Microsoft AZ-500 Azure Security Engineer Associate | 2023

IT certifications are important credentials that can boost your value, your salary, and your employment opportunities. Microsoft AZ-500 Azure Security Engineer Associate enables you to design and implement a secure infrastructure on Azure Platform. Through an understanding of security best practices and industry security requirements, this individual designs, develops and manages a secure infrastructure leveraging Azure security technologies.

This course contains 100 questions in 4 practice exams created by Azure certified professionals that cover all aspects included in the official exam guide:

Manage identity and access (30-35%)

Manage Azure Active Directory identities

· configure security for service principals

· manage Azure AD directory groups

· manage Azure AD users

· manage administrative units

· configure password writeback

· configure authentication methods including password hash and Pass Through

· Authentication (PTA), OAuth, and passwordless

· transfer Azure subscriptions between Azure AD tenants

Configure secure access by using Azure AD

· monitor privileged access for Azure AD Privileged Identity Management (PIM)

· configure Access Reviews

· configure PIM

· implement Conditional Access policies including Multi-Factor Authentication (MFA)

· configure Azure AD identity protection

Manage application access

· create App Registration

· configure App Registration permission scopes

· manage App Registration permission consent

· manage API access to Azure subscriptions and resources

Manage access control

· configure subscription and resource permissions

· configure resource group permissions

· configure custom RBAC roles

· identify the appropriate role

· apply the principle of least privilege

· interpret permissions

· check access

Implement platform protection (15-20%)

Implement advanced network security

· secure the connectivity of virtual networks (VPN authentication, Express Route

· encryption)

· configure Network Security Groups (NSGs) and Application Security Groups (ASGs)

· create and configure Azure Firewall

· implement Azure Firewall Manager

· configure Azure Front Door service as an Application Gateway

· configure a Web Application Firewall (WAF) on Azure Application Gateway

· configure Azure Bastion

· configure a firewall on a storage account, Azure SQL, Key Vault, or App Service

· implement Service Endpoints

· implement DDoS protection

Configure advanced security for compute

· configure endpoint protection

· configure and monitor system updates for VMs

· configure authentication for Azure Container Registry

· configure security for different types of containers

· implement vulnerability management

· configure isolation for AKS

· configure security for container registry

· implement Azure Disk Encryption

· configure authentication and security for Azure App Service

· configure SSL/TLS certs

· configure authentication for Azure Kubernetes Service

· configure automatic updates

Manage security operations (25-30%)

Monitor security by using Azure Monitor

· create and customize alerts

· monitor security logs by using Azure Monitor

· configure diagnostic logging and log retention

· Monitor security by using Azure Security Center

· evaluate vulnerability scans from Azure Security Center

· configure Just in Time VM access by using Azure Security Center

· configure centralized policy management by using Azure Security Center

· configure compliance policies and evaluate for compliance by using Azure Security

· Center

· configure workflow automation by using Azure Security Center

Monitor security by using Azure Sentinel

· create and customize alerts

· configure data sources to Azure Sentinel

· evaluate results from Azure Sentinel

· configure a playbook by using Azure Sentinel

Configure security policies

· configure security settings by using Azure Policy

· configure security settings by using Azure Blueprint

Secure data and applications (20-25%)

Configure security for storage

· configure access control for storage accounts

· configure key management for storage accounts

· configure Azure AD authentication for Azure Storage

· configure Azure AD Domain Services authentication for Azure Files

· create and manage Shared Access Signatures (SAS)

· create a shared access policy for a blob or blob container

· configure Storage Service Encryption

· configure Azure Defender for Storage

Configure security for databases

· enable database authentication

· enable database auditing

· configure Azure Defender for SQL

· configure Azure SQL Database Advanced Threat Protection

· implement database encryption

o implement Azure SQL Database Always Encrypted

Configure and manage Key Vault

· manage access to Key Vault

· manage permissions to secrets, certificates, and keys

· configure RBAC usage in Azure Key Vault

· manage certificates

· manage secrets

· configure key rotation

· backup and restore of Key Vault items

· configure Azure Defender for Key Vault

This practice test will help you prepare and pass the real official exam test environment. Questions include:

• Answers with detailed explanation.

• Reference links to official and unofficial documentation.

• Illustrations to prepare for the exam.

Join us and get ready to pass!! :)