Exam 70-486 Objectives and Resources
- 1. Design the application architecture
- Plan the application layers
- Design a distributed application
- Design and implement the Azure Web Apps life cycle
- Configure state management
- Design a caching strategy
- Design and implement a Web Socket strategy
- Design a configuration management solution
- Interact with the host environment
- Compose an application by using the framework pipeline
- 2. Design the build and deployment architecture
- 3. Design the User Experience
- 4. Develop the User Experience
- 5. Troubleshoot and Debug Web Applications
- 6. Design and Implement Security
Weighting: 15-20%
Objectives:
- Plan data access
- plan for separation of concerns, appropriate use of models, views, controllers, components, and service dependency injection
- choose between client-side and server-side processing
- design for scalability
- choose between ASP.NET Core and ASP.NET
- choose when to use .NET standard libraries
References:
Objectives:
- Design a hybrid application
- plan for session management in a distributed environment
- plan web farms
- run Microsoft Azure services on-premises with Azure Pack
- enable deferred processing through Azure features including queues, scheduled and on-demand jobs, Azure Functions, and Azure Web Jobs
References:
Objectives:
- Identify and implement Start, Run, and Stop events
- code against application events in applications
- configure startup tasks, including IIS, app pool configuration, and third-party tools
References:
- How to configure and run startup tasks for a cloud service
- Common Cloud Service startup tasks
- Windows Azure Start-up Tasks Part 1
- RoleEntryPoint.OnStart Method
Objectives:
- Choose a state management mechanism including in-process, out of process, and Redis-based state management
- plan for scalability
- use cookies or local storage to maintain state
- apply configuration settings in web.config files
- implement sessionless state including query strings
- configure middleware to enable session and application state in ASP.NET Core
References:
Objectives:
- Implement page output caching and data caching
- create cache profiles
- implement HTTP caching
- implement Azure Redis caching
- plan a content delivery network (CDN) strategy, for example, Azure CDN
References:
Objectives:
- Read and write string and binary data asynchronously
- choose a connection loss strategy
- decide when to use Web Sockets
- implement SignalR
- enable web socket features in an Azure Web App instance
References:
Objectives:
- Manage configuration sources, including XML, JSON, and INI files
- manage environment variables
- implement Option objects
- implement multiple environments using files and hierarchical structure
- manage sensitive configuration
- react to runtime configuration changes
- implement a custom configuration source
- secure configuration by using Azure Key Vault
- use the Secret Manager tool in development to keep secrets out of your code for configuration values
References:
- Tutorial: Use Azure Key Vault with an Azure web app in .NET
- Add Key Vault to your web application by using Visual Studio Connected Services
- Safe storage of app secrets in development in ASP.NET Core
Objectives:
- Work with file system using file providers
- work with environment variables
- determine hosting environment capabilities
- implement native components, including PInvoke and native dependencies for hosts including Linux and Windows
- use ASP.NET hosting on an Open Web Interface for .NET (OWIN)-based server
References:
- Open Web Interface for .NET (OWIN) with ASP.NET Core
- Native interoperability
- File Providers in ASP.NET Core
Objectives:
- Add custom request processing modules to the pipeline
- add, remove, and configure services used in the application
- design and implement middleware
- design for kestrel, Http.sys web server and IIS
- design and implement startup filters
References:
- ASP.NET Core Middleware
- App startup in ASP.NET Core
- Resolving ASP.NET Core Startup Class from the DI Container
Weighting: 10-15%
Objectives:
- Design a JavaScript build pipeline using Gulp, Grunt, npm and Bower
- design an artifact build strategy using Less, Sass and Font Awesome
- design and implement a bundling and minification strategy for browser artifacts, including JavaScript, CSS and images
Objectives:
- Manage NuGet dependencies
- target runtimes, including the full .NET Framework, .NET core, and .NET standard
- manage debug and release configurations, including compilation and optimization options
- include or exclude files from build
- manage build sources, including content, resources, and shared files
- implement metadata for projects, including version, release notes, and descriptions
- define other build options, including xmlDoc and warningsAsErrors
- work with static files in ASP.NET core
References:
- dotnet build
- Additions to the csproj format for .NET Core
- How to generate XML documentation for CSPROJ with multiple targets
- A mapping between project.json and csproj properties
Objectives:
- Implement application publishing using dotnet.exe
- manage publishing options in csproj
- implement additional tooling
- implement pre-publish and post-publish scripts
- implement native compilation
- publish to Docker container image
Objectives:
- Deploy Azure Web App using supported deployment models including FTP, Kudu, Web Deploy, and Visual Studio Publishing Wizard
- provision ARM- based resources while deploying applications
- implement deployment environments, including dev, test, and prod in Azure
- use deployment slots for staging sites
- deploy to Azure Stack
References:
Objectives:
- Deploy application to IIS using Web Deploy, xcopy, and Visual Studio Publishing Wizard
- deploy application to Windows Nano Server, deploy application to IIS Hosted Web Core, deploy application to HTTP.sys web server
- deploy application to Kestrel on Windows and Linux
- implement reverse proxying to Kestrel using IIS and Nginx
References:
- HTTP.sys web server implementation in ASP.NET Core
- Kestrel web server implementation in ASP.NET Core
- Host and deploy ASP.NET Core
- Host ASP.NET Core on Windows with IIS
- Host ASP.NET Core on Linux with Nginx
Weighting: 15-20%
Objectives:
- Create and apply styles by using CSS
- structure and lay out the user interface by using HTML
- implement dynamic page content based on a design
References:
- Pseudo-classes
- Combinators and selector lists
- What is the difference between :first-child and :first-of-type?
Objectives:
- Implement client-side validation
- use JavaScript to manipulate the DOM
- extend objects by using prototypal inheritance
- use AJAX to make partial page updates
References:
Objectives:
- Implement partial views and view components for reuse in different areas of the application
- design and implement pages by using Razor Pages
- design and implement layouts to provide visual structure
- define and render optional and required page sections
- create and use tag and HTML helpers to simplify markup
References:
Objectives:
- Plan for applications that run on multiple devices and screen resolutions
- use media queries and Bootstrap’s responsive grid
- detect browser features and capabilities
- create a web application that runs across multiple browsers and mobile devices
- enable consistent cross-browser experiences with polyfills
References:
- Using the viewport meta tag to control layout on mobile browsers
- @media
- Using media queries
- HTML media attribute
Objectives:
- Implement mobile specific UI elements such as touch input, low bandwidth situations, and device oritentation changes
- define and implement a strategy for working with mobile browsers
Weighting: 15-20%
Objectives:
- Use analytical tools to parse HTML
- provide an xml sitemap and robots.txt file to improve scraping
- write semantic markup for accessibility, for example, screen readers
- use rich snippets to increase content visibility
References:
Objectives:
- Plan a localization strategy
- create and apply resources to UI including JavaScript resources
- set cultures
- implement server side localization and globalization
References:
- Globalization and localization in ASP.NET Core
- ASP.NET Globalization and Localization
- ASP.NET Web Page Resources Overview
- How to: Retrieve Resource Values Programmatically
Objectives:
- Apply authorization attributes, filters including global, authentication, and overriddable filters
- choose and implement custom HTTP status codes and responses
- implement action results
- implement MVC areas
- implement Dependency Injection for services in controllers
References:
- Filters in ASP.NET Core
- Format response data in ASP.NET Core Web API
- Controller action return types in ASP.NET Core Web API
- Dependency injection into controllers in ASP.NET Core
Objectives:
- Define a route to handle a URL pattern
- apply route constraints
- ignore URL patterns
- add custom route parameters
- define areas
- define routes that interoperate with Single Page Application frameworks such as Angular
References:
Objectives:
- Create custom middleware and inject it into the pipeline
- implement MVC filters and controller factories
- control application behavior by using action results, model binders, and route handlers
- inject services into a view
References:
- Write custom ASP.NET Core middleware
- Custom ASP.NET Core Middleware Example
- Dependency injection into views in ASP.NET Core
- Filters in ASP.NET Core
Objectives:
- Serialize models and data using supported serialization formats, including JSON, XML, protobuf, and WCF/SOAP
- implement model and property binding, including custom binding and model validation
- implement web socket communication in MVC
- implement file uploading and multipart data
- use AutoRest to build clients
References:
- SerializableAttribute Class
- XML and SOAP Serialization
- Model Binding in ASP.NET Core
- WebSockets support in ASP.NET Core
Weighting: 20-25%
Objectives:
- Troubleshoot performance, security, and errors
- implement tracing, logging, and debugging including IntelliTrace
- enable and configure health monitoring including Performance Monitor
- configure and use App Insights runtime telemetry
References:
Objectives:
- Handle exceptions across multiple layers
- use MVC middleware to configure error handling
- use different exception handling strategies for different environments
- create and display custom error pages
- configure a custom pipeline for error handling
- handle first chance exceptions
- configure and use App Insights
- log application exceptions
Objectives:
- Create and run unit tests, for example, use the Assert class, create mocks and stubs
- create and run web tests including using Browser Link
- debug a web application in multiple browsers and mobile emulators
- use Azure DevTest Labs
- use Visual Studio Team Services
References:
- Use Azure DevTest Labs for VM and PaaS test environments
- Unit testing C# in .NET Core using dotnet test and xUnit
Objectives:
- Collect diagnostic information by using Azure App Insights
- choose log types, for example, event logs, performance counters, and crash dumps
- stream logs directly to Visual Studio from a deployed site
- debug an Azure application by using Visual Studio and remote debugging
- interact directly with remote Azure websites using Server Explorer
References:
- Troubleshoot an app in Azure App Service using Visual Studio
- LogLevel Enumeration
- Azure Diagnostics 1.3 and later configuration schema
Weighting: 15-20%
Objectives:
- Authenticate users
- enforce authentication settings
- implement ASP.NET Core Identity
- enable Facebook, Google and other external providers
- implement account confirmation, password recovery, and multi-factor authentication
- perform authentication using Azure Active Directory, Azure Active Directory B2C, Azure Active Directory B2B, and Microsoft Identity manage user session by using cookies
- acquire access tokens using the Microsoft Authentication Library (MSAL)
References:
- Introduction to Identity on ASP.NET Core
- Configure ASP.NET Core Identity
- Facebook, Google, and external provider authentication in ASP.NET Core
- Account confirmation and password recovery in ASP.NET Core
- Azure Active Directory with ASP.NET Core
- Tutorial - Enable your Web Apps to sign-in users and call APIs with the Microsoft identity platform for developers
- Azure AD with ASP.NET Core 2.0
- Azure AD Authentication in ASP.NET Core APIs part 1: Basic setup, checking scopes, creating a test client
Objectives:
- Create roles
- authorize roles programmatically
- configure and work with custom UserStores using middleware
- configure controllers and actions to participate in authorization
References:
- Razor Pages authorization conventions in ASP.NET Core
- Simple authorization in ASP.NET Core
- Role-base authorization in ASP.NET Core
Objectives:
- Perform authentication and authorization using tokens including OpenID, OAuth, JWT, SAML, bearer tokens, etc.
References:
Objectives:
- Apply encryption to application data
- apply encryption to the configuration sections of an application
- sign application data to prevent tampering
- secure data using Azure Key Vault
- implement encryption for data protection using the data protection APIs in transit and at rest
References:
- Tutorial: Use Azure Key Vault with an Azure web app in .NET
- Get started with the Data Protection APIs in ASP.NET Core
Objectives:
- Secure communication by applying SSL certificates
- require SSL for all requests
- enable SSL hosting in the development environment
- implement SSL using Azure Load Balancers
- salt and hash passwords for storage
- use HTML encoding to prevent cross-site scripting attacks (ANTI-XSS Library)
- implement deferred validation and handle unvalidated requests, for example, form, querystring, and URL
- prevent SQL injection attacks by parameterizing queries
- prevent cross-site request forgeries (XSRF)
- use Azure Security Center to monitor Azure resources
- implement Cross Origin Resource Sharing (CORS)
- implement protection against open redirect attacks
References: