I’ve previously posted about preparing for 70-486 and some of the general materials that are available. Now I’m going to go through the syllabus a section at a time and highlight additional resources that I found useful. As I said before a lot of the syllabus is well covered in these two books.

Professional ASP.NET MVC 5
By Jon Galloway, Brad Wilson, K. Scott Allen, David Matson

And

Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
by William Penberthy

The links below are a supplement to reading these. Sometime the books coverage is all you need – I’ve indicated where this is the case.

Syllabus

The syllabus is at

https://www.microsoft.com/en-us/learning/exam-70-486.aspx

I’ll go through each section and comment and provide links.

Syllabus part 1: Design the application architecture

Plan the application layers

Plan data access; plan for separation of concerns; appropriate use of models, views and controllers; choose between client-side and server side processing; design for scalability

Fairly nebulous content that is covered well by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications.

Using an Asynchronous Controller in ASP.NET MVC
https://msdn.microsoft.com/en-gb/library/ee728598(v=vs.100).aspx

Task Cancellation
https://msdn.microsoft.com/en-us/library/dd997396(v=vs.110).aspx

Wait Handles
http://stackoverflow.com/questions/2538065/what-is-the-basic-concept-behind-waithandle

Unit of work and repository pattern
http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/implementing-the-repository-and-unit-of-work-patterns-in-an-asp-net-mvc-application

More on repository pattern
http://www.codeproject.com/Articles/526874/Repository-pattern-done-right

Design a distributed application

Design a hybrid application (on-premises versus off-premises, including Azure), plan for session management in a distributed environment, plan web farms

Vague content that has variable coverage in the books. Content focused around azure, web farms and web service (SOA) based architectures. Professional ASP.NET MVC 5 has an excellent section on WebAPI but you will need to look elsewhere for alternative web service technology.

WCF attributes
http://stackoverflow.com/questions/4836683/when-to-use-datacontract-and-datamember-attributes

Consuming WCF
https://chsakell.com/2013/07/12/create-and-consume-wcf-restful-service-using-an-httpclient/

HttpClient
https://msdn.microsoft.com/en-us/library/system.net.http.httpclient(v=vs.118).aspx

Hybrid Applications
https://msdn.microsoft.com/en-gb/library/hh871440.aspx

Azure AppFabric
http://stackoverflow.com/questions/5143983/what-is-exactly-an-appfabric-in-windows-azure

Design and implement the Azure role life cycle

Identify and implement Start, Run, and Stop events; identify startup tasks (IIS configuration [app pool], registry configuration, third-party tools)

Well covered by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications but it was unfamiliar to me so I needed extra reading.

General introduction to cloud services
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-choose-me/

Startup Tasks
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-startup-tasks/

https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-startup-tasks-common/

Security
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-certs-create/

https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate/

Configure state management

Choose a state management mechanism (in-process and out of process state management), plan for scalability, use cookies or local storage to maintain state, apply configuration settings in web.config file, implement sessionless state (for example, QueryString)

A lot of this content hasn’t changed much since web forms so shouldn’t be much of a problem however there are additional considerations to bear in mind when dealing with Azure.

State management overview
https://msdn.microsoft.com/en-us/library/75x4ha6s(v=vs.100).aspx

Session State
http://stackoverflow.com/questions/2714288/pros-and-cons-of-using-asp-net-session-state-server-instead-of-inproc

State server vs SQL Server
http://stackoverflow.com/questions/1447175/sqlserver-vs-stateserver-for-asp-net-session-state-performance

Application State
https://msdn.microsoft.com/en-us/library/ms178594.aspx

Profile vs Session state
http://stackoverflow.com/questions/5088771/regarding-profile-and-session-in-asp-net

View Bag vs View Data
http://www.codeproject.com/Articles/476967/WhatplusisplusViewData-2cplusViewBagplusandplusTem

Windows Azure state management
https://www.simple-talk.com/cloud/platform-as-a-service/managing-session-state-in-windows-azure-what-are-the-options/

Design a caching strategy

Implement page output caching (performance oriented), implement data caching, implement HTTP caching, implement Azure caching

Again, a lot of this is content that hasn’t changed that much since the old web form days. I needed extra reading about caching with Azure sites however.

Good overview of non-Azure caching
http://www.codeproject.com/Articles/757201/A-Beginners-Tutorial-for-Understanding-and-Imple

Data caching
http://stackoverflow.com/questions/32382743/what-is-difference-between-normal-cache-class-and-memorycache-class

Page Output Caching
http://www.asp.net/mvc/overview/older-versions-1/controllers-and-routing/improving-performance-with-output-caching-cs

Output Cache Attribute
https://msdn.microsoft.com/en-us/library/system.web.mvc.outputcacheattribute(v=vs.118).aspx

Output Cache Attribute Location
https://msdn.microsoft.com/en-us/library/system.web.ui.outputcachelocation(v=vs.110).aspx

Azure Caching
https://azure.microsoft.com/en-gb/documentation/articles/cache-dotnet-how-to-use-service/

Design and implement a WebSocket strategy

Read and write string and binary data asynchronously (long-running data transfers), choose a connection loss strategy, decide a strategy for when to use WebSockets, implement SignalR

Unlike the last two sections, this is very much new stuff. It would be easy to spend a long time on this but it’s only a small part of the exam. An overview and understanding of when to use these techniques is probably about the right level. The exam ref book gives a good overview.

Web socket API
https://msdn.microsoft.com/en-us/library/hh673567(v=vs.85).aspx

Web socket client
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_client_applications

Web socket server
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_server

Signal R
http://www.asp.net/signalr

Signal R example
http://www.asp.net/signalr/overview/getting-started/tutorial-getting-started-with-signalr

Design HTTP modules and handlers

Implement synchronous and asynchronous modules and handlers, choose between modules and handlers in IIS

Not too difficult. This content hasn’t changed much in recent versions of MVC which makes things a lot easier. Know the difference between modules and handlers and in what situations each should be used.

Overview
http://www.codeproject.com/Articles/335968/Implementing-HTTPHandler-and-HTTPModule-in-ASP-NET

Order of Http Module calls
https://support.microsoft.com/en-us/kb/307985

Syllabus part 2: Design the User Experience

Apply the user interface design for a web application

Create and apply styles by using CSS, structure and lay out the user interface by using HTML, implement dynamic page content based on a design

I don’t spend an awful lot of my time creating beautiful UIs for web front ends so this content was less familiar to me. A solid understanding is required – a bit more than just an overview.

CSS
http://www.cssbasics.com/introduction-to-css/

CSS Selectors
http://www.w3schools.com/cssref/css_selectors.asp

HTML5 tutorial
http://www.html5andcss3.org/html5history.php

HTML5 Canvas element
http://www.w3schools.com/html/html5_canvas.asp

HTML5 Canvas element fallback
https://www.sitepoint.com/html5-canvas-fallback/

HTML5 Video element
http://www.html5rocks.com/en/tutorials/video/basics/

HTML5 Video element fallback
https://css-tricks.com/snippets/html/video-for-everybody-html5-video-with-flash-fallback/

Design and implement UI behaviour

Implement client validation, use JavaScript and the DOM to control application behavior, extend objects by using prototypal inheritance, use AJAX to make partial page updates, implement the UI by using JQuery

Like the previous section but this time your JavaScript and JQuery skills are under scrutiny. There is a lot of content out there – I’ve just put links to the content where I personally had gaps.

JavaScript Prototypal Inheritance
http://www.bloggedbychris.com/2012/11/06/microsoft-exam-70-486-study-guide/

AJAX
https://blogs.msdn.microsoft.com/stuartleeks/2011/04/13/asp-net-mvc-partial-rendering-and-ajaxattribute/

Ajax Helper
http://www.codeguru.com/csharp/.net/working-with-ajax-helper-in-asp.net-mvc.htm

JQuery
https://learn.jquery.com/ajax/jquery-ajax-methods/

Compose the UI layout of an application

Implement partials for reuse in different areas of the application, design and implement pages by using Razor templates (Razor view engine), design layouts to provide visual structure, implement master/application pages

Standard MVC stuff focussed around Views and Razor engine. Professional ASP.NET MVC 5 is very good and covers this off well so probably no need to look any further. I’ve provided a few links just in case.

MVC Views
https://docs.asp.net/en/latest/mvc/views/overview.html

Layouts
http://weblogs.asp.net/scottgu/asp-net-mvc-3-layouts

https://docs.asp.net/en/latest/mvc/views/layout.html#

Partials
https://docs.asp.net/en/latest/mvc/views/partial.html

Razor view engine
https://docs.asp.net/en/latest/mvc/views/razor.html

Enhance application behaviour and style based on browser feature detection

Detect browser features and capabilities; create a web application that runs across multiple browsers and mobile devices; enhance application behavior and style by using vendor-specific extensions, for example, CSS

The exam ref book was good enough for me for this one. There isn’t a huge amount of content as compared to some of the other sections.

Overview
https://msdn.microsoft.com/en-us/library/jj149688.aspx?f=255&MSPPError=-2147217396

Modernizer
https://modernizr.com/docs/#what-is-modernizr

Plan an adaptive UI layout

Plan for running applications in browsers on multiple devices (screen resolution, CSS, HTML), plan for mobile web applications

More mobile adaptation content. A bit meatier than the previous section but nothing to worry about. Professional ASP.NET MVC 5 has some good content on this.

CSS Media Queries
http://www.w3schools.com/cssref/css3_pr_mediaquery.asp

JQuery Mobile
http://www.w3schools.com/jquerymobile

MVC Mobile Features
http://www.asp.net/mvc/overview/older-versions/aspnet-mvc-4-mobile-features

Designing for mobiles
https://msdn.microsoft.com/en-us/magazine/hh288079.aspx

Syllabus part 3: Develop the user experience

Plan for search engine optimization and accessibility

Use analytical tools to parse HTML, view and evaluate conceptual structure by using plugs-in for browsers, write semantic markup (HTML5 and ARIA) for accessibility (for example, screen readers)

I remember Dilbert cartoon when he refers to SEO consultants as pantless weasels. That’s unlikely to come up on the exam. I really don’t think there is much to this really – the exam ref book is perfectly adequate. There is a bit more meat in the accessibility content but again the exam ref book is fine. No additional links this time.

Plan and implement globalisation and localisation

Plan a localization strategy; create and apply resources to UI, including JavaScript resources; set cultures; create satellite resource assemblies

Globalisation hasn’t changed a huge amount over the years so anyone with general MVC experience should be OK. The exam ref book is good here particularly going through globalisation with JavaScript which I was personally not that familiar with.

Good overview
http://www.codeproject.com/Articles/778040/Beginners-Tutorial-on-Globalization-and-Localizati

Resx Files
http://stackoverflow.com/questions/3964942/how-to-access-resource-file-in-c

Design and implement MVC controllers and actions

Apply authorization attributes, global filters, and authentication filters; specify an override filter; implement action behaviors; implement action results; implement model binding

A lot of content here and one to definitely be familiar with. The book Professional ASP.NET MVC 5 is excellent here so no extra reading is required.

Design and implement routes

Define a route to handle a URL pattern, apply route constraints, ignore URL patterns, add custom route parameters, define areas

Again Professional ASP.NET MVC 5 is excellent with a comprehensive chapter dedicated to this. However this has changed with attribute routing so make sure you are covering the most up-to-date material.

Routing overview
http://www.asp.net/mvc/overview/controllers-and-routing

Attribute routing
https://blogs.msdn.microsoft.com/webdev/2013/10/17/attribute-routing-in-asp-net-mvc-5/

Control application behaviour by using MVC extensibility points

Implement MVC filters and controller factories; control application behavior by using action results, viewengines, model binders, and route handlers.

A complex area that is again well covered in Professional ASP.NET MVC 5 however you may find additional material useful in this area.

Routing Extension
https://www.simple-talk.com/dotnet/.net-framework/asp.net-mvc-routing-extensibility/

Custom Action Result Http Headers
http://stackoverflow.com/questions/1012437/uses-of-content-disposition-in-an-http-response-header

Filter Extensions Action Filters
http://www.asp.net/mvc/overview/older-versions/hands-on-labs/aspnet-mvc-4-custom-action-filters

Custom Authorisation
http://www.c-sharpcorner.com/UploadFile/56fb14/custom-authorization-in-mvc/

Custom Exception Filter
http://stackoverflow.com/questions/8144695/asp-net-mvc-custom-handleerror-filter-specify-view-based-on-exception-type

Reduce network bandwidth

Bundle and minify scripts (CSS and JavaScript), compress and decompress data (using gzip/deflate; storage), plan a content delivery network (CDN) strategy (for example, Azure CDN)

Not much content in this one. The exam ref book gives a perfectly adequate coverage.

Compression
http://www.dotnetperls.com/gzipstream

http://stackoverflow.com/questions/2599080/gzipstream-or-deflatestream-class

Syllabus part 4: Troubleshoot and debug web applications

Prevent and troubleshoot runtime issues

Troubleshoot performance, security, and errors; implement tracing, logging (including using attributes for logging), and debugging (including IntelliTrace); enforce conditions by using code contracts; enable and configure health monitoring (including Performance Monitor)

I found this surprisingly hard going. Health monitoring is a drag to learn particularly as I don’t believe people actually use it. IntelliTrace feels a slog as well. Code contracts are interesting though and do come up on the exam. One to know.

IntelliTrace
https://msdn.microsoft.com/en-GB/library/mt243851.aspx

Using IntelliTrace to debug live issues
https://msdn.microsoft.com/en-us/library/dn449058.aspx

Code Contracts
http://blog.stephencleary.com/2011/01/simple-and-easy-code-contracts.html

Health Monitoring
http://www.codeproject.com/Articles/420540/ASP-NET-Health-Monitoring

Interestingly Health Monitoring broken in MVC (2.0)
http://weblogs.asp.net/awilinsk/handleerrorattribute-and-health-monitoring

Does anyone actually use Health Monitoring?
http://mvolo.com/asp-net-health-monitoring-8-years-later/

Design an exception handling strategy

Handle exceptions across multiple layers, display custom error pages using global.asax or creating your own HTTPHandler or set web.config attributes, handle first chance exceptions

Definitely one to be familiar with but standard stuff with few surprises. Professional ASP.NET MVC 5 has good coverage once again.

Overview
http://www.codeproject.com/Articles/731913/Exception-Handling-in-MVC

HandleErrorAttribute
http://stackoverflow.com/questions/19025999/using-of-handleerrorattribute-in-asp-net-mvc-application

Test a web application

Create and run unit tests (for example, use the Assert class), create mocks; create and run web tests, including using Browser Link; debug a web application in multiple browsers and mobile emulators

A frustrating section. The exam is focussed around Microsoft testing technologies (Shims, MSTest etc..) but I personally don’t use these and I doubt they are in wide use. That said, knowledge of NUnit or similar is useful here but specific knowledge about MS technologies is sadly required.

Browser Link
https://www.asp.net/visual-studio/overview/2013/using-browser-link

Shims
https://msdn.microsoft.com/en-us/library/hh549176.aspx

Stubs
https://social.msdn.microsoft.com/Forums/vstudio/en-US/0fbed336-aaf7-49aa-b477-369cfdcf87e5/mocksstubsshims-differences?forum=vsunittest

Debug an Azure application

Collect diagnostic information by using Azure Diagnostics API and appropriately implement on demand versus scheduled; choose log types (for example, event logs, performance counters, and crash dumps); debug an Azure application by using IntelliTrace, Remote Desktop Protocol (RDP), and remote debugging; interact directly with remote Azure websites using Server Explorer.

One of those subjects that it’s really difficult to get practical experience of unless you happen to be using it on a day to day basis. Realistically it’s not a good use of time to set up an entire Azure solution just to you can practice debugging it. Do your best with the reading materials available. The exam ref book has some coverage and here are a few more links.

Overview
https://azure.microsoft.com/en-gb/documentation/articles/vs-azure-tools-debugging-cloud-services-overview/

Enabling debugging in Azure
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics/

Performance counters
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics-performance-counters/

Syllabus part 5: Design and Implement security

Configure authentication

Authenticate users; enforce authentication settings; choose between Windows, Forms, and custom authentication; manage user session by using cookies; configure membership providers; create custom membership providers; configure ASP.NET Identity

Authorisation and authentication have been changed quite a bit over the years in ASP.Net so this is quite a big subject. Try to ensure you are current. Lots of links here to help out.

IIS Authentication
https://www.iis.net/configreference/system.webserver/security/authentication/windowsauthentication

Difference between digest and basic authentication
http://stackoverflow.com/questions/9534602/what-is-the-difference-between-digest-and-basic-authentication

Windows authentication
https://en.wikipedia.org/wiki/Integrated_Windows_Authentication

.Net Authorisation History
https://brockallen.com/2012/09/02/think-twice-about-using-membershipprovider-and-simplemembership/

SQL Membership Provider
https://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

https://msdn.microsoft.com/en-us/library/ms731049(v=vs.110).aspx

SimpleMembershipProvider
http://weblogs.asp.net/jongalloway/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates

ASP.Net Identity
http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-1

http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-2

Advantages and disadvantages of .net identity
http://stackoverflow.com/questions/21207246/asp-net-identity-vs-simple-membership-pros-and-cons

https://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/

Encrypting Credentials in web.config
http://stackoverflow.com/questions/3538870/what-does-aspnet-regiis-exe-do

Configure and apply authorisation

Create roles, authorize roles by using configuration, authorize roles programmatically, create custom role providers, implement WCF service authorization

I do realise that there is a difference between authorisation and authentication (really I do) but there is overlap in the materials so many of the links in the previous section cover this material as well. Watch out for the WCF material here though.

Authorise filters
http://www.codeproject.com/Articles/650240/A-Simple-Action-Filter-Overview

AllowAnonymous attribute
https://blogs.msdn.microsoft.com/rickandy/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute/

WCF authorisation
http://www.codeproject.com/Articles/698862/Custom-Authentication-and-Authorization-in-WCF

Design and implement claims-based authentication across federated identity stores

Implement federated authentication by using Azure Access Control Service; create a custom security token by using Windows Identity Foundation; handle token formats (for example, oAuth, OpenID, Microsoft Account, Google, Twitter, and Facebook) for SAML and SWT tokens

I personally found this the hardest topic by far. Very technical, almost academic content. It’s hard to find resources that give a ‘jump start’ to this topic. These links are the most useful of what I found.

WS-Trust
https://en.wikipedia.org/wiki/WS-Trust

WS-Federation
https://en.wikipedia.org/wiki/WS-Federation

Windows Identity Foundation
https://msdn.microsoft.com/en-us/library/hh291066.aspx

SAML Tokens
https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.samlsecuritytoken(v=vs.110).aspx

https://msdn.microsoft.com/en-us/library/ms733083(v=vs.110).aspx

SWT Tokens
https://msdn.microsoft.com/en-us/library/azure/hh781551.aspx

JWT Tokens
https://jwt.io/introduction/

Systems.IdentitiyModel.Tokens
https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens(v=vs.110).aspx

Creating a Security Token Service
https://msdn.microsoft.com/en-us/library/ms733095(v=vs.110).aspx

Claims with WIF
https://msdn.microsoft.com/en-us/library/hh291061.aspx

Security Token Handlers
https://msdn.microsoft.com/en-gb/library/ee517288.aspx

https://msdn.microsoft.com/en-us/library/ee517261.aspx

Azure Access Control Service
https://en.wikipedia.org/wiki/Access_Control_Service

Azure Access Control Service Road Map
https://blogs.technet.microsoft.com/enterprisemobility/2015/02/12/the-future-of-azure-acs-is-azure-active-directory/

Manage data integrity

Apply encryption to application data, apply encryption to the configuration sections of an application, sign application data to prevent tampering

Good coverage in  Professional ASP.NET MVC 5. Here are a couple of extra links to fill out that content

SHA1 is stronger than MD5
http://stackoverflow.com/questions/1756188/how-to-use-sha1-or-md5-in-cwhich-one-is-better-in-performance-and-security-fo

MD5 is not considered secure
http://stackoverflow.com/questions/13756697/is-md5-still-considered-secure-for-single-use-authentications?rq=1

Implement a secure site with ASP.NET

Secure communication by applying SSL certificates; salt and hash passwords for storage; use HTML encoding to prevent cross-site scripting attacks (ANTI-XSS Library); implement deferred validation and handle unvalidated requests, for example, form, querystring, and URL; prevent SQL injection attacks by parameterizing queries; prevent cross-site request forgeries (XSRF)

High fives and celebratory backslaps all round. You’re nearly at the end. And happily this is some of the best and most interesting content. Professional ASP.NET MVC 5 has the best content that I have ever read in this area so there really is no need to go elsewhere. No extra links this time. None needed

Good Luck

So best of luck everyone. Microsoft exams aren’t perfect but when I’m looking at CVs for potential hires it always gives me a warm glow when someone has a couple of current MS exams under their belt. Hope it goes well for you.