Purpose of this guide

This is a one-stop study document for Dynatrace Associate Certification preparation. It is designed to help you understand the Dynatrace platform, the major components, the common exam topics, and the hands-on tasks you should be able to perform confidently.

This guide is not an exam dump. It is a structured certification study guide based on Dynatrace University-style preparation, Dynatrace documentation, and commonly discussed certification preparation areas.

---

1. How to use this guide

Use this guide in five passes:

1. Pass 1: Understand the platform story
   Learn how data moves from monitored systems into Dynatrace and how Dynatrace turns that data into insights.
2. Pass 2: Learn each major component
   Study OneAgent, ActiveGate, Grail, OpenPipeline, Smartscape, PurePath, Davis / Dynatrace Intelligence, and Dynatrace Apps.
3. Pass 3: Practice in a tenant
   Use a real Dynatrace environment, trial, playground, or lab environment to click through hosts, services, logs, traces, dashboards, problems, RUM, and synthetic monitors.
4. Pass 4: Learn exam-style thinking
   The Associate exam is not only definition-based. Expect scenario questions such as: “Which Dynatrace feature should you use?” or “Where would you investigate this problem?”
5. Pass 5: Revise using the checklist and practice questions
   Use the final revision checklist and practice questions at the end.

---

2. Certification overview

What the Associate certification validates

Dynatrace Associate Certification validates foundational ability to understand and use Dynatrace for observability, monitoring, problem analysis, reporting, and basic configuration.

You should be able to:

• Explain what Dynatrace is and what business/technical problems it solves.
• Understand the major components of the platform.
• Recognize how Dynatrace collects data.
• Navigate Dynatrace apps and core views.
• Understand OneAgent and ActiveGate at a foundational level.
• Understand hosts, processes, services, traces, logs, metrics, events, and topology.
• Explain how Davis / Dynatrace Intelligence detects anomalies and supports root cause analysis.
• Understand Real User Monitoring and Synthetic Monitoring.
• Build or interpret basic dashboards and notebooks.
• Understand alerting, problems, workflows, and notifications.
• Understand basic DQL concepts.
• Apply platform concepts to troubleshooting scenarios.

Current exam-format note and verification checklist

Dynatrace certification formats and preparation paths can change. Before booking, always verify the active details directly in Dynatrace University under the Associate Certification / Associate Certification Preparation area.

Current publicly visible format signals

The 2025 Associate Certification Learning Path states that the Associate exam includes:

• 60 written questions
• 10–15 practical questions
• Written questions include multiple-choice and multiple-response questions
• For multiple-response questions, correct selections receive partial credit and incorrect selections deduct from the score for that item
• The exam is proctored through ProctorU
• Proctoring is provided in English only
• The practical section is open book

Details to verify before booking

Some details are not consistently visible in public pages and should be checked inside Dynatrace University immediately before scheduling:

• Total exam duration
• Exact current passing score
• Whether the exam sections are timed separately
• Whether practical tasks require screenshots, configuration changes, uploaded files, or answers entered directly in the exam
• Retake waiting period
• Retake fee / voucher rules
• Whether partner vs customer learning paths differ for your account type

Passing score note

Community reports in 2025 mention an 80% passing score, but treat that as a candidate/community-reported value unless you see it confirmed inside your official Dynatrace University exam page or booking flow.

Practical-section preparation note

The practical section is open book, but do not depend on searching documentation during the exam. You should already know how to perform the common tasks because time pressure can make documentation lookup risky.

Prioritize hands-on practice in:

• Dashboards and Data Explorer
• Notebooks
• DQL queries
• Distributed Traces
• Web frontend / Real User Monitoring settings
• Synthetic Monitoring, especially classic synthetic concepts
• Logs and filtering
• Problem investigation
• Basic screenshot-based evidence collection if requested by the exam interface

Preparation paths

For customers, Dynatrace University and the Dynatrace Essentials Learning Plan are currently referenced as key preparation resources. For partners, community discussion indicates a separate partner preparation route may exist, such as Foundation for Partners and hands-on partner labs. Use the learning path that appears for your account type in Dynatrace University.

Commonly discussed Associate preparation areas include:

• Capabilities and monitoring
• Components and architecture
• Digital Experience Monitoring
• Installation and configuration
• Problems and resolution
• Reporting and analysis
• Basic hands-on use of dashboards, notebooks, DQL, distributed traces, synthetic monitoring, and frontend/RUM settings

---

3. Dynatrace in one sentence

Dynatrace is an AI-powered observability, security, analytics, and automation platform that collects telemetry from applications, infrastructure, users, logs, traces, events, and business processes, then uses topology and AI to help teams detect, understand, and resolve problems faster.

---

4. The Dynatrace data flow mental model

Think of Dynatrace as a pipeline:

Monitored systems
  ↓
OneAgent / APIs / OpenTelemetry / Extensions / Cloud integrations
  ↓
ActiveGate when secure routing, private connectivity, or integration gateway is needed
  ↓
OpenPipeline for ingest processing, filtering, transformation, routing, enrichment
  ↓
Grail for unified storage and analytics
  ↓
Smartscape topology + PurePath traces + logs + metrics + events
  ↓
Davis / Dynatrace Intelligence for anomaly detection, correlation, and root cause
  ↓
Dynatrace Apps, dashboards, notebooks, alerts, workflows, reports, and integrations
Code language: PHP (php)

If you understand this flow, most Associate-level questions become easier.

---

5. Core Dynatrace components

5.1 OneAgent

What it is

OneAgent is the Dynatrace agent installed on monitored hosts, virtual machines, containers, or Kubernetes nodes. It automatically discovers, instruments, and monitors applications, services, processes, hosts, and dependencies.

What it collects

OneAgent can collect:

• Host metrics
• Process metrics
• Service metrics
• Application performance data
• Distributed traces
• Code-level details
• Network data
• Logs, depending on configuration
• Runtime and dependency information
• Topology relationships
• Technology-specific monitoring data

Why it matters

OneAgent is central to Dynatrace because it provides automatic discovery and automatic instrumentation. Instead of manually defining every service, dependency, and technology stack, Dynatrace discovers them and builds topology automatically.

Important concepts

Host

A physical machine, virtual machine, cloud instance, or container host monitored by Dynatrace.

Process

An operating system process running on a host.

Process group

A logical grouping of similar processes that belong to the same application or technology role.

Service

A monitored application component that receives requests. Examples include web services, APIs, messaging services, databases, or backend services.

Full-stack monitoring

Provides deep infrastructure and application visibility, including code-level analysis and distributed tracing.

Infrastructure monitoring

Focuses more on host and infrastructure-level monitoring, with lighter application insight compared with full-stack monitoring.

Discovery mode

A lightweight mode designed to discover assets and collect essential information without full deep monitoring.

What to remember for the exam

• OneAgent is installed close to the workload.
• It automatically discovers hosts, processes, services, and dependencies.
• It supports different monitoring modes for different visibility and resource needs.
• Full-stack monitoring gives the deepest application and code-level visibility.
• OneAgent contributes data used by Smartscape, PurePath, Grail, Davis, dashboards, and alerts.

Hands-on tasks to practice

• Find the OneAgent deployment page.
• Identify hosts monitored by OneAgent.
• View host CPU, memory, disk, and network metrics.
• Drill from a host into processes.
• Drill from a process into services.
• Identify the monitoring mode of a host.
• Understand where host-level monitoring can be enabled or disabled.

---

5.2 ActiveGate

What it is

ActiveGate is a secure gateway or proxy between monitored environments and Dynatrace. It helps route monitoring traffic and enables certain integrations and private-network use cases.

Common use cases

ActiveGate is commonly used for:

• Secure proxying between OneAgents and Dynatrace
• Reducing outbound communication points
• Monitoring private or restricted environments
• Remote plugin/extensions execution
• Cloud platform integrations
• Kubernetes monitoring support
• Private Synthetic Monitoring locations
• Routing traffic from monitored environments to Dynatrace clusters or SaaS tenants

Why it matters

Many enterprise environments do not allow every host to communicate directly with external services. ActiveGate can act as a controlled communication point.

Important concepts

Environment ActiveGate

Often used to connect a specific Dynatrace environment to monitored systems, extensions, and integrations.

Cluster ActiveGate

Associated with Dynatrace Managed / cluster-level communication scenarios.

Private Synthetic location

An internal synthetic monitoring location that allows checks against private applications not reachable from public synthetic locations. ActiveGate is commonly involved.

What to remember for the exam

• ActiveGate does not replace OneAgent.
• OneAgent can send data through ActiveGate.
• ActiveGate is useful for secure routing, private-network use cases, and integrations.
• ActiveGate is commonly associated with private Synthetic Monitoring and cloud/Kubernetes integrations.

Hands-on tasks to practice

• Know where ActiveGate is used conceptually.
• Understand the difference between direct OneAgent communication and communication through ActiveGate.
• Understand why private synthetic monitoring may require ActiveGate.
• Understand that ActiveGate can reduce the number of outbound connections.

---

5.3 Dynatrace Platform / Tenant

What it is

A Dynatrace tenant is the environment where users access Dynatrace. It is where telemetry is processed, queried, analyzed, visualized, alerted on, and used by Dynatrace apps.

What users do in the platform

• Navigate apps
• View dashboards
• Create notebooks
• Investigate problems
• Analyze services
• Explore logs
• Query data with DQL
• Configure monitoring
• Set up alerting and notifications
• Configure users, groups, permissions, and management zones
• Use workflows and automation

What to remember for the exam

• The tenant is the user-facing environment.
• Apps provide focused experiences for specific use cases.
• Dynatrace platform connects observability, security, analytics, automation, and AI.

---

5.4 Grail

What it is

Grail is Dynatrace’s observability data lakehouse. It stores and analyzes telemetry such as logs, metrics, traces, events, business events, and other observability data.

Why it matters

Grail enables unified analytics across different data types. Instead of treating logs, traces, metrics, and events as disconnected silos, Dynatrace can analyze them together with topology and context.

Data stored in Grail

• Logs
• Metrics
• Traces/spans
• Events
• Business events
• Security data
• Audit logs
• User/session-related data depending on configuration

Important concepts

DQL

Dynatrace Query Language. Used to query data stored in Grail.

Buckets

Logical storage containers in Grail. Data can be stored in buckets based on data type and retention requirements.

Tables and views

Grail organizes data for efficient querying and access.

Semantic Dictionary

A standardized model for field names across data types, helping make queries and correlations consistent.

What to remember for the exam

• Grail is the unified observability data lakehouse.
• DQL is used to query Grail data.
• Grail supports logs, metrics, traces, events, and more.
• Grail is important for dashboards, notebooks, investigations, and analytics.

Hands-on tasks to practice

• Open Notebooks.
• Run a simple DQL query.
• Query logs.
• Filter logs by severity or content.
• Create a dashboard tile based on a DQL query.

---

5.5 DQL: Dynatrace Query Language

What it is

DQL is a read-only query language used to explore, filter, transform, aggregate, and visualize data stored in Grail.

Mental model

DQL uses a pipeline model:

fetch data
| filter records
| transform or select fields
| summarize or aggregate
| sort / limit / visualize

Common commands to recognize

fetch

Loads data from a data source.

Example:

fetch logs

filter

Keeps records that match a condition.

fetch logs
| filter loglevel == "ERROR"
Code language: JavaScript (javascript)

search

Searches records using search-like conditions.

fetch logs
| search "timeout"
Code language: JavaScript (javascript)

fields

Selects specific fields to display.

fetch logs
| fields timestamp, loglevel, content

sort

Sorts the result.

fetch logs
| sort timestamp desc

limit

Limits the result count.

fetch logs
| limit 20

summarize

Aggregates data.

fetch logs
| summarize count(), by:{loglevel}

DQL patterns to know

Find recent error logs

fetch logs, from:now()-30m
| filter loglevel == "ERROR"
| fields timestamp, loglevel, content
| sort timestamp desc
Code language: JavaScript (javascript)

Count logs by severity

fetch logs, from:now()-1h
| summarize count(), by:{loglevel}

Search logs for timeout

fetch logs, from:now()-2h
| search "timeout"
| fields timestamp, content
Code language: JavaScript (javascript)

Explore events

fetch events, from:now()-24h
| fields timestamp, event.kind, event.type, event.name

What to remember for the exam

• DQL is used for data exploration and analysis in Grail.
• DQL is pipeline-based.
• fetch, filter, fields, sort, limit, summarize, and search are important starting commands.
• You do not need to be a DQL expert for Associate level, but you should understand basic query structure and use cases.

---

5.6 OpenPipeline

What it is

OpenPipeline is Dynatrace’s data handling and ingestion-processing capability. It helps ingest, route, filter, transform, enrich, mask, and process telemetry data before or during storage and analysis.

Why it matters

Organizations often ingest large amounts of telemetry. OpenPipeline helps control data quality, cost, privacy, retention, and usefulness.

Common use cases

• Filter unnecessary log records
• Mask sensitive values
• Extract fields from raw data
• Convert logs into business events
• Route data to specific pipelines or buckets
• Enrich records with additional context
• Normalize incoming data

Important concepts

Ingest source

Where the data comes from, such as OneAgent, API, OpenTelemetry, or another integration.

Pipeline

A collection of processing rules and processors.

Processor

A rule or operation that changes, enriches, masks, drops, or transforms records.

Routing

Determines which pipeline or destination data should go to.

What to remember for the exam

• OpenPipeline is about data ingestion and processing.
• It can filter, transform, enrich, mask, and route data.
• It helps improve observability data quality and cost control.
• It works with different configuration scopes, such as logs and events.

Hands-on tasks to practice

• Understand where OpenPipeline appears in settings.
• Review the concept of ingest sources.
• Understand what a processing rule does.
• Understand examples such as masking sensitive log data or extracting a field from raw logs.

---

5.7 Smartscape

What it is

Smartscape is Dynatrace’s real-time topology and dependency model. It maps entities and relationships across applications, services, processes, hosts, cloud resources, and infrastructure.

Why it matters

Modern systems are complex. Smartscape helps you understand what depends on what, which systems are affected, and where a problem may have started.

Important concepts

Entity

A monitored object, such as a host, process, service, Kubernetes workload, application, queue, database, or cloud resource.

Node

A visual representation of an entity.

Edge

A relationship between entities. Examples include:

• Service A calls Service B
• Process runs on host
• Service uses database
• Application depends on backend service

Topology

The map of entities and relationships.

What Smartscape helps answer

• Which services depend on this service?
• Which host runs this process?
• Which database is called by this service?
• Which users or applications are affected by this backend issue?
• What is the blast radius of a problem?

What to remember for the exam

• Smartscape maps topology and dependencies.
• It is important for impact analysis and root cause analysis.
• It uses entities and relationships.
• Davis / Dynatrace Intelligence uses topology context to identify root cause.

Hands-on tasks to practice

• Open Smartscape.
• Select a service and view its dependencies.
• Identify upstream and downstream relationships.
• Drill from topology to service or host details.

---

5.8 PurePath and Distributed Tracing

What it is

PurePath is Dynatrace’s distributed tracing technology. It traces individual requests across services, processes, databases, queues, external calls, and other components.

Distributed trace basics

Trace

The full journey of a request through a distributed system.

Span

A single operation within a trace. A trace is made of multiple spans.

Service call

A request from one service to another.

Root span

The starting span of a trace.

Child span

A span triggered as part of a larger request path.

Why tracing matters

Tracing helps answer:

• Where is the request slow?
• Which service failed?
• Which database query took the longest?
• Which downstream dependency caused latency?
• Which external call failed?
• What happened before and after the error?

Common trace analysis concepts

• Response time
• Failed requests
• Error rate
• Throughput
• Service flow
• Backtrace
• Database time
• External service time
• Code-level method details when available

What to remember for the exam

• PurePath is related to distributed tracing.
• Distributed tracing follows requests across services.
• It is essential for application performance troubleshooting.
• Trace data can be correlated with logs, metrics, topology, and user experience.

Hands-on tasks to practice

• Open a service.
• Find distributed traces.
• Filter failed traces.
• Analyze one trace end to end.
• Identify the slowest span or failing dependency.
• Understand service flow and backtrace.

---

5.9 Davis / Dynatrace Intelligence

What it is

Davis / Dynatrace Intelligence is the AI and analytics layer of Dynatrace. It uses telemetry, topology, baselines, anomalies, events, and dependencies to detect problems and identify root cause.

What it does

• Establishes baselines
• Detects anomalies
• Correlates related events
• Groups related events into problems
• Identifies likely root cause
• Shows affected entities
• Helps reduce alert noise
• Supports incident triage

Important concepts

Event

A signal that something happened. Examples include high CPU, service slowdown, deployment event, availability issue, or custom alert violation.

Anomaly

A detected deviation from expected behavior.

Problem

A correlated incident record that may include one or more events with shared context or cause.

Root cause entity

The entity Dynatrace identifies as the likely cause of a problem.

Affected entity

An entity impacted by the problem.

Baseline

Expected behavior learned from historical data.

What to remember for the exam

• Davis does not simply list raw alerts; it correlates events into meaningful problems.
• Causal AI uses topology context to find root cause.
• Problems reduce alert noise by grouping related events.
• Problems contain affected entities, root cause information, event timeline, and context.

Hands-on tasks to practice

• Open the Problems app.
• Review open and closed problems.
• Identify root cause and affected entities.
• Review evidence and timeline.
• Drill from a problem into service, host, logs, traces, or topology.

---

6. Dynatrace Apps and key capability areas

Dynatrace Apps are user-facing experiences built around specific use cases.

6.1 Infrastructure Observability

Purpose

Infrastructure Observability monitors hosts, VMs, cloud infrastructure, Kubernetes, containers, processes, networks, databases, and infrastructure health.

Important views and concepts

• Infrastructure & Operations
• Hosts
• Processes
• Process groups
• Kubernetes clusters
• Nodes
• Workloads
• Pods
• Databases
• Cloud resources
• CPU, memory, disk, and network metrics
• Infrastructure health indicators

Questions this area answers

• Are my hosts healthy?
• Is CPU, memory, disk, or network causing a problem?
• Which processes consume the most resources?
• Is a Kubernetes workload unhealthy?
• Are infrastructure issues affecting application performance?

Exam focus

Know how infrastructure relates to applications. A host issue may affect a process; a process may host a service; a service may affect a user action.

---

6.2 Application Observability

Purpose

Application Observability helps monitor application services, APIs, response times, errors, throughput, dependencies, traces, and performance bottlenecks.

Important views and concepts

• Services app
• Service metrics
• Request count
• Response time
• Failure rate
• Service flow
• Backtrace
• Distributed traces
• Database calls
• External services
• Code-level diagnostics

Questions this area answers

• Which service is slow?
• Which request is failing?
• Which dependency caused the slowdown?
• Is the problem in application code, database, queue, or external service?
• How many users or requests are affected?

Exam focus

Understand service-level analysis and how traces support troubleshooting.

---

6.3 Log Management and Analytics

Purpose

Log Management and Analytics collects, stores, searches, analyzes, and correlates logs with other observability data.

Important concepts

• Log ingestion
• Log severity / log level
• Log content
• Log attributes
• DQL queries
• Logs on Grail
• Log correlation with services, traces, hosts, and problems
• Log retention and buckets

Questions this area answers

• What error messages happened during the incident?
• Which host or service produced this log?
• Did logs show warnings before the outage?
• Can I correlate a failed trace with related logs?

Exam focus

Know that logs are more useful when correlated with topology, services, traces, metrics, and events.

---

6.4 Digital Experience Monitoring

Purpose

Digital Experience Monitoring focuses on user experience and application availability from the user perspective.

It includes:

• Real User Monitoring
• Synthetic Monitoring
• Session Replay in some use cases
• Web, mobile, API, and frontend performance monitoring

---

Real User Monitoring

Real User Monitoring captures actual user sessions and user actions from real users interacting with web, mobile, or custom applications.

Key concepts

User session

A user visit or interaction period with an application.

User action

An interaction such as page load, click, tap, or action that triggers application behavior.

Apdex

A user satisfaction score based on response time thresholds.

Frontend errors

JavaScript errors, resource errors, or frontend issues affecting users.

Application detection rules

Rules used to map traffic and user actions to the correct web application.

RUM answers questions like:

• Are real users experiencing slowness?
• Which browser, geography, or device is affected?
• Which user action is slow?
• Is frontend or backend time responsible?
• Are users seeing errors?

---

Synthetic Monitoring

Synthetic Monitoring simulates user journeys or availability checks from controlled locations.

Types of synthetic monitors

HTTP monitor

Checks availability and performance of HTTP endpoints or APIs.

Browser monitor

Checks website availability and performance through a browser.

Browser clickpath

Simulates a multi-step user journey, such as login, search, add to cart, checkout.

Synthetic answers questions like:

• Is my site available from multiple regions?
• Is my login page working?
• Is my API endpoint responding correctly?
• Did checkout break before real users reported it?

Real User vs Synthetic

Area	Real User Monitoring	Synthetic Monitoring
Data source	Real users	Simulated users/checks
Best for	Actual user experience	Availability and proactive testing
Works when no users are active?	No	Yes
Common examples	Page loads, clicks, sessions	HTTP checks, browser monitors, clickpaths

Exam focus

Understand when to use RUM vs Synthetic:

• Use RUM to understand actual user experience.
• Use Synthetic to proactively test availability and journeys.

---

6.5 Application Security

Purpose

Application Security helps detect, analyze, prioritize, and remediate vulnerabilities and runtime risks in monitored applications.

Important capabilities

• Runtime Vulnerability Analytics
• Runtime Application Protection
• Security Posture Management
• Third-party vulnerability detection
• Code-level vulnerability context
• Runtime exposure and impact analysis
• Vulnerability prioritization

Why runtime context matters

A vulnerability is more important when it is actually present in a running application, reachable, used, or exposed through a critical service. Dynatrace uses runtime and topology context to help prioritize remediation.

Exam focus

For Associate level, know the purpose of Application Security and how it uses runtime observability context to prioritize risk.

---

6.6 Business Observability

Purpose

Business Observability connects technical telemetry with business events and business KPIs.

Important concepts

Business event

A business-relevant event such as order placed, payment failed, booking created, quote submitted, cart abandoned, shipment delayed, or subscription changed.

Business KPI

A key performance indicator such as revenue, conversion rate, failed payments, transaction volume, average order value, or booking count.

Business Flow

A Dynatrace business app for tracking business processes, process steps, KPIs, and anomalies.

Questions this area answers

• How many payments failed?
• Did a technical issue reduce checkout conversion?
• What revenue was affected by the outage?
• Which business process step has the highest failure rate?

Exam focus

Know that Business Observability connects application/user/infrastructure performance to business impact.

---

6.7 AI / LLM Observability

Purpose

AI / LLM Observability monitors AI-powered applications, LLM calls, model traffic, latency, errors, token usage, cost, quality indicators, and guardrails.

Important concepts

• AI service health
• LLM latency
• Model traffic
• Error rate
• Token usage
• Cost per model
• Guardrail outcomes
• OpenTelemetry / OpenLLMetry-based instrumentation
• AI application traces and spans

Questions this area answers

• Are LLM calls slow?
• Which model is generating the most cost?
• Are AI requests failing?
• Are guardrails being triggered?
• Which AI service is unhealthy?

Exam focus

This may be less central for Associate basics than OneAgent, DEM, services, problems, and dashboards, but know the purpose and basic metrics.

---

6.8 Automation, Workflows, Dashboards, Alerts

Dashboards

Dashboards visualize observability, security, business, and operational data.

Know how to:

• Use ready-made dashboards
• Create custom dashboards
• Add tiles
• Use DQL-backed tiles
• Use visualizations
• Share dashboards
• Use variables/filters when needed

Notebooks

Notebooks are data-driven documents for exploration and analysis. They can combine text, DQL queries, visualizations, and investigation notes.

Dashboards vs Notebooks

Area	Dashboards	Notebooks
Best for	Ongoing monitoring	Investigation and analysis
Layout	Visual tiles	Document-like sections
Users	Operators, teams, stakeholders	Analysts, SREs, investigators
Typical use	Status view	Deep dive / RCA / report

Alerts and notifications

Dynatrace detects anomalies and creates events and problems. Notifications can be sent to teams or tools through alerting profiles, workflows, and integrations.

Workflows

Workflows automate tasks. They can:

• React to problems
• Send notifications
• Run scheduled tasks
• Connect services
• Trigger remediation steps
• Integrate with external systems

Exam focus

Know this flow:

Anomaly detected
  ↓
Davis event created
  ↓
Related events grouped into a problem
  ↓
Problem evaluated by alerting/notification configuration
  ↓
Workflow or integration sends notification or automates response

---

7. Management zones, tags, and organization

Tags

Tags are labels applied to entities. They help organize, filter, group, alert, and manage access.

Examples:

• environment:production
• team:payments
• application:checkout
• owner:sre-team
• region:apac

Automatically applied tags

Tags can be applied automatically based on rules, metadata, naming patterns, cloud tags, Kubernetes labels, or other entity properties.

Manually applied tags

Users can manually assign tags to entities when needed.

Management zones

Management zones define logical scopes of entities and data. They are used to focus views and control access.

Examples:

• Production only
• Payments application
• APAC region
• Kubernetes platform team
• Database team

Why they matter

Large environments need organization. Tags and management zones help teams see what matters to them and limit access appropriately.

Exam focus

• Tags organize and filter entities.
• Management zones define scopes and access boundaries.
• Management zones can overlap.
• Users can be granted access to an environment or specific management zones.

---

8. Installation and configuration concepts

OneAgent installation basics

You should understand the general steps:

1. Choose deployment target.
2. Get installer or deployment instructions from Dynatrace.
3. Install OneAgent on host, VM, container platform, or Kubernetes environment.
4. Verify that host/process/service data appears.
5. Confirm monitoring mode.
6. Review discovered topology, services, traces, logs, and metrics.

Kubernetes installation basics

Dynatrace commonly uses Dynatrace Operator for Kubernetes environments.

You should understand that Kubernetes monitoring can include:

• Platform monitoring
• Application observability
• Full-stack observability
• ActiveGate components depending on deployment mode
• OneAgent injection depending on mode
• Cluster, node, workload, pod, and application visibility

OpenTelemetry ingestion

Dynatrace can ingest OpenTelemetry traces, metrics, and logs. This is useful when applications already use OpenTelemetry instrumentation or when vendor-neutral telemetry collection is desired.

Extensions and cloud integrations

Dynatrace can integrate with cloud providers, databases, messaging systems, network technologies, and other third-party systems through extensions and built-in integrations.

Exam focus

Do not memorize every installer command. Focus on:

• What OneAgent does
• When ActiveGate is useful
• How monitoring modes differ
• How to verify that data arrived
• How to navigate from host to process to service to trace
• What Kubernetes monitoring generally means

---

9. Problem investigation workflow

Use this repeatable troubleshooting approach.

Step 1: Start with the problem

Open the Problems app and review:

• Problem title
• Status
• Start time
• Duration
• Severity
• Impacted entities
• Root cause entity
• Evidence
• Event timeline

Step 2: Understand impact

Ask:

• Which users are affected?
• Which services are affected?
• Which hosts are affected?
• Is there business impact?
• Is the problem localized or widespread?

Step 3: Follow topology

Use Smartscape or entity topology to determine:

• Upstream dependencies
• Downstream dependencies
• Related hosts and processes
• Related databases, queues, or external services

Step 4: Analyze service behavior

Look at:

• Response time
• Failure rate
• Throughput
• Slow requests
• Failed requests
• Service flow
• Backtrace

Step 5: Check traces

Review distributed traces to identify:

• Slow spans
• Failed spans
• External calls
• Database calls
• Queue calls
• Code-level details

Step 6: Check logs

Search for:

• Errors
• Exceptions
• Timeouts
• Deployment messages
• Configuration errors
• Security or permission errors

Step 7: Check infrastructure

Look for:

• CPU saturation
• Memory pressure
• Disk issues
• Network problems
• Container restarts
• Kubernetes pod failures
• Node pressure

Step 8: Check user experience

If applicable, review:

• User actions
• User sessions
• Apdex
• Frontend errors
• Synthetic failures
• Regional impact

Step 9: Confirm root cause

Use evidence from:

• Davis root cause
• Topology
• Traces
• Logs
• Metrics
• Deployment/change events
• User/session impact

Step 10: Communicate and remediate

Use dashboards, workflows, notifications, or integrations to communicate and automate response.

---

10. Important comparisons

Metrics vs logs vs traces vs events

Data type	Meaning	Best for
Metrics	Numeric measurements over time	Trends, thresholds, health
Logs	Detailed text/event records	Debugging and evidence
Traces	Request journey across systems	Performance and failure path
Events	Something significant happened	Alerting and correlation
Topology	Relationship map	Dependency and impact analysis

OneAgent vs ActiveGate

Component	Purpose
OneAgent	Collects and instruments telemetry on monitored systems
ActiveGate	Routes/proxies data and supports private-network integrations

Smartscape vs PurePath

Component	Purpose
Smartscape	Shows entity topology and dependencies
PurePath	Shows request-level trace path through services

RUM vs Synthetic

Component	Purpose
Real User Monitoring	Measures real user sessions and actions
Synthetic Monitoring	Simulates checks or journeys proactively

Dashboards vs Notebooks

Component	Purpose
Dashboards	Ongoing visualization and monitoring
Notebooks	Investigation, analysis, and reporting

Events vs Problems

Concept	Meaning
Event	Individual signal or anomaly
Problem	Correlated group of related events with context and root cause

---

11. High-value exam definitions

Entity

A monitored object such as a host, process, service, application, Kubernetes workload, database, queue, or cloud resource.

Host

A machine or instance monitored by Dynatrace.

Process

A running operating system process.

Process group

A logical group of similar processes.

Service

An application component that receives and processes requests.

Trace

A complete request journey across services.

Span

One operation inside a trace.

User session

A real user’s visit or interaction period with an application.

User action

A user interaction such as page load, click, tap, or XHR-triggering action.

Synthetic monitor

A scripted or configured check that tests availability or performance from a synthetic location.

Problem

A Dynatrace incident record that groups related events and identifies impact and root cause.

Davis event

An event detected or processed by Dynatrace Intelligence.

Baseline

Expected behavior learned over time.

Anomaly

Behavior that deviates from normal baseline or configured thresholds.

Management zone

A logical scope for filtering and access control.

Tag

A label used to categorize and filter entities.

Dashboard

A visual view of operational data.

Notebook

A document-like analytical workspace.

Workflow

An automated sequence of tasks triggered by schedule, event, or manual action.

DQL

Dynatrace Query Language used to query Grail.

Grail

Dynatrace’s unified observability data lakehouse.

OpenPipeline

Dynatrace’s ingest and processing layer for routing, filtering, transforming, enriching, and masking telemetry.

---

12. Hands-on certification lab checklist

Use this list before the exam. You should be able to perform or explain each task.

Platform navigation

• Open Dynatrace.
• Find Apps.
• Find Services.
• Find Hosts / Infrastructure & Operations.
• Find Logs.
• Find Dashboards.
• Find Notebooks.
• Find Problems.
• Find Smartscape.
• Find Distributed Tracing.
• Find Synthetic Monitoring.
• Find RUM / Web applications.

OneAgent and infrastructure

• Identify a monitored host.
• Check CPU, memory, disk, and network.
• Find processes on a host.
• Drill from process to service.
• Understand monitoring mode.
• Understand host group concept.

Services and traces

• Open a service.
• Check response time, throughput, and failure rate.
• Find a slow request.
• Find a failed request.
• Open a distributed trace.
• Identify slow/failing spans.
• Use service flow or backtrace conceptually.

Logs and DQL

• Open Logs.
• Search for errors.
• Run a basic DQL query.
• Filter logs by severity.
• Use fields to show important columns.
• Summarize logs by level.

Problems and RCA

• Open a problem.
• Identify root cause entity.
• Identify affected entities.
• Review event timeline.
• Drill into traces, logs, metrics, or topology.

Dashboards and notebooks

• Open a ready-made dashboard.
• Create or understand a custom dashboard tile.
• Add a DQL-backed tile conceptually.
• Open a notebook.
• Run a query in a notebook.
• Understand dashboard vs notebook usage.

DEM

• Understand user sessions and user actions.
• Understand application detection rules.
• Understand frontend vs backend time.
• Understand Synthetic HTTP monitor.
• Understand Synthetic browser monitor.
• Understand browser clickpath.
• Understand public vs private synthetic locations.

Tags and management zones

• Understand tag format.
• Understand automatic tags.
• Understand management zone purpose.
• Understand how management zones help with access and filtering.

Alerts and workflows

• Understand anomaly → event → problem → notification.
• Understand alerting profile purpose.
• Understand workflow trigger purpose.
• Understand notification integrations.

---

13. Study plan: 14 days

Day 1: Platform overview

• Learn what Dynatrace is.
• Learn the data flow model.
• Memorize major components.
• Navigate the UI.

Day 2: OneAgent

• Study OneAgent purpose.
• Learn monitoring modes.
• Review hosts, processes, services.
• Practice host drilldowns.

Day 3: ActiveGate and ingestion

• Study ActiveGate purpose.
• Learn when ActiveGate is needed.
• Understand cloud, Kubernetes, and private synthetic use cases.

Day 4: Infrastructure Observability

• Review hosts, processes, metrics, Kubernetes basics.
• Practice identifying infrastructure health issues.

Day 5: Application Observability

• Study services, response time, failure rate, throughput.
• Review service flow and backtrace.

Day 6: Distributed tracing / PurePath

• Study traces and spans.
• Practice analyzing a failed or slow trace.

Day 7: Smartscape and topology

• Study entities, nodes, edges, dependencies.
• Practice topology analysis.

Day 8: Davis / Problems

• Study events, anomalies, problems, root cause.
• Practice incident investigation.

Day 9: Logs and DQL

• Study Grail and DQL basics.
• Practice log queries and summarization.

Day 10: Dashboards and Notebooks

• Study visualization and reporting.
• Create or review dashboard tiles.
• Practice notebook-based analysis.

Day 11: Digital Experience Monitoring

• Study RUM, user sessions, user actions, Apdex.
• Study Synthetic HTTP, browser, clickpath, public/private locations.

Day 12: Tags, management zones, alerts

• Study tags and management zones.
• Study alerting profiles, notifications, workflows.

Day 13: Apps: Security, Business, AI

• Study Application Security basics.
• Study Business Observability basics.
• Study AI / LLM Observability basics.

Day 14: Mock revision

• Review the checklist.
• Answer practice questions.
• Practice hands-on navigation.
• Revisit weak areas.

---

14. Final revision cheat sheet

Component cheat sheet

Component	Remember
OneAgent	Auto-discovery and instrumentation on monitored systems
ActiveGate	Secure proxy/gateway and integration point
Dynatrace Platform / Tenant	User-facing environment for analysis, apps, alerts, and configuration
Grail	Unified observability data lakehouse
DQL	Query language for Grail
OpenPipeline	Ingest processing, filtering, routing, enrichment, masking
Smartscape	Real-time topology and dependencies
PurePath	Distributed tracing / request-level visibility
Davis / Dynatrace Intelligence	AI anomaly detection, event correlation, root cause
Infrastructure Observability	Hosts, VMs, processes, Kubernetes, cloud, infrastructure health
Application Observability	Services, APIs, traces, performance, errors
Log Management and Analytics	Search and analyze logs with context
Digital Experience Monitoring	RUM and Synthetic Monitoring
Application Security	Runtime vulnerability and risk analysis
Business Observability	Business events, KPIs, business impact
AI / LLM Observability	AI model traffic, latency, errors, tokens, cost, guardrails
Dashboards	Visualization
Notebooks	Investigation and analysis documents
Workflows	Automation
Alerts / Notifications	Notify and trigger response when problems occur

Troubleshooting cheat sheet

Symptom	Start with
User complaints	RUM, user sessions, user actions, Apdex
Website unavailable	Synthetic monitor, frontend/backend service health
API slow	Service analysis, traces, response time breakdown
Error spike	Service failure analysis, logs, traces
Host overloaded	Infrastructure & Operations, host metrics
Kubernetes issue	Kubernetes app, workloads, pods, nodes
Unknown dependency issue	Smartscape topology
Alert storm	Problems app and Davis correlation
Need business impact	Business Observability and business events
Need visual reporting	Dashboards
Need investigation report	Notebooks
Need automation	Workflows
Need data query	DQL on Grail

---

15. Practice questions

Question 1

Which Dynatrace component is installed on hosts to automatically discover and instrument applications and infrastructure?

A. ActiveGate
B. OneAgent
C. Smartscape
D. Dashboard

Answer: B. OneAgent

Question 2

Which component is commonly used as a secure proxy between monitored environments and Dynatrace?

A. ActiveGate
B. PurePath
C. DQL
D. Apdex

Answer: A. ActiveGate

Question 3

What is Grail?

A. A synthetic browser recorder
B. A data lakehouse for observability data
C. A host installer
D. A user permission group

Answer: B. A data lakehouse for observability data

Question 4

What is DQL used for?

A. Querying data in Grail
B. Installing OneAgent
C. Creating ActiveGate certificates only
D. Recording browser clickpaths only

Answer: A. Querying data in Grail

Question 5

Which Dynatrace capability maps relationships between services, processes, hosts, and other entities?

A. Smartscape
B. Synthetic Monitoring
C. Notebook only
D. Business Flow only

Answer: A. Smartscape

Question 6

PurePath is most closely related to which concept?

A. Distributed tracing
B. Dashboard sharing
C. User permissions
D. Cost allocation only

Answer: A. Distributed tracing

Question 7

A user reports that checkout is slow. Which data is most helpful to follow the backend request path?

A. Distributed trace
B. User profile photo
C. Dashboard title
D. License name only

Answer: A. Distributed trace

Question 8

Which Dynatrace capability correlates anomalies and identifies likely root cause?

A. Davis / Dynatrace Intelligence
B. Manual tags only
C. Synthetic recorder only
D. Dashboard color settings

Answer: A. Davis / Dynatrace Intelligence

Question 9

A team wants to proactively check whether an internal login page is available. Which capability is most relevant?

A. Synthetic Monitoring
B. Business Observability only
C. Host groups only
D. Smartscape only

Answer: A. Synthetic Monitoring

Question 10

A team wants to understand actual user sessions and user actions. Which capability is most relevant?

A. Real User Monitoring
B. ActiveGate configuration only
C. OpenPipeline only
D. Management zone rules only

Answer: A. Real User Monitoring

Question 11

What is the difference between an event and a problem?

A. An event is an individual signal; a problem is a correlated incident record.
B. A problem is always a host; an event is always a dashboard.
C. They are the same thing.
D. Events are used only for billing.

Answer: A. An event is an individual signal; a problem is a correlated incident record.

Question 12

Which feature helps organize entity visibility and access by team or application scope?

A. Management zones
B. Browser clickpath events only
C. CPU metrics only
D. Synthetic locations only

Answer: A. Management zones

Question 13

Which feature helps label entities for filtering and organization?

A. Tags
B. Spans
C. Requests
D. Problems only

Answer: A. Tags

Question 14

Which Dynatrace area is best for monitoring hosts, VMs, processes, Kubernetes, and infrastructure health?

A. Infrastructure Observability
B. Business Observability only
C. AI Observability only
D. Application Security only

Answer: A. Infrastructure Observability

Question 15

Which Dynatrace area is best for analyzing services, response time, failure rate, and traces?

A. Application Observability
B. Business Observability only
C. User management only
D. Billing only

Answer: A. Application Observability

Question 16

Which capability is used to search and analyze logs?

A. Log Management and Analytics
B. Smartscape only
C. ActiveGate only
D. Management zones only

Answer: A. Log Management and Analytics

Question 17

What is OpenPipeline used for?

A. Ingesting, routing, filtering, transforming, and enriching telemetry
B. Drawing topology manually
C. Replacing all hosts
D. Recording only user passwords

Answer: A. Ingesting, routing, filtering, transforming, and enriching telemetry

Question 18

Which tool is better for an investigation document that combines text, queries, and visualizations?

A. Notebook
B. Host installer
C. ActiveGate
D. Synthetic location

Answer: A. Notebook

Question 19

Which tool is better for an always-on visual operational view?

A. Dashboard
B. Root span
C. Process group only
D. User action only

Answer: A. Dashboard

Question 20

Which automation capability can react to a problem and send a notification or trigger a task?

A. Workflow
B. Span
C. Host group
D. User action

Answer: A. Workflow

Question 21

A vulnerability is found in a library that is loaded by a running production service. Which Dynatrace app area is most relevant?

A. Application Security
B. Synthetic Monitoring only
C. Business Flow only
D. Smartscape only

Answer: A. Application Security

Question 22

A company wants to track failed payments and revenue impact. Which app area is most relevant?

A. Business Observability
B. Infrastructure Observability only
C. ActiveGate only
D. Host monitoring only

Answer: A. Business Observability

Question 23

A team wants to monitor token usage and latency for LLM requests. Which app area is most relevant?

A. AI / LLM Observability
B. Synthetic Monitoring only
C. Management zones only
D. Host group settings only

Answer: A. AI / LLM Observability

Question 24

A distributed trace is made up of what?

A. Spans
B. Dashboards
C. Management zones
D. User groups only

Answer: A. Spans

Question 25

Which path is most accurate for problem notification flow?

A. Anomaly → event → problem → notification/workflow
B. Dashboard → wallpaper → event → invoice
C. Host → user photo → problem → email only
D. Synthetic → tag → uninstall → dashboard

Answer: A. Anomaly → event → problem → notification/workflow

---

16. Final exam readiness checklist

You are ready when you can explain each item without notes:

• What Dynatrace does
• What OneAgent does
• Why ActiveGate is used
• What Grail stores
• What DQL is used for
• What OpenPipeline does
• What Smartscape shows
• What PurePath traces
• How Davis creates problems and identifies root cause
• Difference between metrics, logs, traces, events, and topology
• Difference between RUM and Synthetic Monitoring
• Difference between dashboards and notebooks
• Difference between event and problem
• Difference between tag and management zone
• How to investigate a slow service
• How to investigate failed user actions
• How to investigate an infrastructure issue
• How to use logs during troubleshooting
• How to interpret a distributed trace
• How alerts and workflows fit into response
• What Application Security, Business Observability, and AI Observability are for

---

17. Last-minute memory map

Collect:
  OneAgent, APIs, OpenTelemetry, Extensions

Route / connect:
  ActiveGate

Process ingest:
  OpenPipeline

Store / query:
  Grail + DQL

Understand relationships:
  Smartscape

Understand request paths:
  PurePath / Distributed Tracing

Detect and explain problems:
  Davis / Dynatrace Intelligence

Act and communicate:
  Problems, Alerts, Workflows, Notifications

Visualize and analyze:
  Dashboards, Notebooks

Use-case apps:
  Infrastructure Observability
  Application Observability
  Log Management and Analytics
  Digital Experience Monitoring
  Application Security
  Business Observability
  AI / LLM Observability
Code language: JavaScript (javascript)

---

18. What to prioritize if time is short

If you only have limited time, study in this order:

1. OneAgent
2. ActiveGate
3. Hosts, processes, services
4. Smartscape topology
5. PurePath / distributed traces
6. Davis / problems / root cause
7. RUM vs Synthetic Monitoring
8. Logs and DQL basics
9. Dashboards and notebooks
10. Tags and management zones
11. Alerts, workflows, notifications
12. App Security, Business Observability, AI Observability basics

---

19. Common mistakes to avoid

• Thinking ActiveGate replaces OneAgent. It does not.
• Confusing Smartscape with PurePath. Smartscape is topology; PurePath is request tracing.
• Confusing RUM with Synthetic. RUM is real users; Synthetic is simulated checks.
• Thinking every event is a problem. Problems are correlated incidents.
• Ignoring topology during root cause analysis.
• Memorizing definitions without practicing UI navigation.
• Studying only dashboards and ignoring traces/logs/problems.
• Forgetting that management zones can control visibility and access.
• Assuming DQL is only for logs. DQL can query different Grail data types.
• Not verifying the current exam format in Dynatrace University before booking.

---

20. Recommended preparation routine

Daily routine for each topic:

1. Read the concept.
2. Open Dynatrace and find the related app or page.
3. Click through a real example.
4. Write a one-line explanation in your own words.
5. Answer 5 practice questions.
6. Revisit mistakes the next day.

Best learning method:

Concept → UI navigation → real example → troubleshooting scenario → practice questions

---

21. Final advice

To pass Dynatrace Associate Certification, do not only memorize component names. Learn how Dynatrace is used in real troubleshooting:

• Something is slow.
• Dynatrace detects an anomaly.
• Davis groups related events into a problem.
• Smartscape shows dependencies.
• PurePath shows request-level details.
• Logs provide evidence.
• Metrics show trends.
• RUM and Synthetic show user impact.
• Dashboards and notebooks help communicate.
• Workflows and notifications help automate response.