Many organizations today are leveraging the cloud to transform their business. However, the adoption of cloud technology introduces associated risks, security and privacy concerns. Hence, the need for cybersecurity professionals with skills required to protect the environment including the data stored in the cloud.
We will offer an overview of one of Microsoft Azure’s specialized certifications — the Microsoft Certified: Azure Security Engineer Associate certification, focused on securing the cloud environment. We will answer various questions that candidates might have such as the domains, the target audience of the certification, the examination format and ways to prepare for the exam.
When you pass the Microsoft Azure Security Technologies (AZ-500) exam, you’ll earn the Microsoft Certified: Azure Security Engineer Associate certification.
The Microsoft Azure Security Technologies (AZ-500) exam
The Microsoft Azure Security Technologies exam is intended for individuals who work in a security engineer role. Individuals are to be subject matter experts in implementing, secure controls and threat protection, managing identity and access and protecting data, applications, networks in cloud and hybrid environments as part of an end-to-end infrastructure.
A Microsoft Azure Security Engineer maintains the security posture, identifies and remediates vulnerabilities using a number of security tools, implements threat protection and responds to security incident escalations. They also serve as part of a larger team dedicated to cloud-based management and secure and may also secure hybrid environments as part of an end-to-end infrastructure.
Individuals must have at least six months of hands-on experience working and security Azure cloud environments. In addition, individuals must be familiar with scripting and automation and have a deep understanding of networking, virtualization and cloud N-tier architecture. They must also have experience with Azure products and services, as well as other Microsoft products and services.
Exam and domain overview
As of September 2020, the Microsoft Azure Security Technologies exam covers four different domains. We will briefly discuss the concepts tested in each domain of the exam. The four domains are as follows:
Manage identity and access (30-35%)
Implement platform protection (15-20%)
Manage security operations (25-30%)
Secure data and applications (20-25%)
Domain 1 — Manage identity and access (30-35%)
This domain covers working with subscriptions, users and groups by configuring Microsoft Azure Active Directory for workloads. It also covers securing resources using policy, role-based access control (RBAC) and other Azure services.
For this domain, individuals must have knowledge of:
Managing Azure AD identities
Configure security for service principals
Manage Azure AD directory groups
Manage Azure AD users
Configure password writeback
Configure authentication methods including password hash and Pass Through Authentication (PTA), OAuth and passwordless
Transfer Azure subscriptions between Azure AD tenants
Configuring secure access by using Azure AD
Monitor privileged access for Azure AD Privileged Identity Management (PIM)
Configure Access Reviews
Activate and configure PIM
Implement Conditional Access policies including Multi-Factor Authentication (MFA)
Configure Azure AD identity protection
Managing application access
Create App Registration
Configure App Registration permission scopes
Manage App Registration permission consent
Manage API access to Azure subscriptions and resources
Managing access control
Configure subscription and resource permissions
Configure resource group permissions
Configure custom RBAC roles
Identify the appropriate role
Apply principle of least privilege
Domain 2 — Implement platform protection (15-20%)
This domain covers protecting and hardening virtual machines and configuring, protecting and isolating networks in Azure.
For this domain, individuals must have knowledge of:
Implementing advanced network security
Secure the connectivity of virtual networks (i.e., Virtual Private Network authentication and Express Route encryption)
Configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
Create and configure Azure Firewall
Configure Azure Front Door service as an Application Gateway
Configure a Web Application Firewall (WAF) on Azure Application Gateway
Configure Azure Bastion
Configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
Manage permissions to secrets, certificates and keys
Configure role-based access control (RBAC) usage in Azure Key Vault
Configure key rotation
Backup and restore of Key Vault items
The examination: Questions/format/length
The exam consists of 40 to 60 questions and you’ll have 180 minutes for the Microsoft Azure Security Technologies exam. Candidates are required to earn a minimum passing score of 700 out of 1000 points to pass.
As of September 2020, the Microsoft Azure Security Engineer Associate certificate expires after two years.
Cost of the Microsoft Azure Security Technologies (AZ-500) exam
The Microsoft Azure Security Technologies exam typically costs $165, but may differ slightly depending on the country where you write the exam.
Preparing for the Microsoft Azure Security Technologies (AZ-500) exam
There are a number of ways to prepare for the certifications, depending on the candidate’s experience level.
Microsoft Azure official site
The Microsoft Azure official site is the most reliable source of information. One of the best ways for preparing for the exam is reading the documentation, FAQs, whitepapers and case studies on the Microsoft Azure site. They are quite robust, explain the key areas in detail and provide up-to-date information.
There are a lot of courses available today which can be taken from the comfort of your house and at your own pace. They cover everything you need to know to take the exams in-depth and are usually updated with recent changes. In addition, many courses have the hands-on labs which allow you to deploy services on Microsoft Azure with step-by-step instructions.
Many of the questions you will encounter in the Microsoft Azure Security Technologies exam are scenario-based and case studies-based questions and having hands-on experience helps.
This is the most important step in preparing for the exam. Practice tests are said to be more difficult than the actual test. However, I believe encountering lots of practice tests helps to validate your understanding, identify areas of improvements and helps in developing approaches in understanding and solving the questions quickly. Practice tests also make you well-acquainted with the exam format and environment.
Where to write the Microsoft Azure Security Technologies (AZ-500) exam
Currently, there are two ways of taking the Microsoft Azure Security Technologies (AZ-500) exam.
Physical test center
This is the standard test-taking process where you register and take the exam in a local testing center. With the COVID-19 situation, most test centers are closed; however, you can check your local testing center for its policies.
You can take the exam in the comfort of your home or office using your computer. The exam delivery is monitored by a proctor via webcam and microphone. However, certain requirements must be met in order to maintain the integrity of the exam such as ensuring the room is free from disruptions, a scan of the work area by the proctor.
This overview describes what candidates need to know before taking the Microsoft Azure Security Technologies exam. Having a Microsoft Azure Certification is likely to boost your career. It is a great way to validate your skills and differentiate yourself from others. You’ll also need practical, hands-on experience and knowledge to guide you in real-life environments.