About Microsoft AZ-500 Exam
The Microsoft AZ-500 exam is a requirement for getting the Microsoft Certified: Azure Security Engineer Associate certification. This test checks the candidates’ ability to implement security controls, maintain security and identity, access and protections within the Microsoft Azure platform.
Who are the potential candidates?
The Microsoft AZ-500 exam is intended for the security engineers who implement security controls, maintain the security posture, manage identity and access, and protect data, applications, and networks. There are no official prerequisites for taking this certification test. However, the applicants should have a solid understanding of scripting and automation, familiarity with virtualization, networking, and Cloud N-tier architecture, and awareness of Cloud services and products for Azure as well as other Microsoft products and services.
What exam details should the students know?
Microsoft doesn’t usually reveal the details of its certification tests. However, some information regarding the exam structure and format is shared by the previous test takers. Thus, it is known that Microsoft AZ-500 consists of 40 to 60 questions and lasts 150 minutes. The question types that you can expect in the exam include multiple choice and multiple response. The test is delivered in English, Japanese, Simplified Chinese, and Korean. To schedule this exam, you need to sign up with Pearson VUE, the Microsoft testing partner. You will be required to pay the fee that amounts to $165.
To prepare for this certification exam, the candidates can choose one of the preparation options offered by Microsoft on the official webpage. These are free online learning paths for self-study and one paid instructor-led course under the title “Microsoft Azure Security Technologies”.
What skills outline should the learners explore?
The Microsoft AZ-500 exam covers four major topics, which are as follows:
Managing identity and access
- Managing Azure Active Directory identities: this requires one’s competency in customizing security for service principals; managing Azure AD directory groups; managing Azure AD users; customizing password writeback; customizing authentication tools, such as Pass Through Authentication (PTA) and password hash, OAuth, and passwordless; transferring Azure subscriptions between Azure AD tenants.
- Configuring secure access with the help of Azure AD: the examinees need to demonstrate their ability to verify privileged access to Azure AD Privileged Identity Management; customize Access Reviews; initiate and customize PIM; execute Conditional Access policies such as Multi-Factor Authentication (MFA); customize Azure AD identity protection.
- Managing application access: this includes creating App Registration; customizing App Registration permission scopes; managing API access to Azure subscriptions and resources; managing App Registration permission consent.
- Managing access control: the test takers should be able to customize resource and subscription permissions; configure custom RBAC roles; customize resource group permissions; define the appropriate role; implement least privilege principle; interpret permissions; verify access.
Implementing platform protection
- Implementing advanced network security: this covers the skills, such as securing VPN authentication and Express Route encryption connectivity; customizing Network Security Groups and Application Security Groups; designing and customizing Azure Firewall; customizing Azure Front Door service as an Application Gateway; customize Azure Bastion; customize Web Application Firewall within Azure Application Gateway; customize a firewall within a storage account, KeyVault, Azure SQL, or App Service; customize Service Endpoints; perform DDoS protection.
- Customizing compute advanced security: the applicants are required to prove their skills in customizing endpoint protection; customizing and verifying VMs system updates; configuring authentication for Azure Container Registry; customizing security for various container types; executing vulnerability management; customizing AKS isolation; customizing container registry security; executing Azure Disk Encryption; customizing Azure App Service authentication and security; customizing SSL/TLS certs; customizing authentication for Azure Kubernetes Service; customizing automatic updates.
Managing security operations
- Monitoring security with the help of Azure Monitor: the learners need to show their expertise in designing and customizing alerts; monitoring security logs with the help of Azure Monitor; customizing log retention and diagnostic logging.
- Monitoring security with the help of Azure Security Center: this includes one’s abilities, such as assessing Azure Security Center vulnerability scans; customizing Just in Time VM access with the help of Azure Security Center; customizing centralized policy management with Azure Security Center; customizing compliance policies and assessing for compliance with the help of Azure Security Center.
- Monitoring security with the help of Azure Sentinel: this requires the individuals’ skills in designing and customizing alerts; customizing Azure Sentinel data sources; assessing Azure Sentinel results; customizing a workflow automation with the help of Azure Sentinel.
- Configuring security policies: this includes customizing security settings with the help of Azure Policy; customizing security settings with Azure Blueprint; customizing a playbook utilizing Azure Sentinel.
Securing data and applications
- Configuring security for storage: the candidates need to demonstrate their abilities in customizing core storage accounts management; customizing Azure AD authentication for Azure Storage; customizing Azure AD Domain Services authentication for Azure Files; designing and managing Shared Access Signatures (SAS); designing shared blob or blob container access policy; customizing Storage Service Encryption.
- Configuring database security: this requires competency in activating database authentication; activating database auditing; customizing Azure SQL Database Advanced Threat Protection; executing database encryption; performing Azure SQL Database Always Encrypted.
- Configuring and managing Key Vault: the students should know how to manage access to Key Vault; manage permissions to certificates, secrets, and keys; customize RBAC utilization in Azure Key Vault; manage certificates; manage secrets; configure key rotation; backup and restore of Key Vault items.
What career opportunities can certified specialists get?
Passing the Microsoft AZ-500 exam makes you eligible for obtaining the Microsoft Certified: Azure Security Engineer Associate certification. The holders of this certificate can apply for numerous job roles. Some of these titles are enumerated below:
- Software Engineer
- Cloud Security Engineer
- DevOps Engineer
- Manager in Information Security
- Data Engineer
- Cloud Engineer
Each of these positions can bring you a decent salary. For instance, the average income of a Software Engineer ranges from $62,000 to $127,000 per annum, according to PayScale.com. At the same time, a Manager in Information Security can earn on average from $79,000 to $151,000 per year. Holding the job role of a DevOps Engineer, you can get from $64,000 to $95,000 annually.