SIMULATION
Task 3
You need to ensure that an Azure Web App named az400-38443478-matn supports rolling upgrades The solution must ensure that only 10 percent of users who connect to az400-38443478 main use updated versions of the app. The solution must minimize administrative effort.
To ensure that your Azure Web App named az400-38443478-main supports rolling upgrades and only 10 percent of users connect to the updated version of the app, you can use deployment slots with the following steps:
Create a Deployment Slot:
Navigate to the Azure Portal.
Go to your Web App az400-38443478-main.
Select Deployment slots in the menu.
Click on Add Slot.
Name the slot (e.g., staging) and if needed, clone settings from the production slot.
Configure the Traffic Percentage:
In the Deployment Slots menu, you will see a column for Traffic %.
Set the traffic percentage to 10% for the staging slot1.
This will route only 10% of the traffic to the updated version of the app in the staging slot.
Deploy the Updated App to the Staging Slot:
Deploy your updated application to the staging slot.
Test the application in the staging slot to ensure it's working as expected.
Complete the Rolling Upgrade:
Once you're satisfied with the performance and stability of the app in the staging slot, you can gradually increase the percentage of traffic until you're ready to swap with the production slot.
To swap slots, go to the Deployment slots menu and click on Swap with the production slot.
By using deployment slots, you can achieve rolling upgrades with minimal administrative effort, as it allows you to test the new version on a subset of users before fully releasing it. Remember to adjust the traffic percentage and monitor the application's performance throughout the process.
SIMULATION
Task 4
You need to configure a virtual machine template in a DevTest Labs environment named az400-38443478-dtl1. The operating system must be based on Windows Server 2016 Datacenter. Virtual machines created from the DevTest Lab must include the Selenium tool and the Google Chrome browser.
To configure a virtual machine template in your DevTest Labs environment named az400-38443478-dtl1 with Windows Server 2016 Datacenter that includes the Selenium tool and the Google Chrome browser, follow these steps:
Create a Custom Image with Windows Server 2016 Datacenter:
In the Azure Portal, go to your DevTest Lab az400-38443478-dtl1.
Navigate to Configuration and policies > Custom images.
Use an existing VM or create a new one with Windows Server 2016 Datacenter.
After setting up the VM, capture it to create a custom image1.
Install Selenium and Google Chrome on the VM:
Connect to the VM via RDP.
Generalize the VM:
Run the sysprep command to generalize the VM, which prepares it to be used as a template.
Shut down the VM after sysprep completes.
Capture the Generalized VM to Create a Template:
In the Azure Portal, navigate to the VM and select Capture.
Provide the required details and create the image.
Add Selenium and Google Chrome Artifacts to the Template:
Go back to the DevTest Lab az400-38443478-dtl1.
Select Artifacts and add Selenium and Google Chrome artifacts to the template.
Ensure these artifacts are configured to install during the VM creation process.
Create VMs from the Template:
Now, when you create a new VM in the DevTest Lab, select the custom image you created.
The VM will be provisioned with Windows Server 2016 Datacenter, and the Selenium tool and Google Chrome browser will be installed automatically.
By following these steps, you can ensure that all virtual machines created from this template in your DevTest Lab will have the required operating system, tools, and browser installed. Remember to replace placeholder names with the actual names of your resources where necessary.
SIMULATION
Task 5
You plan to stoic signed images in an Azure Container Registry instance named az40038443478act1.
You need to modify the SKU for az40038443478aa1 to support the planned images. The solution must minimize costs.
To store signed images in an Azure Container Registry (ACR) instance and support your planned images while minimizing costs, you need to modify the SKU of your ACR instance to one that supports content trust and image signing. Here's how you can do it:
Determine the Appropriate SKU:
If cost minimization is a priority, ensure that the Premium tier is necessary for your use case. If you require content trust, the Premium tier is the appropriate choice.
Modify the SKU of the ACR Instance:
Navigate to the Azure Portal.
Go to your ACR instance az40038443478act1.
Select Update from the overview pane.
Choose the Premium SKU from the SKU drop-down menu2.
Review the changes and pricing, then save the configuration.
By upgrading to the Premium SKU, you'll be able to store signed images in your ACR instance. Remember to monitor your usage and costs to ensure they align with your budget and requirements.
SIMULATION
Task 6
You have an Azure function hosted in an App Service plan named az400-38443478-funct
You need to configure az400 38443478-funcl lo update the functions automatically whenever new code is committed to the main branch of https://githubcom/Azure-Samples/functions-quickstart.
NOTE: Access to GitHub is blocked in the exam environment. Access to GitHub is NOT required to complete the task successfully.
To configure your Azure Function az400-38443478-funct to automatically update whenever new code is committed to the main branch of the specified GitHub repository, you can use GitHub Actions for continuous deployment. Here's how to set it up:
Create a GitHub Actions Workflow:
In your GitHub repository, navigate to the .github/workflows/ directory.
Create a new file for your workflow (e.g., azure-function-cd.yml).
Define the Workflow:
In the workflow file, define the steps for the build and deployment process.
Use the Azure/functions-action to deploy to your Azure Function App.
Set up triggers for the main branch to initiate the workflow on every commit.
Generate Deployment Credentials:
In the Azure Portal, navigate to your Function App az400-38443478-funct.
Download the publish profile from the Overview section by clicking on Get publish profile.
Store the Publish Profile as a GitHub Secret:
In your GitHub repository, go to Settings > Secrets and variables > Actions.
Create a new secret (e.g., AZURE_FUNCTIONAPP_PUBLISH_PROFILE) and paste the content of the publish profile.
Configure the Workflow to Use the Secret:
In the workflow file, reference the secret to authenticate the deployment to Azure.
Here's a sample GitHub Actions workflow snippet:
name: Deploy Azure Function
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python version
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install dependencies
run: |
pip install -r requirements.txt
- name: Deploy to Azure Functions
uses: Azure/functions-action@v1
with:
app-name: az400-38443478-funct
publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }}
package: .
Replace the app-name with the name of your Azure Function App and ensure the Python version and dependencies match your application's requirements.
By following these steps, your Azure Function will automatically update whenever new code is pushed to the main branch of the GitHub repository. This setup minimizes manual effort and ensures that your function app is always running the latest code.
SIMULATION
Task 7
You need to prepare a network security group (NSG) named az400 38443478 nsgl to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet
To prepare a Network Security Group (NSG) named az400-38443478-nsg1 for hosting an Azure DevOps pipeline agent, while allowing only the required outbound port for Azure DevOps and denying all other inbound and outbound access to the Internet, follow these steps:
Create the NSG:
Navigate to the Azure Portal.
Go to Network Security Groups and click on + Create.
Fill in the details, including the name az400-38443478-nsg1, and create the NSG.
Configure Outbound Security Rules:
Once the NSG is created, go to its settings.
Navigate to Outbound security rules.
Click on + Add to create a new rule.
Set the Destination port ranges to 443, which is the required port for Azure DevOps12.
Set the Protocol to TCP.
Set the Action to Allow.
Assign a Priority number (e.g., 100) that does not conflict with existing rules.
Provide a meaningful Name for the rule (e.g., AllowAzureDevOps).
Configure Default Rules to Deny All Other Traffic:
In the same Outbound security rules section, edit the default rule to deny all traffic.
Change the Action to Deny for the rule with the lowest priority (highest number).
Ensure that this rule applies to all protocols, source and destination IP ranges, and port ranges.
Associate the NSG with the Appropriate Resource:
Associate the NSG with the subnet or network interface of the virtual machine or resource where the Azure DevOps pipeline agent will be hosted.
By following these steps, you will ensure that the Azure DevOps pipeline agent can communicate with Azure DevOps services over the required port while blocking all other inbound and outbound Internet access, adhering to the principle of least privilege and security best practices.
Lindsay
15 hours agoBev
10 days agoGwenn
15 days agoGlendora
16 days agoVernell
1 months agoAlison
1 months agoMarguerita
1 months agoLacresha
2 months agoSalley
2 months agoJanae
2 months agoYoulanda
3 months agoAmber
3 months agoTyisha
4 months ago