Domain 2: Secure Networking

Microsoft Azure Security Engineer (AZ-500) · this domain is approximately 24.0% of the exam · 0 practice questions.

Secure networking is a core AZ-500 domain that covers the controls and services used to protect Azure network infrastructure from unauthorized access and lateral movement. Candidates must understand Azure Firewall, Network Security Groups, Azure DDoS Protection, Azure Bastion, Private Endpoints, and virtual network service endpoints, as well as when and how to apply each. Properly segmenting and filtering network traffic is foundational to a defense-in-depth strategy, and the exam tests both the conceptual purpose and the configuration decisions behind these controls.

Practice questions from this domain

The full Microsoft Azure Security Engineer (AZ-500) bank includes 497 questions across every domain, each with a verified answer and a written explanation.