21. You are developing a Microsoft .NET Core application and want to analyze the application to check whether there are any open source libraries with known security vulnerabilities being used. Which of the following products can you use for such an analysis? [Choose two.]
    1. Jenkins
    2. Whitesource Bolt
    3. Snyk
    4. App Center

22. You are currently using (i) JIRA, (ii) GitLab, and (iii) Octopus Deploy for some of your DevOps processes. You want to consolidate your DevOps tools and have chosen to go with Azure DevOps. Which Azure DevOps services should you use to replace these? Choose the correct service to replace these three services. [Match three pairs.]
    1. Azure Pipelines
    2. Azure Repos
    3. Azure Boards
    4. Azure Artifacts
23. You are evaluating different options for build agents. What are valid arguments for opting for private agents over Microsoft Hosted Agents? [Choose two.]
    1. You need custom software to be available on the agent before any job is executed.
    2. You need to ensure that the same environment is used for executing only one pipeline job, before being destructed.
    3. You need direct network connectivity from the build agent to your on-premises network.
    4. You need to ensure that you are always running on up-to-date images.
24. You are responsible for managing the settings of the applications your team deploys to an Azure App Service. Which of the following offerings cannot be used to achieve this?
    1. Azure App Configuration
    2. ARM templates
    3. Azure Policy
    4. Azure Key Vault
25. You are tasked with creating a large number of build pipelines for your team. Almost all pipelines need to have the same structure. Which Azure DevOps Pipelines construct can help you?
    1. Branch Policies
    2. Task Groups
    3. Azure Artifacts
    4. Deployment Groups
26. You are using Entity Framework as the database access layer from your application. You are responsible for managing database upgrades and want to use Entity Framework for this as well, to manage the database schema from code. Which type of schema migration should you use?
    1. Migrations-based
    2. End-state based

27. You need to save your local changes to a Git repository. Which commands do you need to use?
    1. git clone and git push
    2. git commit and git push
    3. git add, git commit, and git push
    4. git add and git commit
28. You need to prevent anyone from merging changes to the master branch if the changes do not compile or any of the unit tests fail. Which of the following can you use to accomplish this?
    1. Branch protection center.
    2. Azure Repos branch policies.
    3. Azure Repos branch security.
    4. This is not possible in Azure DevOps; you need to use another product, for example, GitHub.
29. Your company uses GitHub Enterprise on-premises for hosting source control. For implementing continuous integration and deployment, you are looking to use Azure DevOps. Which of the following components form a complete solution to make this possible? [Choose two.]
    1. An external Git service connection
    2. Opening the firewall for HTTPS connections from Azure Pipelines to GitHub Enterprise
    3. A Git sources proxy for HTTP
    4. On-premises agents
30. A new team joins the company and they have to start work on a new application. They ask you to recommend a branching strategy that allows them to work on multiple features in parallel and deploy a new version at any time, and minimizes the need for merging changes late. Which of the following do you recommend?
    1. Create an eternal branch per team member and cherry-pick commits to merge.
    2. Create a branch per feature and merge this branch upon completion.
    3. Create a branch per task and merge this branch upon completion.
    4. Create and merge a branch as often as possible when a shippable piece of work has been completed.

31. You are tasked with configuring source control for your team in Azure DevOps. Which of the following source control systems do you choose preferably?
    1. TFVC
    2. Git
32. Which of the following is true?
    1. You can have as many Git and TFVC repositories in an Azure DevOps project as you want.
    2. You can have at most one Git repository and at most one TFVC repository in an Azure DevOps project.
    3. You can have at most one TFVC repository and as many Git repositories as you want in your Azure DevOps project.
    4. You can have either Git repositories or TFVC repositories in an Azure DevOps project, but not both at the same time.
33. Your team is creating a mobile application and wants to use App Center for distributing that application to both the App Stores and the testers within the team. Which of the following should you use? [Choose two.]
    1. Invitation-only pre-release groups
    2. Push-to-store integration
    3. Store Connection
    4. Distribution Groups
34. You are creating a series of microservices for a new project. You are looking for a way to manage configuration from a centralized point. There are many configuration settings shared between microservices. Which of the following solutions best fits this use case?
    1. Azure Key Vault
    2. Azure App Configuration
    3. Azure Configuration Center
    4. ARM templates
35. You have to ensure that code cannot be checked into the master branch of a repository when it has not been viewed by at least two people. Which of the following is a complete solution for this? [Choose three.]
    1. Enforce the use of a pull request for merging changes to the master.
    2. Reset approval votes on the pull request for a branch when a new commit is pushed to that branch.
    3. Have a minimum of at least two reviewers, but allow everyone to merge their own changes.
    4. Have a minimum of at least one reviewer, not being the person who opened the pull request.

36. You have to sign the binaries (DLLs) that your team produces so that other teams that consume them can verify the binaries are not altered and really are the binaries originating from your team. You have to store the certificate used for signing securely. Where can you do this and still have the file available for use in your pipeline? If multiple answers fit, choose the simplest solution.
    1. Azure Pipelines Library
    2. Azure Key Vault
    3. Encrypted in source control
    4. Azure DevOps Certificate Store
37. You have to ensure that every build pipeline contains a task group that is pre-shared by your team. Which of the following Azure DevOps constructs can you use to do this?
    1. Pipeline Decorators.
    2. Pipeline Verificators.
    3. Pipeline pre-execution tasks.
    4. This is not possible—you have to implement a manual auditing process.
38. Your sources are stored in a Subversion source control system. You want to move to Azure DevOps Pipelines for continuous integration. You do not want to move your sources and connect from Pipelines to Subversion. Is this possible?
    1. Yes
    2. No
39. The development team is creating a containerized application. The solution needs to be deployed to a Kubernetes cluster in Azure. You need to create the cluster and ensure that the application is running as it should. Select which commands you should perform and place them in the correct order of execution.
    1. kubectl apply
    2. az group create
    3. az aks create
    4. az appservice plan create
    5. kubectl get deployments
    6. az aks get-credentials
    7. kubectl get hpa
    8. az create group
    9. kubectl get services

40. A great advantage of running containers instead of virtual machines is that containers share the operating system kernel. This makes container images also smaller than virtual machine images. Is this correct?
    1. Yes
    2. No