AZ-500 Practice test - Latest (2023)

About AZ-500 Practice test - Latest (2023)

These Practice question sets is developed based on the inputs and Microsoft Latest dumps. Consider this module as a practice test to get clear understanding on the format.

Candidates for this exam implement, manage, and monitor security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. They recommend security components and configurations to protect identity & access, data, applications, and networks. Responsibilities for an Azure security engineer include managing the security posture, identifying and remediating vulnerabilities, performing threat modelling, and implementing threat protection. They may also participate in responding to security incidents. Azure security engineers work with architects, administrators, and developers to plan and implement solutions that meet security and compliance requirements. The Azure security engineer should have practical experience in administration of Microsoft Azure and hybrid environments. The Azure security engineer should have a strong familiarity with compute, network, and storage in Azure, as well as Azure Active Directory, part of Microsoft Entra.

Audience profile

The Azure Security Engineer implements, manages, and monitors security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. They recommend security components and configurations to protect identity & access, data, applications, and networks. Responsibilities for an Azure Security Engineer include managing the security posture, identifying and remediating vulnerabilities, performing threat modelling, and implementing threat protection. They may also participate in responding to security incidents. Azure Security Engineers work with architects, administrators, and developers to plan and implement solutions that meet security and compliance requirements. The Azure Security Engineer should have practical experience in administration of Microsoft Azure and hybrid environments. The Azure Security Engineer should have a strong familiarity with compute, network, and storage in Azure, as well as Azure Active Directory, part of Microsoft Entra.

Manage identity and access (25–30%)

Secure networking (20–25%)

Secure compute, storage, and databases (20–25%)

Manage security operations (25–30%)

AZ-500 -

Skills Measured -

Manage identity and access (25–30%)

Manage identities in Azure AD

Secure users in Azure AD

Secure directory groups in Azure AD

Recommend when to use external identities

Secure external identities

Implement Azure AD Identity Protection

Manage authentication by using Azure AD

Configure Microsoft Entra Verified ID

Implement multi-factor authentication (MFA)

Implement passwordless authentication

Implement password protection

Implement single sign-on (SSO)

Integrate single sign on (SSO) and identity providers

Recommend and enforce modern authentication protocols

Manage authorization by using Azure AD

Configure Azure role permissions for management groups, subscriptions, resource groups, and resources

Assign built-in roles in Azure AD

Assign built-in roles in Azure

Create and assign custom roles, including Azure roles and Azure AD roles

Implement and manage Microsoft Entra Permissions Management

Configure Azure AD Privileged Identity Management (PIM)

Configure role management and access reviews by using Microsoft Entra Identity Governance

Implement Conditional Access policies

Manage application access in Azure AD

Manage access to enterprise applications in Azure AD, including OAuth permission grants

Manage app registrations in Azure AD

Configure app registration permission scopes

Manage app registration permission consent

Manage and use service principals

Manage managed identities for Azure resources

Recommend when to use and configure an Azure AD Application Proxy, including authentication

Secure networking (20–25%)

Plan and implement security for virtual networks

Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)

Plan and implement user-defined routes (UDRs)

Plan and implement VNET peering or VPN gateway

Plan and implement Virtual WAN, including secured virtual hub

Secure VPN connectivity, including point-to-site and site-to-site

Implement encryption over ExpressRoute

Configure firewall settings on PaaS resources

Monitor network security by using Network Watcher, including NSG flow logging

Plan and implement security for private access to Azure resources

Plan and implement virtual network Service Endpoints

Plan and implement Private Endpoints

Plan and implement Private Link services

Plan and implement network integration for Azure App Service and Azure Functions

Plan and implement network security configurations for an App Service Environment (ASE)

Plan and implement network security configurations for an Azure SQL Managed Instance

Plan and implement security for public access to Azure resources

Plan and implement TLS to applications, including Azure App Service and API Management

Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies

Plan and implement an Azure Application Gateway

Plan and implement an Azure Front Door, including Content Delivery Network (CDN)

Plan and implement a Web Application Firewall (WAF)

Recommend when to use Azure DDoS Protection Standard

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

Plan and implement remote access to public endpoints, including Azure Bastion and JIT

Configure network isolation for Azure Kubernetes Service (AKS)

Secure and monitor AKS

Configure authentication for AKS

Configure security monitoring for Azure Container Instances (ACIs)

Configure security monitoring for Azure Container Apps (ACAs)

Manage access to Azure Container Registry (ACR)

Configure disk encryption, including Azure Disk Encryption (ADE), encryption as host, and confidential disk encryption

Recommend security configurations for Azure API Management

Plan and implement security for storage

Configure access control for storage accounts

Manage life cycle for storage account access keys

Select and configure an appropriate method for access to Azure Files

Select and configure an appropriate method for access to Azure Blob Storage

Select and configure an appropriate method for access to Azure Tables

Select and configure an appropriate method for access to Azure Queues

Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage

Configure Bring your own key (BYOK)

Enable double encryption at the Azure Storage infrastructure level

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

Enable database authentication by using Microsoft Azure AD

Enable database auditing

Identify use cases for the Microsoft Purview governance portal

Implement data classification of sensitive information by using the Microsoft Purview governance portal

Plan and implement dynamic masking

Implement Transparent Database Encryption (TDE)

Recommend when to use Azure SQL Database Always Encrypted

Manage security operations (25–30%)

Plan, implement, and manage governance for security

Create, assign, and interpret security policies and initiatives in Azure Policy

Configure security settings by using Azure Blueprint

Deploy secure infrastructures by using a landing zone

Create and configure an Azure Key Vault

Recommend when to use a Dedicated HSM

Configure access to Key Vault, including vault access policies and Azure Role Based Access Control

Manage certificates, secrets, and keys

Configure key rotation

Configure backup and recovery of certificates, secrets, and keys

Manage security posture by using Microsoft Defender for Cloud

Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory

Assess compliance against security frameworks and Microsoft Defender for Cloud

Add industry and regulatory standards to Microsoft Defender for Cloud

Add custom initiatives to Microsoft Defender for Cloud

Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud

Identify and monitor external assets by using Microsoft Defender External Attack Surface Management

Configure and manage threat protection by using Microsoft Defender for Cloud

Enable workload protection services in Microsoft Defender for Cloud, including Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, Resource Manager, and DNS

Configure Microsoft Defender for Servers

Configure Microsoft Defender for Azure SQL Database

Manage and respond to security alerts in Microsoft Defender for Cloud

Configure workflow automation by using Microsoft Defender for Cloud

Evaluate vulnerability scans from Microsoft Defender for Server

Configure and manage security monitoring and automation solutions

Monitor security events by using Azure Monitor

Configure data connectors in Microsoft Sentinel

Create and customize analytics rules in Microsoft Sentinel

Evaluate alerts and incidents in Microsoft Sentinel

Configure automation in Microsoft Sentinel

MS-500 -

Candidates for this exam have functional experience with Microsoft 365 workloads and with Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. They have implemented security for Microsoft 365 environments, including hybrid environments. They have a working knowledge of Windows clients, Windows servers, Active Directory, and PowerShell.

Implement and manage identity and access (25-30%)

Implement and manage threat protection (30-35%)

Implement and manage information protection (15-20%)

Manage compliance in Microsoft 365 (20-25%)

Implement and manage identity and access (25-30%)

Plan and implement identity and access for Microsoft 365 hybrid environments

Choose an authentication method to connect to a hybrid environment

Plan and implement pass-through authentication and password hash sync

Plan and implement Azure AD synchronization for hybrid environments

Monitor and troubleshoot Azure AD Connect events

Plan and implement identities in Azure AD

Implement Azure AD group membership

Implement password management, including self-service password reset and Azure AD Password Protection

Manage external identities in Azure AD and Microsoft 365 workloads

Plan and implement roles and role groups

Audit Azure AD

Implement authentication methods

Implement multi-factor authentication (MFA) by using conditional access policies

Manage and monitor MFA

Plan and implement Windows Hello for Business, FIDO, and password less authentication

Plan and implement conditional access

Plan and implement conditional access policies

Plan and implement device compliance policies

Test and troubleshoot conditional access policies

Configure and manage identity governance

Implement Azure AD Privileged Identity Management

Implement and manage entitlement management

Implement and manage access reviews

Implement Azure AD Identity Protection

Implement user risk policy

Implement sign-in risk policy

Configure Identity Protection alerts

Review and respond to risk events

Implement and manage threat protection (30-35%)

Secure identity by using Microsoft Defender for Identity

Plan a Microsoft Defender for Identity solution

Install and configure Microsoft Defender for Identity

Manage and monitor Microsoft Defender for Identity

Secure score

Analyze identity-related threats and risks identified in Microsoft 365 Defender

Secure endpoints by using Microsoft Defender for Endpoint

Plan a Microsoft Defender for Endpoint solution

Implement Microsoft Defender for Endpoint

Manage and monitor Microsoft Defender for Endpoint

Analyze and remediate threats and risks to endpoints identified in Microsoft 365 Defender

Secure endpoints by using Microsoft Endpoint Manager

Plan for device and application protection

Configure and manage Microsoft Defender Application Guard

Configure and manage Windows Defender Application Control

Configure and manage exploit protection

Configure and manage device encryption

Configure and manage application protection policies

Monitor and manage device security status using Microsoft Endpoint Manager admin center

Analyze and remediate threats and risks to endpoints identified in Microsoft Endpoint Manager

Secure collaboration by using Microsoft Defender for Office 365

Plan a Microsoft Defender for Office 365 solution

Configure Microsoft Defender for Office 365

Monitor for threats by using Microsoft Defender for Office 365

Analyze and remediate threats and risks to collaboration workloads identified in Microsoft 365 Defender

Conduct simulated attacks by using Attack simulation training

Detect and respond to threats in Microsoft 365 by using Microsoft Sentinel

Plan a Microsoft Sentinel solution for Microsoft 365

Implement and configure Microsoft Sentinel for Microsoft 365

Manage and monitor Microsoft 365 security by using Microsoft Sentinel

Respond to threats using built-in playbooks in Microsoft Sentinel

Secure connections to cloud apps by using Microsoft Defender for Cloud Apps

Plan Microsoft Defender for Cloud Apps implementation

Configure Microsoft Defender for Cloud Apps

Manage cloud app discovery

Manage entries in the Microsoft Defender for Cloud Apps catalog

Manage apps in Microsoft Defender for Cloud Apps

Configure Microsoft Defender for Cloud Apps connectors and OAuth apps

Configure Microsoft Defender for Cloud Apps policies and templates

Analyze and remediate threats and risks relating to cloud app connections identified in Microsoft 365 Defender

Manage App governance in Microsoft Defender for Cloud Apps

Implement and manage information protection (15-20%)

Manage sensitive information

Plan a sensitivity label solution

Create and manage sensitive information types

Configure sensitivity labels and policies

Publish sensitivity labels to Microsoft 365 workloads

Monitor data classification and label usage by using Content explorer and Activity explorer

Apply labels to files and schematized data assets in Microsoft Purview Data Map

Implement and manage Microsoft Purview Data Loss Prevention (DLP)

Plan a DLP solution

Create and manage DLP policies for Microsoft 365 workloads

Implement and manage Endpoint DLP

Monitor DLP

Respond to DLP alerts and notifications

Plan and implement Microsoft Purview Data lifecycle management

Plan for data lifecycle management

Review and interpret data lifecycle management reports and dashboards

Configure retention labels, policies, and label policies

Plan and implement adaptive scopes

Configure retention in Microsoft 365 workloads

Find and recover deleted Office 365 data

Manage compliance in Microsoft 365 (20-25%)

Manage and analyze audit logs and reports in Microsoft Purview

Plan for auditing and reporting

Investigate compliance activities by using audit logs

Review and interpret compliance reports and dashboards

Configure alert policies

Configure audit retention policies

Plan for, conduct, and manage eDiscovery cases

Recommend eDiscovery Standard or Premium

Plan for content search and eDiscovery

Delegate permissions to use search and discovery tools

Use search and investigation tools to discover and respond

Manage eDiscovery cases

Manage regulatory and privacy requirements

Plan for regulatory compliance in Microsoft 365

Manage regulatory compliance in the Microsoft Purview Compliance Manager

Implement privacy risk management in Microsoft Priva

Implement and manage Subject Rights Requests in Microsoft Priva

Manage insider risk solutions in Microsoft 365

Implement and manage Customer Lockbox

Implement and manage Communication compliance policies

Implement and manage Insider risk management policies

Implement and manage Information barrier policies

Implement and manage Privileged access management