Domain 2 · 20-25% of Exam

Secure Networking

Plan and implement security for virtual networks, private access, and public access to Azure resources.

About This Domain

Domain 2 — Secure Networking — accounts for 20-25% of the AZ-500 certification exam. This domain evaluates your understanding of plan and implement virtual network security (nsg, asg), configure azure firewall and firewall policies, implement private access with private link and service endpoints, and related concepts. Plan and implement security for virtual networks, private access, and public access to Azure resources. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • Plan and implement virtual network security (NSG, ASG)
  • Configure Azure Firewall and firewall policies
  • Implement private access with Private Link and service endpoints
  • Configure network security for App Service and storage

Key Azure Services in This Domain

🛡️Platform Protection🌐Network Security

Study Strategy for Domain 2

While 20-25% might seem like a smaller portion of the exam, every point counts toward the passing score. Focus on understanding core concepts and common exam scenarios for this domain. Don't neglect it — even a few missed questions here can make the difference between pass and fail.

Exam Tips for Domain 2

💡

Private endpoints bring Azure PaaS services into your VNet with a private IP.

💡

Azure Firewall provides FQDN filtering, threat intelligence, and TLS inspection.

💡

NSG flow logs are essential for network traffic visibility and troubleshooting.

Frequently Asked Questions

How many questions on the AZ-500 exam come from Domain 2?

Domain 2 (Secure Networking) makes up 20-25% of the AZ-500 exam. The exam has 65 scored questions, so approximately 13 questions will come from this domain.

What services should I focus on for Domain 2?

The key services for this domain include Platform Protection, Network Security. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Secure Networking questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.

What's the best order to study the AZ-500 domains?

Many candidates start with the highest-weighted domains first. For the AZ-500 exam, the domains in order of weight are: Manage Identity and Access (25-30%), Secure Networking (20-25%), Secure Compute, Storage, and Databases (20-25%), Manage Security Operations (25-30%). However, start with whichever domain aligns best with your existing experience.

Practice Domain 2 Questions

Test your knowledge of Secure Networking with practice questions from our AZ-500 question bank.

Start Practice Quiz →

Other AZ-500 Domains

Domain 1Manage Identity and Access25-30%Domain 3Secure Compute, Storage, and Databases20-25%Domain 4Manage Security Operations25-30%
← AZ-500 Study HubFree Mock Exam30-Day Study Plan