I’ve previously posted about preparing for 70-486 and some of the general materials that are available. Now I’m going to go through the syllabus a section at a time and highlight additional resources that I found useful. As I said before a lot of the syllabus is well covered in these two books.
Professional ASP.NET MVC 5
By Jon Galloway, Brad Wilson, K. Scott Allen, David Matson
Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
by William Penberthy
The links below are a supplement to reading these. Sometime the books coverage is all you need – I’ve indicated where this is the case.
The syllabus is at
I’ll go through each section and comment and provide links.
Syllabus part 1: Design the application architecture
Plan the application layers
Plan data access; plan for separation of concerns; appropriate use of models, views and controllers; choose between client-side and server side processing; design for scalability
Fairly nebulous content that is covered well by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications.
Using an Asynchronous Controller in ASP.NET MVC
Unit of work and repository pattern
More on repository pattern
Design a distributed application
Design a hybrid application (on-premises versus off-premises, including Azure), plan for session management in a distributed environment, plan web farms
Vague content that has variable coverage in the books. Content focused around azure, web farms and web service (SOA) based architectures. Professional ASP.NET MVC 5 has an excellent section on WebAPI but you will need to look elsewhere for alternative web service technology.
Design and implement the Azure role life cycle
Identify and implement Start, Run, and Stop events; identify startup tasks (IIS configuration [app pool], registry configuration, third-party tools)
Well covered by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications but it was unfamiliar to me so I needed extra reading.
General introduction to cloud services
Configure state management
A lot of this content hasn’t changed much since web forms so shouldn’t be much of a problem however there are additional considerations to bear in mind when dealing with Azure.
State management overview
State server vs SQL Server
Profile vs Session state
Windows Azure state management
Design a caching strategy
Implement page output caching (performance oriented), implement data caching, implement HTTP caching, implement Azure caching
Again, a lot of this is content that hasn’t changed that much since the old web form days. I needed extra reading about caching with Azure sites however.
Good overview of non-Azure caching
Output Cache Attribute
Output Cache Attribute Location
Design and implement a WebSocket strategy
Read and write string and binary data asynchronously (long-running data transfers), choose a connection loss strategy, decide a strategy for when to use WebSockets, implement SignalR
Unlike the last two sections, this is very much new stuff. It would be easy to spend a long time on this but it’s only a small part of the exam. An overview and understanding of when to use these techniques is probably about the right level. The exam ref book gives a good overview.
Design HTTP modules and handlers
Implement synchronous and asynchronous modules and handlers, choose between modules and handlers in IIS
Not too difficult. This content hasn’t changed much in recent versions of MVC which makes things a lot easier. Know the difference between modules and handlers and in what situations each should be used.
Order of Http Module calls
Syllabus part 2: Design the User Experience
Apply the user interface design for a web application
Create and apply styles by using CSS, structure and lay out the user interface by using HTML, implement dynamic page content based on a design
I don’t spend an awful lot of my time creating beautiful UIs for web front ends so this content was less familiar to me. A solid understanding is required – a bit more than just an overview.
HTML5 Canvas element
HTML5 Canvas element fallback
HTML5 Video element
HTML5 Video element fallback
Design and implement UI behaviour
Compose the UI layout of an application
Implement partials for reuse in different areas of the application, design and implement pages by using Razor templates (Razor view engine), design layouts to provide visual structure, implement master/application pages
Standard MVC stuff focussed around Views and Razor engine. Professional ASP.NET MVC 5 is very good and covers this off well so probably no need to look any further. I’ve provided a few links just in case.
Razor view engine
Enhance application behaviour and style based on browser feature detection
Detect browser features and capabilities; create a web application that runs across multiple browsers and mobile devices; enhance application behavior and style by using vendor-specific extensions, for example, CSS
The exam ref book was good enough for me for this one. There isn’t a huge amount of content as compared to some of the other sections.
Plan an adaptive UI layout
Plan for running applications in browsers on multiple devices (screen resolution, CSS, HTML), plan for mobile web applications
More mobile adaptation content. A bit meatier than the previous section but nothing to worry about. Professional ASP.NET MVC 5 has some good content on this.
CSS Media Queries
MVC Mobile Features
Designing for mobiles
Syllabus part 3: Develop the user experience
Plan for search engine optimization and accessibility
Use analytical tools to parse HTML, view and evaluate conceptual structure by using plugs-in for browsers, write semantic markup (HTML5 and ARIA) for accessibility (for example, screen readers)
I remember Dilbert cartoon when he refers to SEO consultants as pantless weasels. That’s unlikely to come up on the exam. I really don’t think there is much to this really – the exam ref book is perfectly adequate. There is a bit more meat in the accessibility content but again the exam ref book is fine. No additional links this time.
Plan and implement globalisation and localisation
Design and implement MVC controllers and actions
Apply authorization attributes, global filters, and authentication filters; specify an override filter; implement action behaviors; implement action results; implement model binding
A lot of content here and one to definitely be familiar with. The book Professional ASP.NET MVC 5 is excellent here so no extra reading is required.
Design and implement routes
Define a route to handle a URL pattern, apply route constraints, ignore URL patterns, add custom route parameters, define areas
Again Professional ASP.NET MVC 5 is excellent with a comprehensive chapter dedicated to this. However this has changed with attribute routing so make sure you are covering the most up-to-date material.
Control application behaviour by using MVC extensibility points
Implement MVC filters and controller factories; control application behavior by using action results, viewengines, model binders, and route handlers.
A complex area that is again well covered in Professional ASP.NET MVC 5 however you may find additional material useful in this area.
Custom Action Result Http Headers
Filter Extensions Action Filters
Reduce network bandwidth
Not much content in this one. The exam ref book gives a perfectly adequate coverage.
Syllabus part 4: Troubleshoot and debug web applications
Prevent and troubleshoot runtime issues
Troubleshoot performance, security, and errors; implement tracing, logging (including using attributes for logging), and debugging (including IntelliTrace); enforce conditions by using code contracts; enable and configure health monitoring (including Performance Monitor)
I found this surprisingly hard going. Health monitoring is a drag to learn particularly as I don’t believe people actually use it. IntelliTrace feels a slog as well. Code contracts are interesting though and do come up on the exam. One to know.
Using IntelliTrace to debug live issues
Interestingly Health Monitoring broken in MVC (2.0)
Does anyone actually use Health Monitoring?
Design an exception handling strategy
Handle exceptions across multiple layers, display custom error pages using global.asax or creating your own HTTPHandler or set web.config attributes, handle first chance exceptions
Definitely one to be familiar with but standard stuff with few surprises. Professional ASP.NET MVC 5 has good coverage once again.
Test a web application
Create and run unit tests (for example, use the Assert class), create mocks; create and run web tests, including using Browser Link; debug a web application in multiple browsers and mobile emulators
A frustrating section. The exam is focussed around Microsoft testing technologies (Shims, MSTest etc..) but I personally don’t use these and I doubt they are in wide use. That said, knowledge of NUnit or similar is useful here but specific knowledge about MS technologies is sadly required.
Debug an Azure application
Collect diagnostic information by using Azure Diagnostics API and appropriately implement on demand versus scheduled; choose log types (for example, event logs, performance counters, and crash dumps); debug an Azure application by using IntelliTrace, Remote Desktop Protocol (RDP), and remote debugging; interact directly with remote Azure websites using Server Explorer.
One of those subjects that it’s really difficult to get practical experience of unless you happen to be using it on a day to day basis. Realistically it’s not a good use of time to set up an entire Azure solution just to you can practice debugging it. Do your best with the reading materials available. The exam ref book has some coverage and here are a few more links.
Enabling debugging in Azure
Syllabus part 5: Design and Implement security
Authenticate users; enforce authentication settings; choose between Windows, Forms, and custom authentication; manage user session by using cookies; configure membership providers; create custom membership providers; configure ASP.NET Identity
Authorisation and authentication have been changed quite a bit over the years in ASP.Net so this is quite a big subject. Try to ensure you are current. Lots of links here to help out.
Difference between digest and basic authentication
.Net Authorisation History
SQL Membership Provider
Advantages and disadvantages of .net identity
Encrypting Credentials in web.config
Configure and apply authorisation
Create roles, authorize roles by using configuration, authorize roles programmatically, create custom role providers, implement WCF service authorization
I do realise that there is a difference between authorisation and authentication (really I do) but there is overlap in the materials so many of the links in the previous section cover this material as well. Watch out for the WCF material here though.
Design and implement claims-based authentication across federated identity stores
Implement federated authentication by using Azure Access Control Service; create a custom security token by using Windows Identity Foundation; handle token formats (for example, oAuth, OpenID, Microsoft Account, Google, Twitter, and Facebook) for SAML and SWT tokens
I personally found this the hardest topic by far. Very technical, almost academic content. It’s hard to find resources that give a ‘jump start’ to this topic. These links are the most useful of what I found.
Windows Identity Foundation
Creating a Security Token Service
Claims with WIF
Security Token Handlers
Azure Access Control Service
Azure Access Control Service Road Map
Manage data integrity
Apply encryption to application data, apply encryption to the configuration sections of an application, sign application data to prevent tampering
Good coverage in Professional ASP.NET MVC 5. Here are a couple of extra links to fill out that content
MD5 is not considered secure
Implement a secure site with ASP.NET
Secure communication by applying SSL certificates; salt and hash passwords for storage; use HTML encoding to prevent cross-site scripting attacks (ANTI-XSS Library); implement deferred validation and handle unvalidated requests, for example, form, querystring, and URL; prevent SQL injection attacks by parameterizing queries; prevent cross-site request forgeries (XSRF)
High fives and celebratory backslaps all round. You’re nearly at the end. And happily this is some of the best and most interesting content. Professional ASP.NET MVC 5 has the best content that I have ever read in this area so there really is no need to go elsewhere. No extra links this time. None needed
So best of luck everyone. Microsoft exams aren’t perfect but when I’m looking at CVs for potential hires it always gives me a warm glow when someone has a couple of current MS exams under their belt. Hope it goes well for you.