Self-Study: Microsoft Azure Security Engineer Associate (AZ-500)
Update 26–09–2019
- One lab will come with 12 sub tasks.
- Total number of questions will be 51.
Microsoft recently released a certification on Azure security solutions & approaches called Microsoft Certified: Azure Security Engineer Associate. To get this certification you have write one examination named Exam AZ-500: Microsoft Azure Security Technologies. This article is targeted towards the same.
AZ-500: Microsoft Azure Security Technologies
“Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks.
Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.
Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services”- Microsoft
Demonstrated Skills
These are the broad skills demonstrated by a candidate attempting the certification: Application Security, Azure Active Directory, Azure Security Engineering, Cloud-based Data Protection, Data Security and Network Security.
Examination Pattern: AZ-500
- Total number of questions: 44
- One case study with 6 questions
- Total time: 180 minutes
You need a minimum of 700 out of 1000 to clear the examination.
Type of Questions
Below are the type of questions
- Single choice questions
- Multiple-choice questions
- Arrange in right sequence
- One case study with multiple questions.
- Questions that cannot be skipped: There will be at least three questions in a sequence where you have to select from Yes or No. These questions cannot be skipped or re-answered afterward. (These will pop up in the starting of the examination)
- Questions with diagrams: They will give you snip of Azure portal with specific configuration following will be one-more question. Example below:
Sample Question: You are responsible for maintaining security infrastructure for existing Azure environment. Looking at the below NSGs (pictures) do you think <scenario> will work…
Hope you got the point :-)
My Experience
Found AZ-500 to be easier compared to examinations like AZ-300 or DP-200. I comfortably finished the examination in 90 to 100 minutes with ample amount of time left to recheck answers.
There were questions on PIM, active directory, mfa, HDInsight security, application security, API security, sas, container security, vnet, nsg, Azure policies, management groups, application security groups etc.
Certification scope is wide
Case Study: It was based on an existing scenario of a company. Scope included nsg, application security group and Azure policies. It was similar to the sample question above.
Study Guide
Here is a comprehensive list of study material covering AZ-500 scope & questions.
*All links are either from Microsoft or publicly available blogs that I am just listing here …credit goes to respective authors
Microsoft is really cool in providing quality content for learningYou can do hands-on labs for free here https://docs.microsoft.com/en-us/learnhttps://docs.microsoft.com/en-us/learn/browse/?term=security&products=azure-------------------------------------------------------------------AZ-500 Note: Sub-links are important** Zero trust model
https://www.microsoft.com/security/blog/2018/12/17/zero-trust-part-1-identity-and-access-management/Introduction to Azure Security
https://docs.microsoft.com/en-us/azure/security/fundamentals/overviewGo through sub sections in the below link https://docs.microsoft.com/en-us/azure/security/Azure Data Encryption-at-Rest
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrestHow security policies work
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy#how-security-policies-workFive steps to securing your identity infrastructure
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identityConfigure Azure AD PIM (many questions)
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/Azure network security https://docs.microsoft.com/en-us/azure/security/fundamentals/network-securityhttps://docs.microsoft.com/en-us/azure/security/fundamentals/network-overviewVM Security
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaashttps://docs.microsoft.com/en-us/azure/security/fundamentals/iaasSecuring PaaS databases in Azure
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-sqlSecuring PaaS deployments
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-deploymentsAzure Operational Security best practices
https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-best-practicesAzure database security best practices
https://docs.microsoft.com/en-us/azure/security/fundamentals/database-best-practiceshttps://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practicesContainer security https://azure.microsoft.com/mediahandler/files/resourcefiles/container-security-in-microsoft-azure/Open%20Container%20Security%20in%20Microsoft%20Azure.pdf
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-image-securityAzure DDoS Protection
https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overviewDesign secure applications on Azure
https://docs.microsoft.com/en-us/azure/security/develop/secure-designhttps://docs.microsoft.com/en-us/azure/security/develop/secure-developAzure Key Vault (imp)
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatisEnterprise security in Azure HDInsight
https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/hdinsight-security-overview
If you need further help or have a question then write in the comments below or find me on LinkedIn.
Also, do let me know about any changes in the question pattern that you get in the certification, I will update the article for others. Thanks & Best of luck !!
