Microsoft Cybersecurity Architect Exam Ref SC-100 : Ace the SC-100 Exam and Develop Cutting-Edge Cybersecurity Strategies / Dwayne Natwick, Graham Gold, and Abu Zobayer.

Format:

Book

Author/Creator:

Natwick, Dwayne, author.

Gold, Graham, author.

Zobayer, Abu, author.

Language:

English

Subjects (All):

Computer networks--Security measures--Examinations--Study guides.

Computer networks.

Computer security--Examinations--Study guides.

Computer security.

Physical Description:

1 online resource (301 pages)

Edition:

Second edition.

Place of Publication:

Birmingham, England : Packt Publishing Ltd., [2023]

System Details:

Mode of access: World Wide Web.

Summary:

This Second Edition of Microsoft Cybersecurity Architect Exam Ref SC-100 is a comprehensive guide that will help cybersecurity professionals design and evaluate the cybersecurity architecture of Microsoft cloud services. Packed with practice questions, mock exams, interactive flashcards, and invaluable exam tips, this comprehensive resource gives you everything you need to conquer the SC-100 exam with confidence. This book will take you through designing a strategy for a cybersecurity architecture and evaluating the governance, risk, and compliance (GRC) of the architecture of both cloud-only and hybrid infrastructures. You'll discover how to implement zero trust principles, enhance security operations, and elevate your organization's security posture. By the end of this book, you'll be fully equipped to plan, design, and assess cybersecurity frameworks for Microsoft cloud environments—and pass the SC-100 exam with flying colors. Ready to take your cybersecurity expertise to the next level? This guide is your key to success.

Contents:

Cover

FM

Copyright

Contributors

Table of Contents

Preface

Chapter 1: Cybersecurity in the Cloud

Making the Most of This Book - Your Certification and Beyond

What Is Cybersecurity?

Significance in Modern Business

Cybersecurity in the Context of the SC-100 Exam

Evolution of Cybersecurity from On-Premises to the Cloud

Defense-in-Depth Security Strategy

Building a Defense-in-Depth Security Posture

Shared Responsibility in Cloud Security

Understanding the Stages of a Cyber-Attack

How Cybersecurity Architecture Can Protect Against These Threats

Security Operations

Understanding the Scope of Cybersecurity in the Cloud

Shared Responsibility Scope

Principles of the Zero-Trust Methodology

Common Threats and Attacks

Internal Threats

External Threats

Defense in Depth: A Real-Life Example

Additional Example: Okta

Initial Signs of Compromise

Impact

Remediation

Defense in Depth

Summary

Exam Readiness Drill - Chapter Review Section

Chapter 2: Build an Overall Security Strategy and Architecture

Identifying the Integration Points in an Architecture by Using the Microsoft Cybersecurity Reference Architectures

How is the MCRA Used?

What Are the Components of the MCRA?

Translating Business Goals into Security Requirements

Threat Analysis

Translating Security Requirements into Technical Capabilities

Physical

Identity and A ccess

Perimeter security

Network Security

Compute

Applications

Data

Designing Security for a Resiliency Strategy

Integrating a Hybrid or Multi-Tenant Environment into a Security Strategy

Developing a Technical and Governance Strategy for Traffic Filtering and Segmentation

North-South/East-West Network Traffic and Segmentation

Exam Readiness Drill - Chapter Review Section.

Chapter 3: Design a Security Operations Strategy

Designing a Logging and Auditing Strategy to Support Security Operations, Including Microsoft Purview Audit

Security Operations Overview

Microsoft Security Operations Tools

Logging and Auditing for Threat and Vulnerability Detection

Microsoft Purview Audit

Developing Security Operations to Support a Hybrid or Multi-Cloud Environment

Designing a strategy for SIEM and SOAR

Evaluating Security Workflows

Security Strategies for Incident Management and Response

Security Workflows

Evaluating a Security Operations Strategy for the Incident Management Life Cycle

Evaluating a Security Operations Strategy to Share Technical Threat Intelligence

Leveraging Artificial Intelligence to Enhance Security Operations

Microsoft Copilot for Security

Chapter 4: Design an Identity Security Strategy

Zero Trust for Identity and Access Management

Designing a Strategy for Access to Cloud Resources

Recommending an Identity Store

Microsoft Entra Tenant Synchronization with SCIM

External Identities

Recommending an Authentication and Authorization Strategy

Hybrid Identity Infrastructure

Secure Authorization Methods

Designing a Strategy for CA

Microsoft Entra Identity Protection

Designing a Strategy for CAE

Designing a Strategy for Role Assignment and Delegation

Designing a Security Strategy for Privileged Role Access

Microsoft Entra ID PIM

Designing a Security Strategy for Privileged Activities

Privileged Access Reviews

Entitlement Management (aka Permission Management)

Cloud Tenant Administration

Case study - Designing a Zero-Trust Architecture

Chapter 5: Design a Regulatory Compliance Strategy.

Interpreting Compliance Requirements and Translating Them into Specific Technical Capabilities

Evaluating Infrastructure Compliance by Using Microsoft Defender for Cloud

Interpreting Compliance Scores and Recommending Actions to Resolve Issues or Improve Security

Designing an Implementation of Azure Policy

Designing for Data Residency Requirements

Translating Privacy Requirements into Requirements for Security Solutions

Case Study - Designing for Regulatory Compliance

Chapter 6: Evaluate Security Posture and Recommend Technical Strategies to Manage Risk

Evaluating the Security Posture Using Benchmarks

Evaluating the Security Posture Using Microsoft Defender for Cloud

Evaluating the Security Posture by Using Secure Score

Evaluating the Security Posture of Cloud Workloads

Designing Security for an Azure Landing Zone

Interpreting Technical Threat Intelligence and Recommending Risk Mitigations

Recommending Security Capabilities or Controls to Mitigate Identified Risks

Evaluating the Security of Internet Assets with Microsoft Defender EASM

Case Study - Evaluating the Security Posture

Chapter 7: Design a Strategy for Securing Server and Client Endpoints

Planning and Implementing a Security Strategy across Teams

Specifying Security Baselines for Server and Client Endpoints

Specifying Security Requirements for Servers, Including Multiple Platforms and Operating Systems

Specifying Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration

Evaluating Windows LAPS Solutions

How Do You Manage Local Admin Passwords in Windows?

Introduction of Microsoft LAPS

Replacement of Microsoft LAPS with Windows LAPS.

Deployment Considerations for Windows LAPS

Specifying requirements to Secure AD DS

Designing a Strategy to Manage Secrets, Keys, and Certificates

Designing a Strategy for Secure Remote Access

Remote Management of Servers and Applications

Remote Management of Mobile Devices and Clients

Understanding Security Operations Frameworks, Processes, and Procedures

Case Study - Designing a Secure Architecture for Endpoints

Chapter 8: Design a Strategy for Securing SaaS, PaaS, and IaaS

Specifying Security Baselines for SaaS, PaaS, and IaaS Services

Security Baselines for SaaS

Security Baselines for IaaS

Security Baselines for PaaS

Specifying Security Requirements for IoT Devices and Connected Systems

Device Security

Connection Security

Cloud Security

Evaluating Solutions for Securing OT and Industrial Control Systems (ICSs) by Using Microsoft Defender for IoT

Cloud-Connected Sensors

Local OT Sensors

Specifying Security Requirements for Data Workloads, Including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB

Specifying Security Requirements for Storage Workloads, Including Azure Storage

Specifying Security Requirements for Web Workloads, Including Azure App Service

Specifying Security Requirements for Containers

Specifying Security Requirements for Container Orchestration

Evaluating Solutions That Include Azure AI Services Security

What Are Azure AI Services?

Security Considerations

Case Study - Security Requirements for IaaS, PaaS, and SaaS

Chapter 9: Specify Security Requirements for Applications

Specifying Priorities for Mitigating Threats to Applications

Identity and Secret Handling and Use

Segmentation and Configuration.

Static and Dynamic Testing

Data Handling and Access

Security Posture Management and Workload Protection

Specifying a Security Standard for Onboarding a New Application

Designing a Security Solution for API Management

Case Study - Security Requirements for Applications

Chapter 10: Design a Strategy for Securing Data

Specifying Priorities for Mitigating Threats to Data

Managing the Risk to Data

Ransomware Protection and Recovery

Designing a Strategy to Identify and Protect Sensitive Data

Specifying an Encryption Standard for Data at Rest and in Motion

Encryption at Rest

Data Masking

Encryption in Transit

Managing Data Encryption Security with Azure Key Vault

Case Study - Designing a Strategy to Secure Data

Chapter 11: Accessing the Online Practice Resources

Index

Other Books You May Enjoy.

Notes:

Includes bibliographical references and index.

Description based on publisher supplied metadata and other sources.

Description based on print version record.

Other Format:

Print version: Natwick, Dwayne Microsoft Cybersecurity Architect Exam Ref SC-100

ISBN:

9781836208501

OCLC:

1468098716