MCE Microsoft Certified Expert Cybersecurity Architect Study Guide
Exam SC-100
1st Edition
Published on 12. April 2023
512 pages
978-1-394-18023-3 (ISBN)
Description
Prep for the SC-100 exam like a pro with Sybex' latest Study Guide
In the MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100, a team of dedicated software architects delivers an authoritative and easy-to-follow guide to preparing for the SC-100 Cybersecurity Architect certification exam offered by Microsoft. In the book, you'll find comprehensive coverage of the objectives tested by the exam, covering the evaluation of Governance Risk Compliance technical and security operations strategies, the design of Zero Trust strategies and architectures, and data and application strategy design.
With the information provided by the authors, you'll be prepared for your first day in a new role as a cybersecurity architect, gaining practical, hands-on skills with modern Azure deployments. You'll also find:
* In-depth discussions of every single objective covered by the SC-100 exam and, by extension, the skills necessary to succeed as a Microsoft cybersecurity architect
* Critical information to help you obtain a widely sought-after credential that is increasingly popular across the industry (especially in government roles)
* Valuable online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of crucial technical terms
An essential roadmap to the SC-100 exam and a new career in cybersecurity architecture on the Microsoft Azure cloud platform, MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 is also ideal for anyone seeking to improve their knowledge and understanding of cloud-based management and security.
In the MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100, a team of dedicated software architects delivers an authoritative and easy-to-follow guide to preparing for the SC-100 Cybersecurity Architect certification exam offered by Microsoft. In the book, you'll find comprehensive coverage of the objectives tested by the exam, covering the evaluation of Governance Risk Compliance technical and security operations strategies, the design of Zero Trust strategies and architectures, and data and application strategy design.
With the information provided by the authors, you'll be prepared for your first day in a new role as a cybersecurity architect, gaining practical, hands-on skills with modern Azure deployments. You'll also find:
* In-depth discussions of every single objective covered by the SC-100 exam and, by extension, the skills necessary to succeed as a Microsoft cybersecurity architect
* Critical information to help you obtain a widely sought-after credential that is increasingly popular across the industry (especially in government roles)
* Valuable online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of crucial technical terms
An essential roadmap to the SC-100 exam and a new career in cybersecurity architecture on the Microsoft Azure cloud platform, MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 is also ideal for anyone seeking to improve their knowledge and understanding of cloud-based management and security.
More details
Other editions
Additional editions
Udayakumar
MCE Microsoft Certified Expert Cybersecurity Archi tect Study Guide: Exam SC-100
Exam SC-100
Book
05/2023
1st Edition
Sybex Inc.,U.S.
€53.00
Shipment within 15-20 days
Persons
ABOUT THE AUTHORS
KATHIRAVAN UDAYAKUMAR is Head of Delivery and Chief Architect for Oracle Digital Technologies (Europe Practice) at Cognizant, covering various elements of technology stack in on-prem and cloud. He has over 18 years of experience in architecture, design, implementation, administration and integration with Green-field IT Systems, ERP, Cloud Platforms and Solutions across various business domains and Industries. He has had a passion for networking since he was an undergraduate and becoming a Cisco Certified Network Associate (CCNA).
PUTHIYAVAN UDAYAKUMAR is an infrastructure architect with over 14 years of experience in modernizing and securing IT infrastructure, including the Cloud. He has been writing technical books for more than ten years on various infrastructure and security domains. He has designed, deployed, and secured IT infrastructure out of on-premises and Cloud, including virtual servers, networks, storage, and desktops for various industries, including pharmaceutical, banking, healthcare, aviation, federal entities, etc. He is an open group certified Master certified architect.
Content
- Cover
- Title Page
- Copyright Page
- Acknowledgments
- About the Authors
- About the Technical Editor
- Contents at a Glance
- Contents
- Introduction
- What Is Azure?
- About the SC-100 Certification Exam
- Why Become a Certified Microsoft Azure Cybersecurity Architect?
- Preparing to Become a Certified Microsoft Cybersecurity Architect
- How to Become a Certified Microsoft Cybersecurity Architect
- Who Should Buy This Book
- How This Book Is Organized
- Chapter Features
- Bonus Digital Contents
- Conventions Used in This Book
- Using This Book
- Technology Requirements
- SC-100 Exam Objectives
- How to Contact the Publisher
- Assessment Test
- Answers to Assessment Test
- Chapter 1 Define and Implement an Overall Security Strategy and Architecture
- Basics of Cloud Computing
- The Need for the Cloud
- Cloud Service Models
- Cloud Deployment Models
- Introduction to Cybersecurity
- The Need for Cybersecurity
- Cybersecurity Domains
- Getting Started with Zero Trust
- NIST Abstract Definition of Zero Trust
- Key Benefits of Zero Trust
- Guiding Principles of Zero Trust
- Zero Trust Architecture
- Design Integration Points in an Architecture
- Security Operations Center
- Software as a Service
- Hybrid Infrastructure-IaaS, PaaS, On-Premises
- Endpoints and Devices
- Information Protection
- Identity and Access
- People Security
- IOT and Operational Technology
- Design Security Needs to Be Based on Business Goals
- Define Strategy
- Prepare Plan
- Get Ready
- Adopt
- Secure
- Manage
- Govern
- Decode Security Requirements to Technical Abilities
- Resource Planning and Hardening
- Design Security for a Resiliency Approach
- Before an Incident
- During an Incident
- After an Incident
- Feedback Loop
- Identify the Security Risks Associated with Hybrid and Multi-Tenant Environments
- Deploy a Secure Hybrid Identity Environment
- Deploy a Secure Hybrid Network
- Design a Multi-Tenancy Environment
- Responsiveness to Individual Tenants' Needs
- Plan Traffic Filtering and Segmentation Technical and Governance Strategies
- Logically Segmented Subnets
- Deploy Perimeter Networks for Security Zones
- Avoid Exposure to the Internet with Dedicated WAN Links
- Use Virtual Network Appliances
- Summary
- Exam Essentials
- Review Questions
- Chapter 2 Define a Security Operations Strategy
- Foundation of Security Operations and Strategy
- SOC Operating Model
- SOC Framework
- SOC Operations
- Microsoft SOC Strategy for Azure Cloud
- Microsoft SOC Function for Azure Cloud
- Microsoft SOC Integration Among SecOps and Business Leadership
- Microsoft SOC People and Process
- Microsoft SOC Metrics
- Microsoft SOC Modernization
- SOC MITRE ATT&CK
- Design a Logging and Auditing Strategy to Support Security Operations
- Overview of Azure Logging Capabilities
- Develop Security Operations to Support a Hybrid or Multi-Cloud Environment
- Integrated Operations for Hybrid and Multi-Cloud Environments
- Customer Processes
- Primary Cloud Controls
- Hybrid, Multi-Cloud Gateway, and Enterprise Control Plane
- Azure Security Operation Services
- Using Microsoft Sentinel and Defender for Cloud to Monitor Hybrid Security
- Design a Strategy for SIEM and SOAR
- Security Operations Center Best Practices for SIEM and SOAR
- Evaluate Security Workflows
- Microsoft Best Practices for Incident Response
- Microsoft Best Practices for Recovery
- Azure Workflow Automation Uses a Few Key Technologies
- Evaluate a Security Operations Strategy for the Incident Management Life Cycle
- Preparation
- Detection and Analysis
- Containment, Eradication, and Recovery
- Evaluate a Security Operations Strategy for Sharing Technical Threat Intelligence
- Microsoft Sentinel's Threat Intelligence
- Defender for Endpoint's Threat Intelligence
- Defender for IoT's Threat Intelligence
- Defender for Cloud's Threat Intelligence
- Microsoft 365 Defender's Threat Intelligence
- Summary
- Exam Essentials
- Review Questions
- Chapter 3 Define an Identity Security Strategy
- Design a Strategy for Access to Cloud Resources
- Deployment Objectives for Identity Zero Trust
- Microsoft's Method to Identity Zero Trust Deployment
- Recommend an Identity Store (Tenants, B2B, B2C, Hybrid)
- Recommend an Authentication and Authorization Strategy
- Cloud Authentication
- Federated Authentication
- Secure Authorization
- Design a Strategy for Conditional Access
- Conditional Access Zero Trust Architecture
- Verify Explicitly
- Use Least-PrivilegedAccess
- Assume Breach
- Conditional Access Zero Trust Architecture
- Summary of Personas
- Design a Strategy for Role Assignment and Delegation
- Design a Security Strategy for Privileged Role Access to Infrastructure Including Identity-Based Firewall Rules and Azure PIM
- Securing Privileged Access
- Develop a Road Map
- Best Practices for Managing Identity and Access on the Microsoft Platform
- Design a Security Strategy for Privileged Activities Including PAM, Entitlement Management, and Cloud Tenant Administration
- Developing a Privileged Access Strategy
- Azure AD Entitlement Management
- Summary
- Exam Essentials
- Review Questions
- Chapter 4 Identify a Regulatory Compliance Strategy
- Interpret Compliance Requirements and Translate into Specific Technical Capabilities
- Review the Organization Requirements
- Design a Compliance Strategy
- Key Compliance Consideration
- Evaluate Infrastructure Compliance by Using Microsoft Defender for Cloud
- Protect All of Your IT Resources Under One Roof
- Interpret Compliance Scores and Recommend Actions to Resolve Issues or Improve Security
- Design and Validate Implementation of Azure Policy
- Design for Data Residency Requirements
- Storage of Data for Regional Services
- Storage of Data for Nonregional Services
- Data Sovereignty
- Personal Data
- Azure Policy Consideration
- Azure Blueprints Consideration
- Protecting Organizational Data
- Encryption of Data at Rest
- Encryption of Data in Transit
- Encryption During Data Processing
- Azure Customer Lockbox
- Translate Privacy Requirements into Requirements for Security Solutions
- Leverage Azure Policy
- Summary
- Exam Essentials
- Review Questions
- Chapter 5 Identify Security Posture and Recommend Technical Strategies to Manage Risk
- Analyze Security Posture by Using Azure Security Benchmark
- Evaluating Security Posture in Azure Workloads
- Analyze Security Posture by Using Microsoft Defender for Cloud
- Assess the Security Hygiene of Cloud Workloads
- Evaluate the Security Posture of Cloud Workloads
- Design Security for an Azure Landing Zone
- Design Security Review
- Security Design Considerations
- Security in the Azure Landing Zone Accelerator
- Improve Security in the Azure Landing Zone
- Evaluate Security Postures by Using Secure Scores
- Identify Technical Threats and Recommend Mitigation Measures
- Recommend Security Capabilities or Controls to Mitigate Identified Risks
- Summary
- Exam Essentials
- Review Questions
- Chapter 6 Define a Strategy for Securing Infrastructure
- Plan and Deploy a Security Strategy Across Teams
- Security Roles and Responsibilities
- Security Strategy Considerations
- Deliverables
- Best Practices for Building a Security Strategy
- Strategy Approval
- Deploy a Process for Proactive and Continuous Evolution of a Security Strategy
- Considerations in Security Planning
- Establish Essential Security Practices
- Security Management Strategy
- Continuous Assessment
- Continuous Strategy Evolution
- Specify Security Baselines for Server and Client Endpoints
- What Are Security Baselines?
- What Is Microsoft Intune?
- What Are Security Compliance Toolkits?
- Foundation Principles of Baselines
- Selecting the Appropriate Baseline
- Specify Security Baselines for the Server, Including Multiple Platforms and Operating Systems
- Analyze Security Configuration
- Secure Servers (Domain Members)
- Specify Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration
- App Isolation and Control
- Choose Between Device Management and Application Management
- Device Settings
- Client Requirements
- Specify Requirements for Securing Active Directory Domain Services
- Securing Domain Controllers Against Attack
- Microsoft Defender for Identity
- Design a Strategy to Manage Secrets, Keys, and Certificates
- Manage Access to Secrets, Certificates, and Keys
- Restrict Network Access
- Design a Strategy for Secure Remote Access
- Design a Strategy for Securing Privileged Access
- Summary
- Exam Essentials
- Review Questions
- Chapter 7 Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services
- Establish Security Baselines for SaaS, PaaS, and IaaS Services
- PaaS Security Baseline
- IaaS Security Baseline
- Establish Security Requirements for IoT Workloads
- Establish Security Requirements for Data Workloads, Including SQL Server, Azure SQL, Azure Synapse, and Azure Cosmos DB
- Security Posture Management for Data
- Databases
- Define the Security Requirements for Web Workloads
- Security Posture Management for App Service
- Determine the Security Requirements for Storage Workloads
- Security Posture Management for Storage
- Define Container Security Requirements
- Security Posture Management for Containers
- Define Container Orchestration Security Requirements
- Summary
- Exam Essentials
- Review Questions
- Chapter 8 Define a Strategy and Requirements for Applications and Data
- Knowing the Application Threat Intelligence Model
- Analyze the Application Design Progressively
- Mitigation Categories
- Mitigate the Identified Threats
- Specify Priorities for Mitigating Threats to Applications
- Identify and Classify Applications
- Assess the Potential Impact or Risk of Applications
- Specify a Security Standard for Onboarding a New Application
- Onboarding New Applications
- Security Standards for Onboarding Applications
- Specify a Security Strategy for Applications and APIs
- Enforcing Security for DevOps
- Security Strategy Components
- Strategies for Mitigating Threats
- Specify Priorities for Mitigating Threats to Data
- Ransomware Protection
- Design a Strategy to Identify and Protect Sensitive Data
- Data Discovery: Know Your Data
- Data Classification
- Data Protection
- Specify an Encryption Standard for Data at Rest and in Motion
- Encryption of Data at Rest
- Encryption of Data in Transit
- Azure Data Security and Encryption Best Practices
- Manage with Secure Workstations
- Key Management with Key Vault
- Summary
- Exam Essentials
- Review Questions
- Chapter 9 Recommend Security Best Practices and Priorities
- Recommend Best Practices for Cybersecurity Capabilities and Controls
- Essential Best Practices in the MCRA
- Recommend Best Practices for Protecting from Insider and External Attacks
- Recommend Best Practices for Zero Trust Security
- Recommend Best Practices for Zero Trust Rapid Modernization Plan
- Recommend a DevSecOps Process
- Plan and Develop
- Commit the Code
- Build and Test
- Go to Production and Operate
- Recommend a Methodology for Asset Protection
- Get Secure
- Stay Secure
- Dilemmas Surrounding Patches
- Network Isolation
- Getting Started
- Key Information
- Recommend Strategies for Managing and Minimizing Risk
- What Is Cybersecurity Risk?
- Align Your Security Risk Management
- Knowing Cybersecurity Risk
- Plan for Ransomware Protection and Extortion-Based Attacks
- Regain Access for a Fee
- Avoid Disclosure by Paying
- Protect Assets from Ransomware Attacks
- Strategy for Privileged Access
- Recommend Microsoft Ransomware Best Practices
- Remote Access
- Email and Collaboration
- Endpoints
- Accounts
- Summary
- Exam Essentials
- Review Questions
- Answers to Review Questions
- Chapter 1: Define and Implement an Overall Security Strategy and Architecture
- Chapter 2: Define a Security Operations Strategy
- Chapter 3: Define an Identity Security Strategy
- Chapter 4: Identify a Regulatory Compliance Strategy
- Chapter 5: Identify Security Posture and Recommend Technical Strategies to Manage Risk
- Chapter 6: Define a Strategy for Securing Infrastructure
- Chapter 7: Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services
- Chapter 8: Define a Strategy and Requirements for Applications and Data
- Chapter 9: Recommend Security Best Practices and Priorities
- Index
- EULA
