In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.
Contents
General
The Azure Security exam covers a broad range of Azure topics and this makes the exam so difficult. You need a wide range of understanding how Azure works and which security features Azure has. But the exam doesn`t focus on Azure. There are some additional areas that the exam cover for instance Intune.
Which areas are in my exam?
Here are a list of areas that are covered in my exam and some additional infos in the brackets.
- Azure AD
- How Azure AD works
- RBAC concept (Admin, contributor, etc.)
- What are App registrations
- Difference between PTA and PHS (AAD Connect)
- Conditional Access rules (How they work and how they interact)
- Identiy Protection (difference to PIM)
- Privileged Identity Management
- Network
- Network Security Groups
- Application Security Groups
- Azure Firewall
- Network concepts (Hub and spoke)
- Container
- Kubernetes security with ASC
- Network design
- Threat protection possibilities
- Deployment
- Completing ARM Templates
- Various topics
- Azure Monitor (generate alerts, data store, etc.)
- Azure Policy
- Management Groups
- Azure Blueprints
- Subscription movement
- Intune baseline management
- Just-in-time VM access
- Azure Security Center
- Storage Account (SAS, Keys, etc.)
- Difference between ER and S2S
- Resource locks
This are a overview of the different topics that are adressed in my exam.
Some questions
- Which license did you need for PIM?
- Which modes are valid for resource locks?
- Can you use tags for NSGs?
- Which are valid Azure monitor data sources?
- What are Azure policy initiatives?
- Which event will create an alert from SQL ATP?
Which resources I use to practice?
For exam preperation there are a lots of materials available in the Internet.
Mainly I focused on practice the different exam topics and used study guides from different MVPs. Additional I booked a course from OpenEDX. Here`s a list of used ressources:
- Az-500 exam study guide from Thomas Thornton
- Thomas has written a good study guide for preparation that includes additional links to the Microsoft Docs topics
- Az-500 exam study guid from Gregor Suttie
- Udemy
- There are some good courses at Udemy. Udemy offers periodical price discounts for the courses. I recommend the following courses:
- Open Edx Azure security exam
- has enrolled a new course for the exam that covers all exam topics. The course is free for the first 4 weeks after with a new account
The best way to take the exam succesfully is practice. Use the study guides and focus on each area with Microsoft docs and try the demo to get a unterstanding of each area and how they work together.
When you have questions please feel free to reach me via the comment or twitter.
Happy studying 🙂
I failed the exam on the first attempt. Managed 616, 84 less from the required 700 point.
WHat can you advice?
Hi Daniel,
this is really tight, too bad.
From my perspective, take a look at the result report for the taken exam. There you see the results in each exam section. Look at the areas with the lowest points and try to learn them again.
The Az-500 covers a large security area so take a look at the recommended study guides to get a better overview of what is needed/did you missed to learn.
Hope this helps you a little bit. Please feel free to reach me for additional questions.
Gregor
Hi Gregor,
I’m a network security engineer getting started with cloud – passe AZ-900 a few weeks ago. As I’m more geared towards security, I was hesitating between going for AZ-104 or AZ-500 next.
If I am to focus more on security topics, should I go for AZ-500 directly, or is it better to go for AZ-104 first to build stronger foundations and then focus on security with AZ-500 afterwards? What would be your recommendation?
Thanks for the feedback!
Hi Olivier,
thanks for reaching me. I will recommend you to go first with the Az-104, because this is the Azure Administrator exam and the skills in for this exam also needed for the Az-500. But it depends a little bit, how many experience do you have with Azure and how your feeling was with the Az-900.
The Az-104 needs a general understanding about Azure Administration and from my perspective is helpful as a basis knowledge for the Az-500.
The Az-500 is a wide range of different security topics and had a few questions related to Intune.
Hope this helps you.
Greetings
Gregor
Hi, Managed 688 of 700.
Would there be any way off remarking?
Hi Palen,
this is really close 😐
i don’t know any way, maybe you can ask pearson vue via chat, but honestly i don’t think it has much chance of success. There are free vouchers for 2nd shots, maybe that is the better alternative.
Greetings
Gregor
Hi Gregor,
do you need any previous knowledge for the exam?
Or do you think the Microsoft Learn Learning path is enough?(https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer)
I am really interested in IT Security, but have never worked with Azure before.
Hi Alex,
I really recommend you to start first with the Azure Administrator exam Az-104. All this things are really helpful to get a understanding how Azure works and to get knowledge about best practices for Identity, Security and so on.
This knowledge is necessary to understand the requirements for the Az-500. The Az-500 is a little bit tricky and inherit a broad range of different topics.
Hope this helps a little bit.
Greetings
Gregor
Thomas Thornton study guide is great as I recently passed the exam and it helped me lot. But that Udemy practice test didn’t work for me. Instead I practiced on this Microsoft AZ-500 practice test. It covers all the major exam topics, and practice test questions follow the official exam’s questioning style.
Hi Andrew,
congrats to the passed exam! Thanks for your notes, I will take a look at the recommended course.
Greetings
Gregor
Hello.
I have a question regarding the SC-300 exam.
Last year, I passed AZ-900 and SC-900 and I am currently preparing for SC-300, the exam is scheduled for next month.
I am very interested in working in Identity and Access Management and I even started a HackTheBox Academy course to get a better and deeper understanding of Active Directory. My question is, is it possible to focus only on IAM or is that rather one part of the role as SysAdmin or Cybersecurity Engineer? Or should I even consider adding AZ-500 as the next step? I am also preparing for CompTIA Sec+. TIA
Hi Pierre,
sounds a good plan. Please note the and SC-300 focuses on Entra ID (Azure AD) and only covers Active Directory in the specific details around Entra Connect Sync.
The SC-300 focuses very strongly on IAM. However, from two perspectives: Identity Management and Security.
One focus, for example, is conditional access and, linked to this, a little bit of Intune with regard to device compliance for conditional access. In addition, the topics around synchronization of identities from the AD.
The SC-exams have a strong focus on Identity topics. The Az-exams focussing on Azure topics and in this space the Az-500 covers the overall security for an Azure environment, like Defender for Cloud, Networking, Governance and more.
When you will focus on IAM I suggest to take the SC-100 (Zero Trust approach) and SC-200 (Identity Operationals).
Greetings
Gregor