50 Microsoft DevOps Engineer Expert Practice Questions: Question Bank 2025

Your team uses Azure Boards and Azure Repos. Management wants pull requests to automatically link to work items and enforce a consistent PR description template. What should you implement?

You need to ensure a release can be traced from an Azure DevOps work item through commits, builds, and deployments. Which approach best supports end-to-end traceability?

You maintain a mono-repo in Azure Repos with multiple services. You want a build pipeline to run only when files under /src/serviceA change, and not when unrelated paths change. What should you configure?

A team wants to adopt trunk-based development in Azure Repos and minimize long-lived branches. Which practice best aligns with trunk-based development?

Your YAML pipeline uses a Microsoft-hosted agent. A build suddenly fails because a required tool is missing on the agent image. You need to make builds deterministic and reduce dependence on agent image changes. What should you do?

You need to deploy an Azure Web App to multiple environments (dev, test, prod) using the same YAML pipeline while ensuring environment-specific settings are applied securely. What is the recommended design?

A security team requires that any pipeline deploying to production must have an auditable approval step and must block deployment if a required check (for example, a service health signal) fails. What should you use in Azure DevOps?

Your application is instrumented with Application Insights. After a recent deployment, users report intermittent slow requests. You need to quickly isolate whether the slowdown is caused by a dependency (for example, SQL or an HTTP call) and identify the failing component across distributed services. What should you use?

You use GitHub repos and Azure Pipelines. The security team mandates that production deployments must only be triggered by changes that are cryptographically verified as coming from your organization and must be protected from compromised developer workstations. Which design best meets the requirement?

You manage multiple microservices. Each service has its own YAML pipeline. You need to standardize build steps (restore, test, scan, publish) across all pipelines and enforce changes through code review, while still allowing service-specific customization. What should you implement?

Your team uses Azure Boards and Azure Repos. Leadership wants every pull request (PR) to be traceable to a business requirement and for work item status to automatically update when code is merged. What should you implement?

You need to restrict an Azure DevOps Git repository so that the default branch history cannot be rewritten and all changes must flow through PRs. Which configuration best meets the requirement?

A pipeline uses a secret stored in Azure Key Vault. You must ensure the secret is not written to logs and cannot be exfiltrated by a malicious script in the pipeline. Which approach is MOST appropriate?

You manage a monorepo containing multiple independent services. You need to reduce CI cost by triggering builds only when files for a specific service change. What should you use in Azure Pipelines?

A YAML pipeline publishes a web app artifact that must be deployed to multiple environments. You want environment-specific settings without rebuilding artifacts for each environment, and you need auditability of deployments. What is the recommended design?

Your organization must enforce that all Azure resources created by pipelines comply with mandatory tags and approved regions. You want prevention (not just reporting) during deployments. Which solution best fits?

A release to production succeeded, but customers report intermittent failures. You need to correlate failures across multiple microservices and quickly find the end-to-end transaction path. Which instrumentation capability should you implement?

You need to allow external contributors to propose changes, but you must prevent untrusted code from accessing secrets in your Azure Pipelines. What is the best approach?

You are migrating from TFVC to Git in Azure Repos. The current workflow relies on exclusive file locking and large binary assets. Developers also need to collaborate on branching and merging more frequently. Which design is MOST appropriate?

A regulated environment requires separation of duties: developers can author pipeline code but cannot deploy to production. Deployments must require an auditable approval and must only use artifacts produced by the main branch. Which combination best meets these requirements in Azure Pipelines?

Your team uses Azure Boards and Azure Repos (Git). Management asks for a lightweight process that ensures every pull request is linked to a work item and automatically transitions the work item to "Done" when the PR is completed and merged. What should you implement?

You are troubleshooting a YAML pipeline that should run only when files under /src are modified. The pipeline triggers on every commit, including documentation-only changes. Which configuration should you use?

A development team wants to prevent accidental pushes directly to the main branch while still allowing CI builds on feature branches. What is the best approach in Azure Repos?

Your organization requires that all deployment approvals be tied to an auditable identity and that the same checks apply across multiple pipelines deploying to the same environment. What should you use in Azure DevOps?

A repository contains several microservices. You need to speed up builds by running only the service pipelines affected by a change. The team uses Azure Pipelines YAML. What is the recommended solution?

You must enforce that all infrastructure changes in Azure are performed through code and reviewed, and you need an audit trail of who approved the change. Which approach best meets the requirement?

A team wants to measure deployment frequency and lead time for changes using Azure DevOps. They also want dashboards visible to both engineering and leadership. Which feature should you recommend?

You have multiple Azure Pipelines that need to deploy to the same AKS cluster. Security requires that cluster access is not granted to individual developers and that deployments can be centrally controlled with approvals and auditability. What is the best design?

Your organization needs build provenance. A release must be able to prove which exact source commit and pipeline run produced a deployed container image. The solution must minimize manual steps and work across multiple services. What should you implement?

A production incident occurs intermittently after deployments. You need to correlate requests across microservices and quickly identify which deployment introduced increased failure rates. The solution must provide end-to-end distributed tracing and deployment annotations. What should you use?

Your team uses Azure Boards and Azure Repos. Management wants pull requests to automatically transition linked work items to the "Done" state when the PR is completed and merged to main. What should you configure?

A repository contains a microservice and a reusable infrastructure module. You need to enforce that updates to the module are versioned and that consumers can pin to a known-good snapshot. Which approach best meets the requirement?

You have a multi-stage YAML pipeline in Azure DevOps. You need an approval step before deploying to production, and the approval must be managed by the environment owners rather than pipeline authors. What should you use?

A release pipeline uses the same deployment steps for dev, test, and prod. You want to minimize duplication and ensure updates to deployment logic apply consistently across all stages. What is the recommended approach?

You must enforce that all commits to the main branch are cryptographically signed and that unsigned commits are rejected. The solution must be enforced server-side. What should you implement?

A YAML pipeline must deploy to different Azure subscriptions depending on the stage (dev/test/prod). Security requires that credentials are not stored in pipeline variables and that access is scoped per environment. What should you use?

A deployment to Azure App Service succeeds, but the app returns intermittent 500 errors under load. You need to quickly correlate failed requests with dependency failures (for example, SQL calls) across distributed components. Which instrumentation should you enable/configure?

Your project uses Git with trunk-based development. You want to reduce cycle time while ensuring only changes associated with an approved work item reach main. What is the best approach in Azure DevOps?

You manage 30 microservices with separate pipelines. A new compliance requirement mandates that every deployment to production must include evidence of the exact artifact, commit SHA, approvals, and test results. You need a scalable solution that works across all pipelines with minimal per-pipeline customization. What should you implement?

A pipeline uses a Microsoft-hosted agent and restores dependencies from a private feed. Builds frequently fail with intermittent 401 errors during restore, but reruns often succeed. You need to make authentication reliable without storing credentials in the repository. What should you do?

Your team wants every work item to automatically transition to the correct state when a pull request (PR) linked to it is completed and merged into the default branch. You must minimize manual steps and ensure consistent behavior across repositories. What should you configure?

You need to ensure that all feature work is isolated until it is complete, but you also want to limit long-lived branches and reduce merge conflicts. Your repos use Git in Azure Repos. Which branching approach best meets these goals?

Your release pipeline uses environment approvals. You need a simple way to ensure a production deployment cannot start unless the change has an associated work item in Azure Boards. What is the most appropriate control?

A monorepo contains multiple independent services. You want CI to run only for the service that changed and skip other builds to reduce pipeline time. What is the best way to implement this in Azure Pipelines YAML?

You are migrating from classic release pipelines to YAML multi-stage pipelines. You need to enforce that deployments to production require a specific set of approvers and that approvals are managed outside the repository so they cannot be changed via PR. Which approach should you use?

Your organization requires that secrets used by pipelines are never stored in Azure DevOps and are rotated centrally. Pipelines deploy to Azure resources. Which solution best meets this requirement?

You need to prevent accidental deletion of critical Azure resources by a release pipeline while still allowing deployments. The pipeline uses a service connection with broad permissions. What is the best practice to reduce blast radius?

After deploying a new version of an API to AKS, users report intermittent 502 errors. You want to correlate request failures with container logs and dependency calls without modifying application code. Which approach is most appropriate?

Your compliance team requires that any change to infrastructure-as-code (IaC) templates must be reviewed by a security group, and the review must be enforced even for administrators. Additionally, merges must be blocked if the templates introduce resources outside an approved Azure region list. What should you implement?

You deploy a microservice to production and must implement an automated rollback if key health signals degrade after deployment. Requirements: detect increased error rate and latency within minutes, automatically halt further rollout, and revert to the previous version with minimal downtime. Which design best fits?