Preparing for the AZ-500: Azure Security Engineer Associate
Skylines Academy Approach
About the AZ-500 and Azure Security Engineer Associate Badge
Over the past eight months, Microsoft has completed a transition within their Cloud certification program from their traditional MCP, MCSA, MCSE certifications to the Role-based programs. These Role-based exams and certifications align with the various areas of production applications (M365), customer experience (Dynamics 365), and cloud infrastructure (Azure).
Within the Azure cloud infrastructure certifications, there are varying tracks that can be taken depending upon your role or interest. Security Engineer Associate is one of those tracks. The Security Engineer Associate certification is obtained through passing of a single exam, AZ-500.
The AZ-500 exam focuses on four key areas:
Manage identity and access
Implement platform protection
Manage security operations
Secure data and applications
Who should take the exam?
So, why would you consider becoming an Azure Security Engineer Associate? Microsoft identifies the role as: ”Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure.” https://www.microsoft.com/en-us/learning/azure-security-engineer.aspx
An Azure Security Engineer has demonstrated the understanding of the services and tools available within Azure. The Security Engineer can properly secure and harden platforms, setup role-based and conditional access, manage storage account access, and monitor and control services within Azure and on-premises. Having the ability to complete these tasks properly, is a huge asset to any organization.
Why take the exam?
This certification has also become valued within the Microsoft partner ecosystem. A new CSP competency for Security was released in August 2019. Silver level competency requires one Azure Security Engineer Associate and Gold level requires four Azure Security Engineer Associates.
To assist you in preparing you for your AZ-500 journey, Skylines Academy has created a course focused on the learning objectives for the Azure Security Engineer Associate certification.
This course will help you navigate the Azure security landscape, explore features and functionalities such as managing identities and role-based access, and enable you to be the go-to person for all things Azure security.
During your journey, Skylines Academy will lead you through a series of sections, modules, and demos to prepare you for taking, and ultimately passing, the Microsoft Azure AZ-500 exam.
After taking this course, you will:
Know how to implement secure infrastructure solutions in the Microsoft Azure platform
Have the information you need to pass the AZ-500 - Microsoft Azure Security Technologies Certification
Understand and translate Azure security core services and capabilities into real-world situations
Enroll in this course or become a Skylines member for access to all courses, current and future. Pass this along to three others in your organization and get your organization to the Gold Security competency technical requirements. Good luck on your journey!
How to Prepare:
Review the Microsoft Exam Blueprints - This should be your first stop during exam preparation. Microsoft uses the blueprint to break down topics and assign a weight (% of questions) to the exams so you’ll have an idea how much to study for each section.
Invest in an online course to help walk you through what’s going to be on the Exam. Throughout the Skylines Academy Microsoft AZ-500 course, Master Instructor Nick Colyer will walk you through objectives and demo with the portal and PowerShell knowledge you will need to take and pass the exam. Make sure to be hands-on and spin up your own Azure environment to follow along.
Set up your own Azure subscription to familiarize yourself with Azure services which are covered in the exam. Check out the free Azure Trial Account Creation demo to help you get set up.
Brush up on PowerShell commands by downloading the free PowerShell Reference Guide. You can complete the exam with the GUI or PowerShell, Microsoft doesn’t score differently; As long as, you complete the task correctly. A command line option may come up as the only way to solve an issue, so it is good to familiarize yourselves with PowerShell commands.
Gain more detail with Microsoft Documentation. We’ve put together some handy Study Guides which reference the most-relevant links for studying for the exam. Study guides are also found within each course at the bottom section. We understand that everyone has different learning styles. Some people require additional post-course reading and Microsoft makes it easy to read up on any Azure topic imaginable though docs.
Coming soon! Take practice tests. Specifically, for the 500, we’ve put together practice questions based on our experience taking the exam and feedback from students. The questions will be included at the end of each respective section of the AZ-500 course.
Ask your peers! There are thousands of like-minded individuals who are studying for or have already taken the AZ-500 exam. Check out the Azure Study Group and feel free to join, post, and see what your fellow Azure students are up to.
Other Useful Resources
Microsoft Learning Paths: There are also Microsoft learning paths online available for different topics.
GitHub Repo: Here you can find labs to deploy code in your own environment.
Blogs: Here’s a list of blogs we found useful in studying for the Microsoft certifications:
Build Azure: Chris Pietschmann provides comprehensive Azure updates and Microsoft certification paths. We highly recommend this blog to keep up-to-date and find your path to learning Azure.
Azure Greg: Gregor Suttie has a ton of passion and knowledge about all things Azure. H also has some great posts on best practices and study links/resources.
PixelRobots: Richard Hooper is an MVP and was awarded the top 20 Azure blogs and you will see why. His up to date content is a great resource to stay on top of the ever-changing Azure services.
Let us know about your success! We love to empower our students and promote them. You can reach us on Twitter, LinkedIn or Facebook
AZ-500 Skills measured:
Manage identity and access
Configure Microsoft Azure Active Directory for workloads
create App registration
configure App registration permission scopes
manage App registration permission consent
configure multi-factor authentication settings
manage Microsoft Azure AD directory groups
manage Microsoft Azure AD users
install and configure Microsoft Azure AD Connect
configure authentication methods
implement conditional access policies
configure Microsoft Azure AD identity protection
Configure Microsoft Azure AD Privileged Identity Management
monitor privileged access
configure access reviews
activate Privileged Identity Management
Configure Microsoft Azure tenant security
transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants
manage API access to Microsoft Azure subscriptions and resources
Implement platform protection
Implement network security
configure virtual network connectivity
configure Network Security Groups (NSGs)
create and configure Microsoft Azure firewall
create and configure application security groups
configure remote access management
configure baseline
configure resource firewall
Implement host security
configure endpoint security within the VM
configure VM security
harden VMs in Microsoft Azure
configure system updates for VMs in Microsoft Azure
configure baseline
Configure container security
configure network
configure authentication
configure container isolation
configure AKS security
configure container registry
configure container instance security
implement vulnerability management
Implement Microsoft Azure Resource management security
create Microsoft Azure resource locks
manage resource group security
configure Microsoft Azure policies
configure custom RBAC roles
configure subscription and resource permissions
Manage security operations
Configure security services
configure Microsoft Azure monitor
configure Microsoft Azure log analytics
configure diagnostic logging and log retention
configure vulnerability scanning
Configure security policies
configure centralized policy management by using Microsoft Azure Security Center
configure Just in Time VM access by using Microsoft Azure Security Center
Manage security alerts
create and customize alerts
review and respond to alerts and recommendations
configure a playbook for a security event by using Microsoft Azure Security Center
investigate escalated security incidents
Secure data and applications
Configure security policies to manage data
configure data classification
configure data retention
configure data sovereignty
Configure security for data infrastructure
enable database authentication
enable database auditing
configure Microsoft Azure SQL Database threat detection
configure access control for storage accounts
configure key management for storage accounts
create and manage Shared Access Signatures (SAS)
configure security for HDInsights
configure security for Cosmos DB
configure security for Microsoft Azure Data Lake
Configure encryption for data at rest
implement Microsoft Azure SQL Database Always Encrypted
implement database encryption
implement Storage Service Encryption
implement disk encryption
implement backup encryption
Implement security for application delivery
implement security validations for application development
configure synthetic security transactions
Configure application security
configure SSL/TLS certs
configure Microsoft Azure services to protect web apps
create an application security baseline
Configure and manage Key Vault
manage access to Key Vault
manage permissions to secrets, certificates, and keys
manage certificates
manage secrets
configure key rotation
-Dwayne Natwick