Why This Cheat Sheet Matters for AZ-400
This cheat sheet covers the most important Security & Compliance concepts tested on the AZ-400 (Azure DevOps Engineer Expert) certification exam. It contains 2 sections with 8 key points that you should memorize before exam day. Implement security in DevOps including dependency scanning, secret management, SAST/DAST, and compliance. Use this as a quick-reference guide during your final review sessions.
Shift-Left Security
- SAST (Static Analysis): scan source code for vulnerabilities during CI.
- DAST (Dynamic Analysis): test running applications for security issues.
- SCA (Software Composition Analysis): scan dependencies for known CVEs.
- Secret scanning: detect committed secrets and credentials in repositories.
Compliance
- Pipeline gates: enforce security scanning before deployment promotion.
- SBOM (Software Bill of Materials): track all components and dependencies.
- Credential rotation: automate secret rotation with Key Vault policies.
- Audit trails: pipeline logs and approvals provide deployment compliance evidence.
Practice Security Questions
Put your knowledge to the test with practice questions.
Azure Quick Reference Tips
Azure services follow consistent naming patterns that help with exam recall. Resource Manager (ARM) templates use JSON, while Bicep provides a cleaner DSL for infrastructure as code. Remember that Azure resources are organised in a hierarchy: Management Groups → Subscriptions → Resource Groups → Resources.