- (Exam Topic 2)
You administer an Azure DevOps project that includes package feeds.
You need to ensure that developers can unlist and deprecate packages. The solution must use the principle of least privilege.
Which access level should you grant to the developers?

Correct Answer:B
Feeds have four levels of access: Owners, Contributors, Collaborators, and Readers. Owners can add any type of identity-individuals, teams, and groups-to any access level.

Reference:
https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed-permissions

- (Exam Topic 2)
You have an application that consists of several Azure App Service web apps and Azure functions. You need to access the security of the web apps and the functions.
Which Azure features can you use to provide a recommendation for the security of the application?

Correct Answer:D
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.
Recommendations
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.

- (Exam Topic 2)
You are deploying a new application that uses Azure virtual machines.
You plan to use the Desired State Configuration (DSC) extension on the virtual machines.
You need to ensure that the virtual machines always have the same Windows features installed.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:
Step 1: Create a PowerShell configuration file
You create a simple PowerShell DSC configuration file. Step 2: Load the file to Azure Blob storage
Package and publish the module to a publically accessible blob container URL Step 3: Configure the Custom Script Extension on the virtual machines.
The Custom Script Extension downloads and executes scripts on Azure virtual machines. Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
You need to recommend a Docker container build strategy that meets the following requirements
• Minimizes image sues
• Minimizes the security surface area of the final image What should you include m the recommendation?

Correct Answer:A
Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain.
References: https://docs.docker.com/develop/develop-images/multistage-build/

- (Exam Topic 2)
You have an Azure DevOps organization named Contoso.
You have 10 Azure virtual machines that run Windows Server 2019. The virtual machines host an application that you build and deploy by using Azure Pipelines. Each virtual machine has the Web Server (IIS) role installed and configured.
You need to ensure that the web server configurations pin the virtual machines is maintained automatically. The solution must provide centralized management of the configuration settings and minimize management overhead.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:
Step1: Create an Azure Automation account.
An Azure Automation account is required.
Step 2: Install the custom Desired State Configuration (DSC) extension on the virtual machines
Under the hood, and without an administrator having to remote into a VM, the Azure VM Desired State Configuration extension registers the VM with Azure Automation State Configuration.
Step 3: Onboard the virtual machines to the Azure Automation account. Step 4: Complete the Desired State Configuration (DSC) configuration. Create a DSC configuration.
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-onboarding

Does this meet the goal?

Correct Answer:A

- (Exam Topic 2)
You have an Azure Kubernetes Service (AKS) pod.
You need to configure a probe to perform the following actions:
Confirm that the pod is responding to service requests.
Check the status of the pod four times a minute.
Initiate a shutdown if the pod is unresponsive.
How should you complete the YAML configuration file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Box 1: readinessProbe:
For containerized applications that serve traffic, you might want to verify that your container is ready to handle incoming requests. Azure Container Instances supports readiness probes to include configurations so that your container can't be accessed under certain conditions.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-readiness-probe

Does this meet the goal?

Correct Answer:A