+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

MCA Microsoft Certified Associate Azure Security Engineer Study Guide. Exam AZ-500. Edition No. 1. Sybex Study Guide

  • Book

  • 352 Pages
  • November 2022
  • John Wiley and Sons Ltd
  • ID: 5841480
Prepare for the MCA Azure Security Engineer certification exam faster and smarter with help from Sybex

In the MCA Microsoft Certified Associate Azure Security Engineer Study Guide: Exam AZ-500, cybersecurity veteran Shimon Brathwaite walks you through every step you need to take to prepare for the MCA Azure Security Engineer certification exam and a career in Azure cybersecurity. You’ll find coverage of every domain competency tested by the exam, including identity management and access, platform protection implementation, security operations management, and data and application security.

You’ll learn to maintain the security posture of an Azure environment, implement threat protection, and respond to security incident escalations. Readers will also find: - Efficient and accurate coverage of every topic necessary to succeed on the MCA Azure Security Engineer exam - Robust discussions of all the skills you need to hit the ground running at your first - or next - Azure cybersecurity job - Complementary access to online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary

The MCA Azure Security Engineer AZ-500 exam is a challenging barrier to certification. But you can prepare confidently and quickly with this latest expert resource from Sybex. It’s ideal for anyone preparing for the AZ-500 exam or seeking to step into their next role as an Azure security engineer.

Table of Contents

Introduction xix

Assessment Test xxv

Chapter 1 Introduction to Microsoft Azure 1

What Is Microsoft Azure? 3

Cloud Environment Security Objectives 4

Confidentiality 4

Integrity 4

Availability 5

Nonrepudiation 5

Common Security Issues 5

Principle of Least Privilege 5

Zero- Trust Model 6

Defense in Depth 6

Avoid Security through Obscurity 9

The AAAs of Access Management 9

Encryption 10

End- to- End Encryption 11

Symmetric Key Encryption 11

Asymmetric Key Encryption 11

Network Segmentation 13

Basic Network Configuration 13

Unsegmented Network Example 14

Internal and External Compliance 15

Cybersecurity Considerations for the Cloud Environment 16

Configuration Management 17

Unauthorized Access 17

Insecure Interfaces/APIs 17

Hijacking of Accounts 17

Compliance 18

Lack of Visibility 18

Accurate Logging 18

Cloud Storage 18

Vendor Contracts 19

Link Sharing 19

Major Cybersecurity Threats 19

DDoS 19

Social Engineering 20

Password Attacks 21

Malware 21

Summary 24

Exam Essentials 24

Review Questions 26

Chapter 2 Managing Identity and Access in Microsoft Azure 29

Identity and Access Management 31

Identifying Individuals in a System 31

Identifying and Assigning Roles in a System and to an Individual 32

Assigning Access Levels to Individuals or Groups 33

Adding, Removing, and Updating Individuals and Their Roles in a System 33

Protecting a System’s Sensitive Data and Securing the System 33

Enforcing Accountability 34

IAM in the Microsoft Azure Platform 34

Creating and Managing Azure AD Identities 34

Managing Azure AD Groups 37

Managing Azure Users 39

Adding Users to Your Azure AD 39

Managing External Identities Using Azure AD 40

Managing Secure Access Using Azure Active Directory 42

Implementing Conditional Access Policies, Including MFA 44

Implementing Azure AD Identity Protection 45

Enabling the Policies 47

Implement Passwordless Authentication 50

Configuring an Access Review 52

Managing Application Access 57

Integrating Single Sign- On and Identity Providers for Authentication 57

Creating an App Registration 58

Configuring App Registration Permission Scopes 58

Managing App Registration Permission Consent 59

Managing API Permission to Azure Subscriptions 60

Configuring an Authentication Method for a Service Principal 61

Managing Access Control 62

Interpret Role and Resource Permissions 62

Configuring Azure Role Permissions for Management Groups, Subscriptions, Resource Groups, and Resources 63

Assigning Built- In Azure AD Roles 64

Creating and Assigning Custom Roles, Including Azure Roles and Azure AD Roles 65

Summary 66

Exam Essentials 67

Review Questions 70

Chapter 3 Implementing Platform Protections 73

Implementing Advanced Network Security 75

Securing Connectivity of Hybrid Networks 75

Securing Connectivity of Virtual Networks 77

Creating and Configuring Azure Firewalls 78

Azure Firewall Premium 79

Creating and Configuring Azure Firewall Manager 82

Creating and Configuring Azure Application Gateway 82

Creating and Configuring Azure Front Door 87

Creating and Configuring a Web Application Firewall 91

Configuring Network Isolation for Web Apps and Azure Functions 93

Implementing Azure Service Endpoints 94

Implementing Azure Private Endpoints, Including Integrating with Other Services 97

Implementing Azure Private Link 98

Implementing Azure DDoS Protection 101

Configuring Enhanced Security for Compute 102

Configuring Azure Endpoint Protection for VMs 102

Enabling Update Management in Azure Portal 104

Configuring Security for Container Services 108

Managing Access to the Azure Container Registry 109

Configuring Security for Serverless Compute 109

Microsoft Recommendations 111

Configuring Security for an Azure App Service 112

Exam Essentials 118

Review Questions 122

Chapter 4 Managing Security Operations 125

Configure Centralized Policy Management 126

Configure a Custom Security Policy 126

Create Custom Security Policies 127

Creating a Policy Initiative 128

Configuring Security Settings and Auditing by Using Azure Policy 129

Configuring and Managing Threat Protection 130

Configuring Microsoft Defender for Cloud for Servers (Not Including Microsoft Defender for Endpoint) 131

Configuring Microsoft Defender for SQL 134

Using the Microsoft Threat Modeling Tool 139

Azure Monitor 147

Visualizations in Azure Monitor 148

Configuring and Managing Security Monitoring Solutions 149

Creating and Customizing Alert Rules by Using Azure Monitor 149

Configuring Diagnostic Logging and Retention Using Azure Monitor 157

Monitoring Security Logs Using Azure Monitor 159

Microsoft Sentinel 167

Configuring Connectors in Microsoft Sentinel 170

Evaluating Alerts and Incidents in Microsoft Sentinel 175

Summary 176

Exam Essentials 177

Review Questions 179

Chapter 5 Securing Data and Applications 183

Configuring Security for Storage in Azure 184

Storage Account Access Keys 185

Configuring Access Control for Storage Accounts 185

Configuring Storage Account Access Keys 189

Configuring Azure AD Authentication for Azure Storage and Azure Files 191

Configuring Delegated Access for Storage Accounts 202

Configuring Security for Databases 220

Summary 254

Exam Essentials 255

Review Questions 257

Appendix A An Azure Security Tools Overview 261

Chapter 2, “Managing Identity and Access on Microsoft Azure” 262

Azure Active Directory (AD) 262

Microsoft Authenticator App 265

Azure API Management 265

Chapter 3, “Implementing Platform Protections” 266

Azure Firewall 266

Azure Firewall Manager 267

Azure Application Gateway 269

Azure Front Door 273

Web Application Firewall 273

Azure Service Endpoints 274

Azure Private Links 274

Azure DDoS Protection 275

Microsoft Defender for Cloud 276

Azure Container Registry 277

Azure App Service 278

Chapter 4, “Managing Security Operations” 279

Azure Policy 279

Microsoft Threat Modeling Tool 281

Microsoft Sentinel 287

How Does Microsoft Sentinel Work? 289

Automation 290

Chapter 5, “Securing Data and Applications” 290

Azure Key Vault 299

Appendix B Answers to Review Questions 301

Chapter 1: Introduction to Microsoft Azure 302

Chapter 2: Managing Identity and Access in Microsoft Azure 303

Chapter 3: Implementing Platform Protections 304

Chapter 4: Managing Security Operations 305

Chapter 5: Securing Data and Applications 306
Index 309

Authors

Shimon Brathwaite