This course covers powerful Azure security services including MSI, WAF, NSGs, ASGs, and App Service Environment.
What you will learn
Managed Identities (MSI)
Network Security Groups (NSG)
Application Security Groups (ASG)
SSL/TLS Overview
Inbound and Outbound Traffic For Virtual Networks and Virtual Machines
Web Application Firewalls (WAF)
App Service Environments (ASE)
App Service Environments
Description
Public-facing applications are common targets for hackers and malicious users. In this course you will gain the ability to prevent these attacks by leveraging Microsoft Azure’s powerful security services. First, you will learn to eliminate sensitive service credentials from your app code by using Managed Identities (MSI). Next, you will discover how Network Security Groups (NSG) and Application Security Groups (ASG) are used to control inbound and outbound traffic for virtual networks and virtual machines. Finally, you will explore how to protect Azure app service deployments from common attacks such as SQL injection and XSS by using Web Application Firewalls (WAF) and App Service Environments (ASE). When you are finished with this course, you will have the skills and knowledge of Azure security services needed to protect your applications in Microsoft Azure.
Who This Course Is For:
- Cloud Engineers
- DevOps Engineers
- Cybersecurity Analysts
- Network Security Engineers
- System Administrators
- Data Scientists
- Data Engineers
- Machine Learning Engineers
- Big Data Architects
- Solutions Architects
- Programmers
Manage identity and access (30-35%)
Manage Azure Active Directory identities
· configure security for service principals
· manage Azure AD directory groups
· manage Azure AD users
· manage administrative units
· configure password writeback
· configure authentication methods including password hash and Pass Through
· Authentication (PTA), OAuth, and passwordless
· transfer Azure subscriptions between Azure AD tenants
Configure secure access by using Azure AD
· monitor privileged access for Azure AD Privileged Identity Management (PIM)
· configure Access Reviews
· configure PIM
· implement Conditional Access policies including Multi-Factor Authentication (MFA)
· configure Azure AD identity protection
Manage application access
· create App Registration
· configure App Registration permission scopes
· manage App Registration permission consent
· manage API access to Azure subscriptions and resources
Manage access control
· configure subscription and resource permissions
· configure resource group permissions
· configure custom RBAC roles
· identify the appropriate role
· apply the principle of least privilege
· interpret permissions
· check access
Implement platform protection (15-20%)
Implement advanced network security
· secure the connectivity of virtual networks (VPN authentication, Express Route
· encryption)
· configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
· create and configure Azure Firewall
· implement Azure Firewall Manager
· configure Azure Front Door service as an Application Gateway
· configure a Web Application Firewall (WAF) on Azure Application Gateway
· configure Azure Bastion
· configure a firewall on a storage account, Azure SQL, Key Vault, or App Service
· implement Service Endpoints
· implement DDoS protection
Configure advanced security for compute
· configure endpoint protection
· configure and monitor system updates for VMs
· configure authentication for Azure Container Registry
· configure security for different types of containers
· implement vulnerability management
· configure isolation for AKS
· configure security for container registry
· implement Azure Disk Encryption
· configure authentication and security for Azure App Service
· configure SSL/TLS certs
· configure authentication for Azure Kubernetes Service
· configure automatic updates
Manage security operations (25-30%)
Monitor security by using Azure Monitor
· create and customize alerts
· monitor security logs by using Azure Monitor
· configure diagnostic logging and log retention
· Monitor security by using Azure Security Center
· evaluate vulnerability scans from Azure Security Center
· configure Just in Time VM access by using Azure Security Center
· configure centralized policy management by using Azure Security Center
· configure compliance policies and evaluate for compliance by using Azure Security
· Center
· configure workflow automation by using Azure Security Center
Monitor security by using Azure Sentinel
· create and customize alerts
· configure data sources to Azure Sentinel
· evaluate results from Azure Sentinel
· configure a playbook by using Azure Sentinel
Configure security policies
· configure security settings by using Azure Policy
· configure security settings by using Azure Blueprint
Secure data and applications (20-25%)
Configure security for storage
· configure access control for storage accounts
· configure key management for storage accounts
· configure Azure AD authentication for Azure Storage
· configure Azure AD Domain Services authentication for Azure Files
· create and manage Shared Access Signatures (SAS)
· create a shared access policy for a blob or blob container
· configure Storage Service Encryption
· configure Azure Defender for Storage
Configure security for databases
· enable database authentication
· enable database auditing
· configure Azure Defender for SQL
· configure Azure SQL Database Advanced Threat Protection
· implement database encryption
o implement Azure SQL Database Always Encrypted
Configure and manage Key Vault
· manage access to Key Vault
· manage permissions to secrets, certificates, and keys
· configure RBAC usage in Azure Key Vault
· manage certificates
· manage secrets
· configure key rotation
· backup and restore of Key Vault items
· configure Azure Defender for Key Vault
This practice test will help you prepare and pass the real official exam test environment. Questions include:
- Answers with detailed explanation.
- Reference links to official and unofficial documentation.
- Illustrations to prepare for the exam.
Join us and get ready to pass!! 🙂
Content