AZ-500 Microsoft Azure Security Exam Study Guide

By: Daniel Calbimonte   |   Updated: 2024-04-12   |   Comments   |   Related: More > Professional Development Certifications

Problem

Handling Azure security is critical for keeping information and resources safe. Is there a certification for Azure security?

Solution

This tip will help you pass the AZ-500 certification exam by answering common questions and providing resources for each of the exam objectives.

What is the AZ-500 Exam?

This official Microsoft exam is related to Azure security.  You will learn about Microsoft Entra, multi-factor authentication (MFA), single sign-on (SSO), Microsoft apps security, virtual network security, endpoints security, gateways, firewalls, Azure Kubernetes Service (AKS), encryption, and other related topics.

Is the Exam Difficult?

This exam will not be difficult if you already have a lot of experience in Azure, especially with security. If you do not have experience with Azure, it is strongly recommended that you take other Azure exams first.

The AZ-900 exam is recommended for beginners in the Azure world.

What is the Minimum Passing Score for the AZ-500 Exam?

The minimum score to pass is approximately 700/1000.

What Books are Recommended for this Exam?

The following books will help you pass this exam:

• Microsoft Azure Security Technologies Certification and Beyond: Gain practical skills to secure your Azure environment and pass the AZ-500 exam
• Exam Ref AZ-500 Microsoft Azure Security Technologies, 2/e
• AZ-500: Microsoft Azure Security Technologies - Exam Cram Notes: Third Edition - 2023
• AZ-500: Microsoft Azure Security Technologies - Study Guide with Practice Questions & Labs: Third Edition - 2023
• MCA Microsoft Certified Associate Azure Security Engineer Study Guide: Exam AZ-500 (Sybex Study Guide)
• AZ-500: Microsoft Azure Security Technologies +200 Exam Practice Questions with Detailed Explanations and Reference Links: Second Edition - 2023
• Microsoft AZ-500 Certification: Azure Security Technologies Full Preparation: Pass Your Microsoft AZ-500 on the First Try (Latest Questions & Detailed ... Preparation Books - NEW & EXCLUSIVE Book 8)
• Microsoft Azure Security Technologies (AZ-500) - A Certification Guide: Get qualified to secure Azure AD, Network, Compute, Storage and Data services through ... security best practices (English Edition)
• AZURE AZ 500 STUDY GUIDE-2: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500

Are There Links Available for Studying for the Exam?

Yes. The following links can be helpful for the exam:

Administer Identity and Access

Administer Microsoft Entra Identities

• Safeguard Microsoft Entra users
• Safeguard Microsoft Entra groups
• Advise on the appropriate use of external identities
• Safeguard external identities
• Deploy Microsoft Entra ID Protection

Administer Microsoft Entra Authentication

• Set up Microsoft Entra Verified ID
• Deploy multi-factor authentication (MFA)
• Deploy passwordless authentication
• Deploy password protection
• Deploy single sign-on (SSO)
• Integrate SSO and identity providers
• Advise on and enforce modern authentication protocols

Administer Microsoft Entra Authorization

• Set up Azure role permissions for management groups, resource groups, subscriptions, and resources
• Assign the Microsoft Entra built-in roles
• Assign the Azure built-in role
• Create and assign customized roles like Azure roles and Microsoft Entra roles
• Deploy and administer Microsoft Entra Permissions Management
• Set up Microsoft Entra Privileged Identity Management
• Set up role management and access reviews in Microsoft Entra
• Deploy Conditional Access policies

Administer Microsoft Entra Application Access

• Administer access to Enterprise applications in Microsoft Entra ID
• Administer the Microsoft Entra app registrations
• Set up app registration permission scopes
• Administer app registration permission consent
• Administer and utilize service principals
• Administer managed identities for Azure resources
• Advise on when to utilize and configure a Microsoft Entra Application Proxy, including authentication

Secure Networking

Design and Enforce Security for Virtual Networks

• Design and enforce Network Security Groups (NSGs) and Application Security Groups (ASGs)
• Design and enforce user-defined routes (UDRs)
• Design and enforce Virtual Network peering or VPN gateway
• Design and enforce Virtual WAN, including secured virtual hub
• Ensure VPN connectivity security, including point-to-site and site-to-site
• Implement encryption via ExpressRoute
• Configure firewall configurations on PaaS resources
• Monitor network security using Network Watcher, including NSG flow logging

Design and Enforce Security for Private Access to Azure Resources

• Design and enforce virtual network Service Endpoints
• Design and enforce Private Endpoints
• Design and enforce Private Link services
• Design and enforce network integration for Azure App Service and Azure Functions
• Design and enforce network security settings for an App Service Environment (ASE)
• Design and enforce network security settings for an Azure SQL Managed Instance

Design and Enforce Security for Public Access to Azure Resources

• Design and enforce Transport Layer Security (TLS) for applications, including Azure App Service and API Management
• Design, implement, and oversee an Azure Firewall, including Azure Firewall Manager and firewall policies
• Design and implement an Azure Application Gateway
• Design and implement an Azure Front Door, including Content Delivery Network (CDN)
• Design and implement a Web Application Firewall (WAF)
• Provide recommendations for the utilization of Azure DDoS Protection Standard

Secure Computing, Storage, and Databases

Design and Implement Advanced Security Measures for Computing

• Design and implement remote access to public endpoints, including Azure Bastion and just-in-time (JIT) virtual machine (VM) access
• Set up network segregation for Azure Kubernetes Service (AKS)
• Secure and monitor Azure Kubernetes Service (AKS)
• Set up authentication for Azure Kubernetes Service (AKS)
• Set up security monitoring for Azure Container Instances (ACIs)
• Set up security monitoring for Azure Container Apps (ACAs)
• Administer access to Azure Container Registry (ACR)
• Set up disk encryption, including Azure Disk Encryption (ADE), host-based encryption, and confidential disk encryption
• Provide recommendations for security configurations for Azure API Management

Design and Implement Security for Storage

• Set up access controls for storage accounts
• Administer lifecycle management for storage account access keys
• Choose and set up a suitable method for accessing Azure Files
• Choose and set up a suitable method for accessing Azure Blob Storage
• Choose and set up a suitable method for accessing Azure Tables
• Choose and set up a suitable method for accessing Azure Queues
• Choose and set up appropriate methods for safeguarding against data security threats, including soft delete, backups, versioning, and immutable storage
• Setup Bring Your Own Key (BYOK)
• Enable the dual encryption in the Azure Storage infrastructure level

Design and Implement Security for Azure SQL Database and Azure SQL Managed Instance

• Set up Microsoft Entra database authentication
• Apply database auditing
• Identify when to use the Microsoft Purview governance portal
• Apply data classification of sensitive information using the Microsoft Purview governance portal
• Design and implement dynamic masking
• Apply Transparent Database Encryption (TDE)
• Provide recommendations for utilizing Azure SQL Database Always Encrypted based on specific scenarios

Administer Security Operations

Design, Implement, and Oversee Governance for Security

• Establish, allocate, and interpret security protocols and strategies in Azure Policy
• Adjust security configurations through Azure Blueprints
• Deploy fortified infrastructures using a landing zone approach
• Create and set up an Azure Key Vault
• Advise on the appropriate usage of a dedicated Hardware Security Module (HSM)
• Adjust access to Key Vault, encompassing vault access policies and Azure Role Based Access Control
• Administer certificates, confidential information, and cryptographic keys
• Set up key rotation procedures
• Configure the backup and restoration of certificates, confidential information, and cryptographic keys

Administer Security Stance using Microsoft Defender for Cloud

• Identify and rectify security vulnerabilities via Microsoft Defender for Cloud Secure Score and Inventory
• Evaluate adherence to security frameworks and Microsoft Defender for Cloud
• Incorporate industry and regulatory benchmarks into Microsoft Defender for Cloud
• Incorporate tailored strategies into Microsoft Defender for Cloud
• Connect hybrid cloud and multi-cloud environments with Microsoft Defender for Cloud
• Identify and oversee external assets through Microsoft Defender External Attack Surface Management

Configure and Manage Threat Protection with Microsoft Defender for Cloud

• Activate protective services within Microsoft Defender for Cloud, such as Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS
• Set up Microsoft Defender for Servers
• Set up Microsoft Defender for Azure SQL Database
• Handle and address security alerts within Microsoft Defender for Cloud
• Set up workflow automation through Microsoft Defender for Cloud
• Assess vulnerability scans conducted by Microsoft Defender for Server

Configure and Oversee Security Monitoring and Automation Solutions

• Track security incidents via Azure Monitor
• Configure data integrations in Microsoft Sentinel
• Develop and tailor detection rules in Microsoft Sentinel
• Assess alerts and events in Microsoft Sentinel
• Configure automated processes in Microsoft Sentinel

Next Steps

For more information about Microsoft exams, refer to the following links.

• DP 500 Certification Exam Preparation for Microsoft Azure and Power BI
• Power BI Certification FAQ for Exams PL-300 and PL-900
• Prepare for the AZ-900 Microsoft Azure Fundamentals Certification
• Study material for exam AZ-100 Microsoft Azure Infrastructure and Deployment
• Study material for exam AZ-400 Microsoft Azure DevOps Solutions
• Study material for exam AZ-203 Developing Solutions for Microsoft Azure

About the author

Daniel Calbimonte is a Microsoft SQL Server MVP, Microsoft Certified Trainer and 6-time Microsoft Certified IT Professional. Daniel started his career in 2001 and has worked with SQL Server 6.0 to 2022. Daniel is a DBA as well as specializes in Business Intelligence (SSIS, SSAS, SSRS) technologies.

This author pledges the content of this article is based on professional experience and not AI generated.

View all my tips