- (Exam Topic 2)
You are designing the security validation strategy for a project in Azure DevOps.
You need to identify package dependencies that have known security issues and can be resolved by an update.
What should you use?

Correct Answer:D
With enterprise level of SonarQube you can use OWASP that runs the security scans for known vulnerabilities. https://www.sonarqube.org/features/security/
https://www.sonarqube.org/features/security/owasp/?gclid=Cj0KCQiAzZL-BRDnARIsAPCJs70Teq0-efI2Hd_h

- (Exam Topic 2)
You plan to onboard 10 new developers.
You need to recommend a development environment that meets the following requirements:
Integrates with GitHub
Provides integrated debugging tools
Supports remote workers and hot-desking environments
Supports developers who use browsers, tablets, and Chromebooks What should you recommend?

Correct Answer:D
Visual Studio Codespaces is built to accommodate the widest variety of projects or tasks, including GitHub and integrating debugging.
Visual Studio Codespaces conceptually and technically extends the Visual Studio Code Remote Development extensions.
In addition to "backend" environments, Visual Studio Codespaces supports these "frontend" editors:
Visual Studio Code
Visual Studio Code-based editor in the browser Reference:
https://docs.microsoft.com/sv-se/visualstudio/codespaces/overview/what-is-vsonline

- (Exam Topic 2)
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Solution:
Box 1: A key Vault advanced access policy

Box 2: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
Creating or deleting a key vault.
Getting a list of vaults in a subscription.
Retrieving Key Vault properties (such as SKU and tags).
Setting Key Vault access policies that control user and application access to keys and secrets. References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure DevOps project.
Your build process creates several artifacts.
You need to deploy the artifacts to on-premises servers.
Solution: You deploy an Azure self-hosted agent to an on-premises server. You add a Copy and Publish Build Artifacts task to the deployment pipeline. Does this meet the goal?

Correct Answer:A
To build your code or deploy your software using Azure Pipelines, you need at least one agent.
If your on-premises environments do not have connectivity to a Microsoft-hosted agent pool (which is typically the case due to intermediate firewalls), you'll need to manually configure a self-hosted agent on on-premises computer(s). The agents must have connectivity to the target on-premises environments, and access to the Internet to connect to Azure Pipelines or Team Foundation Server.
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops

- (Exam Topic 2)
Your company implements an Agile development methodology. You plan to implement retrospectives at the end of each sprint.
Which three questions should you include? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Correct Answer:CDE
https://www.scrum.org/resources/what-is-a-sprint-retrospective

- (Exam Topic 2)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company uses Azure DevOps to manage the build and release processes for applications.
You use a Git repository for applications source control.
You need to implement a pull request strategy that reduces the history volume in the master branch. Solution: You implement a pull request strategy that uses an explicit merge.
Does this meet the goal?

Correct Answer:B
Instead use fast-forward merge. Note:
No fast-forward merge - This option merges the commit history of the source branch when the pull request closes and creates a merge commit in the target branch.
Reference:
https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies