Platform Engineering

Question 1

What is subscription vending?

Answer 1

A process that helps organizations achieve subscription democratization design principles critical for scaling, security, and governance of Azure environments.

Question 2

What do subscription vending product lines cater to?

Answer 2

The diverse needs of various application teams.

Question 3

Why is a standardized approach to subscription vending important?

Answer 3

It prevents confusion, delay, and inefficiency.

Question 4

What are the benefits of offering various product lines in subscription vending?

Answer 4

They provide flexibility, align with platform engineering principles, and cater to different application team requirements.

Question 5

What is meant by ‘one size fits all’ in subscription vending?

Answer 5

An approach that limits internal customers’ flexibility and can compromise application teams’ architecture design choices.

Question 6

What are management groups in Azure environments?

Answer 6

Organizational units that help manage subscriptions and resources effectively.

Question 7

What should platform teams consider when designing subscription vending?

Answer 7

Questions about resources, subscription deployment, network connectivity, RBAC, and governance.

Question 8

What is the purpose of having multiple types and styles of subscriptions?

Answer 8

To provide application teams with flexibility and meet their unique requirements.

Question 9

What is a common product line for subscription vending?

Answer 9

Corp connected, Online, Tech platform, Shared application portfolio, Sandbox.

Question 10

What does the corp connected product line provide?

Answer 10

Connectivity via traditional Layer-3 IP methods between resources.

Question 11

When should you use the corp connected product line?

Answer 11

For Rehost and Refactor migrations, familiar on-premises architecture, ‘lift and shift’ applications, and enhancing security.

Question 12

What is the online product line used for?

Answer 12

It doesn’t use traditional Layer-3 IP methods and provides connectivity via public interfaces.

Question 13

When should the online product line be utilized?

Answer 13

For refactoring, rebuilding applications, enhancing zero-trust alignment, and when private IP address space is limited.

Question 14

What is the tech platform product line designed for?

Answer 14

Hosting and managing large, complex workloads for multiple application teams.

Question 15

What types of products might be included in a tech platform product line?

Answer 15

• App Service Environment
• AKS
• Azure Virtual Machines
• Azure Virtual Desktop

Question 16

What is the shared application portfolio product line?

Answer 16

For workloads that don’t require multiple separate application landing zone subscriptions.

Question 17

What considerations should be made for resource group delegation in a single subscription?

Answer 17

• Common ownership of related application portfolio
• Regulatory compliance
• Azure Policy management
• Subscription limits

Question 18

True or False: Subscription vending can follow a ‘one size fits all’ design.

Answer 18

False

Question 19

Fill in the blank: The _______ product line is for workloads requiring traditional Layer-3 IP routing connectivity.

Answer 19

corp connected

Question 20

What is the purpose of the Sandbox product line?

Answer 20

To allow application teams to build a proof of concept (PoC) or minimum viable product (MVP) with fewer controls.

Question 21

What is Azure Private Link used for?

Answer 21

To enable private connectivity between applications and expose services securely.

Question 22

What is the goal of subscription democratization?

Answer 22

To provide flexibility and control to internal customers in Azure environments.

Question 23

What management overhead increases when adding new resource groups to subscriptions?

Answer 23

Increases management overhead to create Azure Policy assignments

When new resource groups are added, it complicates the management of policy assignments.

Question 24

What happens to security and governance gaps when policies are not immediately assigned to resource groups?

Answer 24

Increases security and governance gaps

Immediate assignment of policies is crucial for maintaining security and governance.

Question 25

What are the limits that each Azure subscription has?

Answer 25

Soft and hard limits for Azure services ## Footnote These limits help ensure that applications do not hit barriers that prevent growth.

Question 26

Why should separate subscriptions be created for applications anticipating large growth?

Answer 26

To meet subscription limits ## Footnote Large growth can lead to exceeding limits if not managed with separate subscriptions.

Question 27

What is a potential issue when sharing subscriptions with application teams from different business units?

Answer 27

Prevents 'noisy neighbor' problems ## Footnote Sharing subscriptions can lead to performance issues due to competing resource needs.

Question 28

Who can create resource groups when a subscription is shared among various application teams?

Answer 28

Only platform teams ## Footnote This restriction helps limit resource group sprawl and increases management complexity.

Question 29

What is the purpose of the shared application portfolio product line?

Answer 29

To deliver several small resources or components shared between applications ## Footnote This approach is useful when components don't fit into dedicated application landing zones.

Question 30

What is a sandbox product line used for?

Answer 30

To provide safe, lightly governed, and visible testing areas for PoCs or MVPs in Azure ## Footnote Sandboxes help prevent shadow IT by providing a controlled environment for experimentation.

Question 31

What should be avoided when creating sandbox subscriptions?

Answer 31

Don't create a single sandbox subscription and share it among teams ## Footnote Each team should have its own sandbox subscription to maintain governance.

Question 32

What are the initial subscription vending product lines customers typically enable?

Answer 32

* Sandbox * Corp connected * Online ## Footnote These product lines help organizations manage their Azure resources effectively.

Question 33

What is a key principle for platform engineering teams?

Answer 33

Empower developers through self-service with guardrails ## Footnote This principle allows developers to make decisions within defined parameters while maintaining governance.

Question 34

What is the goal of self-service with guardrails?

Answer 34

To reduce developer toil while providing visibility to teams ## Footnote Automation helps ensure governance without sacrificing developer autonomy.

Question 35

What is meant by the 'everything as code' pattern?

Answer 35

Using infrastructure as code (IaC) through continuous delivery (CD) pipelines ## Footnote IaC allows for the management of cloud resources as code, enhancing security and auditability.

Question 36

What tools can be used for Infrastructure as Code (IaC)?

Answer 36

* Bicep * Terraform * Helm charts ## Footnote These tools help in creating and managing cloud infrastructure efficiently.

Question 37

What is the benefit of having an inventory to track assets?

Answer 37

Improves security, promotes reuse, and makes discovery easier ## Footnote An inventory system helps organizations manage their resources effectively.

Question 38

What should be considered when deciding on the visibility of inventories?

Answer 38

The best approach for your organization ## Footnote Different organizations have varying levels of access and visibility depending on their needs.

Question 39

What is the significance of linking inventories with relational graphs?

Answer 39

Enhances discoverability, governance, and reuse ## Footnote This helps teams understand relationships between different assets and promotes better resource management.

Question 40

What are some capabilities that platform engineers should focus on?

Answer 40

* Build and scale internal developer products * Contribute to architecture and design * Work with CI/CD tools * Build templates with IaC * Write code in scripting languages ## Footnote These capabilities enhance the efficiency and reliability of platform engineering efforts.

Question 41

What is the purpose of having developer self-service capabilities?

Answer 41

To reduce developer toil and allow teams to be more autonomous ## Footnote Self-service capabilities help teams operate independently while adhering to governance.

Question 42

What does IaC stand for?

Answer 42

Infrastructure as Code

Question 43

Name three tools used for Infrastructure as Code (IaC).

Answer 43

* Bicep * Terraform * Helm charts

Question 44

What is a key benefit of managing cloud infrastructure like code?

Answer 44

You can apply all the benefits of a git repository like security and auditability.

Question 45

What does the term 'everything as code' (EaC) refer to?

Answer 45

The practice of managing all aspects of development and operations through code.

Question 46

Fill in the blank: A configuration file in IaC is typically in _______.

Answer 46

[YAML or JSON]

Question 47

What is the purpose of start right templates in software development?

Answer 47

To establish secure, governed development practices and enable developers to get started quickly.

Question 48

What role do templates play in developer self-service experiences?

Answer 48

Templates define outputs and available options for developers to choose from.

Question 49

True or False: Templates should only focus on bootstrapping a development effort.

Answer 49

False

Question 50

What is a 'get right campaign'?

Answer 50

An initiative to create a two-way dialog with application teams and help them migrate applications to paved paths.

Question 51

What is the teams as code pattern?

Answer 51

A method to standardize team membership and access across various systems.

Question 52

Fill in the blank: The teams as code pattern eliminates manual _______ processes.

Answer 52

[onboarding and offboarding service desk]

Question 53

What does CI/CD stand for?

Answer 53

Continuous Integration/Continuous Deployment

Question 54

How do CI/CD systems enhance the everything as code pattern?

Answer 54

They automate workflows and provide auditability and visibility.

Question 55

What kind of issues can arise from inconsistencies in developer environments?

Answer 55

Frequent 'it works on my machine' problems.

Question 56

What is the benefit of using containerized or virtualized development environments?

Answer 56

They provide benefits such as consistency and easier setup.

Question 57

What are some areas to consider when creating templates?

Answer 57

* Sample source code * Build and deployment scripts * Configuration for CI/CD * Infrastructure as code assets * Security and policy as code assets

Question 58

What is the purpose of security and policy as code?

Answer 58

To integrate security configurations into the development process.

Question 59

How can developers trigger workflows in CI/CD systems?

Answer 59

Manually through UIs or CLIs, or via an API.

Question 60

What is a potential security risk of manual service desk processes?

Answer 60

Overprovisioning access.

Question 61

What is the role of a central repository in the teams as code pattern?

Answer 61

It acts as the source of truth for team membership and roles.

Question 62

What is an example of a templating engine?

Answer 62

cookiecutter or Yeoman

Question 63

What should templates include to drive app patterns?

Answer 63

Code and configuration for recommended languages, app models, services, APIs, SDKs, and architectural patterns.

Question 64

True or False: Templates should only be created for new applications.

Answer 64

False

Question 65

What is the significance of branch protection rules in templates?

Answer 65

They prevent unauthorized merges into production.

Question 66

What is the function of Azure Developer CLI (azd)?

Answer 66

It provides a convenient set of developer commands and simplifies CI/CD setup.

Question 67

What is the primary focus of the DevSecOps movement?

Answer 67

To move security configuration into code

Question 68

What types of artifacts can be applied at the application level in DevSecOps?

Answer 68

Policy as code artifacts

Question 69

Name two types of files that should be included in security configuration.

Answer 69

* CODEOWNERS * dependabot.yaml

Question 70

What tool can be used for scheduled workflows and pipeline runs for scans?

Answer 70

Defender for Cloud

Question 71

What is important for supply chain security in DevSecOps?

Answer 71

Factoring in container images along with application packages and code

Question 72

What is essential for providing visibility into applications once deployed?

Answer 72

Observability, monitoring, and logging

Question 73

What aspect of setup often involves Infrastructure as Code (IaC)?

Answer 73

Agent deployment and instrumentation

Question 74

Which configuration-as-code artifact is mentioned for Azure Application Insights?

Answer 74

Monitoring dashboards

Question 75

What should be included for distributed tracing and logging?

Answer 75

Sample code using your tools of choice

Question 76

What configuration files should be included for coding environment setup?

Answer 76

* Coding linters * Formatters * Editors * IDEs

Question 77

What types of virtualization files can be included in coding environment setup?

Answer 77

* devcontainer.json * devbox.yaml * Dockerfiles * Docker Compose files * Vagrantfiles

Question 78

What is the purpose of providing configuration files for testing?

Answer 78

To facilitate both unit and more in-depth testing

Question 79

Which service is mentioned for UI testing?

Answer 79

Microsoft Playwright Testing

Question 80

What can be included if the issue management system supports task templates?

Answer 80

Task / issue / PR templates as code

Question 81

How can you set up collaboration tools like Microsoft Teams or Slack?

Answer 81

Provide a workflow/pipeline that updates your systems using an available CLI or API