure Active Directory user in this directory. and plan to use this OrgId to manage Azure.

1. In the Azure portal click on Active Directory service.

2. Click the directory name that is associated with this Azure subscription.

3. Click on the Users tab and then click the Add User button.

4. For type of user, select “New user in yourorganization.” Enter a username for the user to create.

5. Fill out the user’s profile. For role, pick “User.” Don’t enable multi-factor authentication. Multi-factor accounts cannot be used with Azure Automation.

6. Click Create.

7. Jot down the full username (including part after @ symbol) and temporary password.

Step 3: Allow this Azure Active Directory user to manage this Azure subscription.

1. Click on Settings (bottom Azure tab under StorSimple)

2. Click Administrators

3. Click the Add button. Type the full user name (including part after @ symbol) of the Azure Active Directory user you want to set up to manage Azure. For subscriptions, choose the Azure subscriptions you want this user to be able to manage. Click the check mark.

Step 4: ConfigureAzure Automation to use this Azure Active Directory user to manage this Azure subscription

Create an Azure Automation credential asset containing the username and password of the Azure Active Directory user that you have just created. You can create a credential asset in Azure Automation by clicking into an Automation Account and then clicking the Assets tab, then the Add Setting button.

Note: Once you have set up the Azure Active Directory credential in Azure and Azure Automation, you can now manage Azure from Azure Automation runbooks using this credential.

Step 1: Access Azure DevOps

Open your browser and navigate to https://aex.dev.azure.com .

You will be prompted to sign in. Enter the following credentials:

Username: UserUser1-48901628@cxamUsers.com

Password: aFpJ2j-6M!

Click Next or Sign in to proceed.

Note: If you see any Microsoft security challenge (like phone or email verification), follow the instructions to complete it.

Step 2: Sign Up for Azure DevOps

After signing in, you’ll see a prompt to sign up for Azure DevOps.

Use the default settings provided by Azure DevOps for the sign-up process (region, default name, etc.).

Click Continue or Start free with Azure DevOps.

An Azure DevOps Organization is a container for your projects and resources. Default settings are usually fine for new organizations.

Step 3: Create the Organization

Enter a name for your organization. Azure DevOps will suggest a default name (like yourname or org-name), but you can change it if you prefer.

Verify the region is correct.

Click Continue to create the organization.

Your Azure DevOps organization is now created. It’s the top-level container for all your projects.

Step 4: Create a Private Project Named Project1

In your Azure DevOps portal, find the "New Project" button and click it.

Enter the following details:

Project Name: Project1

Description: (optional)

Visibility: Private

Click Create.

A private project means that only users you add can see or access it. This is important for security and privacy.

Step 5: Enforce Maximum File Size for Repositories

By default, Azure DevOps allows files up to 100 MB to be pushed. To ensure the maximum file size for repositories in Project1 is 2 MB, you can enforce this using a pipeline validation.

Azure DevOps does not provide a direct setting for file size limits. However, you can create a pipeline to validate file size on pull requests and block changes if a file exceeds 2 MB.

Here’s how to do it:

Option 1: Enforce with a pipeline validation for pull requests

In your Project1, create a new pipeline.

Use the following YAML for the pipeline:

yaml

Copy

trigger: none

pr:

branches:

include:

- "*"

jobs:

- job: CheckFileSize

pool:

vmImage: 'ubuntu-latest'

steps:

- script: |

echo "Checking file sizes in the PR..."

git fetch origin +refs/pull/*/merge:refs/remotes/origin/pr/*

large_files=$(git diff --cached --name-only | xargs -I{} du -b {} | awk '$1 > 2097152 {print $2}')

if [ -n "$large_files" ]; then

echo "Error: The following files exceed 2 MB:"

echo "$large_files"

exit 1

fi

displayName: 'Check file sizes in PR'

This pipeline will:

Run on pull requests only.

Check the size of all files in the pull request.

If any file is larger than 2 MB (2,097,152 bytes), it will fail the pipeline and block the PR.

Option 2: Local Git configuration (for each developer)

On each developer’s machine, run this command in their local repository:

bash

Copy

git config --local core.bigFileThreshold 2M

This limits the file threshold for checkout, but does not prevent large files from being pushed. Using the pipeline validation (Option 1) is more secure for team environments.

1. Open Microsoft Azure Portal

2. Log into your Azure account and go to App Service and look under Monitoring then you will see Alert.

3. Select Add an alert rule

4. Configure the alert rule as per belowand click Ok.

Source: Alert on Metrics

Resource Group: az400-9940427-main

Resource: az400-9940427-main

Threshold: 5

Period: Over the last 5 minutes

Webhook: https://contoso.com/notify

1. Open Microsoft Azure Portal

2. Select All Services, and then select DevTest Labs in the DEVOPS section.

3. From the list of labs, select the az400-9940427-dtl1 lab

4. On the home page for your lab, select + Add on the toolbar.

5. Select the Windows Server 2016 Datacenter base image for the VM.

6. Select automation options at the bottom of the page above the Submit button.

7. You see the Azure Resource Manager template for creating thevirtual machine.

8. The JSON segment in the resources section has the definition for the image type you selected earlier.

To store signed images in an Azure Container Registry (ACR) instance and support your planned images while minimizing costs, you need to modify the SKU of your ACR instance to one that supports content trust and image signing. Here’s how you can do it:

Determine the Appropriate SKU:

Content trust and image signing are features of thePremiumservice tier of Azure ContainerRegistry1.

If cost minimization is a priority, ensure that the Premium tier is necessary for your use case. If you require content trust, the Premium tier is the appropriate choice.

Modify the SKU of the ACR Instance:

Navigate to the Azure Portal.

Go to your ACR instanceaz40038443478act1.

SelectUpdatefrom the overview pane.

Choose thePremiumSKU from the SKU drop-down menu2.

Review the changes and pricing, then save the configuration.

By upgrading to the Premium SKU, you’ll be able to store signed images in your ACR instance. Remember to monitor your usage and costs to ensure they align with your budget and requirements.