AZ-500T00 Microsoft Azure Security Technologies

The TrainACE AZ-500T00: Microsoft Azure Security Technologies class helps professionals gain the knowledge and skills needed to secure their cloud environment. It covers a wide range of topics, including security controls, security posture, access management, platform protection, data and applications protection, and security operations.

This course is designed to provide an in-depth understanding of the different security controls available in Microsoft Azure. It also provides insights into how these controls can be used to protect an organization's data and applications from external threats. The course will help professionals develop the necessary skills to secure their cloud environment and maintain a good security posture.

This class will prepare you for the AZ500 Microsoft Azure Security Technologies certification exam

 

 

 

 

Why Take Azure Security Training (AZ-500T00) Training?

Microsoft Azure Security Training (AZ-500T00) is a great way to learn about how to protect your business from cyber threats and ensure that your security posture is up to date. This course will provide you with an in-depth understanding of the different security controls available in Microsoft Azure, including access control, platform protection, data and applications protection, and security operations. You will be able to develop an understanding of how these controls can be used together to create a secure environment for your organization. Through this course, you will gain the knowledge and skills necessary to protect your business from cyber threats and safeguard its data and applications.

Signup today for our convenient 4-day Azure Security boot camp!

What You Need to Know Before Taking Azure Security Training (AZ-500T00)

To ensure success, learners should already possess a comprehensive understanding of security best practices, defense in depths principals, least privileged access requirements, multi-factor authentication techniques, and shared responsibility models. They should also be familiar with the zero-trust model of security.

Students must understand the importance of data encryption, secure networking protocols like VPNs, IPSecs, and SSLs, as well as Azure workload deployment. These are all essential components of any successful cybersecurity system.

This course is not designed for those with no knowledge of Azure administration. It is targeted towards individuals who have expertise in Windows & Linux OS and can script using PowerShell & CLI. That being said, the content focuses more on security-related aspects of Azure management.

Recommended Prerequisites:

Ideally candidates should have taken the AZ-104T00 Microsoft Azure Administrator training class or gained equivalent experience

What Are the Benefits of Azure Security Certification?

Gaining the AZ-500T00 Microsoft Azure Security certification is a great way to demonstrate your expertise in cloud security. With this certification, you will be able to understand the core security principles and practices of the Microsoft Azure platform and its associated technologies. This certification will also help you to protect data, applications, and infrastructure on the Azure platform. You will learn how to secure access control, detect threats, protect data and applications, implement platform protection, as well as manage identity and access management. You will also gain an understanding of security operations on the Azure platform. By gaining this certification, you can show employers that you have a strong understanding of cloud security principles and practices, which can help to improve your organization’s overall security posture.

Azure Security Technologies (AZ-500) Exam and Certification Requirements:

Current exam number AZ500

• Maximum of 60 questions
• Time Length 150 minutes
• Passing Score 700 (70%)

Who needs Azure Security Technologies Certification?

Engineers planning to take the AZ500 exam or Azure Security Engineers who need to carry out security tasks in their job can benefit from this course. It would also be useful for engineers whose roles require them to secure Azure-based platforms, thus protecting an organization's data.

What will I learn in this Azure Security Technologies class?

Manage identity and access (25–30%)

Manage identities in Azure AD

• Secure users in Azure AD
• Secure directory groups in Azure AD
• Recommend when to use external identities
• Secure external identities
• Implement Azure AD Identity Protection

Manage authentication by using Azure AD

• Configure Microsoft Entra Verified ID
• Implement multi-factor authentication (MFA)
• Implement passwordless authentication
• Implement password protection
• Implement single sign-on (SSO)
• Integrate single sign-on (SSO) and identity providers
• Recommend and enforce modern authentication protocols

Manage authorization by using Azure AD

• Configure Azure role permissions for management groups, subscriptions, resource groups, and resources
• Assign built-in roles in Azure AD
• Assign built-in roles in Azure
• Create and assign custom roles, including Azure roles and Azure AD roles
• Implement and manage Microsoft Entra Permissions Management
• Configure Azure AD Privileged Identity Management (PIM)
• Configure role management and access reviews by using Microsoft Entra Identity Governance
• Implement Conditional Access policies Manage application access in Azure AD

Manage access to enterprise applications in Azure AD, including OAuth permission grants

• Manage app registrations in Azure AD
• Configure app registration permission scopes
• Manage app registration permission consent
• Manage and use service principals
• Manage managed identities for Azure resources
• Recommend when to use and configure authentication for an Azure AD Application Proxy

Secure networking (20–25%)

Plan and implement security for virtual networks

• Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)
• Plan and implement user-defined routes (UDRs)
• Plan and implement VNET peering or VPN gateway
• Plan and implement Virtual WAN, including secured virtual hub
• Secure VPN connectivity, including point-to-site and site-to-site
• Implement encryption over ExpressRoute
• Configure firewall settings on PaaS resources
• Monitor network security by using Network Watcher, including NSG flow logging

Plan and implement security for private access to Azure resources

• Plan and implement virtual network Service Endpoints
• Plan and implement Private Endpoints
• Plan and implement Private Link services
• Plan and implement network integration for Azure App Service and Azure Functions
• Plan and implement network security configurations for an App Service Environment (ASE)
• Plan and implement network security configurations for an Azure SQL Managed Instance

Plan and implement security for public access to Azure resources

• Plan and implement TLS to applications, including Azure App Service and API Management
• Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies
• Plan and implement an Azure Application Gateway
• Plan and implement an Azure Front Door, including Content Delivery Network (CDN)
• Plan and implement a Web Application Firewall (WAF)
• Recommend when to use Azure DDoS Protection Standard

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

• Plan and implement remote access to public endpoints, including Azure Bastion and JIT
• Configure network isolation for Azure Kubernetes Service (AKS)
• Secure and monitor AKS
• Configure authentication for AKS
• Configure security monitoring for Azure Container Instances (ACIs)
• Configure security monitoring for Azure Container Apps (ACAs)
• Manage access to Azure Container Registry (ACR)
• Configure disk encryption, including Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption
• Recommend security configurations for Azure API Management

Plan and implement security for storage

• Configure access control for storage accounts
• Manage life cycle for storage account access keys
• Select and configure an appropriate method for access to Azure Files
• Select and configure an appropriate method for access to Azure Blob Storage
• Select and configure an appropriate method for access to Azure Tables
• Select and configure an appropriate method for access to Azure Queues
• Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage
• Configure Bring your own key (BYOK)
• Enable double encryption at the Azure Storage infrastructure level

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

• Enable database authentication by using Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra
• Enable database auditing
• Identify use cases for the Microsoft Purview governance portal
• Implement data classification of sensitive information by using the Microsoft Purview governance portal
• Plan and implement dynamic masking
• Implement Transparent Database Encryption (TDE)
• Recommend when to use Azure SQL Database Always Encrypted

Manage security operations (25–30%)

Plan, implement, and manage governance for security

• Create, assign, and interpret security policies and initiatives in Azure Policy
• Configure security settings by using Azure Blueprint
• Deploy secure infrastructures by using a landing zone
• Create and configure an Azure Key Vault
• Recommend when to use a Dedicated HSM
• Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
• Manage certificates, secrets, and keys
• Configure key rotation
• Configure backup and recovery of certificates, secrets, and keys

Manage security posture by using Microsoft Defender for Cloud

• Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory
• Assess compliance against security frameworks and Microsoft Defender for Cloud
• Add industry and regulatory standards to Microsoft Defender for Cloud
• Add custom initiatives to Microsoft Defender for Cloud
• Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud
• Identify and monitor external assets by using Microsoft Defender External Attack Surface Management

Configure and manage threat protection by using Microsoft Defender for Cloud

• Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS
• Configure Microsoft Defender for Servers
• Configure Microsoft Defender for Azure SQL Database
• Manage and respond to security alerts in Microsoft Defender for Cloud
• Configure workflow automation by using Microsoft Defender for Cloud
• Evaluate vulnerability scans from Microsoft Defender for Server

Configure and manage security monitoring and automation solutions

• Monitor security events by using Azure Monitor
• Configure data connectors in Microsoft Sentinel
• Create and customize analytics rules in Microsoft Sentinel
• Evaluate alerts and incidents in Microsoft Sentinel
• Configure automation in Microsoft Sentinel