This independent Quick Reference supports preparation for the Microsoft Certified: Cloud and AI Security Engineer Associate (SC-500) exam. Use it to review Microsoft security service selection, cloud architecture controls, AI workload risks, identity patterns, monitoring, and response workflows.
Core Exam Mental Model
SC-500 questions commonly test whether you can choose the right Microsoft control for a security goal across cloud, AI, data, identity, and DevSecOps scenarios.
| Security goal | Primary Microsoft capabilities to know | Exam decision focus |
|---|
| Secure human access | Microsoft Entra ID, Conditional Access, MFA, Identity Protection, Privileged Identity Management | Who can access what, from where, under which risk conditions |
| Secure workload access | Managed identities, service principals, workload identity federation, Key Vault, RBAC | Avoid secrets, use least privilege, isolate production identities |
| Secure Azure resources | Microsoft Defender for Cloud, Azure Policy, Azure RBAC, resource locks, network controls | Posture management, hardening, compliance, threat protection |
| Secure AI apps | Azure AI services, Azure OpenAI, Azure AI Content Safety, prompt protection patterns, private networking, logging | Prevent data leakage, prompt injection, unsafe outputs, tool abuse |
| Secure data | Microsoft Purview, sensitivity labels, DLP, encryption, Key Vault, storage/database access controls | Classify, protect, monitor, and govern sensitive data |
| Detect and investigate | Microsoft Defender XDR, Microsoft Sentinel, Log Analytics, KQL, Defender for Cloud alerts | Correlate signals, hunt, triage, automate response |
| Secure development | GitHub Advanced Security, Microsoft Defender for DevOps, CI/CD controls, IaC scanning | Shift-left detection of secrets, vulnerable code, dependencies, misconfigurations |
Microsoft Security Service Selection Matrix
| Need | Choose | Not the same as | High-yield notes |
|---|
| Central cloud security posture management | Microsoft Defender for Cloud | Microsoft Defender XDR | Use for Azure, multicloud, workload recommendations, regulatory/compliance posture, and workload protection plans |
| Correlated incidents across endpoint, identity, email, SaaS, and cloud apps | Microsoft Defender XDR | Microsoft Sentinel | Defender XDR is Microsoft’s native extended detection and response portal |
| SIEM/SOAR across Microsoft and non-Microsoft data | Microsoft Sentinel | Defender XDR | Use when you need log ingestion, analytics rules, workbooks, automation rules, playbooks, and cross-source hunting |
| Identity governance and access control | Microsoft Entra ID | Azure RBAC alone | Entra authenticates identities; Azure RBAC authorizes actions on Azure resources |
| Just-in-time privileged role activation | Microsoft Entra Privileged Identity Management | Permanent role assignment | Use eligible assignments, approval, MFA, time-bound elevation, access reviews |
| Detect risky users and sign-ins | Microsoft Entra ID Protection | Conditional Access alone | Identity Protection supplies risk signals; Conditional Access enforces policies |
| Protect secrets, keys, and certificates | Azure Key Vault / Managed HSM | App configuration or environment variables | Prefer managed identities over client secrets; use Key Vault for secret lifecycle and access control |
| Enforce resource configuration | Azure Policy | Azure RBAC | RBAC controls who can act; Policy controls what configurations are allowed or audited |
| Protect web apps from common web attacks | Azure Web Application Firewall | NSG | WAF operates at HTTP/S layer; NSG filters network traffic at subnet/NIC level |
| Private access to PaaS services | Private Endpoint / Private Link | Service endpoint | Private Endpoint gives private IP connectivity to a specific service instance |
| Classify and govern data | Microsoft Purview | Defender for Cloud | Purview focuses on data governance, cataloging, classification, lineage, DLP, and information protection |
| Scan code and dependencies | GitHub Advanced Security | Runtime threat protection | Use code scanning, secret scanning, dependency review, Dependabot alerts |
| Connect DevOps security findings into Microsoft security posture | Microsoft Defender for DevOps | GitHub branch protection | Defender for DevOps provides security visibility and integration across DevOps environments |
| Protect AI-generated content workflows | Azure AI Content Safety and AI application guardrails | Network firewall | Content and prompt protections address model input/output risks, not just traffic flow |
Identity and Access Quick Reference
Entra, Azure RBAC, and App Authorization
| Concept | Controls | Exam distinction |
|---|
| Authentication | Microsoft Entra ID, MFA, federated identity, passwordless methods | Proves who the principal is |
| Authorization to Azure resources | Azure RBAC roles, custom roles, scopes | Controls actions on management plane or data plane resources |
| Authorization inside an application | App roles, groups, claims, custom authorization logic | Controls what the user can do inside the app |
| Delegated API access | OAuth delegated permissions | App acts on behalf of a signed-in user |
| Application-only API access | Application permissions / app roles | App acts as itself, often requiring admin consent |
| Workload identity | Managed identity, service principal, workload identity federation | Non-human identity used by apps, services, pipelines, and automation |
Identity Decision Table
| Scenario | Prefer | Why |
|---|
| Azure VM, Function, App Service, or AKS workload needs Azure resource access | Managed identity | Avoids stored credentials and supports Azure RBAC |
| GitHub Actions or external CI/CD needs Azure access | Workload identity federation | Avoids long-lived secrets in pipeline variables |
| Legacy app cannot use managed identity | Service principal with certificate or secret in Key Vault | Use least privilege and rotate credentials |
| Admin needs occasional privileged access | PIM eligible assignment | Reduces standing privilege |
| Require MFA only for risky sign-ins | Conditional Access using risk signals | More targeted than requiring MFA for every action |
| Block access from unmanaged devices | Conditional Access device compliance or app protection conditions | Tie access to device or app state |
| Review excessive group or role membership | Access reviews | Supports periodic governance |
| Limit third-party app permissions | Admin consent workflow and app consent policies | Controls OAuth consent sprawl |
Common Identity Traps
| Trap | Correct thinking |
|---|
| “Owner” is needed for all administration | Use least privilege; many tasks require narrower roles |
| Conditional Access grants permissions | Conditional Access controls access conditions; RBAC grants permissions |
| A service principal secret is as safe as managed identity | Managed identity removes credential handling where supported |
| PIM removes need for monitoring | PIM reduces standing access; still audit activations and privileged actions |
| Group membership always updates instantly in app tokens | Token claims may reflect token issuance time; reauthentication may be needed |
Conditional Access and Zero Trust Controls
| Requirement | Use |
|---|
| Require MFA for privileged roles | Conditional Access targeting directory roles |
| Require compliant or hybrid-joined devices | Device-based Conditional Access |
| Restrict sessions in browser/SaaS apps | Conditional Access session controls |
| Block legacy authentication | Conditional Access policy targeting legacy clients |
| Require stronger auth for high-risk sign-ins | Identity Protection risk-based policy or Conditional Access risk conditions |
| Limit access by network location | Named locations in Conditional Access |
| Protect unmanaged mobile access | App protection policies and Conditional Access app controls |
| Reduce permanent administrator exposure | PIM with approval, justification, MFA, time limit |
Cloud Resource Security Architecture
Azure Control Plane vs Data Plane
| Layer | Examples | Security controls |
|---|
| Management/control plane | Create VM, update storage account, assign role | Azure RBAC, Azure Policy, activity logs, PIM |
| Data plane | Read blob, query database, pull secret | Data-plane RBAC, ACLs, firewall rules, private endpoints, audit logs |
| Application plane | App-specific action such as approving a transaction | App authorization, claims, app roles, business logic |
| Network plane | Connect to endpoint, route traffic, filter packets | NSG, Azure Firewall, WAF, Private Link, DDoS Protection |
Resource Governance Matrix
| Need | Control | Notes |
|---|
| Prevent deployment of noncompliant resources | Azure Policy with deny effect | Use for guardrails such as required tags, allowed locations, required encryption settings |
| Audit resource configuration drift | Azure Policy audit effect | Useful before enforcing deny |
| Remediate missing configuration | Azure Policy deployIfNotExists / modify where appropriate | Often used for diagnostic settings or required agents/extensions |
| Control who can modify resources | Azure RBAC | Assign at the narrowest practical scope |
| Temporarily protect critical resources from deletion | Resource locks | Locks do not replace RBAC or backups |
| Organize governance at scale | Management groups, subscriptions, resource groups | Apply policy and RBAC at appropriate hierarchy |
| Track administrative changes | Azure Activity Log | Control-plane activity, not full data-plane access |
Network Security Decision Points
| Scenario | Choose | Why |
|---|
| Restrict inbound traffic to VM subnet | NSG | Basic subnet/NIC traffic filtering |
| Centralize egress inspection and routing | Azure Firewall | Stateful network filtering and centralized policy |
| Protect public web app from HTTP/S attacks | WAF | Layer 7 web attack protection |
| Reduce exposure of PaaS endpoint to public internet | Private Endpoint | Access service over private IP |
| Restrict PaaS access to selected virtual networks | Service endpoint or Private Endpoint | Private Endpoint is more isolated and service-instance specific |
| Protect public endpoints from volumetric attacks | Azure DDoS Protection | Network-layer DDoS mitigation |
| Publish internal app without inbound public exposure | App proxy, private access, or application gateway pattern depending on workload | Match identity, network, and app requirements |
| Control DNS resolution for private endpoints | Private DNS zones | Required for predictable private endpoint name resolution |
AI Workload Network Controls
| AI component | Security design choice |
|---|
| Azure OpenAI or Azure AI service endpoint | Prefer private endpoint where supported for sensitive workloads |
| App service calling AI service | Use managed identity where supported and restrict network path |
| RAG data source | Keep storage/search/database private; enforce authorization before retrieval |
| Agent tools/plugins | Allowlist destinations and operations; avoid broad outbound access |
| Logging pipeline | Avoid sending sensitive prompts/responses to unsecured logs |
AI Security Quick Reference
AI Threats and Controls
| Threat | What it looks like | Practical controls |
|---|
| Prompt injection | User input attempts to override system instructions | System prompt hardening, prompt shields, input validation, tool constraints, output checks |
| Data exfiltration through prompts | User asks model to reveal hidden context, secrets, or retrieved documents | Do not include secrets in prompts; enforce per-user retrieval authorization; redact sensitive data |
| Insecure RAG retrieval | User receives documents they are not authorized to access | Apply identity-aware retrieval, document-level ACLs, filtered indexes |
| Tool/plugin abuse | Model is tricked into calling dangerous functions | Least-privilege tools, explicit approval for high-risk actions, allowlists, parameter validation |
| Hallucination | Model returns plausible but false information | Grounding, citations, confidence handling, human review for high-impact decisions |
| Unsafe content | Model generates harmful or disallowed content | Azure AI Content Safety, output filtering, policy-based handling |
| Training data poisoning | Malicious or low-quality data affects model behavior | Data provenance, validation, versioning, controlled ingestion |
| Model theft or endpoint abuse | Excessive calls or attempts to extract behavior | Authentication, rate controls, monitoring, anomaly detection |
| Sensitive data retention risk | Prompts/responses contain regulated or confidential data | Data minimization, retention controls, encryption, access controls, redaction |
| Supply-chain compromise | Vulnerable packages, models, or pipeline artifacts | Dependency scanning, artifact signing, provenance, secured CI/CD |
Secure AI Application Pattern
| Layer | Secure-by-design questions |
|---|
| Identity | Which human and workload identities can call the AI endpoint? Are managed identities used? |
| Network | Is the AI service publicly reachable? Are private endpoints and DNS configured correctly? |
| Prompt orchestration | Are system instructions separated from user input? Are prompts versioned and reviewed? |
| Retrieval | Does RAG enforce per-user authorization before adding context? |
| Tools/actions | Can the model trigger writes, purchases, deletion, emails, or external calls? Are approvals required? |
| Data protection | Are prompts, embeddings, files, and outputs classified and protected? |
| Logging | Are logs useful for investigation without leaking secrets or sensitive content? |
| Monitoring | Are abuse, anomalous usage, unsafe content, and drift monitored? |
| Incident response | Can keys be rotated, endpoints disabled, indexes rebuilt, and prompts rolled back? |
RAG and Vector Search Security
| Design area | High-yield control |
|---|
| Document ingestion | Classify data before indexing; exclude secrets and unnecessary sensitive fields |
| Embeddings | Treat embeddings as sensitive if they can reveal source meaning |
| Index access | Use RBAC and network isolation; avoid shared indexes that ignore authorization boundaries |
| Query filtering | Apply user/group ACL filters before retrieval, not after model generation |
| Context window | Provide only the minimum relevant context |
| Source citation | Return citations to support validation and investigation |
| Deletion | Ensure document deletion or permission changes propagate to the index |
| Tenant separation | Separate indexes, keys, or resource boundaries when isolation requirements justify it |
AI Content Safety and Guardrails
| Need | Control pattern |
|---|
| Detect harmful user input | Input classification and prompt shield controls |
| Detect harmful model output | Output content filtering |
| Prevent secret leakage | Secret scanning, redaction, prompt design, do not inject credentials |
| Reduce jailbreak success | System prompt hardening, adversarial testing, restricted tool use |
| Enforce policy decisions | Application-layer policy engine, not just model instructions |
| Support auditability | Log model version/configuration, prompt template version, tool calls, safety decisions |
Data Protection and Microsoft Purview
| Requirement | Use | Exam note |
|---|
| Discover and classify sensitive data | Microsoft Purview data classification/catalog capabilities | Helps identify where sensitive data exists |
| Apply labels to documents and emails | Sensitivity labels | Labels can drive encryption and usage restrictions |
| Prevent sharing or leakage | Data loss prevention policies | Focuses on sensitive content leaving approved channels |
| Govern data lifecycle | Retention labels/policies where applicable | Retention and deletion are governance controls |
| Investigate risky data activity | Audit and compliance investigation tools | Match tool to workload and data source |
| Protect secrets | Azure Key Vault, Managed HSM | Do not store secrets in source code, prompts, app settings, or pipeline logs |
| Protect storage data access | RBAC, ACLs, SAS governance, firewall/private endpoint | Avoid broad shared keys or overly permissive SAS |
| Protect database access | Microsoft Entra authentication, RBAC/roles, firewall/private endpoint, auditing | Prefer centralized identity over embedded credentials |
Key Vault and Secret Management
| Scenario | Best answer pattern |
|---|
| App needs to read a secret | Assign managed identity access to Key Vault secret with least privilege |
| Pipeline needs deployment access | Prefer federated identity; avoid static client secrets |
| Secret exposed in repository | Revoke/rotate immediately, remove from history as appropriate, enable secret scanning |
| Need cryptographic key control | Use Key Vault key or Managed HSM depending on control and isolation needs |
| Need certificate lifecycle | Store and manage certificates in Key Vault where appropriate |
| Need auditability | Enable diagnostic logging and monitor access patterns |
Secret Handling Traps
| Avoid | Prefer |
|---|
| API keys in source code | Managed identity or Key Vault reference |
| Secrets in prompts | Secure service-side retrieval and redaction |
| Broad Key Vault access policies/roles | Least privilege per identity |
| One shared secret across environments | Separate identities and secrets per environment |
| Logging request bodies with secrets | Redaction and safe telemetry design |
Microsoft Defender, Sentinel, and Monitoring
| Need | Use |
|---|
| View correlated incidents across Microsoft security products | Microsoft Defender XDR |
| Hunt across endpoint, identity, email, cloud app signals | Advanced hunting in Defender XDR |
| Protect Azure and hybrid workloads | Microsoft Defender for Cloud |
| Central SIEM for Microsoft and third-party logs | Microsoft Sentinel |
| Automate incident response workflows | Sentinel playbooks / automation, Defender response actions |
| Monitor Azure platform metrics and logs | Azure Monitor and Log Analytics |
| Track control-plane changes | Azure Activity Log |
| Track resource-specific events | Diagnostic settings to Log Analytics, storage, or event hub |
Defender for Cloud Concepts
| Concept | Meaning |
|---|
| Secure score | Prioritized posture indicator based on recommendations |
| Recommendations | Hardening actions mapped to resource configuration and threat posture |
| Regulatory compliance view | Compliance-oriented assessment against selected standards |
| Defender plans | Workload protection capabilities for supported resource types |
| Security alerts | Threat detections from protected workloads |
| Attack path analysis | Helps prioritize exploitable combinations of weaknesses |
| Just-in-time VM access | Reduces exposed management ports where configured |
Sentinel Concepts
| Concept | Use |
|---|
| Data connector | Ingests logs from Microsoft or third-party source |
| Log Analytics workspace | Stores queryable log data |
| Analytics rule | Detects suspicious behavior and creates incidents |
| Incident | Case container for investigation |
| Entity | Account, host, IP, URL, file, or other object involved in detection |
| Workbook | Visualization and reporting |
| Hunting query | Analyst-driven search for suspicious behavior |
| Watchlist | Reference data for queries and rules |
| Automation rule | Automates incident handling logic |
| Playbook | Logic Apps workflow for response actions |
KQL Patterns for Exam Review
Use KQL concepts more than memorized queries. Know filtering, projection, summarization, joins, time windows, and entity correlation.
Sign-in Failure Spike
SigninLogs
| where TimeGenerated > ago(24h)
| where ResultType != 0
| summarize Failures=count() by UserPrincipalName, IPAddress
| order by Failures desc
Azure Administrative Changes
AzureActivity
| where TimeGenerated > ago(24h)
| where CategoryValue == "Administrative"
| project TimeGenerated, OperationNameValue, ActivityStatusValue, Caller, ResourceGroup, ResourceId
| order by TimeGenerated desc
Key Vault Secret Access Review
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.KEYVAULT"
| where OperationName has "Secret"
| project TimeGenerated, OperationName, identity_claim_appid_g, CallerIPAddress, ResultType
| order by TimeGenerated desc
Suspicious Multiple IP Sign-ins
SigninLogs
| where TimeGenerated > ago(1d)
| summarize IPCount=dcount(IPAddress), IPs=make_set(IPAddress) by UserPrincipalName
| where IPCount > 3
| order by IPCount desc
Common KQL Operators
| Operator | Use |
|---|
where | Filter rows |
project | Select columns |
extend | Add calculated columns |
summarize | Aggregate data |
join | Correlate tables |
distinct | Return unique values |
order by | Sort results |
ago() | Relative time filter |
bin() | Group time into intervals |
make_set() | Build a set of values |
DevSecOps and Secure Delivery
| Need | Microsoft/GitHub capability | Exam focus |
|---|
| Detect hardcoded secrets | GitHub secret scanning | Prevent credential exposure before deployment |
| Detect vulnerable dependencies | Dependabot alerts, dependency review | Identify package risk in pull requests and repositories |
| Detect insecure code patterns | Code scanning | Static analysis for vulnerabilities |
| Protect main branch | Branch protection rules, required reviews, required checks | Enforce workflow controls |
| Secure IaC templates | IaC scanning, policy validation, Defender for DevOps | Catch cloud misconfiguration before deployment |
| Connect repo findings to cloud security | Defender for DevOps integration | Improves security posture visibility |
| Avoid pipeline secrets | Workload identity federation | Replaces long-lived credentials |
| Separate environments | Different subscriptions/resource groups/identities | Prevent dev/test compromise from impacting production |
| Verify artifacts | Signed artifacts, controlled registries, approvals | Reduce supply-chain risk |
CI/CD Security Checklist
- Use least-privilege deployment identities.
- Prefer federated credentials over stored secrets.
- Scope credentials per environment.
- Require peer review for production changes.
- Run code, dependency, secret, and IaC scanning before merge.
- Protect pipeline variables and logs.
- Do not print tokens, prompts, connection strings, or API keys.
- Require approvals for high-risk production deployments.
- Monitor deployment activity in Azure Activity Log and SIEM.
Incident Response Workflow
| Phase | Candidate actions to recognize |
|---|
| Prepare | Logging enabled, alert rules, playbooks, roles, runbooks, escalation paths |
| Detect | Alerts from Defender, Sentinel analytics, identity risk, workload alerts |
| Triage | Validate alert, identify entities, determine scope and severity |
| Contain | Disable account, revoke sessions, isolate endpoint, block IP, disable key, restrict network |
| Eradicate | Remove persistence, patch vulnerability, rotate secrets, fix misconfiguration |
| Recover | Restore service, validate controls, monitor recurrence |
| Improve | Update detections, policies, playbooks, training, architecture controls |
Fast Response Decisions
| Incident clue | Immediate control to consider |
|---|
| User account compromise | Revoke sessions, reset credentials, require MFA, review sign-ins, disable account if needed |
| Service principal abuse | Disable credential, rotate certificate/secret, review app permissions, inspect audit logs |
| Key Vault secret leaked | Rotate secret, review access logs, remove exposed copy, enable/verify secret scanning |
| Public storage exposure | Disable public access, review ACLs/SAS, rotate keys if exposed, investigate downloads |
| AI prompt data leak | Remove sensitive context, rotate exposed secrets, review logs, update prompt/RAG controls |
| Malicious pipeline run | Disable pipeline/credential, rotate deployment identity, review recent deployments |
| VM compromise | Isolate network, collect evidence, rebuild from trusted image, patch root cause |
Logging and Diagnostic Settings
| Log source | Why it matters |
|---|
| Entra sign-in logs | Authentication, Conditional Access, risk, user access investigations |
| Entra audit logs | Directory changes, role assignments, app consent, policy changes |
| Azure Activity Log | Subscription/resource management operations |
| Resource diagnostic logs | Data-plane and service-specific events |
| Defender XDR incidents | Correlated security detections |
| Defender for Cloud alerts | Workload and posture-related security findings |
| Sentinel incidents | SIEM case management and correlation |
| Application logs | App-specific events, AI prompt orchestration, authorization decisions |
| Key Vault logs | Secret, key, and certificate access patterns |
| Storage/database audit logs | Sensitive data access and exfiltration investigation |
High-Yield Architecture Patterns
Secure AI Chat/RAG Application
| Component | Recommended pattern |
|---|
| Front end | Entra-authenticated access, HTTPS, WAF if internet-facing |
| API layer | Authorization checks before prompt construction |
| Identity to Azure services | Managed identity |
| Secrets | Key Vault, no secrets in prompts or code |
| AI endpoint | Private networking where appropriate, RBAC, diagnostic logging |
| Search/vector index | Private access, per-user ACL filtering, minimal indexed sensitive data |
| Storage | Private endpoint, encryption, RBAC/ACLs, logging |
| Guardrails | Input/output filtering, prompt injection detection, tool allowlisting |
| Monitoring | App telemetry, AI safety events, Defender/Sentinel integration |
| Response | Ability to revoke access, rotate keys, disable tools, roll back prompt templates |
Secure Azure Landing Zone Controls
| Area | Controls |
|---|
| Identity | Entra ID, PIM, Conditional Access, break-glass accounts with monitoring |
| Governance | Management groups, Azure Policy, tagging, resource organization |
| Network | Hub-spoke, firewall, NSGs, private endpoints, DNS, DDoS/WAF where needed |
| Security posture | Defender for Cloud, secure score, recommendations, regulatory views |
| Logging | Diagnostic settings, Log Analytics, Sentinel, retention aligned to requirements |
| Data | Purview, encryption, Key Vault, private access, DLP |
| DevOps | Secure pipelines, IaC scanning, branch protections, federated identity |
| Operations | Incident response runbooks, backup/recovery, patching, vulnerability management |
Common Exam Traps and Correct Distinctions
| Trap | Correct distinction |
|---|
| Sentinel and Defender XDR are interchangeable | Sentinel is SIEM/SOAR; Defender XDR is native XDR correlation and response |
| RBAC and Azure Policy do the same thing | RBAC controls user actions; Policy enforces resource configuration rules |
| Private endpoint is just a firewall rule | Private endpoint creates private network access to a service instance |
| Encryption solves data leakage | Encryption helps protect stored/in-transit data; authorization, DLP, logging, and minimization still matter |
| Prompt instructions can enforce security alone | Security decisions must be enforced in application/tooling layers |
| RAG authorization can be checked after generation | Authorization must restrict retrieval before context reaches the model |
| A managed identity is a permission grant by itself | Managed identity is an identity; it still needs RBAC or service-specific permissions |
| Secret scanning fixes exposed secrets | It detects exposure; you must rotate/revoke and investigate |
| Secure score is proof of compliance | It is a posture indicator, not a complete compliance attestation |
| Logs are useful by default | Required logs must be enabled, routed, retained, and protected |
Scenario-to-Control Drill Table
| If the question says… | Look for… |
|---|
| “Minimize standing privilege” | PIM, eligible assignments, just-in-time access |
| “Access only from compliant devices” | Conditional Access device compliance |
| “Avoid storing credentials in code” | Managed identity, workload identity federation, Key Vault |
| “Block deployment of noncompliant resources” | Azure Policy deny |
| “Audit existing resources before enforcement” | Azure Policy audit |
| “Correlate third-party firewall logs with Azure logs” | Microsoft Sentinel |
| “Investigate identity, endpoint, and email incident together” | Microsoft Defender XDR |
| “Protect public web application from SQL injection/XSS” | WAF |
| “Make Azure PaaS service reachable only privately” | Private Endpoint / Private Link |
| “Find secrets in repositories” | GitHub secret scanning |
| “Prevent vulnerable package from entering main branch” | Dependency review and required checks |
| “Prevent AI app from leaking retrieved documents” | Identity-aware RAG, document ACLs, data minimization |
| “Detect harmful prompts or outputs” | Azure AI Content Safety and app guardrails |
| “Allow model to call tools safely” | Least-privilege tools, allowlist, validation, human approval for high-risk actions |
| “Track who accessed secrets” | Key Vault diagnostic logs |
| “Respond automatically to a Sentinel incident” | Automation rule and playbook |
Final Review Checklist
- Know when to choose Defender for Cloud, Defender XDR, Sentinel, Purview, Entra ID, Key Vault, Azure Policy, GitHub Advanced Security, and Azure AI security controls.
- Separate authentication, authorization, Conditional Access, RBAC, and policy enforcement.
- Prefer managed identity or workload identity federation over long-lived secrets.
- Apply least privilege to both users and workloads.
- Treat AI prompts, retrieved context, embeddings, outputs, and logs as potentially sensitive.
- Enforce RAG authorization before retrieval.
- Use application-layer controls for AI tool execution; do not rely only on prompt instructions.
- Know which logs support identity, resource, data, AI, and incident investigations.
- Practice KQL basics:
where, summarize, project, join, and time filtering. - For scenario questions, identify the asset, identity, data sensitivity, network exposure, detection need, and response objective before selecting a control.
Practical Next Step
Use this Quick Reference as a control-selection checklist, then move into scenario-based SC-500 practice questions that force you to choose the best Microsoft security service, identity pattern, AI safeguard, or investigation workflow under realistic exam constraints.