DRAG DROP - (Topic 4)
You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.
You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enaWed and uses a custom service principal.
Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the coned order.
Solution:
Step 1 : az acr create
An Azure Container Registry (ACR) can also be created using the new Azure CLI. az acr create
--name
--resource-group
--sku Basic
Step 2: az ad sp create-for-rbac
Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret.
az ad sp create-for-rbac
--scopes
/subscriptions/
--role Contributor
--name
Step 3: kubectl create
Create a new Kubernetes Secret.
kubectl create secret docker-registry
--docker-server
--docker-email
--docker-username=
--docker-password
References:
https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes
Does this meet the goal?
Correct Answer:
A
DRAG DROP - (Topic 4)
You have an Azure subscription that uses Azure Monitor and contains a Log Analytics workspace.
You have an encryption key.
You need to configure Azure Monitor to use the key to encrypt log data
Solution:
Does this meet the goal?
Correct Answer:
A
- (Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a prefect in Azure DevOps for a new web application. You need to ensure that when code is checked in, a build runs automatically.
Solution: from the Triggers tab of the build pipeline, you select Enable continuous integration
Does the meet the goal?
Correct Answer:
A
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/get-started-designer
- (Topic 4)
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Pipelines to build and test a React js application. You have a pipeline that has a single job.
You discover that installing JavaScript packages from npm takes approximately five minutes each time you run the pipeline.
You need to recommend a solution to reduce the pipeline execution time. Solution: You recommend enabling parallel jobs for the pipeline.
Does this meet the goal?
Correct Answer:
B
Instead enable pipeline caching.
Note:
npm-cache is a command line utility that caches dependencies installed via npm, bower, jspm and composer.
It is useful for build processes that run [npm|bower|composer|jspm] install every time as part of their build process. Since dependencies don't change often, this often means slower build times. npm-cache helps alleviate this problem by caching previously installed dependencies on the build machine.
Reference: https://www.npmjs.com/package/npm-cache
DRAG DROP - (Topic 4)
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: A key Vault advanced access policy
Box 2: RBAC
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
Does this meet the goal?
Correct Answer:
A