Renovate AZ-400 Testing Software 2021

NEW QUESTION 1
During a code review, you discover many quality issues. Many modules contain unused variables and empty catch Modes. You need to recommend a solution to improve the quality o' the code. What should you recommend?

• A. In a Gradle build task, select Run Checkstyle.
• B. In an Xcode build task, select Use xcpretty from Advanced
• C. In a Grunt build task, select Enabled from Control Options.
• D. In a Maven build task, select Run PM

Answer: D

Explanation:
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.
There is an Apache Maven PMD Plugin which allows you to automatically run the PMD code analysis tool on your project's source code and generate a site report with its results.
References: https://pmd.github.io/

NEW QUESTION 2
DRAG DROP
You need to increase the security of your team's development process.
Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security toots to the correct stages. Each security tool may be used once, more than once, or not at all. You may
need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Threat modeling
Threat modeling¡¦s motto should be, ¡§The earlier the better, but not too late and never ignore.¡¨
Box 2: Static code analysis
Validation in the CI/CD begins before the developer commits his or her code. Static code analysis tools in the IDE provide the first line of defense to help ensure that security vulnerabilities are not introduced into the CI/CD process.
Box 3: Penetration testing
Once your code quality is verified, and the application is deployed to a lower environment like development or QA, the process should verify that there are not any security vulnerabilities in the running application. This can be accomplished by executing automated penetration test against the running application to scan it for vulnerabilities.
References: https://docs.microsoft.com/en-us/azure/devops/articles/securityvalidation- cicd-pipeline?view=vsts

NEW QUESTION 3
You plan to create an image that will contain a .NET Core application.
You have a Dockerfile file that contains the following code. (Line numbers are included for reference only.)

You need to ensure that the image is as small as possible when the image is built. Which line should you modify in the file?

• A. 1
• B. 3
• C. 4
• D. 7

Answer: A

Explanation:
Multi-stage builds (in Docker 17.05 or higher) allow you to drastically reduce the size of your final image, without struggling to reduce the number of intermediate layers and files.
With multi-stage builds, you use multiple FROM statements in your Dockerfile. Each FROM instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don¡¦t want in the final image.
References: https://docs.docker.com/develop/develop-images/multistage-build/#usemulti- stage-builds

NEW QUESTION 4
HOTSPOT
Your company is building a new web application.
You plan to collect feedback from pilot users on the features being delivered. All the pilot users have a corporate computer that has Google Chrome and the Microsoft Test & Feedback extension installed. The pilot users will test the application by using Chrome.
You need to identify which access levels are required to ensure that developers can request and gather feedback from the pilot users. The solution must use the principle of least privilege.
Which access levels m Azure DevOps should you identify? To answer, select the
appropriate options in the answer area
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Basic
Assign Basic to users with a TFS CAL, with a Visual Studio Professional subscription, and to users for whom you are paying for Azure Boards & Repos in an organization.
Box 2: Stakeholder
Assign Stakeholders to users with no license or subscriptions who need access to a limited set of features.
Note:
You assign users or groups of users to one of the following access levels: Basic: provides access to most features
VS Enterprise: provides access to premium features
Stakeholders: provides partial access, can be assigned to unlimited users for free References: https://docs.microsoft.com/enus/ azure/devops/organizations/security/access-levels?view=vsts

NEW QUESTION 5
DRAG DROP
You need to use Azure Automation Sure Configuration to manage the ongoing consistency of virtual machine configurations.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in
the correct order.
NOTE: More than one order of answer choices in correct. You writ receive credit for any of the orders you select.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Assign the node configuration.
You create a simple DSC configuration that ensures either the presence or absence of the Web-Server Windows Feature (IIS), depending on how you assign nodes. Step 2: Upload a configuration to Azure Automation State Configuration.
You import the configuration into the Automation account. Step 3: Compiling a configuration into a node configuration Compiling a configuration in Azure Automation
Before you can apply a desired state to a node, a DSC configuration defining that state must be compiled into one or more node configurations (MOF document), and placed on the Automation DSC Pull Server.
Step 4: Onboard the virtual machines to Azure State Configuration Onboarding an Azure VM for management with Azure Automation State Configuration
Step 5: Check the compliance status of the node.
Viewing reports for managed nodes. Each time Azure Automation State Configuration performs a consistency check on a managed node, the node sends a status report back to the pull server. You can view these reports on the page for that node.
On the blade for an individual report, you can see the following status information for the corresponding consistency check:
The report status ¡X whether the node is "Compliant", the configuration "Failed", or the node is "Not Compliant" (when the node is in ApplyandMonitor mode and the machine is not in the desired state).
References: https://docs.microsoft.com/en-us/azure/automation/automation-dscgetting- started

NEW QUESTION 6
HOTSPOT
How should you configure the release retention policy for the investment planning applications suite? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Scenario: By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days.
Box 1: Set the default retention policy to 30 days
The Global default retention policy sets the default retention values for all the build pipelines. Authors of build pipelines can override these values.
Box 2: Set the stage retention policy to 60 days
You may want to retain more releases that have been deployed to specific stages. References: https://docs.microsoft.com/enus/ azure/devops/pipelines/policies/retention

NEW QUESTION 7
What should you use to implement the code quality restriction on the release pipeline for the investment planning applications suite?

• A. a trigger
• B. a pre deployment approval
• C. a post-deployment approval
• D. a deployment gate

Answer: B

Explanation:
When a release is created from a release pipeline that defines approvals, the deployment stops at each point where approval is required until the specified approver grants approval or rejects the release (or re-assigns the approval to another user).
Scenario: Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release. References: https://docs.microsoft.com/enus/ azure/devops/pipelines/release/approvals/approvals

NEW QUESTION 8
DRAG DROP
You mc configuring Azure DevOps build pipelines. You plan to use hosted build agents.
Which build agent pool should you use to compile each application type? To answer, drag the appropriate built agent pools to the correct application types. Each butt agent pool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Hosted macOS
Hosted macOS pool (Azure Pipelines only): Enables you to build and release on macOS without having to configure a self-hosted macOS agent. This option affects where your data is stored.
Box 2: Hosted
Hosted pool (Azure Pipelines only): The Hosted pool is the built-in pool that is a collection of Microsoft-hosted agents.
Incorrect Answers:
Default pool: Use it to register self-hosted agents that you've set up.
Hosted Windows Container pool (Azure Pipelines only): Enabled you to build and release inside Windows containers. Unless you're building using containers, Windows builds should run in the Hosted VS2021 or Hosted pools.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-osx

NEW QUESTION 9
HOTSPOT
You have a project Azure DevOps.
You plan to create a build pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secretes stored in Azure Key Vault.
Yu need to ensure that you can dynamically generate the resource ID of the key vault during template deployment.
What should you include in the template? To answer, select eh appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 10
DRAG DROP
You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.
You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enaWed and uses a custom service principal.
Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the coned order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11
DRAG DROP
You need to implement the code flow strategy for Project2 in Azure DevOps. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Create a repository
A Git repository, or repo, is a folder that you've told Git to help you track file changes in. You can have any number of repos on your computer, each stored in their own folder.
Step 2: Create a branch
Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards. Step 3: Add a build validation policy
When a build validation policy is enabled, a new build is queued when a new pull request is created or when changes are pushed to an existing pull request targeting this branch. The build policy then evaluates the results of the build to determine whether the pull request can be completed.
Scenario:
Implement a code flow strategy for Project2 that will: Enable Team2 to submit pull requests for Project2.
Enable Team2 to work independently on changes to a copy of Project2.
Ensure that any intermediary changes performed by Team2 on a copy of Project2
will be subject to the same restrictions as the ones defined in the build policy of Project2.

References: https://docs.microsoft.com/en-us/azure/devops/repos/git/manage-yourbranches

NEW QUESTION 12
You plan to share packages that you wrote, tested, validated, and deployed by using Azure Artifacts.
You need to release multiple builds of each package by using a single feed. The solution must limit the release of packages that are in development.
What should you use?

• A. global symbols
• B. local symbols
• C. upstream sources
• D. views

Answer: C

Explanation:
Upstream sources enable you to manage all of your product's dependencies in a single feed. We recommend publishing all of the packages for a given product to that product's feed, and managing that product's dependencies from remote feeds in the same feed, via upstream sources. This setup has a few benefits:
„hSimplicity: your NuGet.config, .npmrc, or settings.xml contains exactly one feed (your feed).
„hDeterminism: your feed resolves package requests in order, so rebuilding
the same codebase at the same commit or changeset uses the same set of packages
„hProvenance: your feed knows the provenance of packages it saved via upstream sources, so you can verify that you're using the original package, not a custom or malicious copy published to your feed
„hPeace of mind: packages used via upstream sources are guaranteed to be saved in the feed on first use; if the upstream source is disabled/removed, or the remote feed goes down or deletes a package you depend on, you can continue to develop and build
References: https://docs.microsoft.com/enus/ azure/devops/artifacts/concepts/upstream-sources?view=vsts

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a project in Azure DevOps for a new web application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select Batch changes while a build is in progress.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Use a Pull request trigger. Note: Batch changes
Select this check box if you have a lot of team members uploading changes often and you want to reduce the number of builds you are running. If you select this option, when a build is running, the system waits until the build is completed and then queues another build of all changes that have not yet been built.
References: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers

NEW QUESTION 14
You use Azure SQL Database Intelligent Insights and Azure Application Insights foe monitoring.
You need to write ad-hoc Queries against the monitoring data. Which Query language should you use?

• A. PL/pgSQL
• B. Transact-SQL
• C. Azure Log Analytics
• D. PL/SQL

Answer: C

Explanation:
Data analysis in Azure SQL Analytics is based on Log Analytics language for your custom querying and reporting.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql

NEW QUESTION 15
You need to recommend a Docker container build strategy that meets the following requirements
¡E Minimizes image sues
¡E Minimizes the security surface area of the final image What should you include m the recommendation?

• A. multi-stage builds
• B. single-stage builds
• C. PowerShell Desired State Configuration (DSC)
• D. Docker Swarm

Answer: A

Explanation:
Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. References: https://docs.docker.com/develop/develop-images/multistage-build/

NEW QUESTION 16
Your company . concerned that when developers introduce open source Libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?

• A. Code Style
• B. Microsoft Visual SourceSafe
• C. Black Duck
• D. Jenkins

Answer: C

Explanation:
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSource would also be a good answer, but it is not an option here. References:
https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs

NEW QUESTION 17
HOTSPOT
How should you complete the code to initialize App Center in the mobile application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection a worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Scenario: Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use.
In order to use App Center, you need to opt in to the service(s) that you want to use, meaning by default no services are started and you will have to explicitly call each of them when starting the SDK.
Insert the following line to start the SDK in your app's AppDelegate class in the didFinishLaunchingWithOptions method.
MSAppCenter.start("{Your App Secret}", withServices: [MSAnalytics.self, MSCrashes.self])
References: https://docs.microsoft.com/en-us/appcenter/sdk/getting-started/ios

NEW QUESTION 18
DRAG DROP
You need to configure Azure Automation for the computers in Pool7.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them m the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to create a release pipeline that will deploy Azure resources by using Azure Resource Manager templates. The release pipeline will create the following resources:
„hTwo resource groups
„hFour Azure virtual machines in one resource group
„hTwo Azure SQL databases in other resource group
You need to recommend a solution to deploy the resources.
Solution: Create a main template that has two linked templates, each of which will deploy the resource in its respective group.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
To deploy your solution, you can use either a single template or a main template with many related templates. The related template can be either a separate file that is linked to from the main template, or a template that is nested within the main template.
References: https://docs.microsoft.com/en-us/azure/azure-resourcemanager/resource-group-linked-templates

NEW QUESTION 20
Your company builds a multi tier web application.
>You use Azure DevOps and host the production application on Azure virtual machines.
Your team prepares an Azure Resource Manager template of the virtual machine that you mil use to test new features.
You need to create a staging environment in Azure that meets the following requirements:
¡E Minimizes the cost of Azure hosting
¡E Provisions the virtual machines automatically
¡E Use* the custom Azure Resource Manager template to provision the virtual machines
What should you do?

• A. In Azure DevOps, configure new tasks in the release pipeline to create and delete the virtual machines m Azure DevTest Labs.
• B. From Azure Cloud Shell, run Azure PowerShell commands to create and delete the new virtual machines in a staging resource group.
• C. In Azure DevOps, configure new tasks in the release pipeline to deploy to Azure Cloud Services.
• D. In Azure Cloud Shell, run Azure CLI commands to create and delete the new virtual machines in a staging resource group.

Answer: A

Explanation:
You can use the Azure DevTest Labs Tasks extension that's installed in Azure DevOps to easily integrate your CI/CD build-and-release pipeline with Azure DevTest Labs. The extension installs three tasks:
„hCreate a VM
„hCreate a custom image from a VM
„hDelete a VM
The process makes it easy to, for example, quickly deploy a "golden image" for a specific test task and then delete it when the test is finished.
References: https://docs.microsoft.com/en-us/azure/lab-services/devtest-labintegrate- ci-cd-vsts

NEW QUESTION 21
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?

• A. PDM
• B. OWASPZAP
• C. WhiteSource
• D. Jenkins

Answer: C

NEW QUESTION 22
Your company has an on-premises Bitbucket Server that is used for Git-based source control. The server is protected by a firewall that blocks inbound Internet traffic.
You plan to use Azure DevOps to manage the build and release processes Which two components are required to integrate Azure DevOps and Bitbucket? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one port.

• A. an External Git service connection
• B. a Microsoft hosted agent
• C. service hooks
• D. a self- hosted agent
• E. a deployment M group

Answer: AD

Explanation:
When a pipeline uses a remote, 3rd-party repository host such as Bitbucket Cloud, the repository is configured with webhooks that notify Azure Pipelines Server or TFS when code has changed and a build should be triggered. Since on-premises installations are normally protected behind a firewall, 3rd-party webhooks are unable to reach the on-premises server. As a workaround, you can use the External Git repository type which uses polling instead of webhooks to trigger a build when code has changed.
References: https://docs.microsoft.com/enus/ azure/devops/pipelines/repos/pipeline-options-for

NEW QUESTION 23
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that m.ght meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you win NOT be able to return to it. As a result, these questions win not appear in the review screen.
You integrate a cloud- hosted Jenkins server and a new Azure DevOps deployment You need Azure DevOps to send a notification to Jenkins when a developer commits changes to a branch in Azure Repos.
Solution: You create a service hook subscription that uses the code pushed event. Does this meet the goal?

• A. Yes
• B. NO

Answer: A

Explanation:
You can create a service hook for Azure DevOps Services and TFS with Jenkins. References:
https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins

NEW QUESTION 24
DRAG DROP
You need to recommend project metrics for dashboards in Azure DevOps. Which chart widgets should you recommend for each metric? To answer, drag the
appropriate chart widgets to the correct metrics. Each chart widget may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

Box 1: Lead time
Lead time measures the total time elapsed from the creation of work items to their completion.
Box 2: Cycle time
Cycle time measures the time it takes for your team to complete work items once they begin actively working on them.
Box 3: Burndown
Burndown charts focus on remaining work within a specific time period. Incorrect Answers:
Velocity provides a useful metric for these activities: Support sprint planning
Forecast future sprints and the backlog items that can be completed
A guide for determining how well the team estimates and meets their planned
commitments References:
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/velocityguidance? view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/cycle-time-andlead- time?view=vsts
https://docs.microsoft.com/en-us/azure/devops/report/dashboards/configureburndown- burnup-widgets?view=vsts

NEW QUESTION 25
......