After doing AZ-104, I started AZ-500. I was able to pass in my first attempt. I’m sharing with you all my preparation journey in this blog.<\/p>\n\n\n\n
Candidates for this exam should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks. <\/p>\n\n\n\n
Responsibilities for an Azure Security Engineer include maintaining the security posture, identifying and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.<\/p>\n\n\n\n
Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.<\/p>\n\n\n\n
If your job role is to manage security for Azure, then you can take the AZ-500: Microsoft Azure Security Technologies <\/strong>which makes you a certified Azure Security Engineer Associate<\/strong>. <\/p>\n\n\n\n However, the AZ-500 exam is not equivalent to expert-level certification in Azure. There is no pre-requisite for taking AZ-500 but in my opinion, take AZ-900 at a bare minimum.<\/em> It will prepare you with what format of questions you can expect. <\/p>\n\n\n\n I got around 50 Exam questions in total: 1 case study and the rest were MCQ questions<\/strong>. I did not<\/span><\/strong> get any labs. <\/p>\n\n\n\n AZ-500 Azure Security Engineer Exam expects you to know how to implement security controls, maintain the security posture, manages identity and access, and protect data, applications, and networks. If you do not want to spend too much money on this cert, check out the following free content that really helped me understand the concepts as opposed to only reading. <\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Practice Exams on AZ-500 from ReviewNPrep for just $7.5 Click here<\/a>.<\/strong> <\/p><\/blockquote>\n\n\n\n 1. Manage your time well. If you do not know the answer, move on. There are some questions that you cannot revisit again. These are the ones where you have to suggest an implementation technique. <\/p>\n\n\n\n 2. I used the process of elimination for the ones I wasn’t sure of. In essence, remove the options you know for sure are wrong and then go with your gut feeling on the remaining left options. <\/p>\n\n\n\n 3. You don’t have to go through all of the links provided in this study guide but highly recommended if you want to prepare to be a better security engineer. <\/p>\n\n\n\n 4. If you go through the exam contents, you’d find that most common keyword used is “configure”. This means the bare minimum expectation is that you know how to do it in the portal. There is nothing that beats hands-on. So, get your hands dirty in the Azure portal. <\/p>\n\n\n\n 5. Few areas from which I got questions were NSG’s, Tags, conditional Policies, PIM, Azure monitor, alerts, resource locks, AD groups, MFA, Azure Bastion, SAS, KeyVault. There were a number of questions that required understanding of policies, lifecycles, access control, and more relating to Key Vault.<\/p>\n\n\n\n 6. Many questions do not test you on one thing alone. It’s almost a combination of few services taken together. Example Azure Storage with RBAC. <\/p>\n\n\n\n NOTE: The content of this exam was updated on September 29, 2021<\/strong>.<\/strong><\/p><\/blockquote>\n\n\n\n You may find the below links all over the internet, but this is my guide reading from MS documentation and hunting for links from other blogs and websites. I started with this in parallel with the official Microsoft training mentioned above. <\/p>\n\n\n\nWhat does AZ-500 expects from you?<\/h2>\n\n\n\n
AZ-500 Exam Details<\/h2>\n\n\n\n
Resources for AZ-500 Certification Exam <\/h2>\n\n\n\n
Important Pointers for AZ-500 Certification Exam <\/h2>\n\n\n\n
Manage Identity and Access (30-35%)<\/h2>\n\n\n\n
Manage Azure Active Directory identities<\/h3>\n\n\n\n
Manage secure access by using Azure AD<\/h3>\n\n\n\n
Manage application access<\/h3>\n\n\n\n
Manage access control<\/h3>\n\n\n\n
Implement Platform Protection (15-20%)<\/h2>\n\n\n\n
Implement advanced network security<\/h3>\n\n\n\n
Configure advanced security for compute<\/h3>\n\n\n\n
Manage Security Operations (25-30%)<\/h2>\n\n\n\n
Configure centralized policy management<\/h3>\n\n\n\n
Configure and manage threat protection<\/h3>\n\n\n\n
Configure and manage security monitoring solutions<\/h3>\n\n\n\n