AZ-400 cheat sheet

A one-page reference for the Microsoft DevOps Engineer Expert exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
Microsoft
Level
Expert
Questions
60
Time
120 min
Mock pass mark
70%
Domains
5
Practice Qs
138
Code
AZ-400

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

CI/CD
CI/CD (continuous integration and continuous delivery) is the automated practice of building, testing, and releasing software frequently. AZ-400 centers on designing and implementing CI/CD pipelines.
Azure Pipelines
Azure Pipelines is the Azure DevOps service for building, testing, and deploying code with YAML or classic pipelines. AZ-400 covers implementing pipelines and deployments with it.
GitHub Actions
GitHub Actions is GitHub's automation and CI/CD platform driven by workflow YAML files. AZ-400 covers selecting and implementing GitHub Actions alongside Azure Pipelines.
Infrastructure as code
Infrastructure as code (IaC) is the practice of provisioning infrastructure through machine-readable templates. AZ-400 covers IaC strategy with ARM, Bicep, and desired state configuration.
Bicep
Bicep is a domain-specific language for declaratively deploying Azure resources, compiling to ARM templates. AZ-400 covers Bicep for desired state configuration of environments.
Blue-green deployment
A blue-green deployment runs two identical environments and switches traffic to the new one to release with minimal downtime. AZ-400 covers it among deployment strategies.
Canary release
A canary release rolls out a change to a small subset of users before full deployment to limit risk. AZ-400 covers canary, ring, and progressive-exposure deployment strategies.
Feature flag
A feature flag toggles functionality on or off at runtime without redeploying, enabling progressive exposure and A/B testing. AZ-400 covers implementing feature flags with Azure App Configuration.
Branch policy
A branch policy enforces requirements — such as reviews and passing builds — before code merges into a protected branch. AZ-400 covers pull-request workflows using branch policies and protection rules.
Trunk-based development
Trunk-based development is a branching strategy where developers integrate small changes frequently into a single main branch. AZ-400 covers it among branching strategies.
GitHub Advanced Security
GitHub Advanced Security provides code, secret, and dependency scanning (including CodeQL). AZ-400 covers configuring it for GitHub and Azure DevOps and integrating with Defender for Cloud.
Dependabot
Dependabot automatically detects and alerts on vulnerable open-source dependencies and can raise update pull requests. AZ-400 covers automating dependency vulnerability analysis with Dependabot.
Azure Key Vault
Azure Key Vault is a service for securely storing secrets, keys, and certificates. AZ-400 covers managing sensitive information in pipelines with Key Vault and secretless authentication.
Application Insights
Azure Monitor Application Insights is an application performance monitoring service that collects telemetry and traces. AZ-400 covers configuring it in the instrumentation strategy.