AZ-500 Preparation Details
Preparing for the AZ-500 Microsoft Azure Security Technologies exam? Don’t know where to start? This post is the AZ-500 Certificate Study Guide (with links to each exam objective).
I have curated a list of articles from Microsoft documentation for each objective of the AZ-500 exam. Hope this article will be your AZ-500 Study Guide.
Also, please share the post within your circles so it helps them to prepare for the exam.
Exam Voucher for AZ-500 with 1 Retake
Get 40% OFF with the combo
AZ-500 Azure Security Technologies Course
LinkedIn Learning (Free trial) | Microsoft Azure Certification Learning Path |
Pluralsight (Learning Path) | Microsoft Azure Security Engineer Course |
Whizlabs | Microsoft Azure Security Technologies Course |
Udemy | A Certificate Course on Security in Azure |
AZ-500 Azure Security Tech. Practice Test
Whizlabs Exam Questions | 165 Practice questions & [Online Course] |
Udemy Practice Tests | Security Technologies Practice Questions |
Other Materials Related to Azure Security
Coursera | Cloud Security Basics [Univ. of Minnesota] |
Amazon e-book (PDF) | Exam Reference Azure Security Technologies |
Labs on GitHub | Labs resources on Security topics |
AZ-500 Sample Exam Questions
Looking for AZ-500 Security Dumps? Read This!
Using az-500 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.
Check out all the other Azure certificate study guides
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Manage Identity and Access (30-35%)
Manage Azure Active Directory Identities
Configure security for service principals
Application & service principal objects in Azure AD
Create an Azure AD app & service principal to access resources
Manage Azure AD directory groups
Create a basic group & add members using Azure AD
Manage access with Azure Active Directory groups
Manage Azure AD users
Add or delete users using Azure Active Directory
Manage administrative units
Administrative units in Azure Active Directory
Configure password writeback
Enable Azure AD self-service password reset writeback
Configure authentication methods including password hash and Pass-Through
Authentication (PTA), OAuth, and passwordless
What is password hash synchronization with Azure AD?
Implement password hash synchronization with Azure AD Connect sync
Sign-in with Azure AD Pass-through Authentication
Azure Active Directory Pass-through Authentication: Quickstart
Configure an OAuth application from the Azure AD app gallery
Passwordless authentication options for Azure Active Directory
Enable passwordless sign-in with the Microsoft Authenticator app
Transfer Azure subscriptions between Azure AD tenants
Transfer an Azure subscription to a different Azure AD directory
Associate a subscription to a directory
Configure Secure Access by Using Azure AD
Monitor privileged access for Azure AD Privileged Identity Management (PIM)
LinkedIn: Monitor privileged access for Azure AD PIM
Configure Access Reviews
What are Azure AD access reviews?
Manage user access with Azure AD access reviews
Configure PIM
Start using Privileged Identity Management
Activate my Azure AD roles in PIM
Implement Conditional Access policies including Multi-Factor Authentication (MFA)
What is Conditional Access in Azure Active Directory?
Conditional Access: Require MFA for all users
Secure user sign-in events with Azure Multi-Factor Authentication
Configure Azure AD identity protection
Configure Azure MFA registration policy in Identity Protection
Configure and enable risk policies
Manage Application Access
Create App Registration
Register an application with the Microsoft identity platform
Register an application with the Microsoft identity platform
Configure App Registration permission scopes
Permissions and consent in the Microsoft identity platform endpoint
Configure an application to expose a web API
Manage App Registration permission consent
Azure Active Directory consent framework
Permissions and consent in the Microsoft identity platform endpoint
Managing consent to applications and evaluating consent requests
Manage API access to Azure subscriptions and resources
Managing API Access to Microsoft Azure Subscriptions and Resources
How to use Role-Based Access Control in Azure API Management
Manage Access Control
Configure subscription and resource permissions
Add or change Azure subscription administrators
Add or remove Azure role assignments using the Azure portal
Configure resource group permissions
Grant group access to Azure resources with PowerShell
Configure custom RBAC roles
Create & assign a custom role in Azure AD
Create Azure custom roles using the portal
Identify the appropriate role
LinkedIn: Identify the appropriate role
Apply the principle of least privilege
Assign permissions to groups using the principle of least privilege
Interpret permissions
List Azure role assignments to understand the access level
Check access
Implement Platform Protection (15-20%)
Implement Advanced Network Security
Secure the connectivity of virtual networks (VPN authentication, Express Route
encryption)
Azure network security overview
Create a Site-to-Site VPN connection in the Azure portal
Configure a VPN connection using native Azure certificate authentication
Concepts on ExpressRoute encryption
ExpressRoute encryption: IPsec over ExpressRoute for Virtual WAN
Configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
Create, change, or delete a network security group
Create application security groups
Associate network interfaces to an ASG
Create and configure Azure Firewall
Deploy and configure Azure Firewall
Implement Azure Firewall Manager
What is Azure Firewall Manager?
Secure your virtual hub with Azure Firewall Manager
Configure Azure Front Door service as an Application Gateway
Create and configure Azure Front Door service as an application gateway
Load-balancing with Azure’s application delivery suite
Configure a Web Application Firewall (WAF) on Azure Application Gateway
Create an application gateway with a Web Application Firewall
Create an Azure WAF v2 on Application Gateway using an ARM template
FAQs for Azure Web Application Firewall on Application Gateway
Configure Azure Bastion
Create an Azure Bastion host using the portal
Configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
Configure Azure Storage firewalls and virtual networks
Create a server-level firewall rule in Azure SQL Database
Configure Azure Key Vault firewalls and virtual networks
Configuring Azure Firewall with your App Service Environment
Implement Service Endpoints
Azure Virtual Network service endpoints
Restrict network access with service endpoints
Implement DDoS protection
Azure DDoS Protection Standard overview
Manage Azure DDoS Protection using the Azure portal
Configure Advanced Security for Compute
Configure endpoint protection
Microsoft Endpoint Protection for Azure
Supported endpoint protection solutions
Endpoint protection in Microsoft Azure
Configure and monitor system updates for VMs
Manage updates and patches for your VMs
How to deploy updates and review results?
Managing updates for your Azure VM
Configure authentication for Azure Container Registry
Authenticate with an Azure container registry
Use Azure managed identity to authenticate to Azure container registry
Authenticate with ACR from Azure Kubernetes Service
Configure security for different types of containers
Container security in Azure Security Center
Implement vulnerability management
Security Control: Vulnerability Management
Configure isolation for AKS
Compute isolation in Azure Kubernetes Service
Best practices for cluster isolation in Azure Kubernetes Service
Configure security for container registry
Azure Security Baseline for Azure Container Registry
Azure Container Registry image scanning by Security Center
Azure Container Registry updates for security and reliability
Implement Azure Disk Encryption
Azure Disk Encryption for Windows VMs
Azure Disk Encryption for Linux VMs
Azure Disk Encryption for Windows VMs FAQ
Configure authentication and security for Azure App Service
Authentication and authorization in Azure App Service
Configure your App Service app to use Azure AD login
Advanced usage of authentication in Azure App Service
Authenticate users end-to-end in Azure App Service
Configure SSL/TLS certs
Add a TLS/SSL certificate in Azure App Service
Configuring TLS for an application in Azure
Configure authentication for Azure Kubernetes Service
Access and identity options for Azure Kubernetes Service
Use managed identities in Azure Kubernetes Service
Best practices for authentication in Azure Kubernetes Service
Configure automatic updates
Amazon link (affiliate)
Manage Security Operations (25-30%)
Monitor Security by Using Azure Monitor
Create and customize alerts
PS Course Module: Create and customize alerts in Azure
Create, view, and manage metric alerts using Azure Monitor
Quickstart: Create custom alerts
Monitor security logs by using Azure Monitor
Analyze and review Logs for anomalous behavior
Security Logging and Audit Log Collection within Azure
Configure diagnostic logging and log retention
Enable diagnostics logging for apps in Azure App Service
Configure the data retention period of logs
Monitor Security by Using Azure Security Center
Evaluate vulnerability scans from Azure Security Center
Integrated vulnerability assessment solution for Azure virtual machines
Configure Just in Time VM access by using Azure Security Center
Understanding just-in-time (JIT) VM access
Azure Security Center – Just-in-Time Network Access
Secure your management ports with just-in-time access
Configure centralized policy management by using Azure Security Center
Working with security policies in the Security Center
Configure a security policy in Azure Policy using the REST API
Configure compliance policies and evaluate for compliance by using Azure Security Center
Working with security policies
Assess your regulatory compliance in Security Center
Configure workflow automation by using Azure Security Center
Automate responses to Security Center triggers
Monitor Security by Using Azure Sentinel
Create and customize alerts
Create custom analytics rules to detect threats
Configure data sources to Azure Sentinel
Connect data sources to Azure Sentinel
On-board Azure Sentinel: Connect data sources
Evaluate results from Azure Sentinel
Investigate incidents with Azure Sentinel
Visualize and monitor your data
Configure a playbook
Use playbooks with automation rules in Azure Sentinel
Configure Security Policies
Configure security settings by using Azure Policy
Working with security policies
Configure security settings by using Azure Blueprint
Configure your environment for a Blueprint Operator
Secure Data and Applications (20-25%)
Configure Security for Storage
Configure access control for storage accounts
Assign an Azure role for access to blob and queue data
Authorize access to blobs and queues using Azure Active Directory
Configure key management for storage accounts
Manage storage account access keys
Manage storage account keys with Key Vault & CLI
Configure Azure AD authentication for Azure Storage
Azure AD Authentication for Azure Blobs and Queues
Authorize access to blobs and queues using Azure Active Directory
Configure Azure AD Domain Services authentication for Azure Files
Enable Azure AD DS authentication on Azure Files
Create and Manage Shared Access Signatures (SAS)
Getting Started with Shared Access Signatures (SAS)
Grant limited access to Storage with Shared Access Signatures
Create a shared access policy for a blob or blob container
Configure Storage Service Encryption
Azure Storage Service Encryption for Managed Disks
Azure Storage Service Encryption for data at rest
Configure Azure Defender for Storage
Configure Azure Defender for Storage
Configure Security for Databases
Enable database authentication
Use Azure Active Directory authentication for SQL databases
Enable database auditing
Auditing for Azure SQL Database and Azure Synapse Analytics
Configure Azure Defender for SQL
Enable Azure Defender for SQL servers on VM
Implement database encryption
Transparent data encryption for SQL Database
Implement Azure SQL Database Always Encrypted
Always Encrypted now generally available in Azure SQL Database
Configure Always Encrypted by using Azure Key Vault
Configure Always Encrypted by using the Windows certificate store
Configure and Manage Key Vault
Manage access to Key Vault
Secure access to Azure key vault
Manage permissions to secrets, certificates, and keys
About keys, secrets, and certificates
Azure RBAC secret, key, & certificate permissions with Key Vault
Configure RBAC usage in Azure Key Vault
Manage certificates
Manage certificates via Azure Key Vault
Manage secrets
Configure and manage secrets in Azure Key Vault
Configure key rotation
Automate the rotation of a secrets
Backup and restore of Key Vault items
Back up & restore individual key vault objects
Configure Azure Defender for Key Vault
This brings us to the end of the AZ-500 Microsoft Azure Security Technologies Study Guide
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other Azure certification exams, check out the Azure study guide for those exams.
Follow Me to Receive Updates on AZ-500 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
12 Comments
Hi Ravikiran
At first, thank you very much for your work trying to gather the best information about this certification.
I want to take 1 of the courses, What do You recommend?, I will take de exam, and I would like to take the course that is really close to the exam.
Best regards.
I am not sure how updated they are, but the skylines was good when I took that
Does AZ-500 exam have labs in it? Or just MCQ, T/F, matching and case study based questions?
no, not now at this time
Thanks for this collating the relevant docs. please can you suggest a Microsoft doc for the topic Configure baseline for resources
There wasn’t a particular link to that, this one comes very close
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/export-template-portal#export-template-from-a-resource-group
Basically, know how to save the previous deployment in a Resource Group (as an ARM template). So you are baselining the resources in a resource group, so you can compare them with future deployments, so you know what has changed.
E-book Azure Security Infrastructure – is there a safe free download link that you recommend?
thanks
I am not aware of free download link
Why? Would you like to tell me the reasons in more detailed?
Is not the case study a sample for how to answer the questions followed by in the section?
Or,
Is it the requirement information for answering the questions in the section?
I am very sorry for so simple question.
Best regards,
Linshan Xu
If you do not answer, there will be fewer questions available to achieve the passing marks.
I did not understand what you are saying properly, but, yes, the required information will be available in each section
I suggest you go through a couple of practice tests and labs to alleviate your fears
Hi, Ravikiran
I heard that there is a case study in the Exam AZ-500.
Must I answer the questions in the case study?
Best regards,
Linshan Xu
Yes, Linshan. There is no negative marking. If you skip, you may not pass