Article

Preparing for the AZ-500:Azure Security Engineer Associate

Skylines Academy Approach

About the AZ-500 and Azure Security Engineer Associate Badge

Over the past eight months, Microsoft has completed a transition within their Cloud
certification program from their traditional MCP, MCSA, MCSE certifications to the Role -
based programs. These Role-based exams and certifications align with the various areas of
production applications (M365), customer experience (Dynamics 365), and cloud
infrastructure (Azure).

Within the Azure cloud infrastructure certifications, there are varying tracks that can be
taken depending upon your role or interest. Security Engineer Associate is one of those
tracks. The Security Engineer Associate certification is obtained through passing of a single
exam, AZ-500.

The AZ-500 exam focuses on four key areas:

1. Manage identity and access

2. Implement platform protection
3. Manage security operations
4. Secure data and applications

Who should take the exam?

So, why would you consider becoming an Azure Security Engineer Associate? Microsoft
identifies the role as: ”Azure Security Engineers implement security controls and threat
protection, manage identity and access, and protect data, applications, and networks in cloud
and hybrid environments as part of end-to-end infrastructure.”
https://www.microsoft.com/en-us/learning/azure-security-engineer.aspx

An Azure Security Engineer has demonstrated the understanding of the services and tools
available within Azure. The Security Engineer can properly secure and harden platforms,
setup role-based and conditional access, manage storage account access, and monitor and
control services within Azure and on-premises. Having the ability to complete these tasks
properly, is a huge asset to any organization.

Why take the exam?

This certification has also become valued within the Microsoft partner ecosystem. A new
CSP competency for Security was released in August 2019. Silver level competency requires
one Azure Security Engineer Associate and Gold level requires four Azure Security Engineer
Associates.

©2019 Skylines Academy, LLC All rights reserved

 Article

To assist you in preparing you for your AZ-500 journey, Skylines Academy has created a
course focused on the learning objectives for the Azure Security Engineer Associate
certification.

This course will help you navigate the Azure security landsca pe, explore features and
functionalities such as managing identities and role-based access, and enable you to be the
go-to person for all things Azure security.

During your journey, Skylines Academy will lead you through a series of sections, modules,
and demos to prepare you for taking, and ultimately passing, the Microsoft Azure AZ -500
exam.

After taking this course, you will:

• Know how to implement secure infrastructure solutions in the Microsoft Azure

platform
• Have the information you need to pass the AZ-500 - Microsoft Azure Security
Technologies Certification
• Understand and translate Azure security core services and capabilities into real -world
situations

Enroll in the AZ-500 course or become a Skylines member for access to all courses, current
and future. Pass this along to three others in your organization and get your organization to
the Gold Security competency technical requirements. Good luck on your journey!

How to Prepare:

1. Review the Microsoft Exam Blueprints - This should be your first stop during exam
preparation. Microsoft uses the blueprint to break down topics and assign a weight (%
of questions) to the exams so you’ll have an idea how much to study for each
section.

2. Invest in an online course to help walk you through what’s going to be on

the Exam. Throughout the Skylines Academy Microsoft AZ-500 course, Master
Instructor Nick Colyer will walk you through objectives and demo with t he portal
and PowerShell knowledge you will need to take and pass the exam. Make sure to be
hands-on and spin up your own Azure environment to follow along.
3. Set up your own Azure subscription to familiarize yourself with Azure
services which are covered in the exam. Check out the free Azure Trial Account
Creation demo to help you get set up.

4. Brush up on PowerShell commands by downloading the free PowerShell

Reference Guide. You can complete the exam with the GUI or PowerShell, Microsoft
doesn’t score differently; As long as, you complete the task correctly. A command

©2019 Skylines Academy, LLC All rights reserved

 Article

line option may come up as the only way to solve an issue, so it is good to familiarize
yourselves with PowerShell commands.

5. Gain more detail with Microsoft Documentation. We’ve put together some
handy Study Guides which reference the most-relevant links for studying for the
exam. Study guides are also found within each course at the bottom section.
We understand that everyone has different learning styles. Some people require
additional post-course reading and Microsoft makes it easy to read up on any Azure
topic imaginable though docs.

6. Take practice tests. Specifically, for the 500, we’ve put together practice questions
based on our experience taking the exam and feedback from students. The questions
will be included at the end of each respective section of the AZ-500 course.

7. Ask your peers! There are thousands of like-minded individuals who are studying
for or have already taken the AZ-500 exam. Check out the Azure Study Group and
feel free to join, post, and see what your fellow Azure students are up to.

Other Useful Resources

1. Microsoft Learning Paths: There are also Microsoft learning paths online available for
different topics.
2. GitHub Repo: Here you can find labs to deploy code in your own environment.
3. Blogs: Here’s a list of blogs we found useful in studying for the Microsoft
certifications:
4. Build Azure: Chris Pietschmann provides comprehensive Azure updates and Microsoft
certification paths. We highly recommend this blog to keep up-to-date and find your
path to learning Azure.
5. Azure Greg: Gregor Suttie has a ton of passion and knowledge about all things Azure.
H also has some great posts on best practices and study links/resources.
6. PixelRobots: Richard Hooper is an MVP and was awarded the top 20 Azure blogs and
you will see why. His up to date content is a great resource to stay on top of the
ever-changing Azure services.

Let us know about your success! We love to empower our students and promote them. You
can reach us on Twitter, LinkedIn or Facebook

©2019 Skylines Academy, LLC All rights reserved

 Article

AZ-500 SKILLS MEASURED:

Manage identity and access

Configure Microsoft Azure Active Directory for workloads

• create App registration

• configure App registration permission scopes
• manage App registration permission consent
• configure multi-factor authentication settings
• manage Microsoft Azure AD directory groups
• manage Microsoft Azure AD users
• install and configure Microsoft Azure AD Connect
• configure authentication methods
• implement conditional access policies
• configure Microsoft Azure AD identity protection

Configure Microsoft Azure AD Privileged Identity Management

• monitor privileged access

• configure access reviews
• activate Privileged Identity Management

Configure Microsoft Azure tenant security

• transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants

• manage API access to Microsoft Azure subscriptions and resources

Implement platform protection

Implement network security

• configure virtual network connectivity

• configure Network Security Groups (NSGs)
• create and configure Microsoft Azure firewall
• create and configure application security groups

©2019 Skylines Academy, LLC All rights reserved

 Article

• configure remote access management

• configure baseline
• configure resource firewall

Implement host security

• configure endpoint security within the VM

• configure VM security
• harden VMs in Microsoft Azure
• configure system updates for VMs in Microsoft Azure
• configure baseline

Configure container security

• configure network
• configure authentication
• configure container isolation
• configure AKS security
• configure container registry
• configure container instance security
• implement vulnerability management

Implement Microsoft Azure Resource management security

• create Microsoft Azure resource locks

• manage resource group security
• configure Microsoft Azure policies
• configure custom RBAC roles
• configure subscription and resource permissions

Manage security operations

Configure security services

• configure Microsoft Azure monitor

• configure Microsoft Azure log analytics
• configure diagnostic logging and log retention

©2019 Skylines Academy, LLC All rights reserved

 Article

• configure vulnerability scanning

Configure security policies

• configure centralized policy management by using Microsoft Azure Security Center

• configure Just in Time VM access by using Microsoft Azure Security Center

Manage security alerts

• create and customize alerts

• review and respond to alerts and recommendations
• configure a playbook for a security event by using Microsoft Azure Security Center
• investigate escalated security incidents

Secure data and applications

Configure security policies to manage data

• configure data classification

• configure data retention
• configure data sovereignty

Configure security for data infrastructure

• enable database authentication

• enable database auditing
• configure Microsoft Azure SQL Database threat detection
• configure access control for storage accounts
• configure key management for storage accounts
• create and manage Shared Access Signatures (SAS)
• configure security for HDInsights
• configure security for Cosmos DB
• configure security for Microsoft Azure Data Lake

Configure encryption for data at rest

• implement Microsoft Azure SQL Database Always Encrypted

• implement database encryption

©2019 Skylines Academy, LLC All rights reserved

 Article

• implement Storage Service Encryption

• implement disk encryption
• implement backup encryption

Implement security for application delivery

• implement security validations for application development

• configure synthetic security transactions

Configure application security

• configure SSL/TLS certs

• configure Microsoft Azure services to protect web apps
• create an application security baseline

Configure and manage Key Vault

• manage access to Key Vault

• manage permissions to secrets, certificates, and keys
• manage certificates
• manage secrets
• configure key rotation

-Dwayne Natwick

©2019 Skylines Academy, LLC All rights reserved