The Microsoft Azure Platform is one of the most popular and diverse cloud-computing platforms in existence. It includes a wide range of security features designed to help clients protect their cloud environments. The Microsoft Azure Security Technologies exam, AZ-500, focuses on testing a candidate's ability to be a subject matter expert on implementing Azure security controls. The exam focuses on four main areas:
Managing identity and access
Implementing platform protections
Managing security operations
Securing data and applications
What Does This Book Cover?
This book covers the topics outlined in the Microsoft Certified Associate Azure Security Engineer exam guide available at
Chapter 1: Introduction to Microsoft AzureChapter 1 outlines cloud computing best practices. The exam focuses on how to implement security controls that achieve specific goals in the Azure environment. In this chapter, you learn what these goals are for your cloud environment. Each of following chapters will correspond to one or more of these best practices. Before beginning this chapter you can may want to complete the assessment test to help you obtain a baseline of your current understanding of security and the Azure platform.
Chapter 2: Managing Identity and Access on Microsoft AzureChapter 2 focuses on how to implement good identity and access management practices on Azure. Topics include managing Azure Active Directory (AD) identities, securing access to resources and applications, and implementing role-based access control (RBAC).
Chapter 3: Implementing Platform ProtectionsChapter 3 discusses how to implement good network security on the Azure platform. Topics include firewall configuration, endpoint protection, network monitoring, and how to use the Azure-specific security tools to accomplish these tasks. It begins with network security, exploring topics such as security groups; Windows Application Firewall (WAF); endpoint protection; DDoS protection; operational security, such as vulnerability management; disk encryption; and Secure Socket Layer/Transport Layer Security (SSL/TLS) certifications.
Chapter 4: Managing Security OperationsChapter 4 focuses on how to use Azure tools like Azure Sentinel and Security Center to manage security operations. It includes discussions on creating custom alerts, policy management, vulnerability scans, and security configurations for the platforms. We then delve into how to configure good network monitoring using Azure Monitor, Azure Security Center, Azure Policy, Azure Blueprint, and Azure Sentinel.
Chapter 5: Securing Data and Applications This chapter will focus on how to secure data and applications on the Azure platform. Topics include using secure data storage, creating data backups seamlessly, implementing database security, and leveraging Azure tools like Azure Defender and Key Vault. We also cover how to protect application backend databases by implementing database encryption, database authentication, and database auditing.
Appendix A: Azure Security Tools Overview This appendix focuses on Microsoft Azure security tools that are used to create a secure platform. In this chapter, I review the tools' functions and how they can be used and integrated together to create security operations, compliance, networking monitoring, automated alerts, and proper logging. It also includes tools like Microsoft Azure Sentinel, Azure Key Vault, Azure Defender, Azure Firewall, Azure Policy, and Azure Monitor.
Who Should Read This Book
As the title implies, this book is intended for people who have an interest in understanding and implementing security features in Azure. These people probably fall into two basic groups:
Security Professionals in an Azure Environment They can be IT administrators or security professionals who are responsible for securing their organization's Azure cloud environment.
Candidates for the AZ-500 Exam This book is meant to be a study guide for anyone interested in taking the AZ-500 exam. It gives readers a clear understanding of the topics needed to pass the exam. It also comes with hundreds of practice questions/tests to help readers prepare for the type of questions they can expect on the exam.
This book is designed for people who have some experience in cybersecurity. While we give a breakdown of all key foundational concepts relevant to the course, it's impossible to give readers all the information they would need in this book. For those of you with a cybersecurity/IT background, this will be no issue, but for the rest of you this might be a steep learning curve. So we encourage you to do your research if you ever need more context for the cybersecurity concepts found in this book.
You can use this book in two ways. The most straightforward (and time consuming) is to start at the beginning and follow all the steps to gain a good overall understanding of security controls in Azure. Alternatively, you can skip around from chapter to chapter and only look at the areas of interest to you. For example, if you are having trouble understanding how to implement access management in your environment, then you may want to skip to Chapter 2 and just focus on that. Each chapter includes step-by-step instructions on how to implement the controls that we talk about in that chapter.
Study Guide Features
This study guide uses several common elements to help you prepare. These include the following:
Summaries The summary section of each chapter briefly explains the chapter, allowing you to easily understand what it covers.
Exam Essentials The exam essentials focus on major exam topics and critical knowledge that you should take into the test. The exam essentials focus on the exam objectives provided by Microsoft.
Chapter Review Questions A set of questions at the end of each chapter will help you assess your knowledge and if you are ready to take the exam based on your knowledge of that chapter's topics.
Interactive Online Learning Environment and Test Bank
Studying the material in the Microsoft Certified Associate Azure Security Engineer Study Guide is an important part of preparing for the Azure Security Engineer Associate certification exam, but we also provide additional tools to help you prepare. The online tools will help you understand the types of questions that will appear on the certification exam:
The practice tests include all the questions in each chapter as well as the questions from the assessment test. In addition, there are two practice exams with 50 questions each. You can use these tests to evaluate your understanding and identify areas that may require additional study.
The flashcards will push the limits of what you should know for the certification exam. There are 100 questions, which are provided in digital format. Each flashcard has one question and one correct answer.
The online glossary is a searchable list of key terms introduced in this exam guide that you should know for the exam.
To start using these tools to study for the exam, go to www.wiley.com/go/sybextestprep and register your book to receive your unique PIN. Once you have the PIN, return to www.wiley.com/go/sybextestprep, find your book, and click Register to register a new account or add this book to an existing account.
Additional Resources
People learn in different ways. For some, a book is an ideal way to study whereas others may find practice test sites a more efficient way to study. Some of these websites come with exam pass guarantees and consistently update their content with some of the exact exam questions you will see on the official exam. These websites include www.udemy.com, www.exam-labs.com, https://acloudguru.com, and www.whizlabs.com.
MCA Azure Security Engineer Study Guide Exam Objectives
This table provides the extent, by percentage, each section is represented on the actual examination.
Section
% of Examination
Section 1: Manage Identity and Access
30–35%
Section 2: Implement Platform Protection
15–20%
Section 3: Manage Security Operations
25–30%
Section 4: Secure Data and Applications
25–30%
Objective Map
The following objective map will allow you to find the chapter in this book that covers each objective for the exam.
If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.
In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”
Assessment Test
What is Azure AD?
It's a cloud version of Windows Active Directory (AD).
It is a cloud-based identity management service.
It is used for enabling multifactor authentication (MFA).
It protects accounts from authentication-based attacks.
What is a managed identity?
A shared user account
A user account managed by another user
An identity that your Azure services can use for authentication
A tool for controlling access to a user account
What is Privileged Identity Management (PIM)?
Protection for highly valuable Azure resources
Protection of your organization's most privileged accounts
Protection for admin-level Azure accounts
A type of role-based access control (RBAC)
What is role-based access control (RBAC)?
Assigning individual permissions based on a user's jobs
Controlling assess based solely on an individual's job titles
An Azure tool for controlling access to resources in Azure
A method where you assign permissions to a job role/identity as needed, rather than assigning permissions to an individual
What is not a feature of Azure Firewall Manager?
DDoS protection
Azure Firewall deployment and configuration
Creation of global and local firewall policies
Integration with third-party security features
What is the function of an Azure Application Gateway?
It's a tool for building and operating scalable applications.
It's an application load balancer.
It filters web traffic to applications.
It's Azure's native web application firewall.
What is the function of Azure Front Door?
DDoS protection
Protection against web-based attacks on applications
Filtering of web application attacks
Launching and operating of scalable applications
Where can you configure basic Azure DDoS Protection?
The Azure portal
Under Target Resources settings
It doesn't require configuration.
The Azure command line
What is the purpose of an Azure policy?
To enforce the standards of your organization and ensure compliance of your Azure resources
To set parameters on what resources can be created
To set parameters on who can access the resources
To act as a documentation tool
What is not a feature of Microsoft Defender for Cloud?
Real-time protection
Automatic and manual scanning
Detection and remediation
Capture of logs
What is the purpose of threat modeling?
Identifying threats currently on your network
Mapping out potential threats and their mitigation
Identifying vulnerabilities in upcoming applications
Mapping out the secure architecture of a software product
What is the function of Microsoft Sentinel?
It provides logging and monitoring for your Azure environment.
It is an endpoint security tool for protecting network resources.
It is the cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platform that performs threat detection and analytics.
It allows you to manage Azure firewalls from a central location.
What is the purpose of an Azure storage account?
It contains a list of usernames and passwords for authentication.
It's a container for grouping databases.
It's a type of user account.
It stores data.
What is the function of Azure Cosmos Database (DB)?
To store secrets in Azure
To acts as a fully managed NoSQL database designed for modern application development
To manage databases
To manage virtual endpoints
What is Azure Key Vault used for?
It's a cloud service for securely storing and accessing secrets.
It's a cloud password manager.
It provides physical protection for Azure servers.
It stores data objects in Azure.
What is a threat vector?
A nation-state threat actor
A group or individual with malicious intent
A type of malware
A path or means for exploiting a vulnerability
Which of the following is a type of administrative security control?
The separation of duties
Security guards
Security group policies
Computer logging
Which of the following is a NoSQL store for structured data?
Azure files
Azure blobs
Azure tables
Azure disks
What are threat actors?
A type of hacker group
A group or individual with malicious intent
A group with knowledge of company vulnerabilities
Insider threats
What tool is best used for threat hunting?
Microsoft's Threat Modeling Tool
Azure Storage
Microsoft Sentinel
Azure Active Directory (AD)
Answers to Assessment Test
B. Azure AD allows employees (or anyone on an on-premises network) to access external resources with proper authentication.
C. Managed identities allow your Azure Services to authenticate.
B. Azure PIM has special features for managing, controlling, and monitoring access to your organization's most privileged accounts.
D. In RBAC, you assign permissions to a job role/identity, and then assign that role/identity to users as needed.
A. Azure has a dedicated tool for DDoS protection.
B. Azure Application Gateway is an application load balancer for managing traffic to backend resources.
D. Azure Front Door is a tool for launching web applications.
C. Azure DDoS protection is enabled by default.
A. An Azure policy allows you check whether resources meet the standards you set and to correct those resources automatically.
D. Microsoft Defender for Cloud does log analytics but it doesn't capture logs.
B. Threat modeling is the process of identifying potential threats and mitigation of such threats.
C. Microsoft Sentinel provides SIEM and SOAR functionality in Azure.
D. Storage accounts contain all the different types of data objects in Azure.
B. Azure Cosmos DB is a service for creating NoSQL databases for application development.
A. Azure Key Vault is a service for securely storing secrets in Azure.
D. A threat vector is the path or means that a threat actor takes for exploiting a vulnerability.
A. The separation of duties is an admin security control where a company requires more than one person to complete a given task in order to prevent fraud.
C. Azure tables are a NoSQL store for the storage of structured data.
B. Threat actors are any group with a malicious intent that hacks into a company.
C. Microsoft Sentinel is Azure's premier threat-hunting solution as well as a SOAR and SIEM platform.