AZ-400 exam notes

Some months missing between my last update!

I must say I have been quite busy with the new position and the massive change that has impacted my previous knowledge but overall, I am pretty happy with it!

Therefore, let’s move to the point! So I just want to share some notes of the AZ-400 exam which I recently passed and I hope that can be useful to someone.

Certification details

This exam (AZ-400) is the second one of the path to the specific “Microsoft Certified: DevOps Engineer Expert” certification:

Last month I passed the Azure Administrator Associate exam (AZ-104) so I had the prerequisite already.

You can check the objectives measured in detail for the exam here but as a summary, this is what the official documentation states:

  • Develop an instrumentation strategy (5-10%)
  • Develop a Site Reliability Engineering (SRE) strategy (5-10%)
  • Develop a security and compliance plan (10-15%)
  • Manage source control (10-15%)
  • Facilitate communication and collaboration (10-15%)
  • Define and implement continuous integration (20-25%)
  • Define and implement a continuous delivery and release management strategy (10-15%)


Notes and resources for the exam

  • Be sure to try Azure DevOps lab where you’ll be able to use Azure DevOps for free and with many guided Hands-on labs ( → MUST
  • Study the majority of the Azure Products that can be related to any process within a pipeline, therefore, applications, web apps, secrets, repositories, VMs, etc.
  • Of course, I suggest you read and try Azure DevOps and the many of the integrations that can have with Github (remember that it’s owned by MS) within a pipeline.
    • This includes things like Azure boards, App Configuration, Azure feeds, Key Vault, Artifacts Credential Provider, etc.
  • Monitoring tools within Azure…you know, the ones that you already know if you have taken the AZ-104, things like Application Map (within App Insights), Security Center, Data Explorer, App Configuration, Hosted agents, etc.
  • Knowledge about 3rd party products like Helm, Sonarqube, Terraform, Yeoman, and many other tools that analyze code or vulnerabilities will be helpful.
  • Git basics is a must, knowing things like (init, Pull, push, commit, add, clone. etc.) but more “advanced” things like (prune, gc, pull –rebase, stash).
  • Branching with Git (Main, Develop, Feature, etc) and deployment (Rolling, A/B, canary, blue/green, etc.) strategies will be key to understand as one of the main things used in pipelines.
  • Software testing as well: Smoke, flaky, unit, acceptance, etc.
  • Container basics with Docker (Dockerfiles, build/scan images process, etc.), AKS (Install, RBAC, configure), Azure Container instances, etc.


There can be more of course but I think you can get an idea of what can I think it can be useful and probably I missed many things I already know that I haven’t studied.


Exam and opinion

As for now, there aren’t simulations in the exam but be prepared to answer multi-choice, single, hot-area, and drag & drop questions plus case studies.

There are about 60 questions in the exam and 150 minutes for non-native speakers (if I am not wrong) so plenty of time to answer each question.

Some questions are quite specific and not very related to general knowledge or even outdated which I don’t like it but that’s how certifications work in many cases.

Most of them are related to Azure, DevOps, and the integration with 3rd party applications so be sure to check them and don’t hesitate to make a list of third-party applications and the usage of them within different languages.

I studied for a month or so but I do have a certain experience with Azure and I think a great knowledge of many of the processes, 3rd party tools (Jenkins, Sonarqube, Helm), and strategies used in pipelines within CI/CD.

Be sure to test and experiment with Azure DevOps as it is obvious that it will appear in the exam 🙂


I found it fair but not easy for someone who just got introduced to Azure Dev and has a general knowledge of the “DevOps world” (I hate to say it like this).

It requires a bit of experience with many of the Azure products, how are they correlated/integrated within a pipeline and many other tools.

I hope this can be useful to anyone willing to take this but in my case, I did it so can you!

We're Survivors GIF - Survivors Wearesurvivors HouseOfCards GIFs




Azure – Backup and restore SQL DB using SSMS

A quick post talking about how to backup and restore a SQL database on Azure using SQL Server Management Studio (SSMS).

First, you will need to install SSMS. You can download it here:

Once installed, in order to access the database, you will need the server name where is installed. So, you will have to check the Server name in Azure Portal (you can also do it by Powershell of course):

Now, open SSMS and access the server name (you gathered the information before):

Export/Backup Database

Once you logged in, select the database you want to export -> Export Data-tier Application

In the new window > Next > Select where do you want to save the DB (you can do it locally or in a Storage Account), in our case Local Disk:

In the Advanced tab you can choose which tables you want to export, we will Select All:

Finally, we have a Summary of the process before exporting the database:

Then it will start to export the database, depending on the size of your DB will take more or less time to export:

Finally, we will have a file with .bacpac extension.

Import/Restore database

The process is almost the same but now we select Import Data-tier Application:

Continue selecting the file with .bacpac extension we exported before:

Then, with Database settings, here you can choose different options as you can do on the Azure portal:

Summary of the imported database:

Finally, it was imported successfully (it took a while for a 10 MB DB):

In consequence of the restore, it will appear the restored database (Restore_DB) in SSMS:


Therefore, I posted a quick way to export and import a SQL database by using SSMS. You could use it as a backup (please, not in local) or for example, to overwrite changes from UAT to PROD.


Azure – Error when adding new rule on NSG

Hello everyone!

It’s been a while since I wrote something, but I was so busy with other things (University) and I wasn’t able to allocate time to write anything.

Today I’m going to talk about an issue I found on Azure when trying to add new rules to some NSGs.

To create rules in Azure I used this script from TechNet Gallery:


I was trying to add some rules in an NSG with the address and, when I execute the code, the output was:

Set-AzureRmNetworkSecurityGroup : Security rule has invalid Address prefix. Value provided:
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : ‘b2f7-b2f7-b2f7’
At line:4 char:55
+ … efix -SourcePortRange * | Set-AzureRmNetworkSecurityGroup
+                                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : CloseError: (:) [Set-AzureRmNetworkSecurityGroup], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureNetworkSecurityGroupCommand

Tried again and again, and this only happened in certain NSGs, so well I thought there was a problem with the command line, I tried the same with the GUI and… the same.


Investigating the error it didn’t match with any of the new rules I was trying to add. Address seems correct but if we use a subnet calculator, you will see this:

The right address should be deleting all ones after the netmask because it doesn’t care about what is after the netmask bits.

This means that the new address is because we put zeros instead of ones after the netmask bits.

So, it seems a CIDN error! Seems that Azure let me add this rules in the past, but now it’s not accepting it so, if we change it the way that subnet calculator does, problem resolved!

Solution? Had to delete the non-compliant CIDR rules and added the new ones CIDR compliant. Executed the same in other NSGs and worked like a charm.
All rules are finally shown in Azure Panel:

Well, seems that Azure didn’t comply with CIDR addresses in the past and now it’s mandatory if it founds any non-compliant CIDR rule. An easy mistake that we can avoid checking our addresses before we try to add them to Azure.

And that’s all, Happy New Year!