HOTSPOT
-
You use Azure Policy with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows.
You need to recommend best practices to secure the stages of the CI/CD workflows based on the Microsoft Cloud Adoption Framework for Azure.
What should you include in the recommendation for each stage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Incorrect Answer GIT Workflow ---> Protected Branch Secure Deployment credentials --> Keyvault Ref : https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops
answers should be the opposite: 1. protected branches 2. Keyvolt https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops
1. Protected branches 2. Azure Key Vault https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops#restrict-access-to-protected-branches https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops#azure-key-vault If your CI platform supports it, consider storing credentials in a dedicated secret store, for example Azure Key Vault. Credentials are fetched at runtime by the build agent and your attack surface is reduced.
Gotten this in May 2023 exam.
1. Protected branches 2. Azure Key Vault
1. Protected branches 2. Azure Key Vault
1. Protected Branches 2. Azure Key vault These two are right answer
Protected branches Create custom roles for build agents https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/best-practices/secure-devops