Domain 3 · 20-25% of Exam

Secure Compute, Storage, and Databases

Implement security for compute resources, storage accounts, and database services.

About This Domain

Domain 3 — Secure Compute, Storage, and Databases — accounts for 20-25% of the AZ-500 certification exam. This domain evaluates your understanding of configure security for azure storage accounts, implement database security (tde, always encrypted, auditing), manage key vault secrets, keys, and certificates, and related concepts. Implement security for compute resources, storage accounts, and database services. To pass this section you need practical knowledge of how these services and patterns work together in real-world architectures.

What You'll Be Tested On

  • Configure security for Azure Storage accounts
  • Implement database security (TDE, Always Encrypted, auditing)
  • Manage Key Vault secrets, keys, and certificates
  • Configure compute security (VM, container, App Service)

Key Azure Services in This Domain

💾Data Security🔐Key Vault📋Compliance

Study Strategy for Domain 3

While 20-25% might seem like a smaller portion of the exam, every point counts toward the passing score. Focus on understanding core concepts and common exam scenarios for this domain. Don't neglect it — even a few missed questions here can make the difference between pass and fail.

Exam Tips for Domain 3

💡

Storage account security: disable public access, require HTTPS, use private endpoints.

💡

Always Encrypted protects sensitive columns; client-side encryption with column master key.

💡

Key Vault soft delete and purge protection prevent accidental or malicious key deletion.

Frequently Asked Questions

How many questions on the AZ-500 exam come from Domain 3?

Domain 3 (Secure Compute, Storage, and Databases) makes up 20-25% of the AZ-500 exam. The exam has 65 scored questions, so approximately 13 questions will come from this domain.

What services should I focus on for Domain 3?

The key services for this domain include Data Security, Key Vault, Compliance. Make sure you understand how each service works, its use cases, and how they integrate with one another.

How should I prepare for Secure Compute, Storage, and Databases questions?

Start by reviewing the key topics listed above, then practice with domain-specific questions. Focus on understanding real-world scenarios rather than memorizing facts. Use our practice quizzes to test your knowledge and review explanations for any questions you get wrong.

What's the best order to study the AZ-500 domains?

Many candidates start with the highest-weighted domains first. For the AZ-500 exam, the domains in order of weight are: Manage Identity and Access (25-30%), Secure Networking (20-25%), Secure Compute, Storage, and Databases (20-25%), Manage Security Operations (25-30%). However, start with whichever domain aligns best with your existing experience.

Practice Domain 3 Questions

Test your knowledge of Secure Compute, Storage, and Databases with practice questions from our AZ-500 question bank.

Start Practice Quiz →

Other AZ-500 Domains

Domain 1Manage Identity and Access25-30%Domain 2Secure Networking20-25%Domain 4Manage Security Operations25-30%
← AZ-500 Study HubFree Mock Exam30-Day Study Plan