Description

Guarantee your AZ-500 exam success with examkiller's study guide. The AZ-500 practice test questions are developed by experiences Microsoft Certification Professionals who working in todays prospering companies and Microsoft exam data center.

Exam Number: AZ-500

Exam Title: Microsoft Azure Security Technologies

Passing Score: 700 (Total Score: 1000)(Tips: You should pass 70% for each section of the exam (bar on the chart), or else you still faild the exam even your total score more than 700 )

Origin Provider: ExamKiller

Total Questions: 349 QAs

Type: Real Exam Questions

Guarantee: 100% Pass Guarantee

Demo: Click Here for Check Demo

Microsoft AZ-500 Exam Objectives

Manage identity and access (25–30%)

Manage identities in Azure AD

• Secure users in Azure AD
• Secure directory groups in Azure AD
• Recommend when to use external identities
• Secure external identities
• Implement Azure AD Identity Protection

Manage authentication by using Azure AD

• Configure Microsoft Entra Verified ID
• Implement multi-factor authentication (MFA)
• Implement passwordless authentication
• Implement password protection
• Implement single sign-on (SSO)
• Integrate single sign on (SSO) and identity providers
• Recommend and enforce modern authentication protocols

Manage authorization by using Azure AD

• Configure Azure role permissions for management groups, subscriptions, resource groups, and resources
• Assign built-in roles in Azure AD
• Assign built-in roles in Azure
• Create and assign custom roles, including Azure roles and Azure AD roles
• Implement and manage Microsoft Entra Permissions Management
• Configure Azure AD Privileged Identity Management (PIM)
• Configure role management and access reviews by using Microsoft Entra Identity Governance
• Implement Conditional Access policies

Manage application access in Azure AD

• Manage access to enterprise applications in Azure AD, including OAuth permission grants
• Manage app registrations in Azure AD
• Configure app registration permission scopes
• Manage app registration permission consent
• Manage and use service principals
• Manage managed identities for Azure resources
• Recommend when to use and configure an Azure AD Application Proxy, including authentication

Secure networking (20–25%)

Plan and implement security for virtual networks

• Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)
• Plan and implement user-defined routes (UDRs)
• Plan and implement VNET peering or VPN gateway
• Plan and implement Virtual WAN, including secured virtual hub
• Secure VPN connectivity, including point-to-site and site-to-site
• Implement encryption over ExpressRoute
• Configure firewall settings on PaaS resources
• Monitor network security by using Network Watcher, including NSG flow logging

Plan and implement security for private access to Azure resources

• Plan and implement virtual network Service Endpoints
• Plan and implement Private Endpoints
• Plan and implement Private Link services
• Plan and implement network integration for Azure App Service and Azure Functions
• Plan and implement network security configurations for an App Service Environment (ASE)
• Plan and implement network security configurations for an Azure SQL Managed Instance

Plan and implement security for public access to Azure resources

• Plan and implement TLS to applications, including Azure App Service and API Management
• Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies
• Plan and implement an Azure Application Gateway
• Plan and implement an Azure Front Door, including Content Delivery Network (CDN)
• Plan and implement a Web Application Firewall (WAF)
• Recommend when to use Azure DDoS Protection Standard

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

• Plan and implement remote access to public endpoints, including Azure Bastion and JIT
• Configure network isolation for Azure Kubernetes Service (AKS)
• Secure and monitor AKS
• Configure authentication for AKS
• Configure security monitoring for Azure Container Instances (ACIs)
• Configure security monitoring for Azure Container Apps (ACAs)
• Manage access to Azure Container Registry (ACR)
• Configure disk encryption, including Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption
• Recommend security configurations for Azure API Management

Plan and implement security for storage

• Configure access control for storage accounts
• Manage life cycle for storage account access keys
• Select and configure an appropriate method for access to Azure Files
• Select and configure an appropriate method for access to Azure Blob Storage
• Select and configure an appropriate method for access to Azure Tables
• Select and configure an appropriate method for access to Azure Queues
• Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage
• Configure Bring your own key (BYOK)
• Enable double encryption at the Azure Storage infrastructure level

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

• Enable database authentication by using Microsoft Azure AD
• Enable database auditing
• Identify use cases for the Microsoft Purview governance portal
• Implement data classification of sensitive information by using the Microsoft Purview governance portal
• Plan and implement dynamic masking
• Implement Transparent Database Encryption (TDE)
• Recommend when to use Azure SQL Database Always Encrypted

Manage security operations (25–30%)

Plan, implement, and manage governance for security

• Create, assign, and interpret security policies and initiatives in Azure Policy
• Configure security settings by using Azure Blueprint
• Deploy secure infrastructures by using a landing zone
• Create and configure an Azure Key Vault
• Recommend when to use a Dedicated HSM
• Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
• Manage certificates, secrets, and keys
• Configure key rotation
• Configure backup and recovery of certificates, secrets, and keys

Manage security posture by using Microsoft Defender for Cloud

• Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory
• Assess compliance against security frameworks and Microsoft Defender for Cloud
• Add industry and regulatory standards to Microsoft Defender for Cloud
• Add custom initiatives to Microsoft Defender for Cloud
• Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud
• Identify and monitor external assets by using Microsoft Defender External Attack Surface Management

Configure and manage threat protection by using Microsoft Defender for Cloud

• Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS
• Configure Microsoft Defender for Servers
• Configure Microsoft Defender for Azure SQL Database
• Manage and respond to security alerts in Microsoft Defender for Cloud
• Configure workflow automation by using Microsoft Defender for Cloud
• Evaluate vulnerability scans from Microsoft Defender for Server

Configure and manage security monitoring and automation solutions

• Monitor security events by using Azure Monitor
• Configure data connectors in Microsoft Sentinel
• Create and customize analytics rules in Microsoft Sentinel
• Evaluate alerts and incidents in Microsoft Sentinel
• Configure automation in Microsoft Sentinel

Additional Information

0 Reviews for Microsoft AZ-500 Real Exam Questions