Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
The lead developer at your company reports that adding new application features takes longer than expected due to a large accumulated technical debt.
You need to recommend changes to reduce the accumulated technical debt.
Solution: You recommend reducing the code coupling and the dependency cycles?
Does this meet the goal?
Answer:
B
Instead reduce the code complexity.
Note: Technical debt is the accumulation of sub-optimal technical decisions made over the lifetime of an application. Eventually, it gets harder and harder to change things: it's the 'sand in the gears' that sees IT initiatives grind to a halt.
Reference:
https://dzone.com/articles/fight-through-the-pain-how-to-deal-with-technical https://www.devopsgroup.com/blog/five-ways-devops-helps-with-technical-debt/
Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects.
You need to recommend a strategy for managing technical debt.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
BC
B: With SonarQube pre-approval, you can set quality gate.
C: You can manage technical debt with SonarQube and Azure DevOps.
Note: Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Unless they are managed, technical debt can accumulate and hurt the overall quality of the software and the productivity of the development team in the long term
SonarQube an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to:
✑ Detect Bugs
✑ Code Smells
✑ Security Vulnerabilities
✑ Centralize Quality
✑ What's covered in this lab
Reference:
https://azuredevopslabs.com/labs/vstsextend/sonarqube/
Your company is building a new solution in Java.
The company currently uses a SonarQube server to analyze the code of .NET solutions.
You need to analyze and monitor the code quality of the Java solution.
Which task types should you add to the build pipeline?
Answer:
A
SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps
Services build task.
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
✑ This task is mandatory.
✑ In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Incorrect Answers:
B: CocoaPods is the dependency manager for Swift and Objective-C Cocoa projects.
Note: There are several versions of this question in the exam. The question can have three correct answers:
✑ MSBuild
✑ Maven
✑ Gradle
The question can also have different incorrect options, including:
✑ Chef
✑ Octopus
✑ xCODE
Reference:
https://docs3.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/ https://docs.microsoft.com/en-us/azure/devops/java/sonarqube?view=azure-devops
HOTSPOT -
Your company uses GitHub for source control. GitHub repositories store source code and store process documentation. The process documentation is saved as
Microsoft Word documents that contain simple flow charts stored as .bmp files.
You need to optimize the integration and versioning of the process documentation and the flow charts. The solution must meet the following requirements:
✑ Store documents as plain text.
✑ Minimize the number of files that must be maintained.
✑ Simplify the modification, merging, and reuse of flow charts.
Simplify the modification, merging, and reuse of documents.
Hot Area:
Answer:
Box 1: Markdown (.md)
Github understands several text formats, including .txt and .md. .md stands for a file written in Markdown.
Box 2: Mermaid diagrams -
Mermaid lets you create diagrams and visualizations using text and code.
It is a Javascript based diagramming and charting tool that renders Markdown-inspired text definitions to create and modify diagrams dynamically.
Reference:
https://ourcodingclub.github.io/tutorials/git/
https://mermaid-js.github.io/mermaid/#/
Your company is building a new solution in Java.
The company currently uses a SonarQube server to analyze the code of .NET solutions.
You need to analyze and monitor the code quality of the Java solution.
Which task types should you add to the build pipeline?
Answer:
C
SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps
Services build task.
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
✑ This task is mandatory.
✑ In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Note: There are several versions of this question in the exam. The question can have three correct answers:
✑ MSBuild
✑ Maven
✑ Gradle
The question can also have different incorrect options, including:
✑ Chef
✑ xCODE
✑ CocoaPods
Reference:
https://docs3.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/ https://docs.microsoft.com/en-us/azure/devops/java/sonarqube?view=azure-devops
DRAG DROP -
You are developing a full Microsoft .NET Framework solution that includes unit tests.
You need to configure SonarQube to perform a code quality validation of the C# code as part of the build pipelines.
Which four tasks should you perform in sequence? To answer, move the appropriate tasks from the list of tasks to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Step 1: Prepare Analysis Configuration
Prepare Analysis Configuration task, to configure all the required settings before executing the build.
This task is mandatory.
In case of .NET solutions or Java projects, it helps to integrate seamlessly with MSBuild, Maven and Gradle tasks.
Step 2: Visual Studio Build -
Reorder the tasks to respect the following order:
Prepare Analysis Configuration task before any MSBuild or Visual Studio Build task.
Step 3: Visual Studio Test -
Reorder the tasks to respect the following order:
Run Code Analysis task after the Visual Studio Test task.
Step 4: Run Code Analysis -
Run Code Analysis task, to actually execute the analysis of the source code.
This task is not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build.
Note:
Reference:
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Extension+for+VSTS-TFS
Your company uses Azure DevOps for the build pipelines and deployment pipelines of Java-based projects.
You need to recommend a strategy for managing technical debt.
Which action should you include in the recommendation?
Answer:
B
You can manage technical debt with SonarQube and Azure DevOps.
Note: Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Unless they are managed, technical debt can accumulate and hurt the overall quality of the software and the productivity of the development team in the long term
SonarQube an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to:
✑ Detect Bugs
✑ Code Smells
✑ Security Vulnerabilities
✑ Centralize Quality
✑ What's covered in this lab
Reference:
https://azuredevopslabs.com/labs/vstsextend/sonarqube/
DRAG DROP -
You need to find and isolate shared code. The shared code will be maintained in a series of packages.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Step 1: Create a dependency graph for the application
By linking work items and other objects, you can track related work, dependencies, and changes made over time. All links are defined with a specific link type. For example, you can use Parent/Child links to link work items to support a hierarchical tree structure. Whereas, the Commit and Branch link types support links between work items and commits and branches, respectively.
Step 2: Group the related components.
Packages enable you to share code across your organization: you can compose a large product, develop multiple products based on a common shared framework, or create and share reusable components and libraries.
Step 3: Assign ownership to each component graph
Reference:
https://docs.microsoft.com/en-us/azure/devops/boards/queries/link-work-items-support-traceability?view=azure-devops&tabs=new-web-for m https://docs.microsoft.com/en-us/visualstudio/releasenotes/tfs2017-relnote s
DRAG DROP -
You are creating a NuGet package.
You plan to distribute the package to your development team privately.
You need to share the package and test that the package can be consumed.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Step 1: Configure a self-hosted agent.
The build will run on a Microsoft hosted agent.
Step 2: Create a new Azure Artifacts feed
Microsoft offers an official extension for publishing and managing your private NuGet feeds.
Step 3: Publish the package.
Publish, pack and push the built project to your NuGet feed.
Step 4: Connect to an Azure Artifacts feed.
With the package now available, you can point Visual Studio to the feed, and download the newly published package
Reference:
https://medium.com/@dan.cokely/creating-nuget-packages-in-azure-devops-with-azure-pipelines-and-yaml-d6fa30f0f15e
During a code review, you discover many quality issues. Many modules contain unused variables and empty catch blocks.
You need to recommend a solution to improve the quality of the code.
What should you recommend?
Answer:
B
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.
There is an Apache Maven PMD Plugin which allows you to automatically run the PMD code analysis tool on your project's source code and generate a site report with its results.
Incorrect Answers:
C: xcpretty is a fast and flexible formatter for xcodebuild.
Reference:
https://pmd.github.io
/
