Study guide for Exam AZ-400: Designing and Implementing Microsoft DevOps Solutions
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of May 3, 2024 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to May 3, 2024 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions of exams as noted, there may be times when localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of May 3, 2024
Audience profile
As a DevOps engineer, you’re a developer or infrastructure administrator who also has subject matter expertise in working with people, processes, and products to enable continuous delivery of value in organizations.
Your responsibilities for this role include delivering Microsoft DevOps solutions that provide continuous security, integration, testing, delivery, deployment, monitoring, and feedback. You design and implement flow of work, collaboration, communication, source control, and automation.
As a DevOps engineer, you work on cross-functional teams that include:
Developers
Site reliability engineers
Azure administrators
Security engineers
You must have experience both administering and developing in Azure, with strong skills in at least one of these areas. You should also have experience implementing both GitHub and Azure DevOps solutions.
Skills at a glance
Design and implement processes and communications (10–15%)
Design and implement a source control strategy (10–15%)
Design and implement build and release pipelines (50–55%)
Develop a security and compliance plan (10–15%)
Implement an instrumentation strategy (5–10%)
Design and implement processes and communications (10–15%)
Design and implement traceability and flow of work
Design and implement a structure for the flow of work, including GitHub Flow
Design and implement a strategy for feedback cycles, including notifications and issues
Design and implement integration for tracking work, including GitHub projects, Azure Boards, and repositories
Design and implement source, bug, and quality traceability
Design and implement appropriate metrics and queries for DevOps
Design and implement a dashboard, including flow of work, such as cycle times, time to recovery, and lead time
Design and implement appropriate metrics and queries for project planning
Design and implement appropriate metrics and queries for development
Design and implement appropriate metrics and queries for testing
Design and implement appropriate metrics and queries for security
Design and implement appropriate metrics and queries for delivery
Design and implement appropriate metrics and queries for operations
Configure collaboration and communication
Document a project by configuring wikis and process diagrams, including Markdown and Mermaid syntax
Configure release documentation, including release notes and API documentation
Automate creation of documentation from Git history
Configure integration by using webhooks
Configure integration between GitHub or Azure DevOps and Microsoft Teams
Design and implement a source control strategy (10–15%)
Design and implement branching strategies for the source code
Design a branch strategy, including trunk-based, feature branch, and release branch
Design and implement a pull request workflow by using branch policies and branch protections
Implement branch merging restrictions by using branch policies and branch protections
Configure and manage repositories
Design and implement a strategy for managing large files, including Git Large File Storage (LFS) and git-fat
Design a strategy for scaling and optimizing a Git repository, including Scalar and cross-repository sharing
Configure permissions in the source control repository
Configure tags to organize the source control repository
Recover specific data by using Git commands
Remove specific data from source control
Design and implement build and release pipelines (50–55%)
Design and implement a package management strategy
Recommend package management tools including GitHub Packages registry and Azure Artifacts
Design and implement package feeds and views for local and upstream packages
Design and implement a dependency versioning strategy for code assets and packages, including semantic versioning and date-based
Design and implement a versioning strategy for pipeline artifacts
Design and implement a testing strategy for pipelines
Design and implement quality and release gates, including security and governance
Design a comprehensive testing strategy, including local tests, unit tests, integration tests, and load tests
Implement tests in a pipeline, including configuring test tasks, configuring test agents, and integration of test results
Implement code coverage analysis
Design and implement pipelines
Select a deployment automation solution, including GitHub Actions and Azure Pipelines
Design and implement a GitHub runner or Azure DevOps agent infrastructure, including cost, tool selection, licenses, connectivity, and maintainability
Design and implement integration between GitHub repositories and Azure Pipelines
Develop and implement pipeline trigger rules
Develop pipelines by using YAML
Design and implement a strategy for job execution order, including parallelism and multi-stage pipelines
Develop and implement complex pipeline scenarios, such as hybrid pipelines, VM templates, and self-hosted runners or agents
Create reusable pipeline elements, including YAML templates, task groups, variables, and variable groups
Design and implement checks and approvals by using YAML environments
Design and implement deployments
Design a deployment strategy, including blue-green, canary, ring, progressive exposure, feature flags, and A/B testing
Design a pipeline to ensure that dependency deployments are reliably ordered
Plan for minimizing downtime during deployments by using virtual IP address (VIP) swap, load balancing, rolling deployments, and deployment slots
Design a hotfix path plan for responding to high-priority code fixes
Design and implement a resiliency strategy for deployment
Implement feature flags by using Azure App Configuration Feature Manager
Implement application deployment by using containers, binaries, and scripts
Implement a deployment that includes database tasks
Design and implement infrastructure as code (IaC)
Recommend a configuration management technology for application infrastructure
Implement a configuration management strategy for application infrastructure
Define an IaC strategy, including source control and automation of testing and deployment
Design and implement desired state configuration for environments, including Azure Automation State Configuration, Azure Resource Manager, Bicep, and Azure Automanage Machine Configuration
Design and implement Azure Deployment Environments for on-demand self-deployment
Maintain pipelines
Monitor pipeline health, including failure rate, duration, and flaky tests
Optimize a pipeline for cost, time, performance, and reliability
Optimize pipeline concurrency for performance and cost
Design and implement a retention strategy for pipeline artifacts and dependencies
Migrate a pipeline from classic to YAML in Azure Pipelines
Develop a security and compliance plan (10–15%)
Design and implement authentication and authorization methods
Choose between Service Principals and Managed Identity
Implement and manage GitHub authentication, including GitHub Apps, GITHUB_TOKEN, and personal access tokens
Implement and manage Azure DevOps service connections and personal access tokens
Design and implement permissions and roles in GitHub
Design and implement permissions and security groups in Azure DevOps
Recommend appropriate access levels, including stakeholder access in Azure DevOps and outside collaborator access in GitHub
Configure projects and teams in Azure DevOps
Design and implement a strategy for managing sensitive information in automation
Implement and manage secrets, keys, and certificates by using Azure Key Vault
Implement and manage secrets in GitHub Actions and Azure Pipelines
Design and implement a strategy for managing sensitive files during deployment, including Azure Pipelines secure files
Design pipelines to prevent leakage of sensitive information
Automate security and compliance scanning
Design a strategy for security and compliance scanning, including dependency, code, secret, and licensing scanning
Configure Microsoft Defender for Cloud DevOps Security
Configure GitHub Advanced Security for both GitHub and Azure DevOps
Integrate GitHub Advanced Security with Microsoft Defender for Cloud
Automate container scanning, including scanning container images and configuring an action to run CodeQL analysis in a container
Automate analysis of licensing, vulnerabilities, and versioning of open-source components by using Dependabot alerts
Implement an instrumentation strategy (5–10%)
Configure monitoring for a DevOps environment
Configure Azure Monitor and Log Analytics to integrate with DevOps tools
Configure collection of telemetry by using Application Insights, VM Insights, Container Insights, Storage Insights, and Network Insights
Configure monitoring in GitHub, including enabling insights and creating and configuring charts
Configure alerts for events in GitHub Actions and Azure Pipelines
Analyze metrics from instrumentation
Inspect infrastructure performance indicators, including CPU, memory, disk, and network
Analyze metrics by using collected telemetry, including usage and application performance
Inspect distributed tracing by using Application Insights
Interrogate logs using basic Kusto Query Language (KQL) queries
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | DevOps resource center Azure DevOps documentation Azure Boards Azure Key Vault Keys, Secrets, and Certificates Overview Azure Monitor Azure Pipelines Azure Repos Work with Azure DevOps and GitHub |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Azure DevOps - Microsoft Tech Community |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Microsoft Learn Shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to May 3, 2024 | Skill area as of May 3, 2024 | Change |
|---|---|---|
| Audience profile | Major | |
| Configure processes and communications | Design and implement processes and communications | Minor |
| Configure activity traceability and flow of work | Design and implement traceability and flow of work | Major |
| Configure collaboration and communication | Configure collaboration and communication | Minor |
| Design and implement appropriate metrics and queries for DevOps | New | |
| Design and implement source control | Design and implement a source control strategy | % of exam decreased |
| Design and implement a source control strategy | Removed | |
| Plan and implement branching strategies for the source code | Design and implement branching strategies for the source code | Minor |
| Configure and manage repositories | Configure and manage repositories | Minor |
| Design and implement build and release pipelines | Design and implement build and release pipelines | % of exam increased |
| Design and implement pipeline automation | Design and implement a testing strategy for pipelines | Major |
| Design and implement a package management strategy | Design and implement a package management strategy | Minor |
| Design and implement pipelines | Design and implement pipelines | Minor |
| Design and implement deployments | Design and implement deployments | Minor |
| Design and implement infrastructure as code (IaC) | Design and implement infrastructure as code (IaC) | Minor |
| Maintain pipelines | Maintain pipelines | Minor |
| Develop a security and compliance plan | Develop a security and compliance plan | Minor |
| Design and implement authentication and authorization methods | New | |
| Design and implement a strategy for managing sensitive information in automation | Design and implement a strategy for managing sensitive information in automation | Minor |
| Automate security and compliance scanning | Automate security and compliance scanning | Minor |
| Implement an instrumentation strategy | Implement an instrumentation strategy | % of exam decreased |
| Configure monitoring for a DevOps environment | Configure monitoring for a DevOps environment | Minor |
| Analyze metrics | Analyze metrics from instrumentation | Minor |
Skills measured prior to May 3, 2024
Audience profile
As a DevOps engineer, you’re a developer or infrastructure administrator who also has subject matter expertise in working with people, processes, and products to enable continuous delivery of value in organizations.
Your responsibilities for this role include designing and implementing strategies for collaboration, code, infrastructure, source control, security, compliance, continuous integration, testing, delivery, monitoring, and feedback.
As a DevOps engineer, you work on cross-functional teams that include:
Developers
Site reliability engineers
Azure administrators
You must have experience with administering and developing in Azure, with strong skills in at least one of these areas. You should be familiar with:
Azure DevOps
GitHub
Skills at a glance
Configure processes and communications (10–15%)
Design and implement source control (15–20%)
Design and implement build and release pipelines (40–45%)
Develop a security and compliance plan (10–15%)
Implement an instrumentation strategy (10–15%)
Configure processes and communications (10–15%)
Configure activity traceability and flow of work
Plan and implement a structure for the flow of work and feedback cycles
Identify appropriate metrics related to flow of work, such as cycle times, time to recovery, and lead time
Integrate Azure Pipelines and GitHub Actions with work item tracking tools
Implement traceability policies decided by development
Integrate a repository with Azure Boards
Configure collaboration and communication
Communicate actionable information by using custom dashboards in Azure Boards
Document a project by using tools, such as wikis and process diagrams
Configure release documentation, including release notes and API documentation
Automate creation of documentation from Git history
Configure notifications by using webhooks
Design and implement source control (15–20%)
Design and implement a source control strategy
Design and implement an authentication strategy
Design a strategy for managing large files, including Git Large File Storage (LFS) and git-fat
Design a strategy for scaling and optimizing a Git repository, including Scalar and cross-repository sharing
Implement workflow hooks
Plan and implement branching strategies for the source code
Design a branch strategy, including trunk-based, feature branch, and release branch
Design and implement a pull request workflow by using branch policies and branch protections
Implement branch merging restrictions by using branch policies and branch protections
Configure and manage repositories
Integrate GitHub repositories with Azure Pipelines
Configure permissions in the source control repository
Configure tags to organize the source control repository
Recover data by using Git commands
Purge data from source control
Design and implement build and release pipelines (40–45%)
Design and implement pipeline automation
Integrate pipelines with external tools, including dependency scanning, security scanning, and code coverage
Design and implement quality and release gates, including security and governance
Design integration of automated tests into pipelines
Design and implement a comprehensive testing strategy (including local tests, unit tests, integration tests, and load tests)
Design and implement UI testing
Implement orchestration of tools, such as GitHub Actions and Azure Pipelines
Design and implement a package management strategy
Design a package management implementation that uses Azure Artifacts, GitHub Packages, NuGet, and npm
Design and implement package feeds, including upstream sources
Design and implement a dependency versioning strategy for code assets and packages, including semantic versioning and date-based
Design and implement a versioning strategy for pipeline artifacts
Design and implement pipelines
Select a deployment automation solution, including GitHub Actions and Azure Pipelines
Design and implement an agent infrastructure, including cost, tool selection, licenses, connectivity, and maintainability
Develop and implement pipeline trigger rules
Develop pipelines, including classic and YAML
Design and implement a strategy for job execution order, including parallelism and multi-stage
Develop complex pipeline scenarios, such as containerized agents and hybrid
Configure and manage self-hosted agents, including virtual machine (VM) templates and containerization
Create reusable pipeline elements, including YAML templates, task groups, variables, and variable groups
Design and implement checks and approvals by using YAML environments
Design and implement deployments
Design a deployment strategy, including blue/green, canary, ring, progressive exposure, feature flags, and A/B testing
Design a pipeline to ensure reliable order of dependency deployments
Plan for minimizing downtime during deployments by using virtual IP address (VIP) swap, load balancer, and rolling deployments
Design a hotfix path plan for responding to high-priority code fixes
Implement load balancing for deployment, including Azure Traffic Manager and the Web Apps feature of Azure App Service
Implement feature flags by using Azure App Configuration Feature Manager
Implement application deployment by using containers, binary, and scripts
Design and implement infrastructure as code (IaC)
Recommend a configuration management technology for application infrastructure
Implement a configuration management strategy for application infrastructure, including IaC
Define an IaC strategy, including source control and automation of testing and deployment
Design and implement desired state configuration for environments, including Azure Automation State Configuration, Azure Resource Manager, Bicep, and Azure Automanage Machine Configuration
Design and implement Azure Deployment Environments for on-demand self-deployment
Maintain pipelines
Monitor pipeline health, including failure rate, duration, and flaky tests
Optimize pipelines for cost, time, performance, and reliability
Analyze pipeline load to determine agent configuration and capacity
Design and implement a retention strategy for pipeline artifacts and dependencies
Develop a security and compliance plan (10–15%)
Design and implement a strategy for managing sensitive information in automation
Implement and manage service connections
Implement and manage personal access tokens
Implement and manage secrets, keys, and certificates by using Azure Key Vault, GitHub secrets, and Azure Pipelines secrets
Design and implement a strategy for managing sensitive files during deployment
Design pipelines to prevent leakage of sensitive information
Automate security and compliance scanning
Automate analysis of source code by using GitHub Advanced Security, including code scanning, secret scanning, and dependency scanning for both GitHub and Azure DevOps.
Automate the use of pipeline-based scans, and SonarQube
Automate security scanning, including container scanning and OWASP Zed Attack Proxy (ZAP)
Automate analysis of licensing, vulnerabilities, and versioning of open-source components by using Mend Bolt and GitHub Dependency Scanning
Integrate GitHub Advanced Security with Microsoft Defender for Cloud
Implement an instrumentation strategy (10–15%)
Configure monitoring for a DevOps environment
Configure and integrate monitoring by using Azure Monitor
Configure and integrate with monitoring tools, such as Azure Monitor, Application Insights, and the Prometheus managed service
Manage access control to the monitoring platform
Configure alerts for pipeline events
Analyze metrics
Inspect distributed tracing by using Application Insights
Inspect application performance indicators
Inspect infrastructure performance indicators, including CPU, memory, disk, and network
Identify and monitor metrics for business value
Analyze usage metrics by using Application Insights
Interrogate logs using basic Kusto Query Language (KQL) queries