AZ-500 (Microsoft Azure Security) Exam Study Guide

Preparing for AZ-500 Microsoft Azure Security Technologies exam? Don’t know where to start? This post is the AZ-500 Certificate Study Guide (with links to each exam objective).

I have curated a list of articles from Microsoft documentation for each objective of AZ-500 exam. Hope this article will be your AZ-500 Study Guide.

Also, please share the post within your circles so it helps them to prepare for the exam.

 

AZ-500 Course (Online Training)

Pluralsight (Learning Path)Microsoft Azure Security Engineer Course
LinkedIn Learning (Free trial)Microsoft Azure: Security Concepts for the exam
WhizlabsMicrosoft Azure Security Technologies Certification
UdemyA Course on Security in Azure

 

AZ-500 Practice Tests & Labs

Whizlabs (Try Sample questions)3 Practice Tests (a total of 165 questions)
Udemy Practice TestsSecurity Technologies Practice Questions
Labs on GitHubLabs resources on Security topics

 

AZ-500 E-book (Related Topics in PDF)

AmazonAzure Security Infrastructure

 

AZ-500 Exam Voucher

Test VoucherMicrosoft Azure Single Shot Exam Voucher ($30 OFF)

 

To view other Azure certificate study guides, click here

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

 

Looking for AZ-500 dumps? Read this!

Using az-500 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

 

Manage Identity and Access (20-25%)

Check out this free course on Managing Identity and Access

Configure Azure Active Directory for Workloads

Create App Registration

https://docs.microsoft.com/en-us/graph/auth-register-app-v2

Configure App Registration permission scopes

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#scopes-and-permissions

Manage App Registration permission consent

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

Configure Multi-Factor Authentication settings

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Manage Azure AD directory groups

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal

Manage Azure AD users

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory

Install and configure Azure AD Connect

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express

Configure authentication methods

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

Implement Conditional Access policies

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies

Configure Azure AD identity protection

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

 

Configure Azure AD Privileged Identity Management

Monitor privileged access

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-pim-resource-rbac

Configure Access Reviews

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Activate Privileged Identity Management

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started#enable-pim

 

Configure Azure tenant security

Transfer Azure subscriptions between Azure AD tenants

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory#associate-a-subscription-to-a-directory

Manage API access to Azure subscriptions and resources

PS Course Module: Managing API Access to Microsoft Azure Subscriptions and Resources (check with free trial)

 

Implement Platform Protection (35-40%)

Check out this free course on Implementing Platform Protection

Implement Network Security

Configure virtual network connectivity

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Configure Network Security Groups (NSGs)

https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

Create and configure Azure Firewall

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Create and configure Azure Front Door service

https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

Create and configure application security groups

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#create-application-security-groups

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#associate-network-interfaces-to-an-asg

Configure remote access management

Udemy Course: Check the module Network Security

Configure baseline

LinkedIn (Free Trial): Configure baseline for resources

Configure resource firewall

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Amazon link (affiliate)

Implement host security

Configure endpoint security within the VM

https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection

Configure VM security

https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas

Harden VMs in Azure

https://blogs.msdn.microsoft.com/2018-01-09-just-in-time-access-azure-vms/

Configure system updates for VMs in Azure

https://docs.microsoft.com/en-us/azure/automation/automation-tutorial-update-management

Configure baseline

LinkedIn (Free Trial): Configure baseline for resources

 

Configure container security

Configure network

https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

Configure authentication

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication

Configure container isolation

https://azure.microsoft.com/en-us/resources/container-security-in-microsoft-azure/

Configure AKS security

https://docs.microsoft.com/en-us/azure/aks/concepts-security

Configure container registry

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-powershell

Implement vulnerability management

https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations#implement-a-vulnerability-assessment-recommendation

 

Implement Azure Resource management security

Create Azure resource locks

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Manage resource group security

PS Module: Securing and Controlling for Resource Groups (check with free trial)

Configure Azure policies

https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal

Configure custom RBAC roles

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell

Configure subscription and resource permissions

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

Amazon link (affiliate)

Manage security operations (15-20%)

Configure security services

Configure Azure Monitor

https://azure.microsoft.com/en-in/resources/videos/get-started-with-azure-monitor/

Configure diagnostic logging and log retention

https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-cost-storage#change-the-data-retention-period

Configure vulnerability scanning

https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations#implement-a-vulnerability-assessment-recommendation

 

Configure security policies

Configure centralized policy management by using Azure Security Center

https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

Configure Just in Time VM access by using Azure Security Center

https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

 

Manage security alerts

Create and customize alerts

PS Course Module: Create and customize alerts in Azure (Check with free trial)

Review and respond to alerts and recommendations

https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Configure a playbook for a security event by using Azure Security Center

https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks#how-to-create-a-security-playbook-from-security-center

Investigate escalated security incidents

https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-incident

Secure data and applications (25-30%)

Configure security policies to manage data

Configure data classification

https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

Configure data retention

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

Configure data sovereignty

https://azure.microsoft.com/files-resourcefiles/Achieving-Compliant-Data-Residency-and-Security-with-Azure.pdf

 

Configure security for data infrastructure

Enable database authentication

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication

Enable database auditing

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

Configure Azure SQL Database Advanced Threat Protection

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection

Configure access control for storage accounts

https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad

Configure key management for storage accounts

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage

Configure Azure AD authentication for Azure Storage

https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-portal

Configure Azure AD Domain Services authentication for Azure Files

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable

Create and manage Shared Access Signatures (SAS)

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Configure security for HDInsight

https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/hdinsight-security-overview

Configure security for Cosmos DB

https://docs.microsoft.com/en-us/azure/cosmos-db/database-security

Configure security for Azure Data Lake

https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

 

Configure encryption for data at rest

Implement Azure SQL Database Always Encrypted

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted-azure-key-vault?tabs=azure-powershell

Implement database encryption

https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sql?tabs=azure-portal

Implement Storage Service Encryption

https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Implement disk encryption

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-portal-quickstart

 

Configure application security

Configure SSL/TLS certs

https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate

Configure Azure services to protect web apps

https://docs.microsoft.com/en-us/azure/security-center/security-center-app-services

Create an application security baseline

https://docs.microsoft.com/en-us/azure/app-service/overview-security

Amazon link (affiliate)

This brings us to the end of AZ-500 Study Guide

What do you think? Let me know in the Comments section if I have missed out on anything. Also, I love to hear from you how your preparation is going on!

In case you are looking for other Azure certification exams check out this page

Sign up for Newsletter

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

  •  
  •  
  • 1
  •  
  •  
    1
    Share

You may also like

4 Comments

  1. Why? Would you like to tell me the reasons in more detailed?

    Is not the case study a sample for how to answer the questions followed by in the section?
    Or,
    Is it the requirement information for answering the questions in the section?
    I am very sorry for so simple question.

    Best regards,
    Linshan Xu

    1. If you do not answer, there will be fewer questions available to achieve the passing marks.
      I did not understand what you are saying properly, but, yes, the required information will be available in each section
      I suggest you go through a couple of practice tests and labs to alleviate your fears

  2. Hi, Ravikiran
    I heard that there is a case study in the Exam AZ-500.
    Must I answer the questions in the case study?

    Best regards,
    Linshan Xu

Leave a Reply

Your e-mail address will not be published. Required fields are marked *