You have an Azure DevOps project that contains a build pipeline. The build pipeline uses approximately 50 open source libraries.
You need to ensure that the project can be scanned for known security vulnerabilities in the open source libraries.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Box 1: A Build task
Trigger a build
You have a Java code provisioned by the Azure DevOps demo generator. You will use WhiteSource Bolt extension to check the vulnerable components present in this code.
Go to Builds section under Pipelines tab, select the build definition WhiteSourceBolt and click on Queue to trigger a build.
To view the build in progress status, click on ellipsis and select View build results.
Box 2: WhiteSource Bolt
WhiteSource is the leader in continuous open source software security and compliance management. WhiteSource integrates into your build process, irrespective of your programming languages, build tools, or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource constantly-updated definitive database of open source repositories.
References:
https://www.azuredevopslabs.com/labs/vstsextend/whitesource/

Comment: *

Name: *

Email: *

Verification: *

You have an Azure Repos repository named repo1.
You delete a branch named features/feature11.
You need to recover the deleted branch.
Which three commands should you run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Correct Answer:

Explanation

Comment: *

Name: *

Email: *

Verification: *

You need to configure Azure Automation for the computers in Pool7.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them m the correct order.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv.
To complete this task, sign in to the Microsoft Azure portal.

Correct Answer:

See solution below.
Explanation
You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.
* Sign in to Azure portal
* Locate virtual machine VM1.
* Select Identity
* Enable the system-assigned identity for VM1 by setting the Status to On.

Note: Enabling asystem-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm

Comment: *

Name: *

Email: *

Verification: *

You are designing YAML-based Azure pipelines for the apps shown in the following table

You need to configure the YAML strategy value for each app. The solution must minimize app downtime.
Which value should you configure for each app? To answer, select the appropriate options in the answer area.

Correct Answer:

Explanation
App1 Canary and App2 rolling
App1 Canary would minimize app downtime for the first app, as it would only deploy new code when the canary has confirmed that it is functional - and if there are any issues, it would roll back to the previous version of the code.
App2 rolling would be the second option, as it would allow for frequent deployments of new code, while still giving the developers enough time to fix any issues that may have been introduced during new code deployments.

Comment: *

Name: *

Email: *

Verification: *