Microsoft Azure AZ-500 Exam Best Preparation Tool

Aspired to become a Microsoft Certified Azure Security Engineer? Here’s the definitive guide for your AZ-500 exam preparation, follow this and start your preparation for the Azure AZ-500 certification exam.

Microsoft is one of the strongest names in the world of cloud computing. The cloud service platform of Microsoft, Azure, is one of the market leaders in cloud computing along with AWS and Google Cloud. Therefore, the demand for Azure certifications is always high. One of the most recently launched Azure exams is Microsoft Azure AZ 500 that is ideal for the role of Microsoft Azure Security Engineer.

Many sources on the internet help candidates in the AZ-500 exam preparation. However, the following discussion would aim at illustrating every detail of the exam to support your preparation. The discussion can serve as a guiding path for you to start preparation immediately for the Azure Security certification. So, let us get started!

Use this quick start guide to collect all the information about Microsoft Azure Security Technologies (AZ-500) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the AZ-500 Microsoft Azure Security Technologies exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Microsoft MCA Azure Security Engineer certification exam.

The Microsoft Azure Security Technologies certification is mainly targeted to those candidates who want to build their career in Microsoft Azure domain. The Microsoft Certified – Azure Security Engineer Associate exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Microsoft MCA Azure Security Engineer.

Skills measured
The content of this exam will be updated on August 2, 2021. Please download the exam skills outline below to see what will be changing.

Manage identity and access (30-35%)
Implement platform protection (15-20%)
Manage security operations (25-30%)
Secure data and applications (20-25%)

Manage identity and access (30-35%)
Manage Azure Active Directory identities

 configure security for service principals
 manage Azure AD directory groups
 manage Azure AD users
 manage administrative units
 configure password writeback
 configure authentication methods including password hash and Pass Through

Authentication (PTA), OAuth, and passwordless
 transfer Azure subscriptions between Azure AD tenants

Configure secure access by using Azure AD
 monitor privileged access for Azure AD Privileged Identity Management (PIM)
 configure Access Reviews
 configure PIM
 implement Conditional Access policies including Multi-Factor Authentication (MFA)
 configure Azure AD identity protection

Manage application access

 create App Registration
 configure App Registration permission scopes
 manage App Registration permission consent
 manage API access to Azure subscriptions and resources

Manage access control

 configure subscription and resource permissions
 configure resource group permissions
 configure custom RBAC roles
 identify the appropriate role
    o apply principle of least privilege
 interpret permissions
    o check access

Implement platform protection (15-20%)

Implement advanced network security
 secure the connectivity of virtual networks (VPN authentication, Express Route encryption)
 configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
 create and configure Azure Firewall
 implement Azure Firewall Manager
 configure Azure Front Door service as an Application Gateway
 configure a Web Application Firewall (WAF) on Azure Application Gateway
 configure Azure Bastion
 configure a firewall on a storage account, Azure SQL, Key Vault, or App Service
 implement Service Endpoints
 implement DDoS protection

Configure advanced security for compute

 configure endpoint protection
 configure and monitor system updates for VMs
 configure authentication for Azure Container Registry
 configure security for different types of containers
    o implement vulnerability management
    o configure isolation for AKS
    o configure security for container registry
 implement Azure Disk Encryption
 configure authentication and security for Azure App Service
    o configure SSL/TLS certs
    o configure authentication for Azure Kubernetes Service
    o configure automatic updates

Manage security operations (25-30%)
Monitor security by using Azure Monitor
 create and customize alerts
 monitor security logs by using Azure Monitor
 configure diagnostic logging and log retention

Monitor security by using Azure Security Center
 evaluate vulnerability scans from Azure Security Center
 configure Just in Time VM access by using Azure Security Center
 configure centralized policy management by using Azure Security Center
 configure compliance policies and evaluate for compliance by using Azure Security Center
 configure workflow automation by using Azure Security Center

Monitor security by using Azure Sentinel
 create and customize alerts
 configure data sources to Azure Sentinel
 evaluate results from Azure Sentinel
 configure a playbook by using Azure Sentinel

Configure security policies
 configure security settings by using Azure Policy
 configure security settings by using Azure Blueprint

Secure data and applications (20-25%)

Configure security for storage

 configure access control for storage accounts
 configure key management for storage accounts
 configure Azure AD authentication for Azure Storage
 configure Azure AD Domain Services authentication for Azure Files
 create and manage Shared Access Signatures (SAS)
    o create a shared access policy for a blob or blob container
 configure Storage Service Encryption
 configure Azure Defender for Storage

Configure security for databases
 enable database authentication
 enable database auditing
 configure Azure Defender for SQL
    o configure Azure SQL Database Advanced Threat Protection
 implement database encryption
o implement Azure SQL Database Always Encrypted

Configure and manage Key Vault
 manage access to Key Vault
 manage permissions to secrets, certificates, and keys
    o configure RBAC usage in Azure Key Vault
 manage certificates
 manage secrets
 configure key rotation
 backup and restore of Key Vault items
 configure Azure Defender for Key Vault

The exam guide below shows the changes that will be implemented on August 2, 2021.

Audience Profile
Candidates for this exam should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks.
Responsibilities for an Azure Security Engineer include maintaining the security posture, identifying and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.
Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

A candidate for this exam should be familiar with scripting and automation, and should have a deep understanding of networking and virtualization. A candidate should also have a strong familiarity with cloud capabilities, Azure products and services, and other Microsoft products and services.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Manage identity and access (30-35%)

Manage Azure Active Directory identities
 configure security for service principals
 manage Azure AD directory groups
 manage Azure AD users
 manage administrative units
 configure password writeback
 configure authentication methods including password hash and Pass Through

Authentication (PTA), OAuth, and passwordless
 transfer Azure subscriptions between Azure AD tenants

Configure secure access by using Azure AD
 monitor privileged access for Azure AD Privileged Identity Management (PIM)
 configure Access Reviews
 configure PIM
 implement Conditional Access policies including Multi-Factor Authentication (MFA)
 configure Azure AD identity protection

Manage application access
 create App Registration
 configure App Registration permission scopes
 manage App Registration permission consent
 manage API access to Azure subscriptions and resources

Manage access control

 configure subscription and resource permissions
 configure resource group permissions
 configure custom RBAC roles
 identify the appropriate role
o apply principle of least privilege
 interpret permissions
o check access

Implement platform protection (15-20%)
Implement advanced network security
 secure the connectivity of virtual networks (VPN authentication, Express Route encryption)
 configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
 create and configure Azure Firewall
 implement Azure Firewall Manager
 configure Azure Front Door service as an Application Gateway
 configure a Web Application Firewall (WAF) on Azure Application Gateway
 configure Azure Bastion
 configure a firewall on a storage account, Azure SQL, Key Vault, or App Service
 implement Service Endpoints
 implement DDoS protection

Configure advanced security for compute
 configure endpoint protection
 configure and monitor system updates for VMs
 configure authentication for Azure Container Registry
 configure security for different types of containers
o implement vulnerability management
o configure isolation for AKS
o configure security for container registry
 implement Azure Disk Encryption
 configure authentication and security for Azure App Service
o configure SSL/TLS certs
o configure authentication for Azure Kubernetes Service
o configure automatic updates

Manage security operations (25-30%)
Monitor security by using Azure Monitor

 create and customize alerts
 monitor security logs by using Azure Monitor
 configure diagnostic logging and log retention

Monitor security by using Azure Security Center
 evaluate vulnerability scans from Azure Security Center
 configure Just in Time VM access by using Azure Security Center
 configure centralized policy management by using Azure Security Center
 configure compliance policies and evaluate for compliance by using Azure Security Center
 configure workflow automation by using Azure Security Center

Monitor security by using Azure Sentinel
 create and customize alerts
 configure data sources to Azure Sentinel
 evaluate results from Azure Sentinel
 configure a playbook by using Azure Sentinel

Configure security policies
 configure security settings by using Azure Policy
 configure security settings by using Azure Blueprint

Secure data and applications (20-25%)

Configure security for storage
 configure access control for storage accounts
 configure key management for storage accounts
 configure Azure AD authentication for Azure Storage
 configure Azure AD Domain Services authentication for Azure Files
 create and manage Shared Access Signatures (SAS)
o create a shared access policy for a blob or blob container
 configure Storage Service Encryption
 configure Azure Defender for Storage

Configure security for databases
 enable database authentication
 enable database auditing
 configure Azure Defender for SQL
o configure Azure SQL Database Advanced Threat Protection
 implement database encryption
o implement Azure SQL Database Always Encrypted

Configure and manage Key Vault

 manage access to Key Vault
 manage permissions to secrets, certificates, and keys
o configure RBAC usage in Azure Key Vault
 manage certificates
 manage secrets
 configure key rotation
 backup and restore of Key Vault items
 configure Azure Defender for Key Vault

QUESTION 1
You need to meet the identity and access requirements for Group1.
What should you do?

A. Add a membership rule to Group1.
B. Delete Group1. Create a new group named Group1 that has a group type of Microsoft 365. Add users and devices to the group.
C. Modify the membership rule of Group1.
D. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Correct Answer: B

Explanation/Reference:
Incorrect Answers:
A, C: You can create a dynamic group for devices or for users, but you can’t create a rule that contains both users and devices.
D: For assigned group you can only add individual members.

QUESTION 2
You need to ensure that User2 can implement PIM.
What should you do first?

A. Assign User2 the Global administrator role.
B. Configure authentication methods for contoso.com.
C. Configure the identity secure score for contoso.com.
D. Enable multi-factor authentication (MFA) for User2.

Correct Answer: A

Explanation/Reference:
Explanation:
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com

QUESTION 3
You need to ensure that you can meet the security operations requirements. What should you do first?

A. Turn on Auto Provisioning in Security Center.
B. Integrate Security Center and Microsoft Cloud App Security.
C. Upgrade the pricing tier of Security Center to Standard.
D. Modify the Security Center workspace configuration.

Correct Answer: C

Explanation/Reference:
Explanation:
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads.
The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-days exploits, access and application controls to reduce exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.

QUESTION 4
You need to configure WebApp1 to meet the data and application requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Upload a public certificate.
B. Turn on the HTTPS Only protocol setting.
C. Set the Minimum TLS Version protocol setting to 1.2.
D. Change the pricing tier of the App Service plan.
E. Turn on the Incoming client certificates protocol setting.

Correct Answer: AC

Explanation/Reference:
Explanation:
A: To configure Certificates for use in Azure Websites Applications you need to upload a public Certificate.
C: Over time, multiple versions of TLS have been released to mitigate different vulnerabilities. TLS 1.2 is the most current version available for apps running on Azure App Service.

Incorrect Answers:
B: We need support the https: url as well.

QUESTION 5
SIMULATION
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.
To complete this task, sign in to the Azure portal.
Correct Answer: See the explanation below.

Section: (none)

Explanation/Reference:
Explanation:
You need to configure an option in the Advanced Access Policy of the key vault.
1. In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane.
2. In the properties of the key vault, click on Advanced Access Policies.
3. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
4. Click Save to save the changes.

Actualkey Microsoft Azure AZ-500 exam pdf, Certkingdom Microsoft Azure AZ-500 PDF

MCTS Training, MCITP Trainnig

Best Microsoft Azure AZ-500 Certification, Microsoft Azure AZ-500 Training at certkingdom.com

Microsoft Azure AZ-500 Exam Best Preparation Tool
Scroll to top