HOTSPOT - (Topic 4)
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: A Build task Trigger a build
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.
✑ Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.
✑ To view the build in progress status, click on ellipsis and select View build results.
Box 2: WhiteSource Bolt
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated denitive database of open source repositories.
References: https://www.azuredevopslabs.com/labs/vstsextend/whitesource/
Does this meet the goal?
Correct Answer:
A
- (Topic 4)
You are integrating an Azure Boards project and a GitHub repository. You need to authenticate Azure Boards to GitHub.
Which two authentication methods can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
CD
DRAG DROP - (Topic 4)
You have an Azure DevOps release pipeline as shown in the following exhibit.
You need to complete the pipeline to configure OWASP ZAP for security testing.
Which five Azure CLI tasks should you add in sequence? To answer, move the tasks from the list of tasks to the answer area and arrange them in the correct order.
Solution:
Defining the Release Pipeline
Once the application portion of the Release pipeline has been configured, the security scan
portion can be defined. In our example, this consists of 8 tasks, primarily using the Azure CLI task to create and use the ACI instance (and supporting structures).
Otherwise specified, all the Azure CLI tasks are Inline tasks, using the default configuration options.
Does this meet the goal?
Correct Answer:
A
- (Topic 4)
Your company is concerned that when developers introduce open source libraries, it creates licensing compliance issues.
You need to add an automated process to the build pipeline to detect when common open source libraries are added to the code base.
What should you use?
Correct Answer:
C
DRAG DROP - (Topic 4)
You are implementing an Azure DevOps strategy for mobile devices using App Center. You plan to use distribution groups to control access to releases.
You need to create the distribution groups shown in the following table.
Which type of distribution group should you use for each group? To answer, drag the appropriate group types to the correct locations. Each group type may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Box1: Private
In App Center, distribution groups are private by default. Only testers invited via email can access the releases available to this group.
Box 2: Public
Distribution groups must be public to enable unauthenticated installs from public links.
Box 3: Shared
Shared distribution groups are private or public distribution groups that are shared across multiple apps in a single organization.
Does this meet the goal?
Correct Answer:
A