The Microsoft Certified: Azure Security Engineer Associate certification is intended for candidates who are able to use Azure security controls to secure data, access, applications, networks in cloud and hybrid environments as part of an end-to-end infrastructure. The accredited candidates possess skills to manage the security posture, identify and remediate vulnerabilities, apply threat protection, and are ready to respond to security incident escalations. Since this designation is designed for professionals, candidates are required to have practical experience in the administration of Azure and hybrid environments, and with Azure services, security operations processes, along with cloud capabilities.
The exam you need to pass to obtain the Microsoft Certified: Azure Security Engineer Associate accreditation is known as Microsoft Azure Security Technologies or AZ-500. It includes from 40 to 60 questions which candidates are to complete within either 100 or 120 minutes (depending on the presence of labs in the exam or not). The exam will cost you $165.
Before enrolling in the process of taking the AZ-500 exam, note, that it covers 4 domains:
The first domain refers to managing identity and access. In this section, your skills to manage Azure AD group and users, external identities, and administrative units will be checked. In addition, your proficiency in using Conditional Access policies, Azure AD Identity Protection, passwordless authentication, configuring access reviews, app registration permission consent, assigning built-in Azure AD roles and custom roles will be validated.
The second domain is dedicated to the implementation of platform protection. And your ability to secure the connectivity of virtual and hybrid networks, configuration of Azure Firewall, Azure App Gateway, FrontDoor, a resource firewall, as well as to apply Azure Service Endpoints, Azure Private Links, Azure DDoS Protection will be assessed. Besides, your skills to use and operate the security updates for VMs, configure security for an Azure App Service, encryption in transit and at rest will be tested.
The third domain is focused on managing security operations. So, you need to demonstrate your skills to configure a custom security policy, security settings as well as auditing with the help of Azure Policy, configure Azure Defender for SQL and for Servers, implement the Microsoft Threat Modeling Tool, monitor security logs with the help of Azure Monitor, and evaluate alerts and incidents in Azure Sentinel.
The fourth domain checks your skills to secure apps and data, which means that you need to be able to configure access control for storage accounts, Azure AD authentication for Azure Storage and Files, storage account access keys, and delegated access. Besides, you need to apply network isolation for data solutions and database encryption for Azure SQL Database. Moreover, your skills to create and configure access to Key Vault, operate certificates, keys, and secrets and configure their backup and recovery, along with key rotation will also be checked.
Don’t think that this Microsoft exam is impossible to crack and the certification can’t be gained from the first attempt. You can do it if you know the topics covered and prepare for the exam thoroughly. Additionally, Microsoft is a great vendor as it offers both free and paid training courses that you can choose and follow.
And to motivate you more, the Microsoft certified Azure Security Engineers of the associate-level earn from $126,732 to $187,000 annually, as stated on the Ziprecruiter website.