- (Exam Topic 2)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You are configuring a build pipeline in Azure Pipelines that will include a task named Task1. Task1 will authenticate by using an Azure AD service principal.
Which three values should you configure for Task1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Correct Answer:BCD
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure

- (Exam Topic 2)
You manage the Git repository for a large enterprise application.
During the development of the application, you use a file named Config.json.
You need to prevent Config.json from being committed to the source control whenever changes to the application are committed.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:
Step 1: Delete and recreate the repository. Step 2: Add Config.json to the .gitignore file
Each line in the .gitignore excludes a file or set of files that match a pattern. Example:
# ignore a single file Config.json
Step 3: Run the git add .gitignore command
At the initial commit we want basically move from Untracked to Staged, for staging we have to indicate which file we want to move or specify a pattern, as example:
Reference:
http://hermit.no/how-to-find-the-best-gitignore-for-visual-studio-and-azure-devops/
https://geohernandez.net/how-to-add-an-existing-repository-into-azure-devops-repo-with-git/

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
Your company has an Azure subscription.
The company requires that all resource group in the subscription have a tag named organization set to a value of Contoso.
You need to implement a policy to meet the tagging requirement.
How should you complete the policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: " Microsoft.Resources/subscriptions/resourceGroups" Box 2: "Deny",
Sample - Enforce tag and its value on resource groups
},
"policyRule": { "if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"not": {
"field": "[concat('tags[',parameters('tagName'), ']')]", "equals": "[parameters('tagValue')]"
}
}
]
},
"then": {
"effect": "deny"
}
}
}
}
References:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/enforce-tag-on-resource-groups

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
You have an Azure DevOps project named Project1 and an Azure subscription named Sub1.
You need to prevent releases from being deployed unless the releases comply with the Azure Policy rules assigned to Sub1.
What should you do in the release pipeline of Project1?

Correct Answer:B
You can check policy compliance with gates.
You can extend the approval process for the release by adding a gate. Gates allow you to configure automated calls to external services, where the results are used to approve or reject a deployment.
You can use gates to ensure that the release meets a wide range or criteria, without requiring user intervention. Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals

- (Exam Topic 2)
You manage a website that uses an Azure SQL Database named db1 in a resource group named RG1lod11566895.
You need to modify the SQL database to protect against SQL injection. To complete this task, sign in to the Microsoft Azure portal.
Solution:
Set up Advanced Threat Protection in the Azure portal
* 1. Sign into the Azure portal.
* 2. Navigate to the configuration page of the server you want to protect. In the security settings, select Advanced Data Security.
* 3. On the Advanced Data Security configuration page:

* 4. Enable Advanced Data Security on the server.
Note: Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create
https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a project in Azure DevOps for a new web application. You need to ensure that when code is checked in, a build runs automatically.
Solution: From the Pre-deployment conditions settings of the release pipeline, you select After stage. Does this meet the goal?

Correct Answer:B
Instead, In Visual Designer you enable continuous integration (CI) by:
Select the Triggers tab.
Enable Continuous integration. References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started-designer