AZ-500 Exam Tips

I recently passed AZ-500! I found the exam to be rather challenging; partially due to a lack of training resources. Here is a brief summary and some general prep-tips in case you are heading down the same path.

Exam AZ-500: Microsoft Azure Security Technologies

This a broad exam covering many topics. I recommend passing at least one foundational Azure exam as a prerequisite. I imagine it would be difficult to pass this exam without first establishing a baseline. The cool part is earning a Azure Security Engineer designation with a single exam!

The study materials are somewhat limited and the current exam is quickly becoming outdated. You can expect there are plans for a major revision in the near future.

A few bloggers have taken the time to map the exam objective to specific Microsoft documentation links. The online documentation is excellent but some of the objectives are not clearly defined. Don’t fully rely on a blogger’s interpretation of the objectives but this is a great start.

You may have difficulty finding AZ-500 specific courses. I recommend looking instead for courses and videos that overlap with the exam objectives and key technologies. I did complete a video-based course on Cloud Academy. The presentations were excellent but the course seemed to miss the mark as complete preparation resource.

AZ-500 touches on security concepts for nearly every service and resource in Azure. Take a step back and make sure you understand the core concepts first. The exam has a tendency to drift into foundational knowledge from time to time.

Per the exam objectives you will need to know Azure Monitor, Log Analytics, Azure AD, hybrid AD, Azure RBAC, subscription management, key vault management, conditional access, application authentication, service endpoints, securing SQL and storage, networking (NGS/ASG/firewall), Identity Protection, Security Center, Privileged Identity Management, antimalware solutions, ARM templates, Kubernetes, Cosmos DB, containers, HDInsighst, and Azure Data Lake among other topics.

The exam covers how to setup, manage, and troubleshoot everything Azure security related. The main exception being Azure Sentinel which was released after the exam.

Resources:

• Microsoft docs (azure.microsoft.com)
• Refer to the official exam objectives
• Bloggers with doc links based on exam objectives (a few examples)
  • Stanislas Quastana’s Study Guide
  • Marius Sandbu’s Study Guide
  • Ammar Hasayen’s Study Guide
• Could Academy has a decent (though somewhat dated) program
• Udemy has an inexpensive set of AZ-500 practice exams
• Look for additional training resources specific to the exam objectives:
  • Thomas Maurer – Securing your Azure environment (Ignite 2019)
  • Thomas Maurer – Planning and Implementing Hybrid Network Connectivity (Ignite 2019)

Exam Tips:

• Learn each core technology to a foundational level
• Take the exam early as a practice run
• Develop practical knowledge of NSG rules (find some scenarios among AZ networking training materials)
• Deep dive on Key Vault management and integration with storage and applications
• Learn how to distinguish between various data encryption solutions
• Pay close attention to role and license requirements
• Differentiate Identity Protection, Azure Monitor, Privileged Identify Management, Application Insights, and Security Center solutions

Finally, I recommend researching exam strategy. There are a variety of ways to improve exam performance with test taking best practices. Try to get a general sense of how things are done in Azure. You can usually narrow down questions to two potential answers. Use your Azure knowledge to help make an educated guess. I will caution that exam questions often drive home unique scenarios. If everything is pointing to a specific answer and you don’t know the answer for certain; take a closer look (you might be falling into a trap).