AZ-400 cheat sheet
A one-page reference for the Microsoft DevOps Engineer Expert exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
Microsoft
Level
Expert
Questions
60
Time
120 min
Mock pass mark
70%
Domains
5
Practice Qs
138
Code
AZ-400
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- CI/CD
- CI/CD (continuous integration and continuous delivery) is the automated practice of building, testing, and releasing software frequently. AZ-400 centers on designing and implementing CI/CD pipelines.
- Azure Pipelines
- Azure Pipelines is the Azure DevOps service for building, testing, and deploying code with YAML or classic pipelines. AZ-400 covers implementing pipelines and deployments with it.
- GitHub Actions
- GitHub Actions is GitHub's automation and CI/CD platform driven by workflow YAML files. AZ-400 covers selecting and implementing GitHub Actions alongside Azure Pipelines.
- Infrastructure as code
- Infrastructure as code (IaC) is the practice of provisioning infrastructure through machine-readable templates. AZ-400 covers IaC strategy with ARM, Bicep, and desired state configuration.
- Bicep
- Bicep is a domain-specific language for declaratively deploying Azure resources, compiling to ARM templates. AZ-400 covers Bicep for desired state configuration of environments.
- Blue-green deployment
- A blue-green deployment runs two identical environments and switches traffic to the new one to release with minimal downtime. AZ-400 covers it among deployment strategies.
- Canary release
- A canary release rolls out a change to a small subset of users before full deployment to limit risk. AZ-400 covers canary, ring, and progressive-exposure deployment strategies.
- Feature flag
- A feature flag toggles functionality on or off at runtime without redeploying, enabling progressive exposure and A/B testing. AZ-400 covers implementing feature flags with Azure App Configuration.
- Branch policy
- A branch policy enforces requirements — such as reviews and passing builds — before code merges into a protected branch. AZ-400 covers pull-request workflows using branch policies and protection rules.
- Trunk-based development
- Trunk-based development is a branching strategy where developers integrate small changes frequently into a single main branch. AZ-400 covers it among branching strategies.
- GitHub Advanced Security
- GitHub Advanced Security provides code, secret, and dependency scanning (including CodeQL). AZ-400 covers configuring it for GitHub and Azure DevOps and integrating with Defender for Cloud.
- Dependabot
- Dependabot automatically detects and alerts on vulnerable open-source dependencies and can raise update pull requests. AZ-400 covers automating dependency vulnerability analysis with Dependabot.
- Azure Key Vault
- Azure Key Vault is a service for securely storing secrets, keys, and certificates. AZ-400 covers managing sensitive information in pipelines with Key Vault and secretless authentication.
- Application Insights
- Azure Monitor Application Insights is an application performance monitoring service that collects telemetry and traces. AZ-400 covers configuring it in the instrumentation strategy.