Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks.Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.
Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.
Manage Identity and Access (20-25%)
•Configure Microsoft Azure Active Directory for workloads
•create App registration
•configure App registration permission scopes
•manage App registration permission consent
•install and configure Microsoft Azure AD Connect
•configure authentication methods
•implement conditional access policies
•configure multi-factor authentication settings
•manage Microsoft Azure AD directory groups
•manage Microsoft Azure AD users
•configure Microsoft Azure AD identity protection
•Configure Microsoft Azure AD Privileged Identity Management
•monitor privileged access
•configure access reviews
•activate Privileged Identity Management
•Configure Microsoft Azure tenant security
•transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants
•manage API access to Microsoft Azure subscriptions and resources
Implement Platform Protection (35-40%)
•Implement network security
•configure virtual network connectivity
•configure Network Security Groups (NSGs)
•create and configure Microsoft Azure firewall
•create and configure application security groups
•configure remote access management
•configure baseline
•configure resource firewall
•Implement host security
•configure endpoint security within the VM
•configure VM security
•harden VMs in Microsoft Azure
•configure system updates for VMs in Microsoft Azure
•configure baseline
•Configure container security
•configure network
•configure authentication
•configure container isolation
•configure AKS security
•configure container registry
•configure container instance security
•implement vulnerability management
•Implement Microsoft Azure Resource management security
•create Microsoft Azure resource locks
•manage resource group security
•configure Microsoft Azure policies
•configure custom RBAC roles
•configure subscription and resource permissions
Manage Security Operations (15-20%)
•Configure security services
•configure Microsoft Azure monitor
•configure Microsoft Azure log analytics
•configure diagnostic logging and log retention
•configure vulnerability scanning
•Configure security policies
•configure centralized policy management by using Microsoft Azure Security Center
•configure Just in Time VM access by using Microsoft Azure Security Center
•Manage security alerts
•create and customize alerts
•review and respond to alerts and recommendations
•configure a playbook for a security event by using Microsoft Azure Security Center
•investigate escalated security incidents
Secure Data and Applications (30-35%)
•Configure security policies to manage data
•configure data classification
•configure data retention
•configure data sovereignty
•Configure security for data infrastructure
•enable database authentication
•enable database auditing
•configure Microsoft Azure SQL Database threat detection
•configure access control for storage accounts
•configure key management for storage accounts
•create and manage Shared Access Signatures (SAS)
•configure security for HDInsights
•configure security for Cosmos DB
•configure security for Microsoft Azure Data Lake
•Configure encryption for data at rest
•implement Microsoft Azure SQL Database Always Encrypted
•implement database encryption
•implement Storage Service Encryption
•implement disk encryption
•implement backup encryption
•Implement security for application delivery
•implement security validations for application development
•configure synthetic security transactions
•Configure application security
•configure SSL/TLS certs
•configure Microsoft Azure services to protect web apps
•create an application security baseline
•Configure and manage Key Vault
•manage access to Key Vault
•manage permissions to secrets, certificates, and keys
•manage certificates
•manage secrets
•configure key rotation
To view the most up-to-date list of these exam objectives, please reference the official AZ-500 exam page.
Increase your Azure Security skillset with the NEW AZ-500 course!
4.5
★★★★★ 4.5/5
18,759 students