Browse Certification Practice Tests by Exam Family

Microsoft AZ-400 Cheat Sheet: DevOps Engineer

May 1, 2026

Review the Microsoft DevOps Engineer Expert (AZ-400) scope, source control, CI/CD, release strategy, infrastructure as code, security, observability, and DevOps traps before practicing.

On this page

AZ-400 is a DevOps delivery exam. Use this cheat sheet to keep the workstream clear: plan, code, build, test, release, secure, monitor, and improve.

Use this with practice. Review the DevOps delivery checkpoints, then return to the AZ-400 exam page for sample questions and update tracking.

Open AZ-400 practice page Compare Azure routes

Exam snapshot

FieldDetail
IssuerMicrosoft
Certification laneMicrosoft DevOps Engineer Expert
Exam codeAZ-400
Main scopeDevOps strategy, source control, CI/CD, release, IaC, security, monitoring, and feedback
IT Mastery statusSample questions available

DevOps map

AreaWhat to knowCommon trap
Source controlBranching, pull requests, policies, reviews, and traceabilityLetting long-lived branches hide integration risk
CI qualityBuild validation, tests, scans, artifacts, and gatesTreating CI as only packaging
Release strategyEnvironments, approvals, deployment slots, canary, blue-green, and rollbackDeploying without health validation
Infrastructure as codeTemplates, repeatable deployments, configuration, drift, and reviewManually changing production and calling it automation
SecuritySecrets, supply-chain controls, permissions, dependency scanning, and policyStoring secrets in pipeline variables without protection
ObservabilityTelemetry, alerts, feedback loops, reliability signals, and continuous improvementCollecting logs without using them in release decisions

Must-know distinctions

DistinctionHow to decide
Build vs releaseBuild creates validated artifacts; release deploys them to environments.
CI vs CDCI validates every change; CD moves validated changes through deployment stages.
Deployment slot vs canarySlots swap app environments; canary gradually exposes users or traffic.
Secret variable vs managed secret storeA secret store centralizes protection, access, audit, and rotation.
Monitoring vs alertingMonitoring collects signals; alerting notifies when signals require action.
Manual approval vs automated gateApproval is a human decision; a gate enforces measured criteria.

High-yield checklist

  • Start with the bottleneck: integration, validation, deployment risk, security, or feedback.
  • Use pull-request validation and branch policies for code-quality control.
  • Keep artifacts immutable between build and release stages.
  • Use staged deployment, health checks, and rollback for production safety.
  • Use IaC for repeatability and reviewable environment changes.
  • Protect secrets with managed stores and scoped access.
  • Add security checks early enough to prevent late release surprises.
  • Feed telemetry and incident learning back into planning.

Common traps

  • Solving a people/process problem with a single tool setting.
  • Disabling checks because releases are slow.
  • Confusing rollback with redeploying unknown artifacts.
  • Treating observability as dashboards only.
  • Ignoring least privilege in pipeline service connections.
  • Automating a broken manual process without governance.

Practice strategy

For AZ-400 misses, name the DevOps stage first: plan, code, build, test, release, operate, secure, or improve. Then decide whether the scenario needs policy, automation, quality gates, monitoring, or rollback.

Revised on Monday, May 25, 2026