AD0-E124 Adobe Experience Manager DevOps Engineer Expert Question and Answers

In Adobe Cloud Manager, the Code Quality scanning step acts as a quality gate. A standard requirement is 50% unit test Code Coverage. Because it achieved only 10%, it triggered a "Partial Pass". For a Partial Pass on a non-critical metric (unlike a critical security failure), Cloud Manager allows users with the appropriate role (Deployment Manager) to manually override the failure and proceed with the deployment—which is necessary to unblock UAT testing (Option C). However, the root cause is technical debt; the DevOps engineer must also request that the development team write unit tests to resolve the coverage issue for future builds (Option A).

For headless, service-to-service integrations via Adobe I/O (Adobe Developer Console), JWT (JSON Web Tokens) was historically the standard. However, Adobe officially deprecated the Service Account (JWT) credentials in favor of the new OAuth 2.0 Server-to-Server credential implementation. Because Adobe exams are updated to reflect current platform deprecations and best practices, OAuth 2.0 is the correct, modern standard for programmatic authentication without a user interface.

In both AEM On-Premise/Managed Services and AEM as a Cloud Service, routine repository maintenance tasks (like Version Purge, Workflow Purge, and Audit Log Purge) are configured natively within the AEM author UI. The DevOps engineer navigates to the Maintenance Dashboard via Tools > Operations > Dashboard > Maintenance to configure the daily and weekly maintenance windows and schedule which tasks run inside them.

In AEM as a Cloud Service, directly deploying packages via the AEM Package Manager UI is severely restricted. You cannot deploy immutable content (code, OSGi configs, or anything under /apps or /libs) via the Package Manager; immutable content must go through the CI/CD pipeline. If a DevOps engineer is forced to use the Package Manager, the package must be strictly limited to mutable content (authorable content, configurations under /conf, /content, /dam). Therefore, they must refactor the package, explicitly set the < packageType > to content, and update the filter.xml to exclude any immutable paths.

In Adobe Cloud Manager, system-level monitoring metrics and their associated alerting thresholds (like CPU limits, Memory usage, and Segment Store disk space) are managed by Adobe's internal operations team. Standard DevOps engineers and customer administrators do not have the ability to alter these foundational infrastructure thresholds via the Cloud Manager UI or APIs. To request a configuration change to alerting thresholds, the engineer must file a request via their Adobe Customer Success Engineer (CSE) or Adobe Support.

When configuring the Content Transfer Tool (CTT), DevOps engineers can specify exact JCR paths to migrate. While the general /var/audit path contains various system logs, the prompt explicitly asks to migrate "Publish and Unpublish tasks." In AEM, these specific replication events (activity streams related to activation) are stored exactly under the /var/audit/com.day.cq.replication path. Adobe certification exams test for this level of granularity, making the most specific path the correct "Expert" choice over the broader /var/audit root.

Unclosed JCR sessions are a classic cause of memory leaks in AEM applications. When custom backend code opens a JCR Session or ResourceResolver but fails to close it within a finally block, the garbage collector cannot reclaim that memory. Over time, these open sessions accumulate in the heap memory, causing the system to slow down and eventually leading to unpredictable OutOfMemory (OOM) crashes. Restarting the instance clears the heap, temporarily mitigating the issue until the unclosed sessions build up again. This issue is agnostic of visitor peaks or runmodes (author/publish).

In Adobe Experience Manager, environment and runmode-specific OSGi configurations are managed using folder naming conventions. To target a specific runmode, the folder name must be appended with . followed by the runmode name. Therefore, to supply separate configurations for the Author and Publish runmodes, the configurations must reside in /config.author/ and /config.publish/ respectively. Option D uses a nested folder approach (/config/author/) which is not the standard OSGi runmode resolution syntax in AEM.

High CPU utilization in a Java application like AEM is typically caused by active threads stuck in infinite loops, recursive calls, or highly intensive processing tasks. A "Thread Dump" takes a snapshot of exactly what every thread in the JVM is executing at that specific millisecond. By taking multiple thread dumps a few seconds apart and comparing them, a DevOps engineer can identify which specific threads (and therefore which Java classes/methods) are constantly active and consuming the CPU resources. (Heap dumps are used for memory issues, not CPU issues).

Similar to Code Coverage, a Security Rating of 'B' in Cloud Manager usually results in a "Partial Pass" state (3-tier rating system where critical vulnerabilities cause outright failures, but lower-tier warnings cause partial passes). Since all critical and mandatory tests passed, the pipeline pauses and waits for user intervention. The DevOps engineer (with the Deployment Manager role) can proceed with the build by navigating to the execution details, selecting the option to "Override failed results," and submitting the decision to resume the pipeline.

If a Cloud Manager build requires dependencies from a private, password-protected corporate artifact repository, the DevOps engineer must provide Cloud Manager with a custom Maven settings file to handle the authentication. This is done by placing a file at .cloudmanager/maven/settings.xml in the root of the AEM Git repository. Because hardcoding Basic Authentication credentials in Git is a massive security risk, the credentials inside the settings.xml should reference environment variables. The DevOps engineer then uses the Adobe I/O CLI (aio cloudmanager:set-pipeline-variables) to inject the actual username and password as secure pipeline secrets.

In the OSGi lifecycle, a bundle goes through states: Installed - > Resolved - > Active. A bundle remains stuck in the "Installed" state when the OSGi framework cannot resolve its dependencies—specifically, the Java packages listed in its Import-Package manifest header. If a required dependency is missing from the container, the bundle cannot transition to "Resolved". Issues inside the actual components (like exceptions during @Activate, missing configs, or unsatisfied @Reference annotations) will allow the bundle itself to become "Active", but the specific component will remain unsatisfied.