AZ-400 skills coverage matrix
This matrix maps every official exam skill to a specific challenge. Use it to verify you've practiced all testable skills.
Domain 1: Design and implement processes and communications (10-15%)
Design and implement traceability and flow of work
| Skill | Challenge | Status |
|---|---|---|
| Design and implement a structure for the flow of work, including GitHub Flow | Challenge 01 | Covered |
| Design and implement a strategy for feedback cycles, including notifications and GitHub issues | Challenge 02 | Covered |
| Design and implement integration for tracking work, including GitHub projects, Azure Boards, and repositories | Challenge 02 | Covered |
| Design and implement source, bug, and quality traceability | Challenge 03 | Covered |
Design and implement appropriate metrics and queries for DevOps
| Skill | Challenge | Status |
|---|---|---|
| Design and implement a dashboard, including flow of work (cycle times, time to recovery, lead time) | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for project planning | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for development | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for testing | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for security | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for delivery | Challenge 04 | Covered |
| Design and implement appropriate metrics and queries for operations | Challenge 04 | Covered |
Configure collaboration and communication
| Skill | Challenge | Status |
|---|---|---|
| Document a project by configuring wikis and process diagrams, including Markdown and Mermaid syntax | Challenge 05 | Covered |
| Configure release documentation, including release notes and API documentation | Challenge 05 | Covered |
| Automate creation of documentation from Git history | Challenge 05 | Covered |
| Configure integration by using webhooks | Challenge 06 | Covered |
| Configure integration between Azure Boards and GitHub repositories | Challenge 06 | Covered |
| Configure integration between GitHub or Azure DevOps and Microsoft Teams | Challenge 06 | Covered |
Domain 2: Design and implement a source control strategy (10-15%)
Design and implement branching strategies for the source code
| Skill | Challenge | Status |
|---|---|---|
| Design a branch strategy, including trunk-based, feature branch, and release branch | Challenge 07 | Covered |
| Design and implement a pull request workflow by using branch policies and branch protection rules | Challenge 08 | Covered |
| Implement branch merging restrictions by using branch policies and branch protection rules | Challenge 08 | Covered |
Configure and manage repositories
| Skill | Challenge | Status |
|---|---|---|
| Design and implement a strategy for managing large files, including Git LFS and git-fat | Challenge 10 | Covered |
| Design a strategy for scaling and optimizing a Git repository, including Scalar and cross-repository sharing | Challenge 12 | Covered |
| Configure permissions in the source control repository | Challenge 09 | Covered |
| Configure tags to organize the source control repository | Challenge 09 | Covered |
| Recover specific data by using Git commands | Challenge 11 | Covered |
| Remove specific data from source control | Challenge 11 | Covered |
Domain 3: Design and implement build and release pipelines (50-55%)
Design and implement a package management strategy
| Skill | Challenge | Status |
|---|---|---|
| Recommend package management tools including GitHub Packages and Azure Artifacts | Challenge 13 | Covered |
| Design and implement package feeds and views for local and upstream packages | Challenge 13 | Covered |
| Design and implement a dependency versioning strategy (SemVer and CalVer) | Challenge 14 | Covered |
| Design and implement a versioning strategy for pipeline artifacts | Challenge 14 | Covered |
Design and implement a testing strategy for pipelines
| Skill | Challenge | Status |
|---|---|---|
| Design and implement quality and release gates, including security and governance | Challenge 17 | Covered |
| Design a comprehensive testing strategy (local, unit, integration, load tests) | Challenge 16 | Covered |
| Implement tests in a pipeline, including configuring test tasks and test agents | Challenge 16 | Covered |
| Implement code coverage analysis | Challenge 18 | Covered |
Design and implement pipelines
| Skill | Challenge | Status |
|---|---|---|
| Select a deployment automation solution (GitHub Actions and Azure Pipelines) | Challenge 19, Challenge 20 | Covered |
| Design and implement runner/agent infrastructure (cost, connectivity, maintainability) | Challenge 21 | Covered |
| Design and implement integration between GitHub repositories and Azure Pipelines | Challenge 20 | Covered |
| Develop and implement pipeline trigger rules | Challenge 22 | Covered |
| Develop pipelines by using YAML | Challenge 19, Challenge 20 | Covered |
| Design and implement a strategy for job execution order (parallelism, multi-stage) | Challenge 22 | Covered |
| Develop complex pipeline scenarios (hybrid pipelines, VM templates, self-hosted runners) | Challenge 21 | Covered |
| Create reusable pipeline elements (YAML templates, task groups, variables, variable groups) | Challenge 23 | Covered |
| Design and implement checks and approvals by using YAML-based environments | Challenge 24 | Covered |
Design and implement deployments
| Skill | Challenge | Status |
|---|---|---|
| Design a deployment strategy (blue-green, canary, ring, progressive exposure, feature flags, A/B) | Challenge 25 | Covered |
| Design a pipeline to ensure dependency deployments are reliably ordered | Challenge 30 | Covered |
| Plan for minimizing downtime (load balancing, rolling deployments, slot swaps) | Challenge 26 | Covered |
| Design a hotfix path plan for high-priority code fixes | Challenge 30 | Covered |
| Design and implement a resiliency strategy for deployment | Challenge 30 | Covered |
| Implement feature flags by using Azure App Configuration Feature Manager | Challenge 27 | Covered |
| Implement application deployment by using containers, binaries, and scripts | Challenge 28 | Covered |
| Implement a deployment that includes database tasks | Challenge 29 | Covered |
Design and implement infrastructure as code (IaC)
| Skill | Challenge | Status |
|---|---|---|
| Recommend a configuration management technology for application infrastructure | Challenge 31 | Covered |
| Implement a configuration management strategy for application infrastructure | Challenge 31 | Covered |
| Define an IaC strategy, including source control and automation of testing and deployment | Challenge 31 | Covered |
| Design and implement desired state configuration (Azure Automation, Bicep, Machine Configuration) | Challenge 32 | Covered |
| Design and implement Azure Deployment Environments for on-demand self-deployment | Challenge 33 | Covered |
Maintain pipelines
| Skill | Challenge | Status |
|---|---|---|
| Monitor pipeline health (failure rate, duration, flaky tests) | Challenge 34 | Covered |
| Optimize a pipeline for cost, time, performance, and reliability | Challenge 35 | Covered |
| Optimize pipeline concurrency for performance and cost | Challenge 35 | Covered |
| Design and implement a retention strategy for pipeline artifacts and dependencies | Challenge 36 | Covered |
| Migrate a pipeline from classic to YAML in Azure Pipelines | Challenge 37 | Covered |
Domain 4: Develop a security and compliance plan (10-15%)
Design and implement authentication and authorization methods
| Skill | Challenge | Status |
|---|---|---|
| Choose between service principals and managed identities (system/user-assigned) | Challenge 39 | Covered |
| Implement and manage GitHub authentication (GitHub Apps, GITHUB_TOKEN, PATs) | Challenge 40 | Covered |
| Implement and manage Azure DevOps service connections and PATs | Challenge 41 | Covered |
| Design and implement permissions and roles in GitHub | Challenge 40 | Covered |
| Design and implement permissions and security groups in Azure DevOps | Challenge 41 | Covered |
| Recommend appropriate access levels (stakeholder in ADO, outside collaborator in GitHub) | Challenge 41 | Covered |
| Configure projects and teams in Azure DevOps | Challenge 41 | Covered |
Design and implement a strategy for managing sensitive information in automation
| Skill | Challenge | Status |
|---|---|---|
| Implement and manage secrets, keys, and certificates by using Azure Key Vault | Challenge 42 | Covered |
| Implement secretless authentication (workload identity federation/OIDC) | Challenge 42 | Covered |
| Design and implement a strategy for managing sensitive files during deployment | Challenge 43 | Covered |
| Design pipelines to prevent leakage of sensitive information | Challenge 43 | Covered |
Automate security and compliance scanning
| Skill | Challenge | Status |
|---|---|---|
| Design a strategy for security and compliance scanning (dependency, code, secret, licensing) | Challenge 44 | Covered |
| Configure Microsoft Defender for Cloud DevOps Security | Challenge 45 | Covered |
| Configure GitHub Advanced Security for GitHub and Azure DevOps | Challenge 44 | Covered |
| Integrate GitHub Advanced Security with Microsoft Defender for Cloud | Challenge 45 | Covered |
| Automate container scanning (container images, CodeQL in containers) | Challenge 44 | Covered |
| Automate analysis of licensing, vulnerabilities, and versioning (Dependabot alerts) | Challenge 44 | Covered |
Domain 5: Implement an instrumentation strategy (5-10%)
Configure monitoring for a DevOps environment
| Skill | Challenge | Status |
|---|---|---|
| Configure Azure Monitor and Azure Monitor Logs to integrate with DevOps tools | Challenge 46 | Covered |
| Configure collection of telemetry (Application Insights, VM Insights, Container Insights) | Challenge 47 | Covered |
| Configure monitoring in GitHub (insights, charts) | Challenge 48 | Covered |
| Configure alerts for events in GitHub Actions and Azure Pipelines | Challenge 48 | Covered |
Analyze metrics from instrumentation
| Skill | Challenge | Status |
|---|---|---|
| Inspect infrastructure performance indicators (CPU, memory, disk, network) | Challenge 47 | Covered |
| Analyze metrics by using collected telemetry (usage, application performance) | Challenge 50 | Covered |
| Inspect distributed tracing by using Application Insights | Challenge 50 | Covered |
| Interrogate logs using basic KQL queries | Challenge 49 | Covered |
Total skills covered: 67/67 (100%)