Azure Security Technology Exam Preparation Guide AZ-500
Share this:
Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. Microsoft announced new role-based certifications to help you and your career keep pace with today’s business requirements. They are evolving their learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities—you’ve earned. .
Exam Prerequisites
If you are planning to attempt the Azure Security Technologies exam, be sure to complete one of the following exams beforehand, as it will give you enough exposure to Azure services and offerings:
AZ-500 Exam for Who ?
On a high-level note, take the exam:
- If you are looking to learn more about Security, Identity, and Encryption in Azure cloud services.
- If you are working on Administration, Software development and looking for a chance to move into the Security domain.
- If you are looking to build security skills and learn more about security cloud workloads effectively.
What to Expect in the Exam?
The Security Technologies Exam is 210 minutes, including about 30 minutes for the surveys and the assessments, which gives you roughly 180 minutes for the exam. You can expect around 40-60 questions in the exam.
The structure of the exam can vary and range between:
- Case study with multiple questions including two choices and drag-and-drop items.
- Single-choice questions which may not be skipped or reviewed. You only get to answer these questions ONCE.
- Single-choice questions (True/False or Yes/No)
- Multiple-choice questions
- Arrange in the correct sequence questions.
Since it’s an associate-level exam, it is relatively challenging as it covers many different topics and best practices. Therefore, I recommend you have at least one year of hands-on experience with Azure Cloud Administration and Security practices in general before you consider booking the exam.
Exam Preparation Recommendations
There’s definitely a lot to cover in this exam, and giving you any list of services or things to learn would be unfair as the expectations for this exam are high. However, below are some topics to consider and focus attention on while preparing for the exam.
- Azure Service Endpoints vs. Private Links
- Azure Policy
- Azure PIM
- Azure Conditional Access and MFA
- Azure AD Connect and Hybrid Configuration
- Managed and User assigned Identity
- Azure Security Center
- Azure Sentinel and Logic App Designer for alerts
- RBAC and Custom Roles
Exam Outline: Microsoft Learn & Docs Reference Links
Some of the reference URLs to articles on the internet has been gathered and placed that will help you cover most of the exam objectives. The headings link to Microsoft Learn modules, and the individual items in each category point to relevant reading articles or MS learn courses.
Manage identity and access (30-35%)
Manage Azure Active Directory identities
- configure security for service principals
- manage Azure AD directory groups
- manage Azure AD users
- manage administrative units
- configure password writeback
- configure authentication methods including password hash and Pass-Through Authentication (PTA), OAuth, and passwordless
- transfer Azure subscriptions between Azure AD tenants (Transfer Billing Ownership, CSP Sub Transfer)
Configure secure access by using Azure AD
- monitor privileged access for Azure AD Privileged Identity Management (PIM)
- configure Access Reviews
- Activate and configure PIM
- implement Conditional Access policies, including Multi-Factor Authentication (MFA)
- configure Azure AD identity protection
Manage application access
- create App Registration
- configure App Registration permission scopes
- manage App Registration permission consent
- manage API access to Azure subscriptions and resources
Manage access control
- configure subscription and resource permissions
- configure resource group permissions
- configure custom RBAC roles
- identify the appropriate role
- apply the principle of least privilege
- interpret permissions
- check access
Implement platform protection (15-20%)
Implement advanced network security
- secure the connectivity of virtual networks (VPN authentication, Express Route encryption)
- configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
- create and configure Azure Firewall
- implement Azure Firewall Manager
- configure Azure Front Door service as an Application Gateway
- configure a Web Application Firewall (WAF) on Azure Application Gateway
- configure Azure Bastion
- configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
- implement Service Endpoints
- implement DDoS protection
Configure advanced security for compute
- configure endpoint protection
- configure and monitor system updates for VMs
- configure authentication for Azure Container Registry
- configure security for different types of containers
- implement vulnerability management
- configure isolation for AKS
- configure security for container registry
- implement Azure Disk Encryption
- configure authentication and security for Azure App Service
- configure SSL/TLS certs
- configure authentication for Azure Kubernetes Service
- configure automatic updates
Manage security operations (25-30%)
Monitor security by using Azure Monitor
- create and customize alerts
- monitor security logs by using Azure Monitor
- configure diagnostic logging and log retention
Monitor security by using Azure Security Center
- evaluate vulnerability scans from Azure Security Center
- configure Just in Time VM access by using Azure Security Center
- configure centralized policy management by using Azure Security Center
- configure compliance policies and evaluate for compliance by using Azure Security Center
- configure workflow automation by using Azure Security Center
Monitor security by using Azure Sentinel
- create and customize alerts
- configure data sources to Azure Sentinel
- evaluate results from Azure Sentinel
- configure a playbook by using Azure Sentinel
Configure security policies
- configure security settings by using Azure Policy
- configure security settings by using Azure Blueprint
Secure data and applications (20-25%)
Configure security for storage
- configure access control for storage accounts
- configure key management for storage accounts
- configure Azure AD authentication for Azure Storage
- configure Azure AD Domain Services authentication for Azure Files
- create and Manage Shared Access Signatures (SAS)
- create a shared access policy for a blob or blob container
- configure Storage Service Encryption
- configure Azure Defender for Storage
Configure security for databases
- enable database authentication
- enable database auditing
- configure Azure Defender for SQL
- configure Azure SQL Database Advanced Threat Protection
- implement database encryption
- implement Azure SQL Database Always Encrypted
Configure and manage Key Vault
- manage access to Key Vault
- manage permissions to secrets, certificates, and key
- configure RBAC usage in Azure Key Vault
- manage certificates
- manage secrets
- configure key rotation
- backup and restore of Key Vault items
- configure Azure Defender for Key Vault
Learning Resources
Microsoft Learn Modules
Microsoft Learn offers a wide range of training and preparation material for most of the Azure exams. Below is a list of relevant modules to prepare for this exam:
- Azure Security Documentation
- Secure your cloud applications in Azure
- Implement resource management security in Azure
- Implement network security in Azure
- Implement virtual machine host security in Azure
- Manage identity and access in Azure Active Directory
- Manage security operations in Azure
Pluralsight AZ-500 Training
Pluralsight also has an AZ-500 training course prepared heavily by Tim Warner and other awesome folks breathing Azure all the time. The course should get you started by checking a lot of boxes on the exam outline.
