MCE Microsoft certified expert cybersecurity architect study guide : exam SC-100 / Kathiravan Udayakumar and Puthiyavan Udayakumar.

Format:

Book

Author/Creator:

Udayakumar, Kathiravan, author.

Udayakumar, Puthiyavan, author.

Language:

English

Subjects (All):

Computer security--Examinations--Study guides.

Computer security.

Computer architecture--Examinations--Study guides.

Computer architecture.

Physical Description:

1 online resource (515 pages)

Edition:

1st.

Place of Publication:

Hoboken, NJ : John Wiley & Sons, Inc., [2023]

Summary:

Prep for the SC-100 exam like a pro with Sybex' latest Study Guide In the MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100, a team of dedicated software architects delivers an authoritative and easy-to-follow guide to preparing for the SC-100 Cybersecurity Architect certification exam offered by Microsoft. In the book, you'll find comprehensive coverage of the objectives tested by the exam, covering the evaluation of Governance Risk Compliance technical and security operations strategies, the design of Zero Trust strategies and architectures, and data and application strategy design. With the information provided by the authors, you'll be prepared for your first day in a new role as a cybersecurity architect, gaining practical, hands-on skills with modern Azure deployments. You'll also find: In-depth discussions of every single objective covered by the SC-100 exam and, by extension, the skills necessary to succeed as a Microsoft cybersecurity architect Critical information to help you obtain a widely sought-after credential that is increasingly popular across the industry (especially in government roles) Valuable online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of crucial technical terms An essential roadmap to the SC-100 exam and a new career in cybersecurity architecture on the Microsoft Azure cloud platform, MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 is also ideal for anyone seeking to improve their knowledge and understanding of cloud-based management and security.

Contents:

Cover

Title Page

Copyright Page

Acknowledgments

About the Authors

About the Technical Editor

Contents at a Glance

Contents

Introduction

What Is Azure?

About the SC-100 Certification Exam

Why Become a Certified Microsoft Azure Cybersecurity Architect?

Preparing to Become a Certified Microsoft Cybersecurity Architect

How to Become a Certified Microsoft Cybersecurity Architect

Who Should Buy This Book

How This Book Is Organized

Chapter Features

Bonus Digital Contents

Conventions Used in This Book

Using This Book

Technology Requirements

SC-100 Exam Objectives

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1 Define and Implement an Overall Security Strategy and Architecture

Basics of Cloud Computing

The Need for the Cloud

Cloud Service Models

Cloud Deployment Models

Introduction to Cybersecurity

The Need for Cybersecurity

Cybersecurity Domains

Getting Started with Zero Trust

NIST Abstract Definition of Zero Trust

Key Benefits of Zero Trust

Guiding Principles of Zero Trust

Zero Trust Architecture

Design Integration Points in an Architecture

Security Operations Center

Software as a Service

Hybrid Infrastructure-IaaS, PaaS, On-Premises

Endpoints and Devices

Information Protection

Identity and Access

People Security

IOT and Operational Technology

Design Security Needs to Be Based on Business Goals

Define Strategy

Prepare Plan

Get Ready

Adopt

Secure

Manage

Govern

Decode Security Requirements to Technical Abilities

Resource Planning and Hardening

Design Security for a Resiliency Approach

Before an Incident

During an Incident

After an Incident

Feedback Loop

Identify the Security Risks Associated with Hybrid and Multi-Tenant Environments.

Deploy a Secure Hybrid Identity Environment

Deploy a Secure Hybrid Network

Design a Multi-Tenancy Environment

Responsiveness to Individual Tenants' Needs

Plan Traffic Filtering and Segmentation Technical and Governance Strategies

Logically Segmented Subnets

Deploy Perimeter Networks for Security Zones

Avoid Exposure to the Internet with Dedicated WAN Links

Use Virtual Network Appliances

Summary

Exam Essentials

Review Questions

Chapter 2 Define a Security Operations Strategy

Foundation of Security Operations and Strategy

SOC Operating Model

SOC Framework

SOC Operations

Microsoft SOC Strategy for Azure Cloud

Microsoft SOC Function for Azure Cloud

Microsoft SOC Integration Among SecOps and Business Leadership

Microsoft SOC People and Process

Microsoft SOC Metrics

Microsoft SOC Modernization

SOC MITRE ATT&amp

CK

Design a Logging and Auditing Strategy to Support Security Operations

Overview of Azure Logging Capabilities

Develop Security Operations to Support a Hybrid or Multi-Cloud Environment

Integrated Operations for Hybrid and Multi-Cloud Environments

Customer Processes

Primary Cloud Controls

Hybrid, Multi-Cloud Gateway, and Enterprise Control Plane

Azure Security Operation Services

Using Microsoft Sentinel and Defender for Cloud to Monitor Hybrid Security

Design a Strategy for SIEM and SOAR

Security Operations Center Best Practices for SIEM and SOAR

Evaluate Security Workflows

Microsoft Best Practices for Incident Response

Microsoft Best Practices for Recovery

Azure Workflow Automation Uses a Few Key Technologies

Evaluate a Security Operations Strategy for the Incident Management Life Cycle

Preparation

Detection and Analysis

Containment, Eradication, and Recovery.

Evaluate a Security Operations Strategy for Sharing Technical Threat Intelligence

Microsoft Sentinel's Threat Intelligence

Defender for Endpoint's Threat Intelligence

Defender for IoT's Threat Intelligence

Defender for Cloud's Threat Intelligence

Microsoft 365 Defender's Threat Intelligence

Chapter 3 Define an Identity Security Strategy

Design a Strategy for Access to Cloud Resources

Deployment Objectives for Identity Zero Trust

Microsoft's Method to Identity Zero Trust Deployment

Recommend an Identity Store (Tenants, B2B, B2C, Hybrid)

Recommend an Authentication and Authorization Strategy

Cloud Authentication

Federated Authentication

Secure Authorization

Design a Strategy for Conditional Access

Conditional Access Zero Trust Architecture

Verify Explicitly

Use Least-PrivilegedAccess

Assume Breach

Summary of Personas

Design a Strategy for Role Assignment and Delegation

Design a Security Strategy for Privileged Role Access to Infrastructure Including Identity-Based Firewall Rules and Azure PIM

Securing Privileged Access

Develop a Road Map

Best Practices for Managing Identity and Access on the Microsoft Platform

Design a Security Strategy for Privileged Activities Including PAM, Entitlement Management, and Cloud Tenant Administration

Developing a Privileged Access Strategy

Azure AD Entitlement Management

Chapter 4 Identify a Regulatory Compliance Strategy

Interpret Compliance Requirements and Translate into Specific Technical Capabilities

Review the Organization Requirements

Design a Compliance Strategy

Key Compliance Consideration

Evaluate Infrastructure Compliance by Using Microsoft Defender for Cloud.

Protect All of Your IT Resources Under One Roof

Interpret Compliance Scores and Recommend Actions to Resolve Issues or Improve Security

Design and Validate Implementation of Azure Policy

Design for Data Residency Requirements

Storage of Data for Regional Services

Storage of Data for Nonregional Services

Data Sovereignty

Personal Data

Azure Policy Consideration

Azure Blueprints Consideration

Protecting Organizational Data

Encryption of Data at Rest

Encryption of Data in Transit

Encryption During Data Processing

Azure Customer Lockbox

Translate Privacy Requirements into Requirements for Security Solutions

Leverage Azure Policy

Chapter 5 Identify Security Posture and Recommend Technical Strategies to Manage Risk

Analyze Security Posture by Using Azure Security Benchmark

Evaluating Security Posture in Azure Workloads

Analyze Security Posture by Using Microsoft Defender for Cloud

Assess the Security Hygiene of Cloud Workloads

Evaluate the Security Posture of Cloud Workloads

Design Security for an Azure Landing Zone

Design Security Review

Security Design Considerations

Security in the Azure Landing Zone Accelerator

Improve Security in the Azure Landing Zone

Evaluate Security Postures by Using Secure Scores

Identify Technical Threats and Recommend Mitigation Measures

Recommend Security Capabilities or Controls to Mitigate Identified Risks

Chapter 6 Define a Strategy for Securing Infrastructure

Plan and Deploy a Security Strategy Across Teams

Security Roles and Responsibilities

Security Strategy Considerations

Deliverables

Best Practices for Building a Security Strategy

Strategy Approval.

Deploy a Process for Proactive and Continuous Evolution of a Security Strategy

Considerations in Security Planning

Establish Essential Security Practices

Security Management Strategy

Continuous Assessment

Continuous Strategy Evolution

Specify Security Baselines for Server and Client Endpoints

What Are Security Baselines?

What Is Microsoft Intune?

What Are Security Compliance Toolkits?

Foundation Principles of Baselines

Selecting the Appropriate Baseline

Specify Security Baselines for the Server, Including Multiple Platforms and Operating Systems

Analyze Security Configuration

Secure Servers (Domain Members)

Specify Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration

App Isolation and Control

Choose Between Device Management and Application Management

Device Settings

Client Requirements

Specify Requirements for Securing Active Directory Domain Services

Securing Domain Controllers Against Attack

Microsoft Defender for Identity

Design a Strategy to Manage Secrets, Keys, and Certificates

Manage Access to Secrets, Certificates, and Keys

Restrict Network Access

Design a Strategy for Secure Remote Access

Design a Strategy for Securing Privileged Access

Chapter 7 Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services

Establish Security Baselines for SaaS, PaaS, and IaaS Services

PaaS Security Baseline

IaaS Security Baseline

Establish Security Requirements for IoT Workloads

Establish Security Requirements for Data Workloads, Including SQL Server, Azure SQL, Azure Synapse, and Azure Cosmos DB

Security Posture Management for Data

Databases

Define the Security Requirements for Web Workloads.

Security Posture Management for App Service.

Notes:

Description based on print version record.

Includes index.

Other Format:

Print version: Udayakumar, Kathiravan MCE Microsoft Certified Expert Cybersecurity Architect Study Guide

ISBN:

9781394180226

1394180225

9781394180233

1394180233

OCLC:

1376932057