_edited.png)
N.B.: This article and the certification were valid at the time of writing. However, we have decided to keep this article online for all those interested in this certification.
This summer I took the Microsoft AZ-500: Microsoft Azure Security Technologies exam, which, if you pass, leads to the Microsoft Azure Security Engineer Associate certification.
I admit, it was a tough exam. Harder than I thought it would be despite my experience in network architecture. I passed even though I didn't reach 100%. This exam is about the efficient and cost-effective use of different Azure services. I had to do additional training on the subject, despite coming from a system and network administrator background with a focus on cybersecurity, and having 3 years experience in a cybersecurity company.
For two months I studied, researched and tested a lot of things. It was a lot of hours of work, which was challenging and very rewarding.
Preparing for the exam
What was my roadmap you might ask? Well, here it is:
First of all, being more accustomed to the AWS environment, I followed an AZ-900 training to discover the Azure environment. However, I did not take the Azure Fundamentals certification. I then did some research on the best online training to prepare for the exam. Reddit is great advice in these cases. Two courses were offered to me: the one offered by Skylines Academy on Udemy and the one by Paul Schwarzenberger on A Cloud Guru.
Attention, ces 2 formations ne sont plus recommandées depuis le changement d’examen le 29 Juillet 2020, si elle n’ont pas été mises à jour.
The mistake I made was to take these courses without doing any practice. I was accumulating a lot of knowledge and information without the Azure methodology taking hold. I wanted to go fast and what was supposed to happen, happened. I failed my first attempt (score of 64% out of the 70% minimum). But this first failure gave me vital information such as the format of the exam, the way the questions are asked, and above all that without practice, it would be impossible for me to answer questions based on scenarios that a company might encounter. So I created an Azure account with the one month "free" subscription and went through the training again, this time focusing on the labs.
I strongly advise, in addition to the online training, to go and have a look at the documentation provided on the Microsoft site. It is free and the basics are well explained.
To finish my preparation, when I re-scheduled my exam, I did not hesitate this time to take the mock exam which is a 180 questions access.
Expectations and reality
I expected it to be difficult, but it was actually even trickier than I thought. Having a strong focus on security in operations and a minimum in code, I thought I was fairly aware of security topics in Azure. However, this review touches on a lot of things that I didn't necessarily pay much attention to in the past. It has made me aware of gaps that need to be filled.
The exam has four main pillars:
Manage identity and access (30-35%)
Implement platform protection (15-20%)
Manage security operations (25-30%)
Secure data and applications (20-25%)
On my first attempt, I scored 100% in the network part (Implement Platform Protection), and 50% for the rest. I had to concentrate my efforts on the non-code application part (API, communication protocol, encryption,...), and especially on the workflow/process part which is the most important above the pure technique.
It is a pity that licences and their contents are part of the essential elements to know for the exam. For example, the Azure AD licences that allow privileged identity management are based on P1 and/or P2. This doesn't tell you anything because it is specific to the Azure Cloud. Even if the information is easy to find on google, you need to have in mind each license level of each Azure service.
Scenarios and questions
I cannot speak in detail about the questions I had (confidentiality agreement). However, I would venture to say that there are some tricky questions, as well as some rather long scenarios that need to be read carefully. In some cases, a detail in the scenarios can change the appropriate answer.
Taking an online exam
I took my exam in the comfort of my own home, while being monitored online by someone via webcam. This is a convenient way to take the exams, but the requirements from Microsoft are strict. Indeed, if you decide to take an exam remotely, make sure you meet the requirements described here.
Share your feedback
I would like to wish you good luck in your certification journey for the Microsoft AZ-500: Microsoft Azure Security exam.
If this article was helpful to you, please feel free to comment below, and share it around. I'd be happy if my experience can help you in obtaining your certification. And if you have any other questions, or if you want to talk about my experience, contact me!
Related blog post:
Did you enjoy this blog post?
Find more content related to cybersecurity and GDPR regulatory compliance on the CyberSecura blog!
We need your answers!
By completing this survey, you are helping us to better understand your interactions with our site and your potential needs.
Your answers are anonymous, and unless you ask to be contacted again by our teams, no personal information is requested!
Thank you for your responses!
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter!
Would you like to discuss your difficulties, your needs, our offers? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts!