Azure DevOps Certification: AZ-400 Study Guide
The Azure DevOps exam is a beast on its own based on the depth and width of the content that is included. However, regardless of everything, I believe the exam outline covers many essential topics that you are expected to know in your day-to-day life.
In this article, you will find the resources and recommendations if you are preparing for the Azure DevOps exam soon. This post is super long, so use the Table of Content to find the appropriate section you are interested in and bookmark it for later use.
Check out the Study Guides for other exams that might be of interest to you.
Table of Content
- Certification Overview
- Exam Prerequisites
- Who is this AZ-400 Exam for?
- What to Expect in the Exam?
- Exam Preparation Recommendations
- Exam Day Tips
- Exam Preparation Resources
- Exam Outline: Microsoft Learn + Docs Reference Links
- Develop an Instrumentation Strategy
- Develop a Site Reliability Engineering (SRE) strategy
- Develop a security and compliance plan
- Manage source control
- Facilitate communication and collaboration
- Define and implement continuous integration
- Define and implement continuous delivery and release management strategy
Azure DevOps Engineer (AZ-400) Expert Certificate is an expert level exam that validates the skills and expertise of subject matter experts working with process and technology while incorporating people skills to deliver business value to the customers.
If you are planning to attempt the Azure DevOps exam, be sure to complete one of the following exams beforehand, as it will give you enough exposure to Azure services and offerings:
Who is this AZ-400 Exam for?
Suppose you are working in Azure in general, regardless of any specific motive to go into DevOps. In that case, I'd still recommend at least taking this exam as it will give you an insight into the capabilities of how Azure offerings are tightly coupled with the DevOps platform. Of course, if your organization is using Azure for development or deployment purposes, the DevOps still will be beneficial regardless of what DevOps platform you use.
On a high-level note, take the exam:
- If you are looking to learn and understand DevOps practices, Agile practices and establish yourself in the market for success.
- If you are working on Administration, Software development, Lead Engineer, or Project Management Role and are looking to move into the DevOps domain.
- If you are looking to build the development skills and learning version control, development, and deployments in general.
What to Expect in the Exam?
The DevOps Exam is 210 minutes, including about 30 minutes for the surveys and the assessments, which gives you roughly 180 minutes for the exam. You can expect around 40-60 questions in the exam.
The structure of the exam can vary and range between:
- Case study with multiple questions including two choices and drag-and-drop items.
- Single-choice questions which may not be skipped or reviewed. You only get to answer these questions ONCE.
- Single-choice questions (True/False or Yes/No)
- Multiple-choice questions
- Arrange in the correct sequence questions.
Since it's an expert-level exam, the exam is relatively hard and challenging as it covers many different topics and best practices. Therefore, I would recommend you to have at least one year of hands-on experience with Azure Cloud and DevOps practices in general before you consider booking the exam. Don't just take the exam for the sake of the certificate.
Exam Preparation Recommendations
There's definitely a lot to cover in this exam, and giving you any list of services or things to learn would be unfair as the expectations for this exam are high. However, below are some things to consider and focus attention on while preparing for the exam.
- Understand how Azure DevOps (ADO) platform works and operates. Get yourself familiar with the Pipelines, Release, Artifacts, and Variable Groups.
- You should be familiar with some of the common YAML tasks for Pipeline, such as copying artifacts, downloading build artifacts, and publishing artifacts for release.
- Speaking of release, don't miss out on release gates and approval policies. Having a good understanding of all the capabilities like security testing, monitoring, and approval will go a long way for the exam and real life.
- You should be prepared with a solid understanding of GIT and the branching strategies covered in the section Manage source control.
- The presence of the actual lab in the exam is unclear with the remote exam as of now. However, be sure to practice with ADO and Azure platform to avoid any surprises.
- Befriend with Azure DevOps resources at the Azure DevOps Documentation site. The more you are familiar with the docs now, the more it'll help you later.
- Review the DevOps Checklist as a starting point in assessing DevOps culture and processes.
Exam Day Tips
Below are some of my recommendations on the exam and some tips that might be helpful.
- Cover basic knowledge using AZ-104 and AZ-900 exams to be familiar with the Azure offerings' services and Azure offerings.
- Book the exam at least 60-90 days ahead of the time. Try to use the vouchers if you can from a learning partner, or keep an eye for open Cloud Skill Challenges that are often offered via Microsoft.
- If it's your first time doing a Virtual Exam, be sure to read PearsonVUE's exam information to ensure your desk and workspace are clean before going into the exam.
- The time for when to schedule the exam is debatable. If you are a morning person, consider doing it early when your mind is not distracted from the day stuff. On the other hand, I've had challenges with wait time and schedule in the evenings or afternoon PST time zones.
- You have access to a whiteboard where you can brainstorm ideas about the exams. It has been the least used feature of the exam for me personally. I'll let you be the judge of it.
- Adjust the brightness of your screen or turn on Dark Mode before the exam starts. Constantly looking at a white screen with high brightness may affect your focus. Consider changing to dark mode from around the bottom left when you begin.
- Use the Exam Outline to note down your target dates for each module and section so that you keep yourself on track. For example, I usually pick a final date and work backward to calculate how much time I need to spend on each module and section.
Exam Preparation Resources
Cloud Academy AZ-400 Learning Path
The biggest differentiator that I've seen for CloudAcademy has been their hands-on lab environment access, where you get free sandbox access to practice along with course and exam questions preparation.
Pluralsight AZ-400 Training
Pluralsight also has an AZ-400 training course prepared heavily by John Savill. The course should get you started by checking a lot of boxes on the exam outline.
WhizLabs Questions Papers
I'd highly recommend taking the WhizLab's Practise tests and go through them a few times. I believe the questions are well prepared and explained in the descriptions when you review after each try.
Azure DevOps Labs
Azure DevOps Labs is the most helpful resource if you are looking for detailed blogs and articles with hands-on knowledge of Azure DevOps Platform guidance.
Visual Studio Dev Essentials
Signup for Visual Studio Dev Essentials. You get Free Azure Credit to use the cloud resources and access to some training platforms like LinkedIn Learning and Pluralsight with one month of access.
30 Days to Learn It
Microsoft provides an offer where you get a 50% discount on exam price if you complete one of the listed MS Learn modules in 30 days.
If you are working for a company that offers certification training via any learning institute, I'd highly recommend going that path as it'll give you about a full week of training and a free voucher at the end of the training. You can find your local training institutes using the link below:
Free E-Books Resources
I'd highly recommend picking up at least one DevOps book either from the list below or anything you find helpful.
Exam Outline: Microsoft Learn + Docs Reference Links
I've gathered some of the reference URLs to articles on the internet that will help you cover most of the exam objectives. The headings link to Microsoft Learn modules, and the individual items in each category point to relevant reading articles or MS learn courses.
Be sure to print and have the exam outline with you while you are preparing for the exam. If you don't have the Exam Outline handle, download it here.
Develop an Instrumentation Strategy (5-10%)
Design and implement logging
- assess and configure a log framework
- design a log aggregation and storage strategy (e.g., Azure storage)
- design a log aggregation and query strategy using (e.g., Azure Monitor, Splunk)
- manage access control to logs (workspace-centric/resource-centric)
- integrate crash analytics (App Center Crashes, Crashlytics)
Design and implement telemetry
- design and implement distributed tracing [Learn Module]
- inspect application performance indicators
- inspect infrastructure performance indicators [VMs] [Containers]
- define and measure key metrics (CPU, memory, disk, network)
- implement alerts on key metrics (email, SMS, webhooks, Teams/Slack)
- integrate user analytics (e.g., Application Insights funnels, Visual Studio App Center, TestFlight, Google Analytics)
Integrate logging and monitoring solutions
- configure and integrate container monitoring (Azure Monitor, Prometheus, etc.)
- configure and integrate with monitoring tools (Azure Monitor Application Insights, Dynatrace, New Relic, Naggios, Zabbix)
- create feedback loop from platform monitoring tools (e.g., Azure Diagnostics extension, Log Analytics agent, Azure Platform Logs, Event Grid)
- manage Access control to the monitoring platform
Develop a Site Reliability Engineering (SRE) strategy (5-10%)
Develop an actionable alerting strategy
- identify and recommend metrics on which to base alerts
- implement alerts using appropriate metrics
- implement alerts based on appropriate log messages
- implement alerts based on application health checks
- analyze combinations of metrics
- develop communication mechanism to notify users of degraded systems
- implement alerts for self-healing activities (e.g., scaling, failovers)
Design a failure prediction strategy
- analyze behavior of system with regards to load and failure condition
- calculate when a system will fail under various condition
- measure baseline metrics for system [Learn Module]
- leverage Application Insights Smart Detection and Dynamic thresholds in Azure Monitor
Design and implement a health check
- analyze system dependencies to determine which dependency should be included in health check
- calculate healthy response timeouts based on SLO for the service
- design approach for partial health situations
- design approach for piecemeal recovery (e.g., to improve recovery time objective strategies)
- integrate health check with compute environment
- implement different types of health checks (container liveness, startup, shutdown)
Develop a security and compliance plan (10-15%)
Design an authentication and authorization strategy
- design an access solution (Azure AD Privileged Identity Management (PIM), Azure AD Conditional Access, MFA, Azure AD B2B, etc.)
- implement Service Principals and Managed Identity
- design an application access solution using Azure AD B2C
- configure service connections
Design a sensitive information management strategy
- evaluate and configure vault solution (Azure Key Vault, Hashicorp Vault)
- manage security certificates
- design a secrets storage and retrieval strategy (KeyVault secrets, GitHub secrets, Azure Pipelines secrets)
- formulate a plan for deploying secret files as part of a release
Develop security and compliance
- automate dependencies scanning for security (container scanning, OWASP)
- automate dependencies scanning for compliance (licenses: MIT, GPL)
- assess and report risks
- design a source code compliance solution (e.g., GitHub Code scanning, GitHub Secret scanning, pipeline-based scans, Git hooks, SonarQube, Dependabot, etc.)
Design governance enforcement mechanisms
- implement Azure policies to enforce organizational requirements
- implement container scanning (e.g., static scanning, malware, crypto mining)
- design and implement Azure Container Registry Tasks
- design break-the-glass strategy for responding to security incidents
Manage source control (10-15%)
Develop a modern source control strategy
- integrate/migrate disparate source control systems (e.g., GitHub, Azure Repos)
- design authentication strategies
- design approach for managing large binary files (e.g., Git LFS)
- design approach for cross repository sharing (e.g., Git sub-modules, packages)
- implement workflow hooks
- design approach for efficient code reviews (e.g., GitHub code review assignments, schedule reminders, Pull Analytics)
Plan and implement branching strategies for the source code
- define Pull Requests (PR) guidelines to enforce work item correlation
- implement branch merging restrictions (e.g., branch policies, branch protections, manual, etc.)
- define branch strategy (e.g., trunk based, feature branch, release branch, GitHub flow)
- design and implement a PR workflow (code reviews, approvals)
- enforce static code analysis for code-quality consistency on PR
- configure permissions in the source control repository
- organize the repository with git-tags
- plan for handling oversized repositories
- plan for content recovery in all repository states
- purge data from source control
Integrate source control with tools
- integrate GitHub with DevOps pipelines
- integrate GitHub with identity management solutions (Azure AD)
- design for GitOps
- design for ChatOps
- integrate source control artifacts for human consumption (e.g., Git changelog)
- integrate GitHub Codespaces
Facilitate communication and collaboration (10-15%)
Communicate deployment and release information with business stakeholders
- create dashboards combining boards, pipelines (custom dashboards on Azure DevOps)
- design a cost management communication strategy
- integrate release pipeline with work item tracking (e.g., AZ DevOps, Jira, ServiceNow)
- integrate GitHub as repository with Azure Boards
- communicate user analytics
Generate DevOps process documentation
- design onboarding process for new employees
- assess and document external dependencies (e.g., integrations, packages)
- assess and document artifacts (version, release notes)
Automate communication with team members
- integrate monitoring tools with communication platforms (e.g., Teams, Slack, dashboards)
- notify stakeholders about key metrics, alerts, severity using communication and project management platforms (e.g., Email, SMS, Slack, Teams, ServiceNow, etc.)
- integrate build and release with communication platforms (e.g., build fails, release fails)
- integrate GitHub pull request approvals via mobile apps
Define and implement continuous integration (20-25%)
Design build automation
- integrate the build pipeline with external tools (e.g., Dependency and security scanning, Code coverage)
- implement quality gates (e.g., code coverage, internationalization, peer review)
- design a testing strategy (e.g., integration, load, fuzz, API, chaos)
- integrate multiple tools (e.g., GitHub Actions, Azure Pipeline, Jenkins)
Design a package management strategy
- recommend package management tools (e.g., GitHub Packages, Azure Artifacts, Azure Automation Runbooks Gallery, Nuget, Jfrog, Artifactory)
- design an Azure Artifacts implementation including linked feeds
- design versioning strategy for code assets (e.g., SemVer, date based)
- plan for assessing and updating and reporting package dependencies (GitHub Automated Security Updates, NuKeeper, GreenKeeper)
- design a versioning strategy for packages (e.g., SemVer, date based)
- design a versioning strategy for deployment artifacts
Design an application infrastructure management strategy
- assess a configuration management mechanism for application infrastructure
- define and enforce desired state configuration for environments
Implement a build strategy
- design and implement build agent infrastructure (include cost, tool selection, licenses, maintainability)
- develop and implement build trigger rules
- develop build pipelines
- design build orchestration (products that are composed of multiple builds)
- integrate configuration into build process
- develop complex build scenarios (e.g., containerized agents, hybrid, GPU)
Maintain build strategy
- monitor pipeline health (failure rate, duration, flaky tests)
- optimize build (cost, time, performance, reliability)
- analyze CI load to determine build agent configuration and capacity
Design a process for standardizing builds across organization
- manage self-hosted build agents (VM templates, containerization, etc.)
- create reusable build subsystems (YAML templates, Task Groups, Variable Groups, etc.)
Define and implement continuous delivery and release management strategy (10-15%)
Develop deployment scripts and templates
- recommend a deployment solution (e.g., GitHub Actions, Azure Pipelines, Jenkins, CircleCI, etc.)
- design and implement Infrastructure as code (ARM, Terraform, PowerShell, CLI)
- develop application deployment process (container, binary, scripts)
- develop database deployment process (migrations, data movement, ETL)
- integrate configuration management as part of the release process
- develop complex deployments (IoT, Azure IoT Edge, mobile, App Center, DR, multi-region, CDN, sovereign cloud, Azure Stack, etc.)
Implement an orchestration automation solution
- combine release targets depending on release deliverable (e.g., Infrastructure, code, assets, etc.)
- design the release pipeline to ensure reliable order of dependency deployments
- organize shared release configurations and process (YAML templates, variable groups, Azure App Configuration)
- design and implement release gates and approval processes
Plan the deployment environment strategy
- design a release strategy (blue/green, canary, ring)
- implement the release strategy (using deployment slots, load balancer configurations, Azure Traffic Manager, feature toggle, etc.)
- select the appropriate desired state solution for a deployment environment (PowerShell DSC, Chef, Puppet, etc.)
- plan for minimizing downtime during deployments (VIP Swap, Load balancer, rolling deployments, etc.)
- design a hotfix path plan for responding to high priority code fixes
I hope this article helps you get through the learning part of the AZ-400 exam and cover all the necessary topics that you need to know before you go into the exam hall. Feel free to reach out to me on Twitter or LinkedIn for any questions.
Check out my certificate on Credly here;
If you are looking for exam review on any other exam, check out the list below as I update it with the latest content: