Domain 4 · 25-30% of Exam

Manage Security Operations

Configure monitoring, Microsoft Defender for Cloud, and Microsoft Sentinel for threat detection and response.

What You'll Be Tested On

  • Configure Microsoft Defender for Cloud and secure score
  • Implement Microsoft Sentinel (SIEM/SOAR)
  • Configure security alerts and automated response
  • Perform threat hunting with KQL queries

Key AWS Services in This Domain

🔍Security Operations🗼Sentinel🛡️Defender

Exam Tips for Domain 4

💡

Secure score provides a prioritized list of security improvements.

💡

Sentinel analytic rules detect threats; playbooks automate response with Logic Apps.

💡

KQL (Kusto Query Language) is essential for log analysis and threat hunting.

Practice Domain 4 Questions

Test your knowledge of Manage Security Operations with practice questions from our AZ-500 question bank.

Start Practice Quiz →

Other AZ-500 Domains

Domain 1Manage Identity and Access25-30%Domain 2Secure Networking20-25%Domain 3Secure Compute, Storage, and Databases20-25%
← AZ-500 Study HubFree Mock Exam30-Day Study Plan