The Broadest Blueprint yet - In Depth

I sat the AZ-500 exam last week. I had set aside some time for study, arranged an exam voucher through work, booked it. All set.

I spent a few nights watching some pre-recorded study sessions delivered by a colleague Dan Oliver which were great and covered all the material in the exam areas, in varying degrees of depth as they were 1-2hrs sessions.
It was watching these that reenforced my understanding that this was possibly the broadest area of Azure. It’s obvious that security affects all things.
With the popularity of DevOPs and now DevSecOPs, we should all know that “Security should be baked in from the start”.
However, the reality is that we all came from somewhere and have some speciality or focus. Mine two areas would, in my opinion, be Identity and Access Management and Networking. This means that there was a large section of the exam that was not my day job.
Good examples are securing web apps and functions, SQL PaaS services.

Format and Exam Day

I stuck to my usual exam day superstition of getting there 1hr+ early and park up at a nearby coffee shop and cram last minute bits of knowledge in for the sections I'm not familiar with. Let's be honest part of these exams test your recall, for the areas that aren't your day job, then last minute retention of some simple facts always helps gain a few points. Having previously done AZ-302 and AZ-103 I was familiar with the format, multi-choice questions, scenarios and labs. The labs being sandwiched between questions and scenarios (presumably to give a script time to check your work).......BUT this time there was a twist I will reveal later

Preparation/Study Resources

Normally I swear by Udemy and Scott Duffy. For some reason though Scott hasn't released an AZ500 course. So initially I was a starting fresh to find good study material. Fortunately my employer was running internal training run by Dan, linked above, for the whole of Azure Practice. This wasn't dissimilar in content to Scott/Udemy's. I learn best by making notes on videos and presentations whilst they playback on double speed usually. This time I could do that as the sessions had been recorded, including the narration. VLC Player to the rescue and 2x playback. I also looked up some example scenarios online and did the labs that came with the sessions. These were very useful in giving me an idea which sections I was going to be weak on. I work a lot with Azure AD, groups, cross-subscription permissions, guest/b2b users and policy. So these were all easy to skim through. The App, web and SQL areas were all relatively new to me. So I focussed more time on those.

Not Coronavirus

Four days prior to my exam I had a really bad flu that knocked me sideways and put me in bed for a couple of days. Last year I had no days off sick and only usually have 1 or maybe 2 days per year, so this was a doozy. The other thing it meant was that I slept through 2 of the days I was meant to be revising. These things happen, but it did mean I didn't have time to reschedule without a charge. Yes I should have prepped long before the exam, but I have a system and I haven't failed an exam for a while now. It mainly just left me a little less confident than normal, and a little dulled out by paracetemol and ibuprofen. I'd just say always have a Plan-B and make sure you've covered 75% of the material by the week before exam day to give yourself a fighting chance if you get ill.

The Twist - A.W.O.L - An exam With Out Labs!

I ploughed through the exam as quickly as was sensible, not delaying on topics or questions I was 95% sure on. It's too easy to talk yourelf out of a correct answer. I did the questions, then scenarios. The test examiner warned me "the labs expect american keyboard, you may have to swap " and @ No problem I have had to do that before twice. I clicked "End Section" after the scenarios....and BOOM. Test Over. No labs??? ***( I have heard since that a colleague sat another MS exam, in USA and failed, but later got a call/e-mail from MS saying that due to issues with labs they were discounting the labs and he had passed. So maybe the labs were so broken they had to pull them...who knows!)


The list of objectives and split can be found [here]( Skills measured * Manage identity and access (20-25%) * Implement platform protection (35-40%) * Manage security operations (15-20%) * Secure data and applications (30-35%)

The Result

I got 822/1000, where 700 is the pass mark. I was both surprised and confused with the pass, partly because I felt me app/web/sql areas could be weak, but mostly because I was still bamboozled by the lack of labs. I'd passed, so I should probably take the win and shut up. Should I be annoyed I could have scored higher with Labs, but then I could also have lost points and averaged out over the extra test areas, I could have failed. It just seems a strange thing from Microsoft that Labs were added prior to Christmas and were absent in my test. I don't believe this is NDA, as it's part of the exam description.

Summary and Warning of Change

So Caveat Emptor. Don't rely on the labs being there or not, it seems MS reserve the right to not give you labs. It's their game so they can take the ball home mid-game. Prep like there will be labs, but make sure you know enough theory to pass too. AZ-500 is still due to be around for the forseeable future. However there are changes and replacements and retirements due to a few of the other exams. The details of that can be found here [Changes to AZ-10x/AZ-20x/AZ-30x] (