Master technical and career interviews with structured answers—short definition, real examples, pitfalls, and how to answer in 60–90 seconds.
What are pipeline templates and how are they used? Answer: Templates let you reuse pipeline steps across projects — great for standardization. Example: You can create a reusable file: 📄 .azure-pipelines/build-template.y…
Answer: "ApplicationInsights": { "ConnectionString": "InstrumentationKey=xxxx-xxxx-xxxx" } What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainability, sec…
Connection → Azure Resource Manager What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in pro…
dotnet restore What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in production Real-world ex…
In your pipeline or locally, publish the .nupkg file using: dotnet nuget push "MyLibrary.1.0.0.nupkg" --source "MyFeed" -api-key az or use the Azure Pipelines task: task: NuGetCommand@2 inputs: command: 'push' Follow: pa…
dd SonarQube tasks to your build pipeline: task: SonarQubePrepare@5 inputs: SonarQube: 'MySonarServiceConnection' scannerMode: 'MSBuild' projectKey: 'MyProject' projectName: 'MyApp' script: dotnet build task: SonarQubeAn…
Answer: <<<<<<< HEAD old code ======= new code >>>>>>> feature/login What interviewers expect A clear definition tied to D…
How do you handle secrets in pipelines (Azure Key Vault integration)? Answer: You never store passwords directly in YAML — instead, use Azure Key Vault or variable groups linked to Key Vault. Example: Create a Key Vault…
nother team adds the feed to their project’s NuGet.config and installs the package like ny normal NuGet dependency. 3⃣ How do you version your NuGet packages in a CI/CD pipeline? Versioning is usually handled automatical…
Quality gates are automated checks that your code must pass before it can be deployed. Typical gates: Code must pass all tests. Code coverage ≥ 80%. No critical SonarQube issues. Build must succeed. Ways to enforce them:…
CommonLibrary in its .csproj. What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainability, security, cost) When you would and would not use it in productio…
Versioning is usually handled automatically in the build pipeline — so every build produces a unique version number. You can version packages using: Build ID, Git commit hash, or semantic versioning (e.g., 1.2.3). Exampl…
Answer: dd your feed’s URL to NuGet.config: <add key="MyFeed" value=" ndex.json" /> What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainabili…
Quality gates are automated checks that your code must pass before it can be deployed. Typical gates: Code must pass all tests. Code coverage ≥ 80%. No critical SonarQube issues. Build must succeed. Ways to enforce them:…
How do you trigger a build automatically after code check-in? Answer: Add a trigger section in your YAML file, or use the GUI option “Enable continuous integration.” Example (YAML): trigger: branches: include: main devel…
What are Azure DevOps Services vs Azure DevOps Server? Answer: Azure DevOps Services → Cloud version (hosted by Microsoft). You don’t worry about servers or upgrades. Azure DevOps Server → On-premises version (you manage…
zureResourceManagerConnection: 'MyServiceConnection' resourceGroupName: 'MyRG' location: 'East US' csmFile: 'infra/main.json' Example scenario: Your IaC pipeline uses the “ProdServiceConnection” to deploy Bicep templates…
zureSubscription: 'MyServiceConnection' scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | echo "Checking App Insights availability..." z monitor metrics list --resource myapp --metric requests/count Examp…
rtifact links, etc.). Example scenario: If your .NET build failed during dotnet test, you open the “Test” step log — Azure DevOps shows which specific test failed, the error message, and even a link to the exact line of…
zure DevOps? You can deploy Infrastructure as Code (IaC) directly from your pipeline using ARM or Bicep files. Example (YAML): task: AzureResourceManagerTemplateDeployment@3 inputs: deploymentScope: 'Resource Group' zure…
zureSubscription: 'MyServiceConnection' ppName: 'my-webapp' deployToSlotOrASE: true resourceGroupName: 'my-rg' slotName: 'staging' Then use: task: AzureAppServiceManage@0 inputs: ction: 'Swap Slots' SourceSlot: 'staging'…
.NET Core app gets built, zipped, and deployed automatically to the Staging slot of an zure Web App after successful testing. 5⃣ How do you manage configuration transformations (e.g., web.config or ppsettings.json)? You…
You can automate creating and destroying environments (like dev, test, or staging) using pipeline logic and IaC tools. ✅ Example (Bicep – Create Environment): task: AzureCLI@2 inputs: azureSubscription: 'MyServiceConnect…
You can automate infrastructure deployment directly from Azure Pipelines using ARM templates, Bicep files, or Terraform scripts. Each option defines your infrastructure as code — meaning servers, networks, and resources…
Troubleshooting starts by identifying where and why the pipeline failed. Steps: What interviewers expect A clear definition tied to DevOps in Azure DevOps projects Trade-offs (performance, maintainability, security, cost…
Azure DevOps Microsoft Azure Tutorial · DevOps
What are pipeline templates and how are they used?
Answer:
Templates let you reuse pipeline steps across projects — great for standardization.
Example:
You can create a reusable file:
📄 .azure-pipelines/build-template.yml
steps:
Then in your main pipeline:
extends:
template: .azure-pipelines/build-template.yml
This keeps your YAML DRY (Don’t Repeat Yourself) and consistent.
Azure DevOps Microsoft Azure Tutorial · DevOps
Answer: "ApplicationInsights": { "ConnectionString": "InstrumentationKey=xxxx-xxxx-xxxx" }
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
Connection → Azure Resource Manager
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
dotnet restore
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
In your pipeline or locally, publish the .nupkg file using:
dotnet nuget push "MyLibrary.1.0.0.nupkg" --source "MyFeed"
or use the Azure Pipelines task:
inputs:
command: 'push'
Follow:
packagesToPush: '$(Build.ArtifactStagingDirectory)/*.nupkg'
publishVstsFeed: 'MyProject/MyFeed'
Azure DevOps Microsoft Azure Tutorial · DevOps
dd SonarQube tasks to your build pipeline:
inputs:
SonarQube: 'MySonarServiceConnection'
scannerMode: 'MSBuild'
projectKey: 'MyProject'
projectName: 'MyApp'
inputs:
pollingTimeoutSec: '300'
Azure DevOps Microsoft Azure Tutorial · DevOps
Answer: <<<<<<< HEAD old code ======= new code >>>>>>> feature/login
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
How do you handle secrets in pipelines (Azure Key Vault integration)?
Answer:
You never store passwords directly in YAML — instead, use Azure Key Vault or variable
groups linked to Key Vault.
Example:
YAML:
variables:
Secrets are pulled securely during build and never exposed in logs.
Azure DevOps Microsoft Azure Tutorial · DevOps
nother team adds the feed to their project’s NuGet.config and installs the package like
ny normal NuGet dependency.
3⃣ How do you version your NuGet packages in a CI/CD pipeline?
Versioning is usually handled automatically in the build pipeline — so every build produces
unique version number.
You can version packages using:
Example (YAML):
variables:
versionMajor: 1
versionMinor: 0
versionPatch: $(Build.BuildId)
steps:
displayName: 'Create NuGet package'
Then publish it:
inputs:
command: 'push'
packagesToPush: '**/*.nupkg'
publishVstsFeed: 'MyProject/MyFeed'
Example scenario:
Each time your CI pipeline runs, it generates a package version like 1.0.45 or 1.0.46 —
ensuring consistent versioning and avoiding overwriting old packages.
4⃣ How do you manage dependencies between multiple .NET projects
using Azure Artifacts?
When you have multiple .NET projects that depend on each other, Azure Artifacts acts as
your internal package registry.
Typical approach:
Azure DevOps Microsoft Azure Tutorial · DevOps
Quality gates are automated checks that your code must pass before it can be deployed.
Typical gates:
Ways to enforce them:
Example (YAML):
inputs:
pollingTimeoutSec: '300'
condition: succeeded()
Example scenario:
If SonarQube reports a “Failed Quality Gate” due to high code duplication, the deployment
to QA is blocked until issues are fixed.
5⃣ How do you perform automated smoke testing after deployment?
Smoke tests verify that your deployed app is running and key endpoints work — without
doing deep functional testing.
You can run these as post-deployment steps in your release pipeline.
Example (PowerShell):
inputs:
targetType: 'inline'
script: |
$response = Invoke-WebRequest
if ($response.StatusCode -ne 200) {
throw "Smoke test failed!"
}
Example scenario:
fter deploying your API to QA, the pipeline runs a smoke test that checks:
If it fails, the pipeline stops and alerts the team.
✅ Pro Tip:
Combine all testing and quality practices like this:
Azure DevOps Microsoft Azure Tutorial · DevOps
CommonLibrary in its .csproj.
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
Versioning is usually handled automatically in the build pipeline — so every build produces
a unique version number.
You can version packages using:
Example (YAML):
variables:
versionMajor: 1
versionMinor: 0
versionPatch: $(Build.BuildId)
Follow:
steps:
displayName: 'Create NuGet package'
Then publish it:
inputs:
command: 'push'
packagesToPush: '**/*.nupkg'
publishVstsFeed: 'MyProject/MyFeed'
Example scenario:
Each time your CI pipeline runs, it generates a package version like 1.0.45 or 1.0.46 —
ensuring consistent versioning and avoiding overwriting old packages.
4⃣ How do you manage dependencies between multiple .NET projects
using Azure Artifacts?
When you have multiple .NET projects that depend on each other, Azure Artifacts acts as
your internal package registry.
Typical approach:
Azure DevOps Microsoft Azure Tutorial · DevOps
Answer: dd your feed’s URL to NuGet.config: <add key="MyFeed" value=" ndex.json" />
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.
Azure DevOps Microsoft Azure Tutorial · DevOps
Quality gates are automated checks that your code must pass before it can be deployed.
Typical gates:
Ways to enforce them:
Example (YAML):
inputs:
pollingTimeoutSec: '300'
condition: succeeded()
Example scenario:
If SonarQube reports a “Failed Quality Gate” due to high code duplication, the deployment
to QA is blocked until issues are fixed.
5⃣ How do you perform automated smoke testing after deployment?
Smoke tests verify that your deployed app is running and key endpoints work — without
doing deep functional testing.
You can run these as post-deployment steps in your release pipeline.
Follow:
Example (PowerShell):
inputs:
targetType: 'inline'
script: |
$response = Invoke-WebRequest
if ($response.StatusCode -ne 200) {
throw "Smoke test failed!"
Example scenario:
After deploying your API to QA, the pipeline runs a smoke test that checks:
If it fails, the pipeline stops and alerts the team.
✅ Pro Tip:
Combine all testing and quality practices like this:
Azure DevOps Microsoft Azure Tutorial · DevOps
How do you trigger a build automatically after code check-in?
Answer:
Add a trigger section in your YAML file, or use the GUI option “Enable continuous
integration.”
Example (YAML):
trigger:
branches:
include:
Every push to main or develop automatically triggers a build.
You can also trigger manually or from a pull request.
Azure DevOps Microsoft Azure Tutorial · DevOps
What are Azure DevOps Services vs Azure DevOps Server?
Answer:
about servers or upgrades.
Example:
If you’re a bank that must keep data on-premises, you’d use Azure DevOps Server.
If you’re a startup that wants zero maintenance, Azure DevOps Services is ideal.Azure DevOps Microsoft Azure Tutorial · DevOps
zureResourceManagerConnection: 'MyServiceConnection'
resourceGroupName: 'MyRG'
location: 'East US'
csmFile: 'infra/main.json'
Example scenario:
Your IaC pipeline uses the “ProdServiceConnection” to deploy Bicep templates to the
production resource group, without developers ever seeing credentials.
4⃣ How can you automate environment creation and teardown?
You can automate creating and destroying environments (like dev, test, or staging) using
pipeline logic and IaC tools.
✅ Example (Bicep – Create Environment):
inputs:
zureSubscription: 'MyServiceConnection'
scriptType: 'bash'
inlineScript: |
z group create --name MyRG --location eastus
z deployment group create --resource-group MyRG
✅ Example (Terraform – Teardown Environment):
inputs:
command: 'destroy'
workingDirectory: 'infra'
commandOptions: '-auto-approve'
environmentServiceName: 'MyServiceConnection'
Example scenario:
Each pull request automatically spins up a temporary Azure environment (App Service +
Database) for testing.
Once the PR is closed or merged, the pipeline runs a teardown job to delete the resources
— saving cost and keeping Azure clean.
✅ Pro Tip:
For professional IaC pipelines in Azure DevOps:
Security & Compliance Advanced /
Real-world Scenarios
1⃣ How do you secure secrets, keys, and connection strings in Azure
Pipelines?
You should never hardcode secrets (like passwords, connection strings, or API keys) in
pipeline YAML files or scripts.
Instead, you store them securely using Azure DevOps Variable Groups or Azure Key
Vault integration.
Ways to secure secrets:
→ In Azure DevOps → Pipelines → Variables → Mark variable as secret.
Example (YAML):
variables:
steps:
env:
ConnectionString: $(DB_Connection)
Example scenario:
You’re deploying an app that needs a SQL connection string.
You store that in Azure Key Vault and reference it securely in the pipeline — so it never
ppears in logs or code.
2⃣ What is Azure Key Vault and how is it used with pipelines?
Azure Key Vault is a secure store for secrets, keys, and certificates.
zure DevOps can connect to it to retrieve secrets dynamically during builds or
deployments.
Steps to use it:
Azure DevOps Microsoft Azure Tutorial · DevOps
zureSubscription: 'MyServiceConnection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
echo "Checking App Insights availability..."
z monitor metrics list --resource myapp --metric
requests/count
Example scenario:
fter a new deployment, your team monitors App Insights dashboards — noticing that
response times increased by 20%.
They can quickly roll back or optimize performance before users notice.
✅ Pro Tip:
Combine these tools for full visibility:
Infrastructure as Code (IaC) &
utomation
1⃣ How do you provision infrastructure in Azure using ARM, Bicep, or
Terraform via Azure DevOps?
You can automate infrastructure deployment directly from Azure Pipelines using ARM
templates, Bicep files, or Terraform scripts.
Each option defines your infrastructure as code — meaning servers, networks, and
resources are described in files and deployed consistently through pipelines.
✅ Example (using Bicep in YAML):
trigger:
pool:
vmImage: 'ubuntu-latest'
steps:
inputs:
zureSubscription: 'MyServiceConnection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
z deployment group create \
✅ Example (using Terraform):
inputs:
terraformVersion: '1.7.0'
inputs:
command: 'init'
workingDirectory: 'infra'
inputs:
command: 'apply'
workingDirectory: 'infra'
commandOptions: '-auto-approve'
environmentServiceName: 'MyServiceConnection'
Example scenario:
DevOps pipeline runs when a pull request is merged into main, automatically provisioning
n Azure App Service, Storage Account, and SQL Database using Bicep.
2⃣ What is the difference between ARM templates and Bicep?
Feature ARM Templates Bicep
Language JSON Domain-specific (simpler syntax)
Readability Complex, verbose Clean and concise
Reusability Harder (manual
nesting)
Supports modules easily
Tooling Native in Azure Compiles into ARM JSON
Learning curve Steep Easier for beginners
In short:
Bicep is the modern, simplified language for ARM templates.
It makes infrastructure code shorter and easier to read — but still deploys through the same
zure Resource Manager (ARM) engine.
Example comparison:
RM Template (JSON):
{
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageName')]",
"location": "[resourceGroup().location]",
"sku": { "name": "Standard_LRS" },
"kind": "StorageV2"
}
}
Bicep (same thing):
resource storageAccount
'Microsoft.Storage/storageAccounts@2022-09-01' = {
name: storageName
location: resourceGroup().location
sku: { name: 'Standard_LRS' }
kind: 'StorageV2'
}
Example scenario:
cloud engineer switches from ARM to Bicep and cuts a 300-line template down to just 80
lines — making it much easier to maintain in Git.
3⃣ How do you use Azure Service Connections for IaC deployments?
An Azure Service Connection securely stores credentials that pipelines use to connect to
your Azure subscription.
It’s like giving your pipeline “keys” to deploy resources in Azure — without hardcoding
credentials.
How to create one:
Azure DevOps Microsoft Azure Tutorial · DevOps
rtifact links, etc.).
Example scenario:
If your .NET build failed during dotnet test, you open the “Test” step log — Azure
DevOps shows which specific test failed, the error message, and even a link to the exact line
of code if integrated with Repos.
Tip:
You can also use log filters (e.g., “Errors only”) to focus on failed tasks quickly.
2⃣ How do you troubleshoot failed builds or deployments?
Troubleshooting starts by identifying where and why the pipeline failed.
Steps:
Azure DevOps Microsoft Azure Tutorial · DevOps
zure DevOps?
You can deploy Infrastructure as Code (IaC) directly from your pipeline using ARM or
Bicep files.
Example (YAML):
inputs:
deploymentScope: 'Resource Group'
zureResourceManagerConnection: 'MyServiceConnection'
subscriptionId: 'xxxx-xxxx-xxxx'
ction: 'Create Or Update Resource Group'
resourceGroupName: 'my-rg'
location: 'East US'
templateLocation: 'Linked artifact'
csmFile: 'infrastructure/main.bicep'
overrideParameters: '-appName myapp -sku S1'
Example scenario:
Before deploying your .NET app, your pipeline provisions a new App Service, SQL
Database, and Storage Account automatically.
9⃣ How can you use Azure CLI or PowerShell tasks in your release
pipeline?
You can run custom scripts using AzureCLI@2 or PowerShell@2 tasks to automate
dvanced tasks.
Example (Azure CLI):
inputs:
zureSubscription: 'MyServiceConnection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
z webapp restart --name my-webapp --resource-group my-rg
Example (PowerShell):
inputs:
targetType: 'inline'
script: |
Write-Host "Performing custom cleanup..."
Remove-Item -Path $(Build.ArtifactStagingDirectory)\temp
Example scenario:
fter deploying your app, you might use a PowerShell script to clear old log files or an Azure
CLI command to restart the web app.
✅ Pro Tip:
solid Release Pipeline usually includes:
Testing & Quality
1⃣ How do you integrate unit tests, integration tests, or UI tests in Azure
Pipelines?
You can run all types of automated tests (unit, integration, UI) inside your build or release
pipelines using tasks like DotNetCoreCLI@2, Visual Studio Test@2, or custom
scripts.
Example (Unit Tests):
inputs:
command: 'test'
projects: '**/*UnitTests.csproj'
publishTestResults: true
Example (Integration Tests):
./Tests/IntegrationTests/IntegrationTests.csproj
Example (UI Tests):
your pipeline:
Real-life scenario:
fter building a .NET API, the pipeline runs unit tests.
Then, in a release pipeline, once the app is deployed to the “QA” environment, Selenium
tests verify that the login screen works.
2⃣ What is code coverage, and how do you view it in Azure DevOps?
Code coverage measures how much of your code is executed during tests — it helps you
see which parts of your application aren’t tested.
Example (for .NET):
This generates a coverage report (coverage.cobertura.xml), which Azure DevOps can
display in the Test Results → Code Coverage tab.
Example scenario:
Your pipeline might show that 82% of your code is covered by tests.
You can then aim to increase that by adding more unit tests for uncovered modules.
3⃣ How do you use SonarQube or other tools for static code analysis?
SonarQube checks your code for bugs, code smells, and security vulnerabilities.
Integration steps:Azure DevOps Microsoft Azure Tutorial · DevOps
zureSubscription: 'MyServiceConnection'
ppName: 'my-webapp'
deployToSlotOrASE: true
resourceGroupName: 'my-rg'
slotName: 'staging'
Then use:
inputs:
ction: 'Swap Slots'
SourceSlot: 'staging'
ResourceGroupName: 'my-rg'
WebAppName: 'my-webapp'
7⃣ How do you perform rollback in case of a failed deployment?
There are several ways:
Azure DevOps Microsoft Azure Tutorial · DevOps
.NET Core app gets built, zipped, and deployed automatically to the Staging slot of an
zure Web App after successful testing.
5⃣ How do you manage configuration transformations (e.g., web.config or
ppsettings.json)?
You can use XML or JSON transformation tasks in your release pipeline to adjust settings
per environment.
Example (Classic):
Production.
Example (YAML):
inputs:
folderPath: '$(System.DefaultWorkingDirectory)/drop'
xmlTransformation: true
jsonTargetFiles: '**/appsettings*.json'
Example scenario:
In appsettings.Production.json, you might replace the connection string with your
production database credentials automatically during deployment.
6⃣ How do you handle deployment slots in Azure App Service?
Azure App Service supports deployment slots — like Staging and Production.
Best practice:
Azure DevOps Microsoft Azure Tutorial · DevOps
You can automate creating and destroying environments (like dev, test, or staging) using
pipeline logic and IaC tools.
✅ Example (Bicep – Create Environment):
inputs:
azureSubscription: 'MyServiceConnection'
scriptType: 'bash'
inlineScript: |
az group create --name MyRG --location eastus
az deployment group create --resource-group MyRG
✅ Example (Terraform – Teardown Environment):
Follow:
inputs:
command: 'destroy'
workingDirectory: 'infra'
commandOptions: '-auto-approve'
environmentServiceName: 'MyServiceConnection'
Example scenario:
Each pull request automatically spins up a temporary Azure environment (App Service +
Database) for testing.
Once the PR is closed or merged, the pipeline runs a teardown job to delete the resources
— saving cost and keeping Azure clean.
✅ Pro Tip:
For professional IaC pipelines in Azure DevOps:
Security & Compliance Advanced /
Real-world Scenarios
1⃣ How do you secure secrets, keys, and connection strings in Azure
Pipelines?
You should never hardcode secrets (like passwords, connection strings, or API keys) in
pipeline YAML files or scripts.
Instead, you store them securely using Azure DevOps Variable Groups or Azure Key
Vault integration.
Ways to secure secrets:
Follow:
→ In Azure DevOps → Pipelines → Variables → Mark variable as secret.
Example (YAML):
variables:
steps:
env:
ConnectionString: $(DB_Connection)
Example scenario:
You’re deploying an app that needs a SQL connection string.
You store that in Azure Key Vault and reference it securely in the pipeline — so it never
appears in logs or code.
2⃣ What is Azure Key Vault and how is it used with pipelines?
Azure Key Vault is a secure store for secrets, keys, and certificates.
Azure DevOps can connect to it to retrieve secrets dynamically during builds or
deployments.
Steps to use it:
Azure DevOps Microsoft Azure Tutorial · DevOps
You can automate infrastructure deployment directly from Azure Pipelines using ARM
templates, Bicep files, or Terraform scripts.
Each option defines your infrastructure as code — meaning servers, networks, and
resources are described in files and deployed consistently through pipelines.
✅ Example (using Bicep in YAML):
trigger:
pool:
vmImage: 'ubuntu-latest'
steps:
inputs:
azureSubscription: 'MyServiceConnection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az deployment group create \
✅ Example (using Terraform):
inputs:
terraformVersion: '1.7.0'
Follow:
inputs:
command: 'init'
workingDirectory: 'infra'
inputs:
command: 'apply'
workingDirectory: 'infra'
commandOptions: '-auto-approve'
environmentServiceName: 'MyServiceConnection'
Example scenario:
A DevOps pipeline runs when a pull request is merged into main, automatically provisioning
an Azure App Service, Storage Account, and SQL Database using Bicep.
2⃣ What is the difference between ARM templates and Bicep?
Feature ARM Templates Bicep
Language JSON Domain-specific (simpler syntax)
Readability Complex, verbose Clean and concise
Reusability Harder (manual
nesting)
Supports modules easily
Tooling Native in Azure Compiles into ARM JSON
Learning curve Steep Easier for beginners
In short:
Bicep is the modern, simplified language for ARM templates.
It makes infrastructure code shorter and easier to read — but still deploys through the same
Azure Resource Manager (ARM) engine.
Example comparison:
Follow:
ARM Template (JSON):
"resources": [
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageName')]",
"location": "[resourceGroup().location]",
"sku": { "name": "Standard_LRS" },
"kind": "StorageV2"
Bicep (same thing):
resource storageAccount
'Microsoft.Storage/storageAccounts@2022-09-01' = {
name: storageName
location: resourceGroup().location
sku: { name: 'Standard_LRS' }
kind: 'StorageV2'
Example scenario:
A cloud engineer switches from ARM to Bicep and cuts a 300-line template down to just 80
lines — making it much easier to maintain in Git.
3⃣ How do you use Azure Service Connections for IaC deployments?
An Azure Service Connection securely stores credentials that pipelines use to connect to
your Azure subscription.
It’s like giving your pipeline “keys” to deploy resources in Azure — without hardcoding
credentials.
How to create one:
Follow:
Azure DevOps Microsoft Azure Tutorial · DevOps
Troubleshooting starts by identifying where and why the pipeline failed. Steps:
In a production Azure DevOps application, teams apply this when handling user-facing features or integration boundaries. For example, you might use it during a sprint where reliability and observability matter—logging metrics, validating edge cases, and documenting the decision in an ADR so future developers understand why the approach was chosen.
Tip: Practice aloud on Toolliyo mock interview or the Interview Q&A section before your real interview.