AZ-500 Azure Security Engineer Associate Exam Prep

LU1 Manage Identity and Access

Topic 1 Secure Azure solutions with Azure Active Directory

• Explore Azure Active Directory features
• Self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services
• Azure AD DS and self-managed AD DS
• Azure AD DS and Azure AD
• Investigate roles in Azure AD
• Azure AD built-in roles
• Deploy Azure AD Domain Services
• Create and manage Azure AD users
• Manage users with Azure AD groups
• Configure Azure AD administrative units
• Implement passwordless authentication

Topic 2 Implement Hybrid identity 

• Deploy Azure AD connect
• Explore authentication options
• Configure Password Hash Synchronization (PHS)
• Implement Pass-through Authentication (PTA)
• Deploy Federation with Azure AD
• Explore the authentication decision tree
• Configure password writeback

Topic 3 Deploy Azure AD identity protection 

• Explore Azure AD identity protection
• Configure risk event detections
• Implement user risk policy
• Implement sign-in risk policy
• Deploy multifactor authentication in Azure
• Explore multifactor authentication settings
• Enable multifactor authentication
• Implement Azure AD conditional access
• Configure conditional access conditions
• Implement access reviews

Topic 4 Configure Azure AD privileged identity management 

• Explore the zero trust model
• Review the evolution of identity management
• Deploy Azure AD privileged identity management
• Configure privileged identity management scope
• Implement privileged identity management onboarding
• Explore privileged identity management configuration settings
• Implement a privileged identity management workflow

Topci 5 Design an enterprise governance strategy 

• Review the shared responsibility model
• Explore the Azure cloud security advantages
• Review Azure hierarchy of systems
• Configure Azure policies
• Enable Azure role-based access control (RBAC)
• Compare and contrast Azure RBAC vs Azure policies
• Configure built-in roles
• Enable resource locks
• Deploy Azure blueprints
• Design an Azure subscription management plan

LU2 Implement platform protection

Topic 6 Implement perimeter security 

• Define defense in depth
• Explore virtual network security
• Enable Distributed Denial of Service (DDoS) Protection
• Configure a distributed denial of service protection implementation
• Explore Azure Firewall features
• Deploy an Azure Firewall implementation
• Configure VPN forced tunneling
• Create User Defined Routes and Network Virtual Appliances
• Explore hub and spoke topology

Topic 7 Configure network security 

• Explore Network Security Groups (NSG)
• Deploy a Network Security Groups implementation
• Create Application Security Groups
• Enable service endpoints
• Configure service endpoint services
• Deploy private links
• Implement an Azure application gateway
• Deploy a web application firewall
• Configure and manage Azure front door

Topic 8 Configure and manage host security

• Enable endpoint protection
• Define a privileged access device strategy
• Deploy privileged access workstations
• Create virtual machine templates
• Enable and secure remote access management
• Configure update management
• Deploy disk encryption
• Managed disk encryption options
• Deploy and configure Windows Defender
• Microsoft cloud security benchmark in Defender for Cloud
• Explore Microsoft Defender for Cloud recommendations

Topic 9 Enable Containers security 

• Explore containers
• Configure Azure Container Instances security
• Manage security for Azure Container Instances (ACI)
• Explore the Azure Container Registry (ACR)
• Enable Azure Container Registry authentication
• Review Azure Kubernetes Service (AKS)
• Implement an Azure Kubernetes Service architecture
• Configure Azure Kubernetes Service networking
• Deploy Azure Kubernetes Service storage
• Secure authentication to Azure Kubernetes Service with Active Directory
• Manage access to Azure Kubernetes Service using Azure role-based access controls

LU3 Secure your data and applications

Topic 10 Deploy and secure Azure Key Vault 

• Explore Azure Key Vault
• Configure Key Vault access
• Review a secure Key Vault example
• Deploy and manage Key Vault certificates
• Create Key Vault keys
• Manage customer managed keys
• Enable Key Vault secrets
• Configure key rotation
• Manage Key Vault safety and recovery features
• Perform Try-This exercises
• Explore the Azure Hardware Security Module

Topic 11 Configure application security features 

• Review the Microsoft identity platform
• Explore the Application model
• Register an application with App Registration
• Configure Microsoft Graph permissions
• Enable managed identities
• Azure App Services
• App Service Environment
• Azure App Service plan
• App Service Environment networking
• Availability Zone Support for App Service Environments
• App Service Environment Certificates

Topic 12 Implement storage security 

• Define data sovereignty
• Configure Azure storage access
• Deploy shared access signatures
• Manage Azure AD storage authentication
• Implement storage service encryption
• Configure blob data retention policies
• Configure Azure files authentication
• Enable the secure transfer required property

Topic 13 Configure and manage SQL database security 

• Enable SQL database authentication
• Configure SQL database firewalls
• Enable and monitor database auditing
• Implement data discovery and classification
• Microsoft Defender for SQL
• Vulnerability assessment for SQL Server
• SQL Advanced Threat Protection
• Explore detection of a suspicious event
• SQL vulnerability assessment express and classic configurations
• Configure dynamic data masking
• Implement transparent data encryption
• Deploy always encrypted features
• Deploy an always encrypted implementation

LU4 Manage security operation

Topic 14 Configure and manage Azure Monitor 

• Explore Azure Monitor
• Configure and monitor metrics and logs
• Enable Log Analytics
• Manage connected sources for log analytics
• Enable Azure monitor Alerts
• Configure properties for diagnostic logging

Topic 15 Enable and manage Microsoft Defender for Cloud 

• MITRE Attack matrix
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Configure Microsoft Defender for Cloud security policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access

Topic 16 Configure and monitor Microsoft Sentinel 

• Enable Microsoft Sentinel
• Configure data connections to Sentinel
• Create workbooks to monitor Sentinel data
• Enable rules to create incidents
• Configure playbooks
• Hunt and investigate potential breaches

Practice Exam

Promotion Code

Your will get 10% discount voucher for 2nd course onwards if you write us a Google review.

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Age Group: 18-65 years old

Minimum Software/Hardware Requirement

Software:

TBD

Hardware: Window or Mac Laptops

• Azure Security Engineer
• Cloud Security Consultant
• Cybersecurity Analyst
• IT Security Specialist
• Network Security Engineer
• Systems Administrator
• Infrastructure Security Engineer
• Security Architect
• Compliance Analyst
• Risk Manager
• Data Protection Officer
• Incident Responder
• Penetration Tester
• Security Operations Center Analyst
• Vulnerability Analyst

Ajay B :  Ajay is a ACLP certied trainer. Ajay is a vendor neutral cloud consultant and training expert on Cloud , with several Private cloud deployments in India and cloud migration knowledge .He is a Cloud and DevOps enthusiast with consulting, deployment and training expertise on OpenStack, AWS, Google Cloud ,Azure, Jenkins, and Docker

Ajay has 18 + years Industry experience as IT entrepreneur and 9 years in Cloud and Devops technical consulting, implementation and training area, currently working in capacity of Vice President – Cloud and Devops services handling singapore and India

Anil Bidari: Anil is a ACLP certified trainer. He is an Enterprise Cloud and DevOps Consultant , responsible for  helping clients to move Virtual data centre to Private Cloud based on OpenStack and Public Cloud ( AWS, Azure and Google cloud) . Consulting and training experience on Devops tool chain like github , Jenkins, Sonarqube, Docker & kubernetes, Cloud foundry, Openshift, Ansible and SaltStack. Lot of my Role is involved design and implementation of a solution and training