How I pass the Azure Security Exam Az-500

In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.

Contents

General

The Azure Security exam covers a broad range of Azure topics and this makes the exam so difficult. You need a wide range of understanding how Azure works and which security features Azure has. But the exam doesn`t focus on Azure. There are some additional areas that the exam cover for instance Intune.

Which areas are in my exam?

Here are a list of areas that are covered in my exam and some additional infos in the brackets.

  • Azure AD
    • How Azure AD works
    • RBAC concept (Admin, contributor, etc.)
    • What are App registrations
    • Difference between PTA and PHS (AAD Connect)
    • Conditional Access rules (How they work and how they interact)
    • Identiy Protection (difference to PIM)
    • Privileged Identity Management
  • Network
    • Network Security Groups
    • Application Security Groups
    • Azure Firewall
    • Network concepts (Hub and spoke)
  • Container
    • Kubernetes security with ASC
    • Network design
    • Threat protection possibilities
  • Deployment
    • Completing ARM Templates
  • Various topics
    • Azure Monitor (generate alerts, data store, etc.)
    • Azure Policy
    • Management Groups
    • Azure Blueprints
    • Subscription movement
    • Intune baseline management
    • Just-in-time VM access
    • Azure Security Center
    • Storage Account (SAS, Keys, etc.)
    • Difference between ER and S2S
    • Resource locks

This are a overview of the different topics that are adressed in my exam.

Some questions

  • Which license did you need for PIM?
  • Which modes are valid for resource locks?
  • Can you use tags for NSGs?
  • Which are valid Azure monitor data sources?
  • What are Azure policy initiatives?
  • Which event will create an alert from SQL ATP?

Which resources I use to practice?

For exam preperation there are a lots of materials available in the Internet.

Mainly I focused on practice the different exam topics and used study guides from different MVPs. Additional I booked a course from OpenEDX. Here`s a list of used ressources:

The best way to take the exam succesfully is practice. Use the study guides and focus on each area with Microsoft docs and try the demo to get a unterstanding of each area and how they work together.

When you have questions please feel free to reach me via the comment or twitter.

Happy studying 🙂

13 thoughts on “How I pass the Azure Security Exam Az-500”

  1. I failed the exam on the first attempt. Managed 616, 84 less from the required 700 point.

    WHat can you advice?

    1. Hi Daniel,
      this is really tight, too bad.
      From my perspective, take a look at the result report for the taken exam. There you see the results in each exam section. Look at the areas with the lowest points and try to learn them again.
      The Az-500 covers a large security area so take a look at the recommended study guides to get a better overview of what is needed/did you missed to learn.
      Hope this helps you a little bit. Please feel free to reach me for additional questions.
      Gregor

  2. Hi Gregor,
    I’m a network security engineer getting started with cloud – passe AZ-900 a few weeks ago. As I’m more geared towards security, I was hesitating between going for AZ-104 or AZ-500 next.
    If I am to focus more on security topics, should I go for AZ-500 directly, or is it better to go for AZ-104 first to build stronger foundations and then focus on security with AZ-500 afterwards? What would be your recommendation?
    Thanks for the feedback!

    1. Hi Olivier,
      thanks for reaching me. I will recommend you to go first with the Az-104, because this is the Azure Administrator exam and the skills in for this exam also needed for the Az-500. But it depends a little bit, how many experience do you have with Azure and how your feeling was with the Az-900.
      The Az-104 needs a general understanding about Azure Administration and from my perspective is helpful as a basis knowledge for the Az-500.
      The Az-500 is a wide range of different security topics and had a few questions related to Intune.
      Hope this helps you.
      Greetings
      Gregor

    1. Hi Palen,
      this is really close 😐
      i don’t know any way, maybe you can ask pearson vue via chat, but honestly i don’t think it has much chance of success. There are free vouchers for 2nd shots, maybe that is the better alternative.
      Greetings
      Gregor

    1. Hi Alex,
      I really recommend you to start first with the Azure Administrator exam Az-104. All this things are really helpful to get a understanding how Azure works and to get knowledge about best practices for Identity, Security and so on.
      This knowledge is necessary to understand the requirements for the Az-500. The Az-500 is a little bit tricky and inherit a broad range of different topics.
      Hope this helps a little bit.
      Greetings
      Gregor

  3. Thomas Thornton study guide is great as I recently passed the exam and it helped me lot. But that Udemy practice test didn’t work for me. Instead I practiced on this Microsoft AZ-500 practice test. It covers all the major exam topics, and practice test questions follow the official exam’s questioning style.

    1. Hi Andrew,
      congrats to the passed exam! Thanks for your notes, I will take a look at the recommended course.
      Greetings
      Gregor

  4. Hello.
    I have a question regarding the SC-300 exam.
    Last year, I passed AZ-900 and SC-900 and I am currently preparing for SC-300, the exam is scheduled for next month.
    I am very interested in working in Identity and Access Management and I even started a HackTheBox Academy course to get a better and deeper understanding of Active Directory. My question is, is it possible to focus only on IAM or is that rather one part of the role as SysAdmin or Cybersecurity Engineer? Or should I even consider adding AZ-500 as the next step? I am also preparing for CompTIA Sec+. TIA

    1. Hi Pierre,
      sounds a good plan. Please note the and SC-300 focuses on Entra ID (Azure AD) and only covers Active Directory in the specific details around Entra Connect Sync.
      The SC-300 focuses very strongly on IAM. However, from two perspectives: Identity Management and Security.
      One focus, for example, is conditional access and, linked to this, a little bit of Intune with regard to device compliance for conditional access. In addition, the topics around synchronization of identities from the AD.
      The SC-exams have a strong focus on Identity topics. The Az-exams focussing on Azure topics and in this space the Az-500 covers the overall security for an Azure environment, like Defender for Cloud, Networking, Governance and more.
      When you will focus on IAM I suggest to take the SC-100 (Zero Trust approach) and SC-200 (Identity Operationals).

      Greetings
      Gregor

Leave a Reply

Your email address will not be published. Required fields are marked *