Introduction

The Microsoft Azure Platform is one of the most popular and diverse cloud-computing platforms in existence. It includes a wide range of security features designed to help clients protect their cloud environments. The Microsoft Azure Security Technologies exam, AZ-500, focuses on testing a candidate's ability to be a subject matter expert on implementing Azure security controls. The exam focuses on four main areas:

• Managing identity and access
• Implementing platform protections
• Managing security operations
• Securing data and applications

What Does This Book Cover?

This book covers the topics outlined in the Microsoft Certified Associate Azure Security Engineer exam guide available at

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3VC70

Exam policies can change from time to time. We highly recommend that you check the Microsoft site for the most up-to-date information when you begin your preparing, when you register, and again a few days before your scheduled exam date.

The book's outline is as follows:

• Chapter 1: Introduction to Microsoft Azure Chapter 1 outlines cloud computing best practices. The exam focuses on how to implement security controls that achieve specific goals in the Azure environment. In this chapter, you learn what these goals are for your cloud environment. Each of following chapters will correspond to one or more of these best practices. Before beginning this chapter you can may want to complete the assessment test to help you obtain a baseline of your current understanding of security and the Azure platform.
• Chapter 2: Managing Identity and Access on Microsoft Azure Chapter 2 focuses on how to implement good identity and access management practices on Azure. Topics include managing Azure Active Directory (AD) identities, securing access to resources and applications, and implementing role-based access control (RBAC).
• Chapter 3: Implementing Platform Protections Chapter 3 discusses how to implement good network security on the Azure platform. Topics include firewall configuration, endpoint protection, network monitoring, and how to use the Azure-specific security tools to accomplish these tasks. It begins with network security, exploring topics such as security groups; Windows Application Firewall (WAF); endpoint protection; DDoS protection; operational security, such as vulnerability management; disk encryption; and Secure Socket Layer/Transport Layer Security (SSL/TLS) certifications.
• Chapter 4: Managing Security Operations Chapter 4 focuses on how to use Azure tools like Azure Sentinel and Security Center to manage security operations. It includes discussions on creating custom alerts, policy management, vulnerability scans, and security configurations for the platforms. We then delve into how to configure good network monitoring using Azure Monitor, Azure Security Center, Azure Policy, Azure Blueprint, and Azure Sentinel.
• Chapter 5: Securing Data and Applications This chapter will focus on how to secure data and applications on the Azure platform. Topics include using secure data storage, creating data backups seamlessly, implementing database security, and leveraging Azure tools like Azure Defender and Key Vault. We also cover how to protect application backend databases by implementing database encryption, database authentication, and database auditing.
• Appendix A: Azure Security Tools Overview This appendix focuses on Microsoft Azure security tools that are used to create a secure platform. In this chapter, I review the tools' functions and how they can be used and integrated together to create security operations, compliance, networking monitoring, automated alerts, and proper logging. It also includes tools like Microsoft Azure Sentinel, Azure Key Vault, Azure Defender, Azure Firewall, Azure Policy, and Azure Monitor.

Who Should Read This Book

As the title implies, this book is intended for people who have an interest in understanding and implementing security features in Azure. These people probably fall into two basic groups:

• Security Professionals in an Azure Environment They can be IT administrators or security professionals who are responsible for securing their organization's Azure cloud environment.
• Candidates for the AZ-500 Exam This book is meant to be a study guide for anyone interested in taking the AZ-500 exam. It gives readers a clear understanding of the topics needed to pass the exam. It also comes with hundreds of practice questions/tests to help readers prepare for the type of questions they can expect on the exam.

This book is designed for people who have some experience in cybersecurity. While we give a breakdown of all key foundational concepts relevant to the course, it's impossible to give readers all the information they would need in this book. For those of you with a cybersecurity/IT background, this will be no issue, but for the rest of you this might be a steep learning curve. So we encourage you to do your research if you ever need more context for the cybersecurity concepts found in this book.

You can use this book in two ways. The most straightforward (and time consuming) is to start at the beginning and follow all the steps to gain a good overall understanding of security controls in Azure. Alternatively, you can skip around from chapter to chapter and only look at the areas of interest to you. For example, if you are having trouble understanding how to implement access management in your environment, then you may want to skip to Chapter 2 and just focus on that. Each chapter includes step-by-step instructions on how to implement the controls that we talk about in that chapter.

Study Guide Features

This study guide uses several common elements to help you prepare. These include the following:

• Summaries The summary section of each chapter briefly explains the chapter, allowing you to easily understand what it covers.
• Exam Essentials The exam essentials focus on major exam topics and critical knowledge that you should take into the test. The exam essentials focus on the exam objectives provided by Microsoft.
• Chapter Review Questions A set of questions at the end of each chapter will help you assess your knowledge and if you are ready to take the exam based on your knowledge of that chapter's topics.

The review questions, assessment test, and other testing elements included in this book are not derived from the actual exam questions, so don't memorize the answers to these questions and assume that doing so will enable you to pass the exam. You should learn the underlying topic, as described in the text of the book. This will let you answer the questions provided with this book and pass the exam. Learning the underlying topic is also the approach that will serve you best in the workplace-the ultimate goal of a certification.

Interactive Online Learning Environment and Test Bank

Studying the material in the Microsoft Certified Associate Azure Security Engineer Study Guide is an important part of preparing for the Azure Security Engineer Associate certification exam, but we also provide additional tools to help you prepare. The online tools will help you understand the types of questions that will appear on the certification exam:

• The practice tests include all the questions in each chapter as well as the questions from the assessment test. In addition, there are two practice exams with 50 questions each. You can use these tests to evaluate your understanding and identify areas that may require additional study.
• The flashcards will push the limits of what you should know for the certification exam. There are 100 questions, which are provided in digital format. Each flashcard has one question and one correct answer.
• The online glossary is a searchable list of key terms introduced in this exam guide that you should know for the exam.

To start using these tools to study for the exam, go to www.wiley.com/go/sybextestprep and register your book to receive your unique PIN. Once you have the PIN, return to www.wiley.com/go/sybextestprep, find your book, and click Register to register a new account or add this book to an existing account.

Like all exams, the Microsoft Certified Associate Azure Security Engineer certification is updated periodically and may eventually be retired or replaced. At some point after Microsoft is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or you are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam's online Sybex tools will be available once the exam is no longer available.

Additional Resources

People learn in different ways. For some, a book is an ideal way to study whereas others may find practice test sites a more efficient way to study. Some of these websites come with exam pass guarantees and consistently update their content with some of the exact exam questions you will see on...