You have several Azure Active Directory (Azure AD) accounts.
You need to ensure that users use multi-factor authentication (MFA) to access Azure apps from untrusted networks.
What should you configure in Azure AD?
Answer : D
You can configure a Conditional Access policy that requires MFA for access from untrusted networks.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
Note: This question is partof a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend an integration strategy for the build process of a Java application. The solutionmust meet the following requirements:
The builds must access an on-premises dependency management system.
The build outputs must be stored as Server artifacts in Azure DevOps.
The source code must be stored in a Git repository in Azure DevOps.
Solution:Install and configure a self-hosted build agent on an on-premises machine. Configure the build pipeline to use the Default agent pool. Include the Java Tool Installer task in the build pipeline.
Does this meet the goal?
Answer : B
Instead use Octopus Tentacle.
https://explore.emtecinc.com/blog/octopus-for-automated-deployment-in-devops-models
You have an Azure DevOps organization named Contoso.
Youneed to receive Microsoft Teams notifications when work items are updated.
What should you do?
Answer : A
https://azuredevopslabs.com/labs/vstsextend/teams/
Your company creates a web application.
You need to recommend a solution that automatically sends to Microsoft Teams a dairy summary of the exceptions that occur m the application.
Which two Azure services should you recommend? Eachcorrect answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer : C, E
https://docs.microsoft.com/en-us/azure/azure-monitor/app/asp-net-exceptions
https://docs.microsoft.com/en-us/azure/azure-monitor/app/automate-custom-reports
SIMULATION
You have an Azure subscription that containsAzure DevOps build pipelines.
You to implement pipeline caching by using the cache task
HOW should you complete the YAML definition? TO answer, select the appropriate options in the answer area.
Answer : A
Answer is as below.
You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that all the open source libraries comply with your company's licensing standards.
Which service should you use?
Answer : C
Secure and Manage Open Source Software
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios.
Black Duck Hub and its plugin for Team Foundation Server (TFS) allows you toautomatically find and fix open source security vulnerabilities during the build process, so you can proactively manage risk. The integration allows you to receive alerts and fail builds when any Black Duck Hub policy violations are met.
Note: WhiteSourcewould also be a good answer, but it is not an option here.
https://marketplace.visualstudio.com/items?itemName=black-duck-software.hub-tfs
SIMULATION
Task 6
For Project 1. you need to create a service connection that can be used to deploy resources to the RGHod489Q1628 resource group.
The service connection must use the ManagedJd1 identity and workload identity federation.
Answer : A
Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation
Step 1: Understand the Requirements
You want to deploy resources in the RGHod489Q1628 resource group.
The service connection must:
Use the ManagedJd1 managed identity.
Use workload identity federation (OIDC-based authentication for enhanced security).
Step 2: Verify Prerequisites
You need to ensure:
The ManagedJd1 managed identity exists in your Azure subscription.
Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).
You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.
Step 3: Assign Role to Managed Identity
In the search bar, type Managed Identities and select Managed Identities.
Locate and click on the ManagedJd1 identity.
In the left menu, click Azure role assignments.
Click + Add role assignment.
Set the following:
Scope: Resource Group
Subscription: Your subscription
Resource Group: RGHod489Q1628
Role: Contributor (or appropriate role)
Click Save.
This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.
Step 4: Create a Federated Credential for Workload Identity Federation
In the Azure Portal, navigate to the ManagedJd1 managed identity.
In the left menu, click Workload identity federation (preview).
Click + Add a federated credential.
Configure as follows:
Federated credential name: devops-oidc
Issuer: https://vstoken.actions.githubusercontent.com (or use the default https://pipelines.actions.githubusercontent.com for Azure DevOps)
Subject identifier: Use the following format for Azure DevOps:
css
Copy
system:azuredevops:{organizationName}:{projectName}
For example:
css
Copy
system:azuredevops:{YourOrganizationName}:{Project1}
Audience: api://AzureADTokenExchange
Click Add.
This federated credential establishes trust between your Azure DevOps project and the managed identity.
Step 5: Create a Service Connection in Azure DevOps
Go to your Azure DevOps project (Project1) in the browser.
In the left menu, click Project settings.
Under Pipelines, click Service connections.
Click New service connection.
Choose Azure Resource Manager.
Choose the authentication method:
Select Workload identity federation.
Configure the service connection:
Scope level: Resource Group.
Resource Group: RGHod489Q1628.
Subscription: Your subscription.
Authentication method: Managed Identity with workload identity federation.
Managed Identity: Enter the client ID or select ManagedJd1.
Service connection name: e.g., Project1-RGHod489Q1628-Conn.
Grant access permission to all pipelines (recommended).
Click Save.
Step 6: Validate the Service Connection
After creation, click on the new service connection to Verify it.
Ensure the connection test is successful.
You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.