AZ-400 · Question #130
AZ-400 Question #130: Real Exam Question with Answer & Explanation
Hotspot Explanation: Build and Release Agent Placement > Note: The "Correct: None" display appears to be a rendering artifact. Based on the case study constraints, the correct answer for both dropdowns is "A hosted service" (Microsoft-hosted agents in Azure DevOps). The analysis
Question
Case Study 1 - Litware Overview Existing Environment Litware, Inc. e an independent software vendor (ISV). Litware has a main office and five branch offices. Application Architecture The company's primary application is a single monolithic retirement fund management system based on ASP.NET web forms that use logic written in VB.NET. Some new sections of the application are written in C#. Variations of the application are created for individual customers. Currently, there are more than 80 live code branches in the application's code base. The application was developed by using Microsoft Visual Studio. Source code is stored in Team Foundation Server (TFS) in the main office. The branch offices access the source code by using TFS proxy servers. Architectural Issues Litware focuses on writing new code for customers. No resources are provided to refactor or remove existing code. Changes to the code base take a long time, as dependencies are not obvious to individual developers. Merge operations of the code often take months and involve many developers. Code merging frequently introduces bugs that are difficult to locate and resolve. Customers report that ownership costs of the retirement fund management system increase continually. The need to merge unrelated code makes even minor code changes expensive. Customers report that bug reporting is overly complex. Planned changes Litware plans to develop a new suite of applications for investment planning. The investment planning applications will require only minor integration with the existing retirement fund management system. The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers. Litware plans to move to a more agile development methodology. Shared code will be extracted into a series of packages. Litware has started an internal cloud transformation process and plans to use cloud-based services whenever suitable. Litware wants to become proactive in detecting failures, rather than always waiting for customer bug reports. Technical requirements The company's investment planning applications suite must meet the following requirements: New incoming connections through the firewall must be minimized. Members of a group named Developers must be able to install packages. The principle of least privilege must be used for all permission assignments. A branching strategy that supports developing new functionality in isolation must be used. Members of a group named Team Leaders must be able to create new packages and edit the permissions of package feeds. Visual Studio App Center must be used to centralize the reporting of mobile application crashes and device types in use. By default, all releases must remain available for 30 days, except for production releases, which must be kept for 60 days. Code quality and release quality are critical. During release, deployments must not proceed between stages if any active bugs are logged against the release. The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS. The required operating system configuration for the test servers changes weekly. Azure Automation State Configuration must be used to ensure that the operating system on each test server is configured the same way when the servers are created and checked periodically. Current Technical Issue The test servers are configured correctly when first deployed, but they experience configuration drift over time. Azure Automation State Configuration fails to correct the configurations. Azure Automation State Configuration nodes are registered by using the following command. Hotspot Question Where should the build and release agents for the investment planning application suite run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
Hotspot Explanation: Build and Release Agent Placement
Note: The "Correct: None" display appears to be a rendering artifact. Based on the case study constraints, the correct answer for both dropdowns is "A hosted service" (Microsoft-hosted agents in Azure DevOps). The analysis below is based on that interpretation.
Key Constraint to Anchor Both Answers
"New incoming connections through the firewall must be minimized."
This single requirement drives both answers.
Dropdown 1: Build Agent → A hosted service
Why this is correct: Microsoft-hosted agents run in Azure's infrastructure. They initiate outbound connections to Azure DevOps — no new inbound firewall rules are needed on Litware's network. They also require zero infrastructure management, which aligns with Litware's stated goal of cloud-based services.
Why the alternatives are wrong:
| Option | Why Wrong |
|---|---|
| Source control system | Source control (TFS/Azure Repos) is a storage system, not a compute environment. You don't run build pipelines on it. |
| Developers' computers | Non-deterministic environments, inconsistent tooling, and machines being offline break CI. Violates CI/CD principles. |
Technical concept: Microsoft-hosted agents are ephemeral, pre-configured VMs spun up per pipeline run. All communication is agent → Azure DevOps (outbound), not inbound.
Dropdown 2: Release Agent → A hosted service
Why this is correct: Same firewall reasoning applies. Hosted release agents connect outbound to Azure DevOps to receive release instructions and deploy to targets (Azure services, App Center, etc.). No new inbound ports need to be opened.
The investment planning suite is a new application targeting cloud infrastructure — there's no requirement to reach legacy on-premises systems during release (only minor integration with the retirement system is needed, handled at the application layer, not the agent layer).
Why the alternatives are wrong:
| Option | Why Wrong |
|---|---|
| Source control system | Source control has no role in executing deployments. |
| Developers' computers | Same problems as above, plus deployments from dev machines are a security and auditability risk. |
Technical concept: For releases targeting on-premises resources, a self-hosted agent inside the DMZ is sometimes needed — but here, Litware is building cloud-native apps, so hosted agents are appropriate and minimize network exposure.
Summary
Both agents → hosted service because:
- Outbound-only connections satisfy the firewall minimization requirement
- Litware is cloud-transforming — no on-premises deployment targets for the new suite
- Hosted agents provide consistent, managed environments without Litware needing to provision infrastructure
Topics
Community Discussion
No community discussion yet for this question.