MICROSOFT CERTIFICATION
PL-400 Power Platform Developer Associate Practice Exam
Exam Number: 3156 | Last updated 16-Apr-26 | 770+ questions across 4 vendor-aligned objectives
The PL-400 Power Platform Developer Associate certification validates the skills of developers who extend the Power Platform using code including JavaScript, Power Fx, .NET plugins, and custom connectors. This exam measures your ability to work with Power Apps, Power Automate, Dataverse API, Custom Connectors, PCF Controls, Azure Functions, demonstrating both conceptual understanding and practical implementation skills required in today’s enterprise environments.
The heaviest exam domains include Configure Business Process Automation (20–25%), Configure Microsoft Dataverse (15–20%), and Create and Configure Power Apps (15–20%). These areas collectively represent the majority of exam content and require focused preparation across their respective subtopics.
Additional domains tested include Extend the User Experience (15–20%), Extend the Platform (15–20%), and Create a Technical Design (10–15%). Together, these areas round out the full exam blueprint and ensure candidates possess well-rounded expertise across the certification scope.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Microsoft documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
394
practice exam users
91.3%
satisfied users
88.2%
passed the exam
4.6/5
quality rating
Test your PL-400 Power Platform Developer knowledge
10 of 770+ questions
Question #1 - Create a Technical Design
A developer must design a solution that extends Dynamics 365 Sales with custom business logic. They need to decide between client-side JavaScript, server-side plugins, and Power Automate cloud flows.
Which factor most strongly indicates a server-side plugin is needed over a cloud flow?
A) The logic must execute synchronously within a Dataverse transaction with rollback capability on failure
B) The logic is simple with no performance requirements
C) The logic sends email notifications
D) The logic triggers on a scheduled basis
Show solution
Correct answers: A – Explanation:
Plugins execute synchronously within the Dataverse transaction pipeline, supporting rollback on failure — critical for transactional integrity. Simple logic suits flows. Scheduled triggers are a flow strength. Email sending is well-suited for cloud flows. Source: Check Source
Question #2 - Create a Technical Design
A developer decides between client-side JavaScript, server-side plugins, and Power Automate flows for D365 extension.
Which factor most strongly indicates a server-side plugin is needed over a cloud flow?
A) The logic must execute synchronously within a Dataverse transaction with rollback on failure
B) The logic triggers on a daily scheduled basis rather than responding to individual data events
C) The logic is simple notification processing with no performance or transactional requirements
D) The logic sends email notifications which is well-suited for asynchronous cloud flow processing
Show solution
Correct answers: A – Explanation:
Plugins execute synchronously within the Dataverse transaction pipeline supporting rollback on failure, which is critical for maintaining transactional integrity on data operations. Simple notification logic does not require the transactional guarantee that plugins provide. Scheduled triggers are a strength of cloud flows which natively support recurring schedule configuration. Email sending is asynchronous by nature and is well-handled by cloud flows without needing synchronous plugin execution. Source: Check Source
Question #3 - Configure Microsoft Dataverse
A developer adds a custom calculated column to Account showing total value of all related Opportunities.
Which Dataverse column type should be used?
A) A standard currency column updated manually by a plugin adding custom development overhead
B) A Rollup column automatically aggregating related Opportunity amounts on a managed schedule
C) A calculated column which cannot aggregate values from records in a different related table
D) A formula column which does not support cross-table aggregation of related entity records
Show solution
Correct answers: B – Explanation:
Rollup columns automatically aggregate values from related records on a system-managed schedule with on-demand recalculation available, requiring no custom code. Standard columns with plugin updates work but add development and maintenance overhead for functionality the platform provides natively. Formula columns perform calculations within the same record and cannot aggregate across relationship boundaries. Calculated columns evaluate expressions on current-record fields and do not support cross-table relationship aggregation. Source: Check Source
Question #4 - Configure Microsoft Dataverse
A developer restricts a custom API endpoint so only users with a specific security role can call it.
Which Dataverse security mechanism should be applied?
A) Rate limiting only controlling request volume without verifying caller identity or permissions
B) IP address filtering providing network-level restriction without identity-based authorization
C) No security allowing anyone to call the API endpoint without any authorization verification
D) Associate the Custom API with a privilege and grant that privilege through a security role
Show solution
Correct answers: D – Explanation:
Custom APIs can be bound to privileges assigned through security roles, enforcing role-based access control that verifies caller authorization before execution. Open access without security violates least-privilege principles and exposes functionality to unauthorized callers. IP filtering is a network-level control that does not verify the identity or role of the caller at the application layer. Rate limiting controls request volume to prevent abuse but does not verify whether the caller is authorized to use the API. Source: Check Source
Question #5 - Create and Configure Power Apps
A Canvas App calls a custom REST API in Azure requiring OAuth 2.0 authentication with Azure AD tokens.
Which Power Apps component connects to this secured API?
A) A hardcoded API key string stored in the app configuration creating a significant security risk
B) Direct HTTP calls from the Canvas App without any built-in authentication token management
C) An iframe embedding the API response HTML which is a display element not an API integration
D) A Custom Connector with OAuth 2.0 authentication configured in the connection settings
Show solution
Correct answers: D – Explanation:
Custom Connectors define the API schema, authentication flow (OAuth 2.0), and available operations providing a secure reusable connection from Canvas Apps. Direct HTTP calls lack the built-in token management, refresh handling, and connection credential storage that Custom Connectors provide. Hardcoded API keys in app configuration expose credentials in the app definition creating a security vulnerability. Iframes display web content visually but cannot make authenticated API calls or process structured response data programmatically. Source: Check Source
Question #6 - Create and Configure Power Apps
A model-driven form for Cases needs a custom section displaying a real-time React chat widget with form context access.
Which development approach should the developer use?
A) A PCF control using React that accesses the form context API integrating natively with the form
B) An iframe to an external website which runs in an isolated context without form data access
C) JavaScript added to the form header which has limited UI rendering capability compared to React
D) A Canvas App embedded in the form which has restricted form context interaction compared to PCF
Show solution
Correct answers: A – Explanation:
PCF controls integrate natively into model-driven forms with full form context API access and React support for building rich interactive UI components. External iframes run in isolated browser contexts without direct access to the hosting form data or context APIs. Form header JavaScript has limited UI rendering capability and cannot create the rich React-based component experience that PCF enables. Embedded Canvas Apps have more restricted form context interaction compared to the full API access that PCF controls provide. Source: Check Source
Question #7 - Configure Business Process Automation
A plugin validates order line quantities before save. Lines with quantity zero should block the save with an error message.
Which plugin registration configuration should be used?
A) Post-operation synchronous plugin executing after the database transaction has been committed
B) Pre-validation synchronous plugin on the Create message blocking saves with validation errors
C) A scheduled workflow running on a timer checking for invalid records periodically after creation
D) Post-operation asynchronous plugin running after the save has already completed successfully
Show solution
Correct answers: B – Explanation:
Pre-validation synchronous plugins execute before the database transaction, allowing validation logic to throw InvalidPluginExecutionException and block the save operation with an error message. Post-operation asynchronous plugins run after the save completes and cannot prevent the invalid record from being created. Post-operation synchronous plugins also execute after the transaction is committed to the database. Scheduled workflows check periodically after records exist and cannot prevent invalid data from being saved in real time. Source: Check Source
Question #8 - Configure Business Process Automation
A workflow calls an external API whenever a Contact is updated. The call should not block the user experience or delay saving.
Which automation approach should be used?
A) A Power Automate Cloud Flow triggered by the Contact update event executing asynchronously
B) A scheduled daily batch job checking for updated contacts which misses real-time update events
C) A client-side JavaScript XHR call on form save which is unreliable for server integration tasks
D) A synchronous pre-operation plugin making the external API call blocking the user until completion
Show solution
Correct answers: A – Explanation:
Cloud Flows triggered by Dataverse events run asynchronously in the background, making the API call without blocking the save operation or degrading user experience. Synchronous plugins with external API calls block the user interface until the external call completes, degrading responsiveness. Client-side JavaScript is unreliable for server integration since users may close the browser before the call completes. Daily batch jobs check for changes in bulk and miss the real-time processing of individual update events throughout the day. Source: Check Source
Question #9 - Extend the User Experience
A confirmation dialog appears when clicking Submit for Approval, collecting a comment and triggering a cloud flow.
Which client-side approach should be used?
A) A basic JavaScript alert() popup which cannot collect user input or display custom form elements
B) A separate Canvas App page requiring navigation away from the current form breaking user flow
C) A command bar button with JavaScript using Xrm.Navigation dialog and triggering a Custom Action
D) A browser extension requiring separate installation and management outside the D365 platform
Show solution
Correct answers: C – Explanation:
Xrm.Navigation dialogs provide a native D365 confirmation experience with input collection capability, and Custom Actions bridge client-side events to server-side or flow-based processing. Alert() provides only a basic OK/Cancel dialog without the ability to collect comment text or display custom inputs. Separate Canvas App pages require navigating away from the current form context disrupting the user workflow. Browser extensions require per-user installation and management outside the platform, creating deployment and maintenance burden. Source: Check Source
Question #10 - Extend the Platform
A developer creates a reusable API endpoint in Dataverse callable by external systems triggering complex business logic.
Which Dataverse extensibility feature should be used?
A) A direct SQL connection from external systems bypassing the platform security and business logic
B) A custom ASP.NET API hosted externally requiring separate infrastructure and security management
C) A Custom API registered in Dataverse encapsulating logic and callable via the standard Web API
D) A Power Automate HTTP trigger which works but lacks native Dataverse transactional integration
Show solution
Correct answers: C – Explanation:
Custom APIs provide a Dataverse-native callable endpoint with full plugin pipeline integration, security role enforcement, and Web API accessibility for external consumers. Direct SQL connections bypass application security, business logic validation, and audit trail generation entirely. HTTP-triggered Power Automate flows handle requests but lack the native Dataverse transaction scope that Custom APIs provide. External ASP.NET APIs require separate Azure hosting, security configuration, and infrastructure management overhead. Source: Check Source
Get 770+ more questions with source-linked explanations
Every answer traces to the exact Microsoft documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated 16-Apr-26
Learn more...
What the PL-400 Power Platform Developer exam measures
- Create a Technical Design (10–15%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Configure Microsoft Dataverse (15–20%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Create and Configure Power Apps (15–20%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Configure Business Process Automation (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Extend the User Experience (15–20%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Extend the Platform (15–20%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
How to prepare for this exam
- Review the official exam guide to understand every objective and domain weight before you begin studying
- Complete the relevant Microsoft Learn learning path to build a structured foundation across all exam topics
- Get hands-on practice in an Azure free-tier sandbox or trial environment to reinforce what you have studied with real configurations
- Apply your knowledge through real-world project experience — whether at work, in volunteer roles, or contributing to open-source initiatives
- Master one objective at a time, starting with the highest-weighted domain to maximize your score potential early
- Use PowerKram learn mode to study by individual objective and review detailed explanations for every question
- Switch to PowerKram exam mode to simulate the real test experience with randomized questions and timed conditions
Career paths and salary outlook
Earning this certification can open doors to several in-demand roles:
- Power Platform Developer: $95,000–$135,000 per year (based on Glassdoor and ZipRecruiter data)
- Dataverse Developer: $90,000–$125,000 per year (based on Glassdoor and ZipRecruiter data)
- Low-Code/Pro-Code Developer: $100,000–$140,000 per year (based on Glassdoor and ZipRecruiter data)
Official resources
Microsoft provides comprehensive free training to prepare for the PL-400 Power Platform Developer Associate exam. Start with the official Microsoft Learn learning path for structured, self-paced modules covering every exam domain. Review the exam study guide for the complete skills outline and recent updates.