Free Practice Questions for Microsoft Azure Security Engineer Associate (AZ-500) Certification

- Manage Azure built-in role assignments - Manage custom roles, including Azure roles and Microsoft Entra roles - Plan and manage Azure resources in Microsoft Entra Privileged Identity Management, including settings and assignments - Implement multi-factor authentication (MFA) for access to Azure resources - Implement Conditional Access policies for cloud resources in Azure

- Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants - Manage Microsoft Entra app registrations - Configure app registration permission scopes - Manage app registration permission consent - Manage and use service principals - Manage managed identities

- Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs) - Manage virtual networks by using Azure Virtual Network Manager - Plan and implement user-defined routes (UDRs) - Plan and implement Virtual Network peering or VPN gateway - Plan and implement Virtual WAN, including secured virtual hub - Secure VPN connectivity, including point-to-site and site-to-site - Implement encryption over ExpressRoute - Configure firewall settings on Azure resources - Monitor network security by using Network Watcher

- Plan and implement virtual network Service Endpoints - Plan and implement Private Endpoints - Plan and implement Private Link services - Plan and implement network integration for Azure App Service and Azure Functions - Plan and implement network security configurations for an App Service Environment (ASE) - Plan and implement network security configurations for an Azure SQL Managed Instance

- Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management - Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies - Plan and implement an Azure Application Gateway - Plan and implement an Azure Front Door, including Content Delivery Network (CDN) - Plan and implement a Web Application Firewall (WAF) - Recommend when to use Azure DDoS Protection Standard

- Plan and implement remote access to virtual machines, including Azure Bastion and just-in-time (JIT) VM access - Configure network isolation for Azure Kubernetes Service (AKS) - Secure and monitor AKS - Configure authentication for AKS - Configure security monitoring for Azure Container Instances (ACIs) - Configure security monitoring for Azure Container Apps (ACAs) - Manage access to Azure Container Registry (ACR) - Configure disk encryption, including Azure Disk Encryption (ADE), encryption at host, and confidential disk encryption - Recommend security configurations for Azure API Management

- Configure access control for storage accounts - Manage storage account access keys - Select and configure an appropriate method for access to Azure Files - Select and configure an appropriate method for access to Azure Blob Storage - Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage - Configure Bring your own key (BYOK) - Enable double encryption at the Azure Storage infrastructure level

- Enable Microsoft Entra database authentication - Enable database auditing - Plan and implement dynamic masking - Implement Transparent Data Encryption (TDE) - Recommend when to use Azure SQL Database Always Encrypted

- Create, assign, and interpret policies and initiatives in Azure Policy - Configure Azure Key Vault network settings - Configure access to Key Vault, including vault access policies and Azure Role Based Access Control - Manage certificates, secrets, and keys - Configure key rotation - Perform backup and recovery of certificates, secrets, and keys - Implement security controls to protect backups - Implement security controls for asset management

- Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory - Assess compliance against security frameworks by using Microsoft Defender for Cloud - Manage compliance standards in Microsoft Defender for Cloud - Add custom standards to Microsoft Defender for Cloud - Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud, including Amazon Web Services (AWS) and Google Cloud Platform (GCP) - Implement and use Microsoft Defender External Attack Surface Management (EASM)

- Enable cloud workload protection plans in Microsoft Defender for Cloud - Configure Microsoft Defender for Servers, Microsoft Defender for Databases, and Microsoft Defender for Storage - Implement and manage agentless scanning for virtual machines in Microsoft Defender for Servers - Implement and manage Microsoft Defender Vulnerability Management for Azure virtual machines - Connect to and configure settings in Microsoft Defender for Cloud Devops Security, including GitHub, Azure DevOps, and GitLab

- Manage and respond to security alerts in Microsoft Defender for Cloud - Configure workflow automation by using Microsoft Defender for Cloud - Monitor network security events and performance data by configuring data collection rules (DCRs) in Azure Monitor - Configure data connectors in Microsoft Sentinel - Enable analytics rules in Microsoft Sentinel - Configure automation in Microsoft Sentinel