About This Domain
Domain 4 — Develop a Security and Compliance Plan — accounts for 10-15% of the AZ-400 certification exam. This domain evaluates your understanding of implement dependency scanning and vulnerability management, design secret management with key vault and variable groups, implement sast, dast, and container image scanning, and related concepts. Design and implement strategies for managing sensitive information, security scanning, and compliance automation in DevOps pipelines. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.
What You'll Be Tested On
- Implement dependency scanning and vulnerability management
- Design secret management with Key Vault and variable groups
- Implement SAST, DAST, and container image scanning
- Design compliance and governance automation with policy gates
Key Azure Services in This Domain
Study Strategy for Domain 4
While 10-15% might seem like a smaller portion of the exam, every point counts toward the passing score. Focus on understanding core concepts and common exam scenarios for this domain. Don't neglect it — even a few missed questions here can make the difference between pass and fail.
Exam Tips for Domain 4
Shift-left security integrates scanning early in the development cycle.
GitHub Advanced Security provides code scanning, secret scanning, and Dependabot.
Azure Key Vault integration with pipelines eliminates hard-coded secrets.
Frequently Asked Questions
How many questions on the AZ-400 exam come from Domain 4?
Domain 4 (Develop a Security and Compliance Plan) makes up 10-15% of the AZ-400 exam. The exam has 65 scored questions, so approximately 7 questions will come from this domain.
What services should I focus on for Domain 4?
The key services for this domain include Security. Make sure you understand how each service works, its use cases, and how they integrate with one another.
How should I prepare for Develop a Security and Compliance Plan questions?
Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.
What's the best order to study the AZ-400 domains?
Many candidates start with the highest-weighted domains first. For the AZ-400 exam, the domains in order of weight are: Design and Implement Processes and Communications (10-15%), Design and Implement a Source Control Strategy (10-15%), Design and Implement Build and Release Pipelines (50-55%), Develop a Security and Compliance Plan (10-15%), Implement an Instrumentation Strategy (5-10%). However, start with whichever domain aligns best with your existing experience.
Practice Domain 4 Questions
Test your knowledge of Develop a Security and Compliance Plan with practice questions from our AZ-400 question bank.
Start Practice Quiz →