Preparing for the AZ-500: Azure Security Engineer Associate

Skylines Academy Approach 

About the AZ-500 and Azure Security Engineer Associate Badge 

Over the past eight months, Microsoft has completed a transition within their Cloud certification program from their traditional MCP, MCSA, MCSE certifications to the Role-based programs.  These Role-based exams and certifications align with the various areas of production applications (M365), customer experience (Dynamics 365), and cloud infrastructure (Azure). 

Within the Azure cloud infrastructure certifications, there are varying tracks that can be taken depending upon your role or interest.  Security Engineer Associate is one of those tracks.  The Security Engineer Associate certification is obtained through passing of a single exam, AZ-500.   

The AZ-500 exam focuses on four key areas: 

  1. Manage identity and access 

  2. Implement platform protection 

  3. Manage security operations 

  4. Secure data and applications 

Who should take the exam? 

So, why would you consider becoming an Azure Security Engineer Associate?  Microsoft identifies the role as: ”Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure.” https://www.microsoft.com/en-us/learning/azure-security-engineer.aspx 

An Azure Security Engineer has demonstrated the understanding of the services and tools available within Azure.  The Security Engineer can properly secure and harden platforms, setup role-based and conditional access, manage storage account access, and monitor and control services within Azure and on-premises.  Having the ability to complete these tasks properly, is a huge asset to any organization. 

Why take the exam? 

This certification has also become valued within the Microsoft partner ecosystem.  A new CSP competency for Security was released in August 2019.  Silver level competency requires one Azure Security Engineer Associate and Gold level requires four Azure Security Engineer Associates. 

To assist you in preparing you for your AZ-500 journey, Skylines Academy has created a course focused on the learning objectives for the Azure Security Engineer Associate certification.   

This course will help you navigate the Azure security landscape, explore features and functionalities such as managing identities and role-based access, and enable you to be the go-to person for all things Azure security. 

During your journey, Skylines Academy will lead you through a series of sections, modules, and demos to prepare you for taking, and ultimately passing, the Microsoft Azure AZ-500 exam. 

After taking this course, you will: 

  • Know how to implement secure infrastructure solutions in the Microsoft Azure platform 

  • Have the information you need to pass the AZ-500 - Microsoft Azure Security Technologies Certification 

  • Understand and translate Azure security core services and capabilities into real-world situations 

Enroll in this course or become a Skylines member for access to all courses, current and future.  Pass this along to three others in your organization and get your organization to the Gold Security competency technical requirements.  Good luck on your journey! 

How to Prepare: 

  1. Review the Microsoft Exam Blueprints - This should be your first stop during exam preparation. Microsoft uses the blueprint to break down topics and assign a weight (% of questions) to the exams so you’ll have an idea how much to study for each section. 
     

  2. Invest in an online course to help walk you through what’s going to be on the Exam. Throughout the Skylines Academy Microsoft AZ-500 course, Master Instructor Nick Colyer will walk you through objectives and demo with the portal and PowerShell knowledge you will need to take and pass the exam. Make sure to be hands-on and spin up your own Azure environment to follow along.  

  3. Set up your own Azure subscription to familiarize yourself with Azure services which are covered in the exam. Check out the free Azure Trial Account Creation demo to help you get set up.
     

  4. Brush up on PowerShell commands by downloading the free PowerShell Reference Guide. You can complete the exam with the GUI or PowerShell, Microsoft doesn’t score differently; As long as, you complete the task correctly. A command line option may come up as the only way to solve an issue, so it is good to familiarize yourselves with PowerShell commands. 
     

  5. Gain more detail with Microsoft Documentation. We’ve put together some handy Study Guides which reference the most-relevant links for studying for the exam. Study guides are also found within each course at the bottom section. We understand that everyone has different learning styles. Some people require additional post-course reading and Microsoft makes it easy to read up on any Azure topic imaginable though docs.  
     

  6. Coming soon! Take practice tests. Specifically, for the 500, we’ve put together practice questions based on our experience taking the exam and feedback from students. The questions will be included at the end of each respective section of the AZ-500 course. 
     

  7. Ask your peers! There are thousands of like-minded individuals who are studying for or have already taken the AZ-500 exam. Check out the Azure Study Group and feel free to join, post, and see what your fellow Azure students are up to. 

 

Other Useful Resources 

  1. Microsoft Learning Paths: There are also Microsoft learning paths online available for different topics.   

  2. GitHub Repo: Here you can find labs to deploy code in your own environment. 

  3. Blogs: Here’s a list of blogs we found useful in studying for the Microsoft certifications: 

  4. Build Azure: Chris Pietschmann provides comprehensive Azure updates and Microsoft certification paths. We highly recommend this blog to keep up-to-date and find your path to learning Azure. 

  5. Azure Greg: Gregor Suttie has a ton of passion and knowledge about all things Azure. H also has some great posts on best practices and study links/resources. 

  6. PixelRobots: Richard Hooper is an MVP and was awarded the top 20 Azure blogs and you will see why.  His up to date content is a great resource to stay on top of the ever-changing Azure services. 

 

Let us know about your success! We love to empower our students and promote them. You can reach us on Twitter, LinkedIn or Facebook 

 
academycloud_magical.png
 

AZ-500 Skills measured: 

Manage identity and access 

Configure Microsoft Azure Active Directory for workloads 

  • create App registration 

  • configure App registration permission scopes 

  • manage App registration permission consent 

  • configure multi-factor authentication settings 

  • manage Microsoft Azure AD directory groups 

  • manage Microsoft Azure AD users 

  • install and configure Microsoft Azure AD Connect 

  • configure authentication methods 

  • implement conditional access policies 

  • configure Microsoft Azure AD identity protection 

Configure Microsoft Azure AD Privileged Identity Management 

  • monitor privileged access 

  • configure access reviews 

  • activate Privileged Identity Management 

Configure Microsoft Azure tenant security 

  • transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants 

  • manage API access to Microsoft Azure subscriptions and resources 

 

Implement platform protection 

Implement network security 

  • configure virtual network connectivity 

  • configure Network Security Groups (NSGs) 

  • create and configure Microsoft Azure firewall 

  • create and configure application security groups 

  • configure remote access management 

  • configure baseline 

  • configure resource firewall 

Implement host security 

  • configure endpoint security within the VM 

  • configure VM security 

  • harden VMs in Microsoft Azure 

  • configure system updates for VMs in Microsoft Azure 

  • configure baseline 

Configure container security 

  • configure network 

  • configure authentication 

  • configure container isolation 

  • configure AKS security 

  • configure container registry 

  • configure container instance security 

  • implement vulnerability management 

Implement Microsoft Azure Resource management security 

  • create Microsoft Azure resource locks 

  • manage resource group security 

  • configure Microsoft Azure policies 

  • configure custom RBAC roles 

  • configure subscription and resource permissions 

 

Manage security operations 

Configure security services 

  • configure Microsoft Azure monitor 

  • configure Microsoft Azure log analytics 

  • configure diagnostic logging and log retention 

  • configure vulnerability scanning 

Configure security policies  

  • configure centralized policy management by using Microsoft Azure Security Center 

  • configure Just in Time VM access by using Microsoft Azure Security Center 

Manage security alerts 

  • create and customize alerts 

  • review and respond to alerts and recommendations 

  • configure a playbook for a security event by using Microsoft Azure Security Center 

  • investigate escalated security incidents 

 

Secure data and applications 

Configure security policies to manage data 

  • configure data classification 

  • configure data retention 

  • configure data sovereignty 

Configure security for data infrastructure 

  • enable database authentication 

  • enable database auditing 

  • configure Microsoft Azure SQL Database threat detection 

  • configure access control for storage accounts 

  • configure key management for storage accounts 

  • create and manage Shared Access Signatures (SAS) 

  • configure security for HDInsights 

  • configure security for Cosmos DB 

  • configure security for Microsoft Azure Data Lake 

Configure encryption for data at rest 

  • implement Microsoft Azure SQL Database Always Encrypted 

  • implement database encryption 

  • implement Storage Service Encryption 

  • implement disk encryption 

  • implement backup encryption 

Implement security for application delivery 

  • implement security validations for application development 

  • configure synthetic security transactions 

Configure application security 

  • configure SSL/TLS certs 

  • configure Microsoft Azure services to protect web apps 

  • create an application security baseline 

Configure and manage Key Vault 

  • manage access to Key Vault 

  • manage permissions to secrets, certificates, and keys 

  • manage certificates 

  • manage secrets 

  • configure key rotation 

-Dwayne Natwick