This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A cloud engineer needs to manage the long-lived state of Azure Virtual Networks, subnets, and NSGs across multiple environments. You need to ensure that resources are created if missing and updated when configuration drifts. Which Infrastructure as Code approach is best suited for this scenario?
Declarative IaC using Azure Bicep templates.
Imperative IaC using Azure CLI bash scripts.
A combination of both approaches written in a single file.
A cloud engineer generates a Bicep template for an Azure Storage Account using GitHub Copilot. The output has no tags, a hardcoded region, and public blob access enabled. The original prompt was: 'Create a Bicep storage account.' Which prompt elements were most responsible for these gaps?
Output format and context.
Requirements and constraints.
Few-shot examples and role assignment.
A DevOps team runs an Azure CLI provisioning script on a schedule as part of automated environment setup. On the second run, the script fails because it tries to create resources that already exist. What should the engineer ask GitHub Copilot to add?
A 'set -e' directive at the top of the script to exit immediately on any failure.
An existence check before each resource creation command so the script skips resources that already exist.
A resource group deletion command at the start of the script to remove all existing resources before recreating them.
A cloud engineer enables the Bicep MCP server in VS Code and regenerates a Bicep template for an Azure Firewall. The new output uses a different API version than the previous generation. What is the most likely reason for this change?
The MCP server changed the prompt before sending it to the language model.
The MCP server queried the live Bicep type registry and provided Copilot with the current stable API version for the Azure Firewall resource type.
The engineer's VS Code extension was updated and reset the default API version preferences.
A security review finds that a Node.js application's container image contains dev dependencies, build tools, and source maps in the final image, inflating its size and attack surface. Which GitHub Copilot prompt approach most directly fixes this?
Ask Copilot to add a HEALTHCHECK instruction to the existing single-stage Dockerfile.
Ask Copilot to generate a multi-stage Dockerfile that copies only the production artifacts from the build stage into a clean runtime image.
Ask Copilot to add a .Dockerignore file that excludes the test directory from the build context.
A platform team wants to replace Azure service principal secrets stored in GitHub Secrets with a more secure authentication method for their GitHub Actions IaC deployment workflows. Which approach should they ask GitHub Copilot to implement?
Store the service principal password as an encrypted GitHub Secret and rotate it every 90 days.
Use OIDC federation with the Azure/login action so GitHub issues short-lived tokens that Azure trusts directly, eliminating the need for a stored secret.
Hardcode the service principal credentials in the workflow YAML and restrict repository access to trusted team members.
A team updates a Bicep template to add Azure Bastion, resize the firewall subnet from /27 to /26, and add a CostCenter tag to all resources. A reviewer asks for a pull request description that explains what changed and why. What is the most efficient way to use GitHub Copilot for this?
Paste the updated template into Copilot and ask it to generate a plain-language architecture overview.
Paste both the old and new templates into Copilot and ask it to generate a change summary grouped by category, with the likely reason and deployment impact for each change.
Ask Copilot to add @description() decorators to the parameters in the updated template.
A security analyst needs to identify source IP addresses generating the most denied traffic through Azure Firewall over the last 24 hours, and view the results as a bar chart in Log Analytics. The analyst isn't familiar with KQL. What should they ask GitHub Copilot to produce?
Export the Azure Firewall diagnostic logs to a JSON file and paste them into Copilot Chat for direct analysis.
A KQL query for the AzureDiagnostics table that filters for denied Firewall connections in the last 24 hours, groups by source IP, sorts by count descending, and renders a bar chart.
An Azure CLI command that lists all deny rules currently configured on the Azure Firewall.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?