CCNA Design and implement build and release pipelines Questions

75 of 461 questions · Page 3/7 · Design and implement build and release pipelines · Answers revealed

151
MCQmedium

You are designing a build pipeline for a Java application that uses Maven. The build must run unit tests and integration tests separately. You want to publish test results to Azure Pipelines. Which task configuration should you use?

A.Use two Gradle tasks, one for unit tests and one for integration tests.
B.Use a single Maven task with goals 'test verify', and configure the task to publish test results.
C.Use two Maven tasks with goals 'test' and 'verify', and configure the Publish Test Results task to publish results from both runs.
D.Use two Visual Studio Test tasks, one for unit tests and one for integration tests.
AnswerC

Correct: Maven can run tests and PublishTestResults can publish results.

Why this answer

Option C is correct because it uses two separate Maven tasks with the 'test' and 'verify' goals, which allows unit tests and integration tests to run independently. The Publish Test Results task is then configured to consume the test result files (typically JUnit XML reports) from both runs, enabling Azure Pipelines to display a unified test summary. This approach aligns with the requirement to run unit and integration tests separately while still publishing all results.

Exam trap

The trap here is that candidates assume a single Maven task with both goals can achieve separation, but Azure Pipelines executes all goals in one run, so the tests are not isolated; the correct approach requires two distinct tasks to enforce separate execution and independent result publishing.

How to eliminate wrong answers

Option A is wrong because Gradle tasks are not applicable; the question specifies a Java application that uses Maven, not Gradle. Option B is wrong because using a single Maven task with goals 'test verify' runs both phases sequentially in the same Maven invocation, which does not satisfy the requirement to run unit tests and integration tests separately. Option D is wrong because Visual Studio Test tasks are designed for .NET test frameworks (e.g., MSTest, xUnit) and cannot directly execute Maven-based Java tests.

152
Multi-Selecthard

Which THREE components are required to set up a self-hosted agent in Azure Pipelines? (Choose three.)

Select 3 answers
A.An Azure Resource Manager service connection
B.A personal access token (PAT) with Agent Pools (read, manage) scope
C.A machine (virtual or physical) to run the agent software
D.The agent software downloaded from the Azure DevOps organization
E.An Azure Active Directory account for the agent
AnswersB, C, D

PAT is required for the agent to authenticate with Azure DevOps.

Why this answer

Options B, C, and D are correct. B: A personal access token (PAT) is needed for authentication. C: The agent must be installed on a machine (Windows, Linux, or macOS).

D: The agent must be configured with the Azure DevOps organization URL and PAT. Option A is wrong because you don't need a service connection; the agent authenticates via PAT. Option E is wrong because Azure Pipelines agents do not require Azure Active Directory; they use PAT or other authentication.

153
MCQhard

Your Azure Pipelines release pipeline deploys to multiple stages. You need to implement a manual approval gate that requires two specific users to approve before deployment proceeds to production. The approval should expire after 8 hours. Which configuration should you use?

A.Pre-deployment conditions: Add approvers (user1, user2) with 'All' policy and set timeout to 480 minutes
B.Pre-deployment conditions: Add approvers (user1, user2) with 'Any one' policy
C.Pre-deployment conditions: Add approvers (user1, user2) with 'All' policy and set 'Allow deployment without approval' to true
D.Post-deployment conditions: Add approvers (team) with 'All' policy
AnswerA

Requires both users to approve with an 8-hour timeout.

Why this answer

Option C is correct because you can add multiple approvers (individuals) and set a timeout for approval. Option A is wrong because requiring 'Any one' allows a single approver. Option B is wrong because 'Team' approval requires the team's collective approval, not two specific individuals.

Option D is wrong because pre-deployment conditions don't support timeout on approvals.

154
MCQhard

You run the Azure CLI command shown in the exhibit as part of a release pipeline to deploy a ZIP package to an Azure App Service. The deployment succeeds, but the app does not start. What is the most likely cause?

A.The app's startup command is not configured
B.The resource group name is incorrect
C.The runtime stack is not specified in the command
D.The deployment slot is not specified
AnswerA

ZIP deploy does not set startup command; needs manual config.

Why this answer

Option B is correct because the ZIP deploy does not set the start command; you need to configure the startup file or command separately. Option A is wrong because the resource group name is only used for identification. Option C is wrong because the command does not require a slot name.

Option D is wrong because the command works without specifying the runtime stack.

155
Multi-Selecteasy

Which TWO of the following are true about multi-stage pipelines in Azure Pipelines?

Select 2 answers
A.Stages can run in parallel if dependencies allow.
B.Each stage can contain only one job.
C.Each stage must run on the same agent.
D.Stages cannot have conditions.
E.They are defined in a single YAML file.
AnswersA, E

Using dependsOn with none.

Why this answer

Multi-stage pipelines are defined in YAML and can include multiple sequential or parallel stages. Option A is correct because YAML is the primary definition. Option C is correct because stages can be parallelized using dependsOn.

Option B is incorrect because stages can run across multiple agents. Option D is incorrect because stages are not limited to one job. Option E is incorrect because stages can have conditions.

156
Multi-Selecthard

Which THREE are valid strategies for managing configuration in a multi-environment CI/CD pipeline?

Select 3 answers
A.Store configuration in environment-specific YAML variable files.
B.Embed configuration values directly into the container image.
C.Hardcode configuration in pipeline scripts for each environment.
D.Use Azure Key Vault references in variable groups.
E.Use variable groups linked to Azure DevOps library.
AnswersA, D, E

You can use variable templates per environment.

Why this answer

Using variable groups, Key Vault references, and environment-specific YAML variable files are all valid. Storing config in the container image is not recommended because it couples the image to an environment. Hardcoding in scripts is bad practice.

157
MCQeasy

Your team uses Azure Pipelines to build a .NET Core application. You notice that the build takes too long because it restores NuGet packages every time. What is the best way to improve build performance?

A.Configure the build to use a self-hosted agent with previously restored packages
B.Use a private agent with a faster network connection
C.Use a Microsoft-hosted agent with a larger SKU
D.Enable the 'Cache' task to cache the NuGet packages folder
AnswerD

Caching packages avoids downloading them each time, significantly speeding up builds.

Why this answer

Option B is correct because caching package restore speeds up builds. Option A is wrong because piped builds are not a concept. Option C is wrong because a hosted agent does not cache by default.

Option D is wrong because a self-hosted agent does not automatically cache.

158
MCQeasy

Your Azure Pipelines build takes 45 minutes. You want to reduce build time by caching dependencies. Which task should you add to the pipeline?

A.PublishBuildArtifacts@1
B.CopyFiles@2
C.DownloadBuildArtifacts@0
D.Cache@2
AnswerD

The Cache task is designed for caching dependencies.

Why this answer

The Cache task allows you to cache folders (like npm packages or NuGet packages) to speed up subsequent runs.

159
Multi-Selectmedium

Which TWO of the following are valid strategies to reduce build times in Azure Pipelines? (Select TWO.)

Select 2 answers
A.Increase the number of retained artifacts.
B.Use a self-hosted agent pool.
C.Use parallel jobs to run tasks concurrently.
D.Use pipeline caching for dependencies.
E.Disable test execution.
AnswersC, D

Parallel execution reduces overall build time.

Why this answer

Options A and C are correct. Pipeline caching (A) avoids re-downloading dependencies; parallel jobs (C) splits work across multiple agents. Option B is wrong because self-hosted agents may not reduce time if not properly sized.

Option D is wrong because increasing artifact retention doesn't affect build time. Option E is wrong because disabling tests may compromise quality.

160
MCQhard

Your company develops a microservices-based application deployed on Azure Kubernetes Service (AKS). The CI/CD pipeline uses Azure Pipelines. The development team has recently adopted a trunk-based development strategy where all feature work is done on short-lived branches that merge to main at least daily. The release pipeline must automatically deploy to a development environment on each commit to main, and to a staging environment after a manual approval. The staging environment is used for integration tests and must remain stable. You need to design the release pipeline strategy to support this workflow. What should you do?

A.Create a single release pipeline with one stage that deploys to both dev and staging simultaneously, and add a manual intervention task before staging deployment.
B.Create a single release pipeline with two stages: 'Dev' triggered automatically on successful build, and 'Staging' with a pre-deployment approval gate.
C.Create two separate release pipelines: one for dev with continuous deployment trigger, and one for staging with a manual trigger.
D.Create a single release pipeline with two stages: 'Dev' triggered automatically, and 'Staging' with a post-deployment approval gate and disable continuous deployment trigger.
AnswerB

This provides automatic deployment to dev and controlled deployment to staging with approval.

Why this answer

Option A is correct: A single release pipeline with multiple stages (dev and staging) and an approval gate on staging meets the requirements. Option B is incorrect because separate pipelines would cause duplication and maintenance overhead. Option C is incorrect because multiple environments in a single stage would not allow different triggers.

Option D is incorrect because disabling CD for staging would require manual promotion, which is not desired.

161
MCQmedium

Your build pipeline uses a self-hosted agent in your on-premises network. The agent pool is configured to use the 'latest' agent version. Recently, a new version of the Azure Pipelines agent was released, and your builds started failing because the new agent requires .NET 6.0, which is not installed on the agent machine. What is the best way to prevent this issue in the future?

A.Configure the agent pool to use a specific agent version (e.g., '2.210.0') and test new versions in a separate pool before updating.
B.Switch to using Microsoft-hosted agents instead of self-hosted.
C.Disable automatic agent updates on the self-hosted agents.
D.Install .NET 6.0 on the agent machine to meet the new requirement.
AnswerA

Pinning the version allows controlled upgrades and testing.

Why this answer

Option C is correct because pinning the agent to a specific major version allows you to control updates and test compatibility before upgrading. Option A is wrong because disabling updates is not recommended and may cause security issues. Option B is wrong because installing .NET 6.0 is a reactive fix, not a preventive measure.

Option D is wrong because using Microsoft-hosted agents avoids the issue but is not always feasible for on-premises needs.

162
MCQhard

Your Azure DevOps release pipeline deploys to Azure Kubernetes Service (AKS). You need to ensure that the deployment is rolled back automatically if the health checks fail within 5 minutes after deployment. The AKS cluster uses a canary deployment strategy. What should you use?

A.Use an Azure CLI task to run 'kubectl rollout undo' in a post-deployment script.
B.Use a Helm upgrade task with --wait and --timeout flags.
C.Use the Kubernetes manifest task with 'canary' deployment strategy and configure 'stabilityCheck' and 'rollback' settings.
D.Use the Kubectl task with a 'rollback' subcommand condition.
AnswerC

The Kubernetes manifest task supports canary deployments with automatic rollback on stability failure.

Why this answer

Option B is correct because the Kubernetes manifest task can be configured with a canary strategy and automatic rollback based on deployment stability checks. Option A is wrong because the Helm task does not natively support canary rollback. Option C is wrong because the Azure CLI task would require custom scripting.

Option D is wrong because the Kubectl task does not have built-in canary rollback.

163
MCQeasy

You need to create a pipeline that triggers only when changes are made to files in the 'src/api' folder. Which trigger configuration should you use?

A.trigger: branches: include: - 'main'
B.trigger: paths: exclude: - 'src/api/*'
C.trigger: tags: include: - 'v*'
D.trigger: paths: include: - 'src/api/*'
AnswerD

Include filter triggers on changes to that path.

Why this answer

Option A is correct because the 'paths' filter with 'include' triggers only for changes in that path. Option B is wrong because 'exclude' would ignore that path. Option C is wrong because 'tags' filter by tag.

Option D is wrong because 'branches' filter by branch.

164
MCQeasy

You are designing a release pipeline for a .NET application. The pipeline must deploy to multiple environments (Dev, Test, Prod) with manual approval at each stage. Which release trigger should you configure for the production stage?

A.Pull request trigger from the main branch.
B.Continuous deployment trigger after a successful build.
C.Manual trigger with pre-deployment approvals.
D.Scheduled trigger set to run nightly.
AnswerC

Manual trigger requires user initiation, and approvals can be added for control.

Why this answer

Option B is correct because a manual trigger with approval ensures that deployment to production only happens after explicit approval. Option A is wrong because continuous deployment trigger would skip approvals. Option C is wrong because scheduled trigger is not appropriate for manual approval.

Option D is wrong because pull request trigger is for builds, not releases.

165
MCQmedium

Your Azure Pipelines build fails intermittently due to transient network errors when downloading NuGet packages. You want to implement retry logic. What is the best approach?

A.Add a PowerShell task that wraps the NuGet restore in a retry loop
B.Increase the number of parallel jobs to average out failures
C.Use a deployment group to deploy the build to a staging environment
D.Configure a build retention policy to automatically retry failed builds
AnswerA

An inline script with retry logic can handle transient errors.

Why this answer

Option C is correct because a retry task with an inline script can handle transient errors. Option A is wrong because a build retention policy does not affect retries. Option B is wrong because parallel jobs do not retry.

Option D is wrong because a deployment group is for deployments, not builds.

166
Multi-Selecteasy

Which TWO triggers can be used to start a pipeline automatically in Azure Pipelines? (Choose two.)

Select 2 answers
A.Pipeline completion trigger
B.Continuous integration (CI) trigger on a branch push
C.Manual trigger via the DevOps portal
D.Schedule trigger
E.Pull request (PR) trigger
AnswersB, E

A push to a branch matching the trigger starts the pipeline.

Why this answer

CI triggers (push to branch) and PR triggers are standard automatic triggers. Option C is wrong because schedule triggers are automatic but not triggered by events. Option D is wrong because pipeline completion trigger is another pipeline, not a direct trigger.

Option E is wrong because manual triggers require human action.

167
Matchingmedium

Match each Azure Pipeline concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Compute resource to run jobs

Logical boundary for pipeline phases

Sequence of steps on a single agent

Atomic build or deployment action

Why these pairings

Core pipeline components in Azure Pipelines.

168
MCQeasy

You are creating a release pipeline that uses Azure Pipelines to deploy to multiple virtual machines. You need to ensure that the deployment runs on each machine in parallel. Which deployment strategy should you use?

A.Blue-green deployment
B.Canary deployment
C.Rolling deployment
D.Run once deployment with parallel execution
AnswerD

Run once with parallel runs the job on all targets simultaneously.

Why this answer

Option D is correct because the 'runOnce' strategy with 'parallel' deployment option runs the job on multiple targets simultaneously. Option A is wrong because rolling strategy updates a subset at a time. Option B is wrong because canary is a phased rollout.

Option C is wrong because blue-green swaps between environments.

169
Multi-Selectmedium

Which TWO are valid strategies for managing secrets in a GitHub Actions workflow?

Select 2 answers
A.Use OpenID Connect to authenticate to Azure without storing any credentials.
B.Hardcode the secret in the YAML file.
C.Set the secret as an environment variable in the runner's shell profile.
D.Base64-encode the secret and include it directly in the workflow file.
E.Store the secret as an encrypted GitHub secret and reference it using ${{ secrets.SECRET_NAME }}.
AnswersA, E

OIDC eliminates the need for stored secrets for Azure authentication.

Why this answer

GitHub secrets and OIDC are both secure methods. Option B is wrong because base64 is not encryption. Option C is wrong because hardcoding is insecure.

Option D is wrong because environment variables are visible.

170
MCQmedium

Your team uses Azure Repos for source control. You need to enforce that all builds must pass unit tests before code can be merged into the main branch. Which branch policy should you configure?

A.Add a build validation policy that triggers the CI pipeline and requires it to succeed.
B.Require a linked work item.
C.Require a minimum number of reviewers.
D.Require comment resolution.
AnswerA

Build validation enforces that the pipeline runs and succeeds before merging.

Why this answer

Option B is correct because a branch policy with a build validation requires a specific build pipeline to succeed before merging. Option A is incorrect because it only requires a review, not a build. Option C is incorrect because commenting is not required.

Option D is incorrect because commit message requirements do not enforce builds.

171
MCQmedium

You are designing a release pipeline for a microservices application where each service is built as a Docker container and deployed to Azure Kubernetes Service (AKS). You want to ensure that each service is deployed independently to the same cluster. The services have dependencies on each other. Which deployment strategy should you use?

A.Canary deployment with traffic splitting via Istio.
B.Immutable infrastructure with new cluster per deployment.
C.Rolling update using Kubernetes Deployment strategies.
D.Blue-green deployment to AKS using Kubernetes namespaces for isolation.
AnswerD

Blue-green allows independent deployment with traffic switching.

Why this answer

Blue-green deployment is ideal for microservices with dependencies because it allows you to deploy a new version of a service alongside the old version and then switch traffic after testing. Rolling updates can cause issues if dependencies are not compatible. Canary releases are gradual but more complex.

Option A is correct because blue-green provides isolation and easy rollback. Option B is not suitable for dependencies. Option C is more for testing.

Option D is simpler but riskier.

172
MCQmedium

Your organization uses Azure Pipelines and requires that all builds be run on Microsoft-hosted agents to reduce maintenance overhead. However, you need to ensure that the build agent has a specific version of Node.js installed that is not available on the standard Microsoft-hosted agents. What should you do?

A.Use a container job that runs a custom Docker image with the required Node.js version.
B.Deploy a self-hosted agent with the required Node.js version.
C.Use a script task to install the specific Node.js version at the start of the pipeline.
D.Request Microsoft to add the Node.js version to their hosted agents.
AnswerC

You can install Node.js temporarily during the pipeline execution.

Why this answer

Option B is correct because you can use a script task to install Node.js using a version manager like nvm or download the required version. Option A is wrong because you cannot install software on a Microsoft-hosted agent permanently. Option C is wrong because self-hosted agents require maintenance.

Option D is wrong because container jobs are possible but require the agent to support containers, and you still need to customise the container image.

173
MCQhard

The pipeline fails because the artifact is empty. What is the most likely cause?

A.The build output is not copied to the staging directory
B.The projects pattern '**/*.csproj' does not match any files
C.The task 'PublishBuildArtifacts@1' is misspelled
D.The artifact name 'drop' is invalid
AnswerA

The build task does not copy output to staging directory.

Why this answer

Option A is correct because the build output is not copied to the staging directory. Option B is wrong because the pattern is likely correct. Option C is wrong because the task name is correct.

Option D is wrong because the artifact name is valid.

174
MCQhard

You are designing a build pipeline that uses Microsoft-hosted agents. The pipeline must build a .NET Framework 4.8 application and run on a Windows agent. Due to compliance, the build must use a specific version of Visual Studio that is not pre-installed on the Microsoft-hosted agents. What should you do?

A.Use a self-hosted agent that has the required version of Visual Studio installed.
B.Build the application inside a Docker container that includes the required Visual Studio version.
C.Specify the 'vsVersion' parameter in the MSBuild task to target the required version.
D.Use the 'Visual Studio Test Platform Installer' task to install the required version at build time.
AnswerA

Self-hosted agents can be configured with specific software requirements.

Why this answer

The only way to ensure a specific version of Visual Studio is to use a self-hosted agent with that version installed. Microsoft-hosted agents have pre-installed software but you cannot customize them to add a specific version not available. Using a Docker container with the required version is a valid approach but requires a self-hosted agent to run the container.

Building with MSBuild alone might not work if the project depends on Visual Studio components.

175
MCQeasy

Your build pipeline uses a self-hosted agent that runs on a Windows machine. The pipeline fails with the error: 'The task 'DotNetCoreCLI' is not supported on this agent.' What is the most likely cause?

A.The agent's execution policy is restricted.
B.The agent does not have the required capabilities (e.g., .NET Core SDK installed).
C.The agent is not authorized to run the pipeline.
D.The agent cannot connect to the internet to download the task.
AnswerB

Correct: Self-hosted agents need capabilities matching task demands.

Why this answer

Option B is correct because the agent's capabilities do not include the required .NET Core SDK. Option A is wrong because the error specifically says the task is not supported, not that execution policy is an issue. Option C is wrong because the error doesn't mention network or credentials.

Option D is wrong because the error is about the task not being supported, not about agent pool access.

176
MCQhard

A company uses Azure Pipelines with YAML-based pipelines stored in a Git repository. The pipeline triggers on every push to the main branch, but the team wants to reduce unnecessary builds when only documentation files are changed. What is the best way to achieve this?

A.Use path filters in the trigger section to exclude 'docs/*' and '*.md' files.
B.Configure branch policy to require a pull request for documentation changes.
C.Add a 'condition' to the pipeline that checks if changed files are documentation.
D.Disable CI trigger and rely on scheduled builds.
AnswerA

Path filters allow excluding specific paths from triggering.

Why this answer

Option D is correct because using path filters with exclude patterns on the main branch trigger prevents builds for specific file changes. Option A is wrong because branch policies do not filter file changes. Option B is wrong because skipping CI entirely is not desirable.

Option C is wrong because conditions evaluate after the pipeline starts, not before.

177
MCQmedium

You have a YAML pipeline that builds a Java project using Maven. The pipeline uses a private artifact feed in Azure Artifacts. You need to authenticate to the feed from the pipeline. Which authentication method should you use?

A.Use the 'PipAuthenticate' task with a pip.conf file.
B.Use the 'npmAuthenticate' task with a .npmrc file.
C.Use the 'MavenAuthenticate' task with a settings.xml file.
D.Use the 'NuGetAuthenticate' task with a nuget.config file.
AnswerC

This task authenticates Maven builds to Azure Artifacts.

Why this answer

Azure Pipelines can use the project-level 'Azure Artifacts' service connection to authenticate to feeds. Option B is correct because it uses the pipeline identity. Option A is for npm.

Option C is for Python. Option D is for NuGet.

178
Multi-Selecteasy

Which TWO are valid types of triggers for a YAML pipeline in Azure Pipelines? (Choose two.)

Select 2 answers
A.Push trigger
B.Scheduled trigger
C.Release trigger
D.PR trigger
E.Pipeline trigger
AnswersA, D

Push trigger runs on commits.

Why this answer

Options A and B are correct. CI triggers (push) and PR triggers are valid YAML triggers. Option C is incorrect because scheduled triggers are defined outside YAML.

Option D is incorrect because release triggers are for release pipelines, not YAML. Option E is incorrect because pipeline triggers are for triggering other pipelines, not directly in YAML.

179
Multi-Selectmedium

Which TWO tools can be used to manage feature flags in Azure DevOps pipelines?

Select 2 answers
A.Azure Policy.
B.LaunchDarkly.
C.Azure App Configuration.
D.Azure Monitor.
E.Azure Key Vault.
AnswersB, C

LaunchDarkly is a popular third-party feature flag service.

Why this answer

Options A and D are correct. Azure App Configuration provides feature management. LaunchDarkly is a third-party tool that integrates.

Options B, C, and E are not feature flag management tools.

180
Multi-Selecthard

You are designing a YAML pipeline that builds a .NET application and publishes it as a NuGet package to Azure Artifacts. Which three tasks should you include in the build stage?

Select 3 answers
A.DotNetCoreCLI@2 with command 'build'
B.NuGetCommand@2 with command 'install'
C.DotNetCoreCLI@2 with command 'restore'
D.DotNetCoreCLI@2 with command 'push'
E.DotNetCoreCLI@2 with command 'pack'
AnswersA, C, E

Correct: Builds the project.

Why this answer

Options A, B, and E are correct. First restore dependencies, then build the project, then pack into a NuGet package. Option C is wrong because NuGet push is not needed in build stage if you push later.

Option D is wrong because NuGet install is for packages.config, not SDK-style projects.

181
Multi-Selectmedium

Which THREE are valid ways to trigger a pipeline in Azure Pipelines using GitHub integration? (Choose three.)

Select 3 answers
A.GitHub App webhooks
B.Polling GitHub on a schedule
C.GitHub pull request events
D.GitHub branch push events
E.Azure Pipelines schedule trigger
AnswersA, C, D

GitHub App sends webhooks to Azure Pipelines.

Why this answer

GitHub branch push triggers, pull request triggers, and GitHub App webhooks are valid methods. Option B is wrong because Azure Pipelines does not support direct polling of GitHub. Option E is wrong because schedule triggers are not GitHub-specific.

182
Matchingmedium

Match each Azure Monitor feature to its use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Application performance monitoring and diagnostics

Query and analyze log data from various sources

Visualize performance metrics from Azure resources

Proactive notifications based on conditions

Why these pairings

Core Azure Monitor components for observability.

183
MCQmedium

You are designing a release pipeline for a containerized application deployed to Azure Kubernetes Service (AKS). You want to implement a strategy where the new version is deployed to a small subset of pods first, and if healthy, gradually rolled out to all pods. Which Kubernetes deployment strategy should you use?

A.Canary deployment
B.Rolling update
C.Blue-green deployment
D.Recreate deployment
AnswerA

Canary deploys to a small subset and gradually shifts traffic based on health.

Why this answer

Option B is correct because a canary deployment releases the new version to a subset of pods and gradually increases traffic. Option A is wrong because rolling update gradually replaces pods but doesn't use traffic splitting for validation. Option C is wrong because blue-green switches all traffic at once.

Option D is wrong because recreate deletes all old pods before creating new ones.

184
MCQhard

You have the YAML pipeline exhibit above. The pipeline fails with: 'The pipeline is not valid. Could not find the template file shared-templates/build-steps.yml.' What is the most likely cause?

A.The checkout step for 'shared-templates' must be before the template reference, which it is.
B.The template file is missing from the shared-templates repository.
C.The template path is incorrect because it should be relative to the repository root; the repository name is 'myorg/shared-templates', so the path should be 'build-steps.yml'.
D.The ref 'refs/heads/main' does not exist in the shared-templates repository.
AnswerC

The path 'shared-templates/build-steps.yml' suggests that the template is in a subfolder, but the repository root is already 'shared-templates'.

Why this answer

Option B is correct because the template path is relative to the repository root, but the repository name includes 'myorg/shared-templates', so the path should be 'build-steps.yml' if it is in the root. Option A is wrong because the template is referenced correctly. Option C is wrong because the ref is correct.

Option D is wrong because checkout order does not affect template resolution.

185
MCQmedium

You have a release pipeline that deploys to multiple stages (Dev, QA, Prod). You want to automatically deploy to Dev and QA after a successful build, but require a manual approval for Prod. Which deployment strategy should you use?

A.Set pre-deployment approvals on the Dev and QA stages.
B.Set pre-deployment approvals on the Prod stage.
C.Use a post-deployment approval on the QA stage.
D.Disable the automatic trigger for all stages.
AnswerB

Why this answer

Pre-deployment approvals control whether a release can start deploying to a stage. By setting a pre-deployment approval on the Prod stage only, Dev and QA will deploy automatically (since they have no approval requirement), while Prod requires manual sign-off before deployment begins. This matches the requirement exactly.

Exam trap

The trap here is confusing pre-deployment approvals with post-deployment approvals, leading candidates to think a post-deployment approval on QA can gate Prod, when in fact only pre-deployment approvals on the target stage (Prod) can prevent its deployment from starting.

Why the other options are wrong

A

That would require approval for Dev and QA, not Prod.

C

Post-deployment approvals occur after deployment, not before.

D

That would stop all automatic deployments.

186
MCQhard

You are designing a release strategy for a critical application that must maintain high availability. You decide to use Azure Traffic Manager to route traffic between deployments in two Azure regions. Your release pipeline deploys the application to the secondary region first, then switches Traffic Manager priority to route traffic to the secondary region while the primary region is updated. This strategy is known as:

A.Blue-green deployment
B.Canary deployment
C.Red/Black deployment
D.Rolling deployment across regions
AnswerD

Correct: This is a rolling deployment that updates regions sequentially with traffic rerouting.

Why this answer

Option B is correct because it describes deploying to a secondary region, switching traffic, then updating primary. Option A is wrong because blue-green deploys a full parallel environment. Option C is wrong because rolling updates update instances gradually.

Option D is wrong because canary releases a small subset.

187
MCQhard

You have a multi-stage YAML pipeline that builds and deploys a containerized application to Azure Kubernetes Service (AKS). The build stage runs successfully, but the deploy stage fails with an error: 'Error: failed to get credentials: context deadline exceeded'. You verify that the AKS cluster is running and that the service connection is valid. What is the most likely cause?

A.The Azure service connection has expired.
B.The service principal used by the pipeline does not have RBAC permissions on the cluster.
C.The container registry is not accessible from the build agent.
D.The build agent's IP address is not allowed by the AKS cluster's network policies.
AnswerD

Network restrictions can cause timeouts when trying to connect to the API server.

Why this answer

Option A is correct because the Kubernetes API server may have a network restriction (e.g., firewall, NSG) blocking the build agent's IP address. Option B is wrong because RBAC issues would produce a permission denied error, not a timeout. Option C is wrong because the service connection is valid per the scenario.

Option D is wrong because the container registry credentials are used for pulling images, not for connecting to AKS.

188
MCQeasy

You are implementing a CI pipeline for a Node.js application. The pipeline must run linting, unit tests, and build the application. Which YAML structure is most appropriate?

A.Define three separate stages: lint, test, build.
B.Define one job with parallel steps using 'parallel' keyword.
C.Define multiple jobs without dependencies.
D.Define one job with multiple steps: lint, test, build.
AnswerD

A single job with sequential steps is the simplest and fastest approach.

Why this answer

Option B is correct because jobs allow multiple steps to run sequentially on the same agent, which is efficient for linting, testing, and building. Option A uses stages but not necessary. Option C runs steps in parallel, which may cause conflicts.

Option D is not valid YAML for Azure Pipelines.

189
MCQhard

Your Azure Pipeline builds a Docker image and pushes it to Azure Container Registry (ACR). You need to ensure that the image is scanned for vulnerabilities before being pushed. Which task should you add to the pipeline?

A.Azure CLI task to run 'az acr scan'
B.Docker task with the 'push' action
C.Container scanning task from Microsoft Defender for Cloud
D.PublishBuildArtifacts task
AnswerC

This task integrates vulnerability scanning for container images in ACR.

Why this answer

Option C is correct because the 'Container scanning' task (from Defender for Cloud) can scan images in ACR for vulnerabilities. Option A is wrong because the 'Docker' task only builds and pushes. Option B is wrong because 'Azure CLI' task can run commands but not built-in scanning.

Option D is wrong because 'PublishBuildArtifacts' publishes files, not scanning.

190
MCQmedium

Your team uses GitFlow with Azure Repos. You need to ensure that every commit to the 'main' branch is built and deployed to production automatically. Which trigger should you configure in your YAML pipeline?

A.Trigger: none
B.trigger: branches: include: - main
C.schedules: - cron: "0 0 * * *" branches: include: - main
D.pr: branches: include: - main
AnswerB

This triggers the pipeline on every commit to main.

Why this answer

Option B is correct because a branch-specific trigger on 'main' will automatically run the pipeline on each commit to that branch. Option A is wrong because a CI trigger on any branch would cause builds on feature branches as well. Option C is wrong because a scheduled trigger runs at specific times, not on commits.

Option D is wrong because PR triggers run on pull requests, not on commits to main.

191
MCQhard

Your release pipeline deploys to Azure App Service using deployment slots. You need to ensure that traffic is gradually shifted to the new slot over 30 minutes, and if performance issues occur, it should automatically roll back. Which deployment strategy should you implement?

A.Use the 'Deploy to Azure App Service' task with the 'Deploy to Slot' option and configure auto-swap with monitoring.
B.Use two separate deployment slots (blue/green) and manually swap after validation.
C.Use a canary deployment with multiple slots and manual approval gate.
D.Use an A/B testing deployment by deploying to two different App Services and routing traffic via Traffic Manager.
AnswerA

Correct: Deployment slots support gradual traffic shift and auto-rollback via monitoring.

Why this answer

Option A is correct because the rolling deployment with traffic shifting and automatic rollback is best achieved using Azure App Service deployment slots with auto-swap and monitoring. Option B is wrong because blue-green with manual swap does not provide gradual traffic shift. Option C is wrong because canary with manual approval does not automate rollback.

Option D is wrong because A/B testing is not a native deployment strategy in Azure Pipelines.

192
MCQeasy

You want to trigger a pipeline automatically when a new commit is pushed to the 'develop' branch of your repository. Which trigger configuration should you use in the YAML pipeline?

A.schedules: - cron: "0 0 * * *" branches: include: - develop
B.pr: branches: include: - develop
C.resources: repositories: - repository: self trigger: branches: include: - develop
D.trigger: branches: include: - develop
AnswerD

This triggers on pushes to develop.

Why this answer

Option A is correct because 'trigger: develop' triggers on pushes to the 'develop' branch. Option B is wrong because 'pr: develop' triggers on pull requests. Option C is wrong because 'schedules' is for cron triggers.

Option D is wrong because 'resources' is for pipeline resources.

193
MCQhard

Your organization has a multi-stage YAML pipeline that builds and deploys a containerized application to Azure Kubernetes Service (AKS). The pipeline uses environment approvals for the production stage. You need to ensure that the container image deployed to production is the same as the one that passed all previous stages. Which strategy should you implement?

A.Publish the container image as a pipeline artifact and reference it from each stage.
B.Use the same image tag in all stages, updating the tag as needed.
C.Enable immutable tags on the container registry to prevent overwrites.
D.Rebuild the container image in each stage to ensure freshness.
AnswerA

Pipeline artifacts are immutable and ensure the same image is used across stages.

Why this answer

Option C is correct because using a pipeline artifact (like the pipeline artifact published during the build stage) ensures the exact same image is used in all stages, preventing rebuilds and ensuring consistency. Option A is wrong because rebuilding in each stage can introduce variations. Option B is wrong because tags can be overwritten.

Option D is wrong because container registries do not enforce immutability by default.

194
Multi-Selectmedium

Which THREE of the following are valid deployment strategies that can be implemented using Azure DevOps release pipelines? (Select THREE.)

Select 3 answers
A.Red-black deployment.
B.Rolling deployment.
C.Blue-green deployment.
D.Canary deployment.
E.Linear deployment.
AnswersB, C, D

Rolling deployment replaces instances incrementally.

Why this answer

Options A, B, and E are correct. A: Rolling deployment updates instances gradually. B: Blue-green deployment uses two environments for switching traffic.

E: Canary deployment releases to a subset before full rollout. C is incorrect because 'red-black' is not a standard term. D is incorrect because 'linear deployment' is not a recognized strategy.

195
MCQeasy

Your release pipeline includes a 'Deploy to App Service' task for a Linux web app. The deployment fails with 'Error: Failed to deploy web package to App Service'. What should you check first?

A.Verify that the deployment slot is correctly configured.
B.Check the Kudu console for errors.
C.Ensure the web.config file is present.
D.Review the App Service diagnostic logs.
AnswerD

Diagnostic logs contain detailed deployment errors.

Why this answer

Option B is correct because App Service logs provide detailed error messages. Option A is wrong because Kudu is for Windows apps, not Linux. Option C is wrong because deployment slots are optional.

Option D is wrong because the web.config is for IIS, not Linux.

196
MCQeasy

You need to run unit tests in your build pipeline and publish the test results to Azure Pipelines. Which task should you use?

A.DotNetCoreCLI task with test command
B.Npm task
C.Publish Test Results task
D.Visual Studio Test task
AnswerC

Publishes test results in formats like TRX, JUnit.

Why this answer

Option B is correct because the 'Publish Test Results' task publishes test results to Azure Pipelines. Option A is wrong because 'Visual Studio Test' runs tests but does not publish to the pipeline. Option C is wrong because 'DotNetCoreCLI' can run tests but needs an additional task to publish results.

Option D is wrong because 'Npm' is for Node.js, not .NET tests.

197
MCQhard

You have a pipeline with the above YAML trigger configuration. A developer pushes changes to a file in 'src/app/config.json' on a branch named 'release/v1'. Which statement is true about the build trigger?

A.The build will be triggered but only if no other builds are running.
B.The build will be triggered.
C.The build will not be triggered because the path filter is too restrictive.
D.The build will not be triggered because the branch is not 'main'.
AnswerB

Both branch and path conditions are satisfied.

Why this answer

Option A is correct because the branch 'release/v1' matches the include pattern 'release/*' and the file path is under 'src/app/'. Option B is wrong because the branch is included. Option C is wrong because the path is included.

Option D is wrong because the trigger will execute.

198
Multi-Selectmedium

A development team is configuring a YAML-based pipeline in Azure Pipelines. The pipeline must meet the following requirements: - Build only the main branch. - Run integration tests after a successful build. - Deploy to a staging environment only if tests pass. - Handle failures gracefully by sending a notification to the team. You need to define the pipeline structure. Which TWO configurations should you include?

Select 2 answers
A.Use a `deployment: Staging` job with `displayName: Deploy to staging`.
B.Define a stage for 'Deploy' with `dependsOn: Test` and `condition: succeeded('Test')`.
C.Set `trigger: main` at the pipeline root.
D.Add `condition: succeeded()` to the build job.
E.Define the trigger in the `resources` section using `pipelines`.
AnswersB, C

This ensures deployment only runs after the Test stage succeeds.

Why this answer

Option B is correct because it defines a 'Deploy' stage that depends on the 'Test' stage and uses `condition: succeeded('Test')` to ensure deployment only occurs after tests pass. This satisfies the requirement to deploy to staging only if tests succeed. Option C is correct because `trigger: main` at the pipeline root configures the pipeline to build only the main branch, meeting the first requirement.

Exam trap

The trap here is that candidates may confuse the `deployment` job keyword (which defines a deployment job but does not enforce stage dependencies) with the stage-level `dependsOn` and `condition` needed to gate deployment on test success, or they may mistakenly place the branch trigger in the `resources` section instead of the root `trigger`.

199
MCQeasy

You need to integrate Azure Pipelines with GitHub to trigger a build when a release is published in GitHub. Which trigger type should you use in the pipeline?

A.pr:
B.trigger:
C.resources: repositories: - repository: self type: github trigger: release: true
D.schedules:
AnswerC

Correct: resources with release trigger.

Why this answer

Option C is correct because Azure Pipelines supports a GitHub release trigger through the `resources` definition, where you specify a `trigger` with `release: true` under the repository configuration. This tells the pipeline to automatically start a build whenever a new release is published in the linked GitHub repository, which directly matches the requirement.

Exam trap

The trap here is that candidates often confuse the `trigger:` keyword (which handles CI branch triggers) with the release trigger syntax, or mistakenly think a simple `trigger:` can be configured to listen for GitHub release events, when in fact it requires the nested `resources` structure with `release: true`.

How to eliminate wrong answers

Option A is wrong because `pr:` is used to trigger builds on pull request events, not on release publications. Option B is wrong because `trigger:` at the pipeline root configures CI triggers for branch pushes or path filters, not for GitHub release events. Option D is wrong because `schedules:` defines cron-based scheduled triggers, which are time-driven and unrelated to GitHub release events.

200
MCQhard

Your release pipeline deploys to Azure App Service using slots. You need to ensure that after swapping, the warmup request is sent to the production slot before traffic is fully routed. What should you configure?

A.Enable auto swap for the deployment slot and configure a custom warmup path.
B.Add a health check to the App Service.
C.Perform a manual swap and then send a warmup request via a script.
D.Configure slot-specific app settings to enable warmup.
AnswerA

Auto swap with warmup sends request to slot before swap.

Why this answer

Option B is correct because auto swap with custom warmup triggers a warmup request to the target slot before swap completes. Option A is wrong because manual swap does not have warmup. Option C is wrong because deployment slot settings are sticky and not swapped.

Option D is wrong because health check is different from warmup.

201
Multi-Selectmedium

Your organization uses Azure Pipelines to deploy a web application to multiple Azure App Service instances across regions. You need to implement a deployment strategy that allows rolling back to the previous version quickly if issues are detected. Which TWO strategies should you recommend?

Select 2 answers
A.Use a rolling update with incremental deployment.
B.Implement a canary deployment with traffic splitting.
C.Store previous deployment artifacts in Azure Blob Storage.
D.Use blue-green deployment with a traffic manager endpoint.
E.Deploy to a staging slot and then swap with production.
AnswersD, E

Blue-green allows switching traffic back to the previous environment.

Why this answer

Option A and Option D are correct. Slot swap allows swapping back to the previous slot. Blue-green deployment with a traffic manager allows switching traffic.

Option B is wrong because redeployment takes time. Option C is wrong because canary is for gradual rollout, not instant rollback. Option E is wrong because it doesn't address rollback.

202
MCQeasy

Refer to the exhibit. The pipeline uses a variable group 'ReleaseVariables' that contains a variable named 'EnvironmentName' with value 'Staging'. What environment will the deployment target?

A.Staging
B.VirtualMachine
C.Production
D.DeployWeb
AnswerC

The pipeline variable 'EnvironmentName' value 'Production' overrides the group.

Why this answer

Variable groups are evaluated first, but in YAML, variables defined later override the group if the same name is used. Here, EnvironmentName is defined in the variable group and then redefined with value 'Production' in the pipeline variables. The pipeline variable overrides the variable group.

So the environment name is 'Production'. Option B is correct.

203
MCQhard

You are designing a multi-stage YAML pipeline in Azure DevOps that builds, tests, and deploys a .NET Core application. The pipeline must use a self-hosted agent pool for compliance. You need to minimize agent idle time while ensuring that the agent is always available for builds. What should you do?

A.Provision a virtual machine scale set with a fixed number of agents
B.Install multiple agents on a single VM to maximize utilization
C.Deploy a scale set agent pool with autoscaling enabled
D.Use a single persistent agent and queue builds when idle
AnswerC

Autoscaling adds or removes agents based on demand.

Why this answer

Option D is correct because scaling set with autoscaling adjusts capacity based on demand. Option A is wrong because scaling set without autoscaling does not minimize idle time. Option B is wrong because persistent agents are always running, causing idle time.

Option C is wrong because multiple agents still run idle if not scaled.

204
Multi-Selectmedium

Which TWO conditions must be met to use multi-stage YAML pipelines with approvals?

Select 2 answers
A.The pipeline must be triggered by a pull request.
B.An environment must be created and approval checks configured on it.
C.The pipeline must have at least one stage defined in a separate release pipeline.
D.The deployment job must reference a specific environment.
E.The pipeline must be created using the classic release editor.
AnswersB, D

Approvals are set on environments.

Why this answer

Correct answers: C and D. C: approvals are configured on environments. D: deployment jobs must reference environments.

A is wrong because YAML pipelines don't require classic release. B is wrong because approvals don't require a separate release pipeline.

205
Multi-Selectmedium

Which TWO actions should be taken to secure secrets in Azure Pipelines? (Choose two.)

Select 2 answers
A.Use secret variables with the 'secret' input type to mask them in logs.
B.Use a variable group without Key Vault integration for easier management.
C.Store secrets directly in the YAML pipeline file.
D.Store secrets in a variable group linked to Azure Key Vault.
E.Disable CI triggers to reduce exposure.
AnswersA, D

Secret variables are masked in logs.

Why this answer

Option A is correct because Azure Pipelines allows you to mark variables as 'secret' by using the 'secret' input type in the pipeline settings UI or by setting `isSecret: true` in YAML. This ensures the variable's value is masked with asterisks in all logs and output, preventing accidental exposure during build or release execution.

Exam trap

The trap here is that candidates may think disabling CI triggers (Option E) reduces secret exposure, but it only affects build automation, not the security of the secrets themselves, which is a common misconception about pipeline security controls.

206
MCQhard

Refer to the exhibit. You have a YAML pipeline with the variables shown. What will be the value of $(Build.BuildNumber) on the first run?

A.1.0.0.0
B.20250101.1
C.1.0.0
D.1.0.1
AnswerB

Default Build.BuildNumber is date-based (yyyymmdd.r).

Why this answer

The counter expression starts at the seed value (0) and increments by 1 each run. On the first run, the counter returns 0, so revision is 0. Build.BuildNumber is not explicitly set, so it defaults to the date-based format (e.g., 20250101.1) unless redefined.

However, the counter is used as a variable, not assigned to Build.BuildNumber. So the script echoes the default Build.BuildNumber, not the counter. But the question asks for the value of $(Build.BuildNumber).

The default Build.BuildNumber is the date-time based number (like 20250101.1). Option D is correct.

207
MCQhard

Refer to the exhibit. A build pipeline uses this trigger configuration. A developer pushes a commit to the 'main' branch that modifies files in '/src/app/' and '/src/tests/'. How many builds will be triggered?

A.1 build, because batchChanges is true.
B.0 builds, because the excluded path takes precedence.
C.3 builds, because maxConcurrentBuildsPerBranch is 1 but batchChanges overrides.
D.2 builds, one for each modified folder.
AnswerA

With batchChanges true, all changes within the same commit are batched into one build. Since there is an included change, the build triggers once.

Why this answer

The trigger includes '/src/*' and excludes '/src/tests/*'. The commit modifies files in both included and excluded paths. Because batchChanges is true, only one build will be queued for the batch.

However, since the commit includes changes to an included path ('/src/app/'), the build will trigger. The excluded path does not prevent the build because there is at least one included change. Thus, only one build will be triggered.

208
MCQmedium

You have a pipeline that uses Azure Repos Git. You need to enforce that all commits to the main branch are associated with a work item. Which branch policy should you enable?

A.Require linked work items
B.Limit merge types
C.Require a minimum number of reviewers
D.Check for comment resolution
AnswerA

This enforces work item association.

Why this answer

Option B is correct because 'Require linked work items' enforces that each commit or PR has a work item. Option A is wrong because it only requires comments. Option C is wrong because it only checks build status.

Option D is wrong because it limits who can push, not work item linking.

209
MCQhard

Refer to the exhibit. You deploy this ARM template using Azure Pipelines. The deployment succeeds, but the storage account is created with a name that is not what you expected. What is the most likely reason?

A.The uniqueString function returns a hash based on the resource group ID, resulting in a non-meaningful name.
B.The storage account name parameter is of type 'string' but the default value is an object.
C.The location parameter uses resourceGroup().location which is not a valid function.
D.The apiVersion '2022-09-01' is too new and causes a naming conflict.
AnswerA

uniqueString generates a deterministic hash, not a descriptive name.

Why this answer

Option C is correct. The 'uniqueString(resourceGroup().id)' function generates a hash based on the resource group ID, not the storage account name parameter. The default value is a hash, not a human-readable name.

Option A is incorrect because the parameter type is string. Option B is incorrect because the default value uses resourceGroup().id, not resourceGroup().location. Option D is not relevant.

210
MCQhard

Your Azure Pipelines build is failing with the error: '##[error]No agent found in pool 'Default' that satisfies the specified demands: Agent.Version -gtVersion 2.200.0'. The pool 'Default' contains agents of various versions. What is the most likely cause?

A.The pipeline YAML has a syntax error in the 'demands' section.
B.The pipeline is configured to run on an agentless job.
C.The 'demands' keyword is not supported in Azure Pipelines.
D.The 'Default' agent pool has no agents with version greater than 2.200.0.
AnswerD

The demand requires a newer agent version not present in the pool.

Why this answer

The demand specifies an agent version greater than 2.200.0, but pool agents are older. Option B is wrong because agentless jobs don't use agents. Option C is wrong because demands are not a syntax error.

Option D is wrong because demands are for selecting agents, not for the pipeline itself.

211
Multi-Selecthard

Which TWO actions are required to securely use Azure Key Vault secrets in an Azure Pipelines build? (Choose 2)

Select 2 answers
A.Set the 'secrets' output variable to 'true' in the pipeline.
B.Use the 'Azure Key Vault' task to download secrets as pipeline variables.
C.Use the 'Environment Variables' section in the pipeline to map secrets.
D.Reference the secret identifier directly in the pipeline YAML.
E.Grant the Azure DevOps service principal 'Get' and 'List' permissions on the Key Vault.
AnswersB, E

The task retrieves secrets and makes them available.

Why this answer

Options A and C are correct. A: The pipeline must have access to the Key Vault via a service connection with Get and List permissions. C: The pipeline can use the 'Azure Key Vault' task to download secrets as pipeline variables, or reference them via variable groups linked to Key Vault.

Option B is wrong because secrets are not passed as environment variables by default. Option D is wrong because secrets are not exposed in logs by default; masking is automatic. Option E is wrong because the secret identifier can be used directly.

212
MCQmedium

Your team uses Azure DevOps to manage a monolithic .NET Framework application that is deployed to on-premises Windows servers. You plan to modernize the application by containerizing it and moving it to Azure Kubernetes Service (AKS). The existing build pipeline uses the .NET Framework build task and MSBuild. The release pipeline uses WinRM-based deployment to copy files to on-premises servers. You need to design a new CI/CD pipeline that builds a Docker image, pushes it to Azure Container Registry (ACR), and deploys it to AKS. Your solution should minimize changes to the existing codebase and leverage Azure Pipelines. What should you do?

A.Keep the existing build pipeline as is, and add a script to build the Docker image in the release pipeline before deploying.
B.Modify the existing build pipeline by adding a 'Docker' task to build and push the image, and modify the release pipeline to use a 'Kubernetes' task for deployment.
C.Create a new build pipeline from scratch using the 'Docker' template and a new release pipeline with the 'Deploy to Kubernetes' template.
D.Use self-hosted agents to build the Docker image and deploy to AKS.
AnswerB

This leverages existing pipelines and minimizes changes.

Why this answer

Option B is correct: Adding a Docker task to build and push, and a Kubernetes task to deploy, minimizes changes. Option A is incorrect because creating a new pipeline from scratch is unnecessary. Option C is incorrect because using a script to build Docker is less integrated.

Option D is incorrect because self-hosted agents are not required for ACR and AKS.

213
MCQeasy

You are designing a build pipeline for a Java application that uses Maven. You want to publish the compiled JAR file as a build artifact. Which task should you use?

A.PublishBuildArtifacts@1
B.Maven@3
C.ArchiveFiles@2
D.CopyFiles@2
AnswerA

This task publishes files as build artifacts.

Why this answer

Option A is correct because the Publish Build Artifacts task publishes files as pipeline artifacts. Option B is wrong because the Copy Files task only copies files within the agent. Option C is wrong because the Maven task builds the project but does not publish artifacts.

Option D is wrong because the Archive Files task creates a zip but does not publish.

214
MCQeasy

You are configuring a release pipeline that deploys to multiple environments (dev, test, prod). You want to ensure that the same build artifact is deployed to each environment without rebuilding. Which type of trigger should you use for the release pipeline?

A.Pull request trigger
B.Continuous integration (CI) trigger
C.Scheduled trigger
D.Build completion trigger
AnswerD

A build completion trigger starts the release pipeline after a build completes, using the same artifact.

Why this answer

Option B is correct because a build completion trigger starts the release pipeline when a build artifact is available, ensuring the same artifact is used across environments. Option A is wrong because a CI trigger starts a new build, not a release. Option C is wrong because a scheduled trigger runs at specific times, not tied to a build.

Option D is wrong because a pull request trigger starts builds for PRs, not releases.

215
MCQhard

Refer to the exhibit. A developer creates a pull request from a branch called 'feature/update'. The workflow runs on the pull_request event. What will the output of this workflow be?

A.The workflow will not run because the branch is not 'main'.
B.The workflow will run and output 'Running PR tests'.
C.The workflow will run but output nothing because the condition fails.
D.The workflow will fail due to a syntax error in the conditional expression.
AnswerB

The event name is 'pull_request', so the condition is true.

Why this answer

The condition checks if github.event_name equals 'pull_request', which is true, so it prints 'Running PR tests'. Option A is wrong because the main branch push would not trigger on PR. Option B is wrong because the event is indeed pull_request.

Option D is wrong because the condition is correct.

216
MCQhard

You have a multi-stage YAML pipeline with stages: Build, Test, and Deploy. The Deploy stage requires approval from a specific user group. You want to ensure that the approval request is sent only after the Test stage completes successfully. Which configuration should you use?

A.Add a manual validation task in the Deploy stage.
B.Define an environment with required approvers and reference it in the Deploy stage.
C.Use the 'condition' keyword: condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
D.Configure branch policies on the main branch.
AnswerB

Why this answer

Option B is correct because Azure Pipelines environments allow you to define required approvers (user groups) that must approve a deployment before it proceeds. By referencing the environment in the Deploy stage, the approval request is automatically triggered only after the preceding Test stage completes successfully, since stages execute sequentially by default.

Exam trap

The trap here is that candidates confuse manual validation tasks (Option A) with environment-based approvals, not realizing that environment approvals are the native, recommended way to enforce stage-level approval gates in YAML pipelines.

Why the other options are wrong

A

Manual validation tasks require a custom script and do not integrate with Azure AD groups for approvals.

C

This condition controls stage execution based on branch, not approvals.

D

Branch policies are for pull requests, not pipeline stages.

217
MCQeasy

You are configuring a YAML build pipeline for a .NET Core application. Which task should you use to restore NuGet packages?

A.NuGetCommand task
B.DotNetCoreCLI task with 'restore' command
C.PowerShell task with dotnet restore
D.NuGetAuthenticate task
AnswerB

Why this answer

The DotNetCoreCLI task with the 'restore' command is the recommended approach for restoring NuGet packages in a YAML build pipeline for a .NET Core application. It directly invokes 'dotnet restore', which is the native .NET CLI command that handles package restoration efficiently and integrates seamlessly with the .NET SDK, ensuring compatibility with project files and dependency resolution.

Exam trap

The trap here is that candidates often choose the NuGetCommand task (A) because they associate 'NuGet' with package restoration, not realizing that .NET Core projects require the DotNetCoreCLI task for proper SDK integration and that the legacy task is deprecated for modern .NET workflows.

Why the other options are wrong

A

NuGetCommand is for classic NuGet scenarios; for .NET Core, DotNetCoreCLI is preferred.

C

While possible, using the dedicated DotNetCoreCLI task is the standard approach.

D

NuGetAuthenticate is for authentication, not restoring packages.

218
Multi-Selecteasy

You are designing a build pipeline for a .NET Core application. The pipeline must run on a self-hosted agent in a private network without internet access. Which TWO actions are required to ensure the build can download NuGet packages?

Select 2 answers
A.Disable the NuGet restore step in the pipeline.
B.Install the NuGet tool on the self-hosted agent machine.
C.Use a Microsoft-hosted agent instead.
D.Configure the self-hosted agent to access Azure Artifacts or an internal NuGet feed.
E.Use the NuGet Authenticate task to authenticate with Azure Artifacts.
AnswersB, D

The agent needs NuGet.exe or dotnet CLI to restore packages.

Why this answer

Option A is correct because the self-hosted agent needs network access to the NuGet feed. Option D is correct because the NuGet tool must be installed on the agent. Options B, C, and E are not required.

219
MCQmedium

Your organization uses GitHub Actions for CI/CD. You need to ensure that secrets used in workflows are not exposed in logs. What should you do?

A.Encrypt the secret with a password before using it.
B.Use the 'echo' command to output the secret and then delete the log.
C.Store the secret in GitHub Secrets and reference it as ${{ secrets.SECRET_NAME }}.
D.Disable logging on the self-hosted runner.
AnswerC

GitHub automatically masks secret values in logs.

Why this answer

Option B is correct because GitHub automatically masks secrets when used in workflows. Option A is wrong because logging to a file still exposes the secret in the log. Option C is wrong because runner logs are stored and could be accessed.

Option D is wrong because encryption does not prevent exposure if the secret is printed.

220
MCQmedium

Your team is adopting Infrastructure as Code (IaC) using Bicep. You need to validate the Bicep file syntax and run pre-deployment checks as part of the build pipeline. Which task should you use?

A.Azure Resource Group Deployment task
B.Terraform task
C.PowerShell task with Invoke-RestMethod
D.Azure CLI task with 'az bicep build'
AnswerD

'az bicep build' validates Bicep syntax.

Why this answer

AzureCLI task can run 'az bicep build' to validate syntax. Option A is wrong because ARM template deployment task deploys, not validates. Option B is wrong because PowerShell task would need manual parsing.

Option D is wrong because Bicep is not directly supported by Terraform tasks.

221
MCQhard

Your organization uses GitHub Flow for source control with a monorepo containing multiple microservices. Each microservice has its own build and test workflow. You need to design a CI/CD strategy that builds and tests only the services affected by a pull request to reduce build times and resource usage. You also need to ensure that all pull requests to the main branch pass required checks before merging. What should you implement?

A.Use a single workflow that builds and tests all microservices on every push to any branch.
B.Set up a webhook that triggers builds manually per service based on pull request comments.
C.Create a single workflow that uses a matrix strategy to build and test each microservice, and run it on every pull request.
D.Use separate workflows for each microservice with path filters (on: pull_request paths:) so that only workflows with changed files are triggered.
AnswerD

Path filters ensure only affected services are built and tested.

Why this answer

Option C is correct: GitHub Actions path filters trigger workflows only when files in specific paths change. Option A is incorrect because building all services every time is wasteful. Option B is incorrect because a single workflow for all services would be monolithic and hard to maintain.

Option D is incorrect because manual triggering defeats automation.

222
MCQmedium

You are designing a build pipeline that uses a combination of tasks. The pipeline must compile code, run unit tests, and then publish code coverage results. Match each task with its appropriate placement in the pipeline order. The tasks are: 'Visual Studio Test', 'Publish Code Coverage Results', 'Visual Studio Build'. The correct order is: 1. Build, 2. Test, 3. Publish coverage.

A.Visual Studio Build
B.Visual Studio Test
C.Publish Code Coverage Results

Why this answer

The correct order is: first build the code using 'Visual Studio Build', then run tests using 'Visual Studio Test', and finally publish code coverage results using 'Publish Code Coverage Results'. This ensures that the code is compiled before testing, and coverage results are available after tests run.

Exam trap

Some candidates may place 'Publish Code Coverage Results' before 'Visual Studio Test', but coverage results are generated during tests, so they must come after.

223
Multi-Selecteasy

Which TWO practices help improve the security of container images in a CI/CD pipeline? (Choose two.)

Select 2 answers
A.Run containers with root privileges to avoid permission issues.
B.Store container images in a public registry for easy access.
C.Sign container images to verify their integrity.
D.Use the 'latest' tag for base images to always get the newest patches.
E.Scan container images for vulnerabilities during the build.
AnswersC, E

Image signing ensures that the image has not been tampered with.

Why this answer

Options A and D are correct. Option A: Scanning images for vulnerabilities as part of the build process helps catch issues early. Option D: Using signed images ensures integrity and trust.

Option B is wrong because using the 'latest' tag can lead to unpredictable updates; pinning to specific versions is more secure. Option C is wrong because storing images in a public registry exposes them to potential attacks; private registries are more secure. Option E is wrong because running containers as root is a security risk.

224
MCQeasy

Your company uses GitHub Actions for CI/CD. The development team wants to automatically create a new GitHub release with release notes whenever a pull request is merged to the main branch. The release notes should include a list of all merged pull requests since the last release. You need to implement this automation. What should you do?

A.Add a workflow triggered on push to main that uses the 'softprops/action-gh-release' action to create a release with auto-generated release notes.
B.Configure a branch protection rule to require a release note file in each pull request.
C.Use a workflow that runs on pull request merge and creates a Git tag, then rely on GitHub to create a release from the tag.
D.Add a step to the existing CI workflow that runs 'gh release create' with a changelog.
AnswerA

This action can automatically generate release notes from merged pull requests.

Why this answer

Option A is correct: The 'softprops/action-gh-release' action creates releases and can generate release notes from merged PRs. Option B is incorrect because tagging manually is not automated. Option C is incorrect because releases are not created by default on tag push.

Option D is incorrect because the 'Create a release' step alone does not generate release notes from merged PRs.

225
MCQeasy

You have a pipeline with the above JSON definition. The build fails with 'The specified configuration 'Release' is not valid'. What is the most likely cause?

A.The configuration value should be 'debug' instead.
B.The buildConfiguration variable is not set.
C.The pipeline definition is in JSON format, which is not supported by Azure Pipelines.
D.The DotNetCoreCLI task requires a specific version.
AnswerC

Azure Pipelines uses YAML, not JSON, for pipeline definitions.

Why this answer

Option C is correct because the variable syntax in YAML is '$(variableName)' but in JSON pipeline (classic) it's '$(variableName)' as well, but the issue is that the variable 'buildConfiguration' might not be defined correctly or the JSON pipeline does not support variable substitution like YAML. However, the exhibit is JSON (classic pipeline). In classic pipelines, variables are referenced as '$(buildConfiguration)' but the JSON snippet is from a YAML pipeline? Actually, the exhibit is JSON but Azure Pipelines uses YAML.

In classic editor, variables are set in UI, not in JSON. The most likely cause is that the JSON format is not valid for Azure Pipelines; Azure Pipelines uses YAML. Option C is correct because Azure Pipelines does not support JSON format for pipeline definitions; it must be YAML.

← PreviousPage 3 of 7 · 461 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Design and implement build and release pipelines questions.