Microsoft AZ-400 DevOps Engineer Practice Test

AZ-400 is the exam for Microsoft Certified: DevOps Engineer Expert. It focuses on developer productivity, source control, CI/CD, security, infrastructure as code, observability, and continuous improvement in Microsoft cloud delivery environments.

IT Mastery coverage for AZ-400 is under review. Use this page to try 12 original sample questions, review the exam snapshot, route fit, and closest live Azure, GitHub, and DevOps practice paths.

Who AZ-400 is for

• engineers connecting Azure administration or development skill with DevOps delivery practices
• candidates working with source control, pipelines, release strategies, IaC, monitoring, and security automation
• learners comparing Microsoft DevOps Engineer Expert with AWS DevOps, GitHub Actions, Terraform, or Kubernetes routes

AZ-400 exam snapshot

• Issuer: Microsoft
• Platform: Microsoft Azure
• Official certification name: Microsoft Certified: DevOps Engineer Expert
• Exam code: AZ-400
• Passing score: 700 scaled
• Assessment style: scenario-based DevOps process, platform, automation, security, and monitoring decisions

Topic coverage for AZ-400

Practice options

• Current status: Sample questions
• IT Mastery coverage for this assessment: under review
• Best use right now: try the 12 sample questions, confirm the Microsoft DevOps lane, then practise live Azure, GitHub, and Terraform pages while coverage expands
• Update form: use the Notify me form near the top of this page if AZ-400 is your actual target exam
• Quick review: open the AZ-400 cheat sheet if you need a compact DevOps delivery checklist before the sample questions.

Sample Exam Questions

Try these 12 original sample questions for Microsoft AZ-400. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: branching strategy

A team has long-lived feature branches that create painful merges before release. What should they improve?

• A. Shorter-lived branches, frequent integration, pull-request validation, and a clear release strategy.
• B. Bigger merge conflicts.
• C. Deleting automated tests.
• D. Emailing ZIP files of source code.

Best answer: A

Explanation: DevOps delivery favors frequent integration and validated changes. Long-lived branches increase integration risk.

What this tests: Source-control process design.

Question 2

Topic: CI quality gates

A build should fail when tests or security scans fail. Where should this be enforced?

• A. In a private chat after production deployment.
• B. In the CI pipeline with required checks or quality gates.
• C. In a handwritten release note only.
• D. By disabling pull requests.

Best answer: B

Explanation: CI pipelines should provide fast, enforceable feedback. Required checks prevent low-quality or unsafe changes from progressing.

What this tests: Implementing pipeline quality controls.

Question 3

Topic: deployment strategy

A web app needs low-risk releases with quick rollback if health checks fail. Which strategy fits?

• A. Manual copy to production only.
• B. No monitoring during deployment.
• C. Blue-green, canary, or slot-based deployment with automated validation.
• D. One large annual release.

Best answer: C

Explanation: Progressive or slot-based release patterns reduce blast radius and support rollback. Health checks make release decisions evidence-based.

What this tests: Choosing deployment strategies.

Question 4

Topic: secrets in pipelines

A pipeline needs a connection string. What should the team avoid?

• A. Secure secret storage and scoped access.
• B. Managed identity where supported.
• C. Secret rotation policy.
• D. Hard-coding the connection string in the repository.

Best answer: D

Explanation: Secrets should not be committed to source control. Use secure stores, scoped permissions, and identity-based access where possible.

What this tests: Securing pipeline credentials.

Question 5

Topic: infrastructure as code

A team manually deploys Azure resources, and environments drift. What should they adopt?

• A. Infrastructure as code with review, versioning, and repeatable deployment.
• B. Portal-only clicks with no history.
• C. Random resource changes after every incident.
• D. No deployment records.

Best answer: A

Explanation: Infrastructure as code makes environment changes repeatable, reviewable, and auditable. It supports DevOps consistency.

What this tests: Applying IaC to Azure delivery.

Question 6

Topic: observability feedback

An application team wants to know whether deployments improve user experience. What should they connect?

• A. Only the number of commits.
• B. Deployment records, telemetry, incidents, user-impact metrics, and work-item feedback.
• C. Random screenshots.
• D. Local machine uptime only.

Best answer: B

Explanation: DevOps feedback loops connect changes to operational and user outcomes. Raw activity counts are not enough.

What this tests: Creating continuous feedback loops.

Question 7

Topic: environment approvals

Production deployments require business approval and separation of duties. What should the release design include?

• A. Everyone as production owner.
• B. A bypass step with no audit trail.
• C. Environment approvals, protected resources, and auditable deployment permissions.
• D. Manual password sharing.

Best answer: C

Explanation: Production controls should be enforceable and auditable. Approvals and permissions support governance without abandoning automation.

What this tests: Release governance and approvals.

Question 8

Topic: package management

A build should use approved dependency versions and prevent untrusted packages. What should the team implement?

• A. No dependency review.
• B. Manual copy-paste from old builds only.
• C. Random downloads from search results.
• D. Package feeds, dependency scanning, version policies, and supply-chain controls.

Best answer: D

Explanation: Supply-chain security is part of modern DevOps. Controlled feeds and scans reduce dependency risk.

What this tests: Securing dependencies and artifacts.

Question 9

Topic: test strategy

A team relies only on manual testing at the end of each release. What is a better DevOps direction?

• A. Automated tests at appropriate levels integrated into CI/CD, plus targeted manual testing where useful.
• B. No tests.
• C. Only production testing after release.
• D. Tests stored outside the repository with no owner.

Best answer: A

Explanation: Automated tests provide repeatable feedback. Manual testing can remain for exploratory or specialized validation, but should not be the only gate.

What this tests: Building an effective test strategy.

Question 10

Topic: incident learning

A deployment caused an outage. What should the team do after service is restored?

• A. Blame one developer and avoid documentation.
• B. Run a blameless review and improve tests, monitoring, deployment, or rollback controls.
• C. Ignore the incident because rollback worked.
• D. Delete logs.

Best answer: B

Explanation: Continuous improvement is a DevOps principle. Incidents should produce system improvements, not just blame.

What this tests: Learning from incidents.

Question 11

Topic: work visibility

Developers and operations teams use separate queues and cannot see blocked delivery work. What practice helps?

• A. Fewer conversations.
• B. More hidden spreadsheets.
• C. Shared boards, work-item traceability, and visible flow metrics.
• D. No definition of done.

Best answer: C

Explanation: Shared visibility supports collaboration and flow improvement. AZ-400 covers process as well as tooling.

What this tests: Improving DevOps collaboration and flow.

Question 12

Topic: route fit

A learner wants CI/CD and DevOps delivery practice with GitHub-specific certification focus. What adjacent route should they compare?

• A. MB-310.
• B. DP-900.
• C. AZ-140.
• D. GitHub Actions.

Best answer: D

Explanation: AZ-400 is Microsoft DevOps Engineer Expert, while GitHub Actions is the adjacent GitHub-focused automation route.

What this tests: Choosing adjacent DevOps certification paths.

AZ-400 DevOps delivery map

Use this map to connect the sample questions to the decision pattern Microsoft usually tests for this route.

    flowchart LR
	  S1["Plan work and flow"] --> S2
	  S2["Commit through source control"] --> S3
	  S3["Validate with CI"] --> S4
	  S4["Release with controls"] --> S5
	  S5["Observe production signals"] --> S6
	  S6["Improve process and platform"]

Quick Cheat Sheet

Mini Glossary

• Artifact: Versioned output of a build such as a package, container image, or deployment bundle.
• Canary deployment: Release pattern that exposes a change to a small audience before broad rollout.
• CI: Continuous integration: automated validation of frequent code changes.
• IaC: Infrastructure as code: managing infrastructure definitions through versioned files.
• Quality gate: Automated or required control that must pass before work can progress.

Microsoft AZ-400 practice update

Use this page to review AZ-400 sample questions and use the Notify me form for updates. The related pages below help you compare adjacent IT Mastery Azure DevOps practice options before choosing what to study next.

Use these pages now

• AZ-104 for live Azure administrator practice
• AZ-204 for Azure developer route fit
• GitHub Actions for CI/CD certification route fit
• Terraform Associate for live IaC workflow practice

Official sources

• Microsoft Certified: DevOps Engineer Expert

In this section

• Microsoft AZ-400 Cheat Sheet: DevOps Engineer
  Review the Microsoft DevOps Engineer Expert (AZ-400) scope, source control, CI/CD, release strategy, infrastructure as code, security, observability, and DevOps traps before practicing.