Key Pointers to Remember For The AZ-500 Exam

By Archer Charles 29-Jul-2022
Key Pointers to Remember For The AZ-500 Exam

The world’s second most popular cloud platform today is Microsoft Azure AZ-500 and continues to expand its market share. This cloud platform was launched in 2010 and has not looked back since. Its market has significantly grown, with Azure covering more domains with its wide range of offerings for a larger market. Over 80% of the world’s Fortune 500 companies are using Azure to meet their enterprise cloud needs, while others continue to adopt this platform. Microsoft Azure is a web-based solution that enables businesses to manage and access Microsoft services and resources. 

To ensure greater client satisfaction, Microsoft Azure’s offerings are regularly refined and updated by the IT giant. One of the greatest challenges cloud providers face is cloud security. This is because they are responsible for wide farms of servers with large volumes of storage frameworks, workers and fundamental components critical for business operations. Azure Security Engineers are among the most highly-demanded professionals in the IT industry today. If this is a career path you are considering, it is a certain way to future-proof your career. You can also benefit from our curated list of AZ-500 Exam pointers to help you prepare. 

 Talk to Our Counselor Today 

About the AZ-500 Azure Security Certification:

The AZ-500 Microsoft Azure Security credential equips Azure professionals with the skills and knowledge they require for creating security controls, managing an enterprise’s security positioning and protocols and detecting security issues to resolve them. Candidates who clear the AZ-500 written exam have their Azure security skills validated with the Microsoft Certified Azure Security Engineer Associate certification. With Microsoft Azure, enterprises can ensure accessibility, integrity and protection of business and customer data. It also simplifies and promotes transparency in accountability. 

Microsoft Azure’s infrastructure design enables it to tackle a large number of customers at the same time. It also makes for a solid foundation for enterprises to base their security needs. With the AZ-500 MS Azure Security certification, Microsoft has given the IT industry the most advanced role-based credential that helps users understand its security domain and its functions. 

Prerequisites for the AZ-500 Certification:

  • Understanding the industry’s security needs and best practices like defence in depth, role-based access control, least privileged access, shared responsibility, zero-trust model and multi-factor authentication.
  • Familiarity with VPNs (virtual private networks), IPSec (Internet Security Protocol), SSL (Secure Socket Layer) and data and disk encryption methods.
  • Experience with Azure workload deployment. The AZ-500 credential does not include Azure administration basics, rather it builds on the foundation of fundamentals you are expected to have. 
  • Experience with operating systems like Linux and Windows
  • Experience with scripting languages as the interactive labs in the AZ 500 course might be using CLI and PowerShell.

AZ-500 Exam Topics:

The Microsoft Azure Security certification measures your skills based on four fundamental pillars. When you are preparing for these pillars, make sure you prepare using official documentation that Microsoft provides as reading material. This includes all the updated study materials based on the changing Microsoft offerings.

Domain 1 (30 to 35%) - Manage access and identity:

Managing Azure Active Directory identities

  • Configuring security for service principles
  • Managing Azure AD directory groups
  • Managing Azure AD users
  • Configuring password writeback
  • Configuring authentication methods including password hash and Pass-Through Authentication (PTA), OAuth, and passwordless
  • Transfering Azure subscriptions between Azure AD tenants

Configuring secure access by using Azure AD

  • Monitoring privileged access for Azure AD Privileged Identity Management (PIM)
  • Configuring Access Reviews
  • Activating and configuring PIM
  • Implementing Conditional Access policies including Multi-Factor Authentication (MFA)
  • Configuring Azure AD identity protection (additional tip: How To: Configure the Azure MFA Authentication registration policy)

Managing application access

  • Creating App Registration
  • Configuring App Registration permission scopes
  • Managing App Registration permission consent
  • Managing API access to Azure subscriptions and resources

Managing access control

  • Configuring subscription and resource permissions
  • Configuring resource group permissions
  • Configuring custom RBAC roles
  • Identifying the appropriate role
  • Applying the principle of least privilege
  • Interpreting permissions
  • Checking access

You May Also Like: An Overview of Exam AZ-500: Microsoft Azure Security Technologies

Domain 2 (15 to 20%) - Implement Platform Protection:

Implementing advanced network security

  • Securing the connectivity of virtual networks (VPN authentication, Express Route encryption)
  • Configuring Network Security Groups (NSGs) and Application Security Groups (ASGs)
  • Creating and configuring Azure Firewall
  • Configuring Azure Front Door service as an Application Gateway
  • Configuring a Web Application Firewall (WAF) on Azure Application Gateway
  • Configuring Azure Bastion
  • Configuring a firewall on a storage account, Azure SQL, KeyVault, or App Service
  • Implementing Service Endpoints
  • Implementing DDoS protection

Configuring advanced security for compute

  • Configuring endpoint protection
  • Configuring and monitoring system updates for VMs
  • Configuring authentication for Azure Container Registry
  • Configuring security for different types of containers
  • Implementing vulnerability management
  • Configuring isolation for AKS
  • Configuring security for container registry
  • Implementing Azure Disk Encryption
  • Configuring security and authentication for Azure App Service
  • Configuring SSL/TLS certs
  • Configuring authentication for Azure Kubernetes Service
  • Configuring automatic updates

Domain 3 (25 to 30%) - Manage Security Operations:

Monitoring security by using Azure Monitor

  • Creating and customising alerts
  • Monitoring security logs by using Azure Monitor
  • Configuring diagnostic logging and log retention

Monitoring security by using Azure Security Center

  • Evaluating vulnerability scans from Azure Security Center
  • Configuring Just in Time VM access by using Azure Security Center
  • Configuring centralized policy management by using Azure Security Center
  • Configuring compliance policies and evaluating for compliance by using Azure Security Center

Monitoring security by using Azure Sentinel

  • Creating and customising alerts
  • Configuring data sources to Azure Sentinel
  • Evaluating results from Azure Sentinel
  • Configuring workflow automation by using Azure Sentinel

Configuring security policies

  • Configuring security settings by using Azure Policy
  • Configuring security settings by using Azure Blueprint
  • Configuring a playbook by using Azure Sentinel

Domain 4 (20 to 25%) - Secure Applications and Data

Configuring security for storage

  • Configuring access control for storage accounts
  • Configuring key management for storage accounts
  • Configuring Azure AD authentication for Azure Storage
  • Configuring Azure AD Domain Services authentication for Azure Files
  • Creating and managing Shared Access Signatures (SAS)
  • Creating a shared access policy for blob or a blob container
  • Configuring Storage Service Encryption

Configuring security for databases

  • Enabling database authentication
  • Enabling database auditing
  • Configuring Azure SQL Database Advanced Threat Protection
  • Implementing database encryption
  • Implementing Azure SQL Database Always Encrypted (Configure using SQL Server Management Studio, or PowerShell)

Also Read: Tips to Prepare For Exam AZ-204: Developing Solutions for Microsoft Azure

Configuring and managing Key Vault

  • Managing access to Key Vault
  • Managing permissions to secrets, certificates, and keys
  • Configuring RBAC usage in Azure Key Vault
  • Managing certificates
  • Managing secrets
  • Configuring key rotation
  • Backing up and restoring of Key Vault items

What You Should Know About the AZ-500 Microsoft Azure Security Certification Exam:

If you know the AZ-500 exam format beforehand, you can prepare better because you know what to expect.

In the AZ-500 exam, you have 150 minutes to write the exam, where you have to answer between 40 to 60 questions. To clear the exam, you need to score 700 points out of the total of 1000 (or 70%). You can take this exam in multiple languages - English, Korean, Japanese and Simplified Chinese.

Who Should Apply for the AZ-500 Exam?

IT and cloud professionals across domains can benefit from an AZ-500 certification. This credential is particularly relevant for:

  • DevOps engineers
  • Software engineers
  • Data engineers
  • Information security managers
  • Cloud engineers
  • Cloud security engineers

What will You Learn in the AZ-500 Certification:

By the time you finish this course, you will be equipped to:

  • Manage Azure access and identities
  • Describe specialised data classifications
  • Identify mechanisms for data protection
  • Secure applications and data on Azure
  • Describe Azure security features and services
  • Secure internet protocols and implement them

 Enquire Now 

Archer Charles

Archer Charles has top education industry knowledge with 4 years of experience. Being a passionate blogger also does blogging on the technology niche.