WSQ - Microsoft Azure Security Engineer Associate (AZ-500)

Topic 1: Secure Azure solutions with Azure Active Directory

• Explore Azure Active Directory features
• Self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services
• Azure AD DS and self-managed AD DS
• Azure AD DS and Azure AD
• Investigate roles in Azure AD
• Azure AD built-in roles
• Deploy Azure AD Domain Services
• Create and manage Azure AD users
• Manage users with Azure AD groups
• Configure Azure AD administrative units
• Implement passwordless authentication

Topic 2: Implement Hybrid identity 

• Deploy Azure AD connect
• Explore authentication options
• Configure Password Hash Synchronization (PHS)
• Implement Pass-through Authentication (PTA)
• Deploy Federation with Azure AD
• Explore the authentication decision tree
• Configure password writeback

Topic 3: Deploy Azure AD identity protection 

• Explore Azure AD identity protection
• Configure risk event detections
• Implement user risk policy
• Implement sign-in risk policy
• Deploy multifactor authentication in Azure
• Explore multifactor authentication settings
• Enable multifactor authentication
• Implement Azure AD conditional access
• Configure conditional access conditions
• Implement access reviews

Topic 4: Configure Azure AD privileged identity management 

• Explore the zero trust model
• Review the evolution of identity management
• Deploy Azure AD privileged identity management
• Configure privileged identity management scope
• Implement privileged identity management onboarding
• Explore privileged identity management configuration settings
• Implement a privileged identity management workflow

Topci 5: Design an enterprise governance strategy 

• Review the shared responsibility model
• Explore the Azure cloud security advantages
• Review Azure hierarchy of systems
• Configure Azure policies
• Enable Azure role-based access control (RBAC)
• Compare and contrast Azure RBAC vs Azure policies
• Configure built-in roles
• Enable resource locks
• Deploy Azure blueprints
• Design an Azure subscription management plan

Topic 6: Implement perimeter security 

• Define defense in depth
• Explore virtual network security
• Enable Distributed Denial of Service (DDoS) Protection
• Configure a distributed denial of service protection implementation
• Explore Azure Firewall features
• Deploy an Azure Firewall implementation
• Configure VPN forced tunneling
• Create User Defined Routes and Network Virtual Appliances
• Explore hub and spoke topology

Topic 7: Configure network security 

• Explore Network Security Groups (NSG)
• Deploy a Network Security Groups implementation
• Create Application Security Groups
• Enable service endpoints
• Configure service endpoint services
• Deploy private links
• Implement an Azure application gateway
• Deploy a web application firewall
• Configure and manage Azure front door

Topic 8: Configure and manage host security

• Enable endpoint protection
• Define a privileged access device strategy
• Deploy privileged access workstations
• Create virtual machine templates
• Enable and secure remote access management
• Configure update management
• Deploy disk encryption
• Managed disk encryption options
• Deploy and configure Windows Defender
• Microsoft cloud security benchmark in Defender for Cloud
• Explore Microsoft Defender for Cloud recommendations

Topic 9: Enable Containers security 

• Explore containers
• Configure Azure Container Instances security
• Manage security for Azure Container Instances (ACI)
• Explore the Azure Container Registry (ACR)
• Enable Azure Container Registry authentication
• Review Azure Kubernetes Service (AKS)
• Implement an Azure Kubernetes Service architecture
• Configure Azure Kubernetes Service networking
• Deploy Azure Kubernetes Service storage
• Secure authentication to Azure Kubernetes Service with Active Directory
• Manage access to Azure Kubernetes Service using Azure role-based access controls

Topic 10: Deploy and secure Azure Key Vault 

• Explore Azure Key Vault
• Configure Key Vault access
• Review a secure Key Vault example
• Deploy and manage Key Vault certificates
• Create Key Vault keys
• Manage customer managed keys
• Enable Key Vault secrets
• Configure key rotation
• Manage Key Vault safety and recovery features
• Perform Try-This exercises
• Explore the Azure Hardware Security Module

Topic 11: Configure application security features 

• Review the Microsoft identity platform
• Explore the Application model
• Register an application with App Registration
• Configure Microsoft Graph permissions
• Enable managed identities
• Azure App Services
• App Service Environment
• Azure App Service plan
• App Service Environment networking
• Availability Zone Support for App Service Environments
• App Service Environment Certificates

Topic 12: Implement storage security 

• Define data sovereignty
• Configure Azure storage access
• Deploy shared access signatures
• Manage Azure AD storage authentication
• Implement storage service encryption
• Configure blob data retention policies
• Configure Azure files authentication
• Enable the secure transfer required property

Topic 13: Configure and manage SQL database security 

• Enable SQL database authentication
• Configure SQL database firewalls
• Enable and monitor database auditing
• Implement data discovery and classification
• Microsoft Defender for SQL
• Vulnerability assessment for SQL Server
• SQL Advanced Threat Protection
• Explore detection of a suspicious event
• SQL vulnerability assessment express and classic configurations
• Configure dynamic data masking
• Implement transparent data encryption
• Deploy always encrypted features
• Deploy an always encrypted implementation

Topic 14: Configure and manage Azure Monitor 

• Explore Azure Monitor
• Configure and monitor metrics and logs
• Enable Log Analytics
• Manage connected sources for log analytics
• Enable Azure monitor Alerts
• Configure properties for diagnostic logging

Topic 15: Enable and manage Microsoft Defender for Cloud 

• MITRE Attack matrix
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Configure Microsoft Defender for Cloud security policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access

Topic 16: Configure and monitor Microsoft Sentinel 

• Enable Microsoft Sentinel
• Configure data connections to Sentinel
• Create workbooks to monitor Sentinel data
• Enable rules to create incidents
• Configure playbooks
• Hunt and investigate potential breaches

Final Assessment

• Written Assessment - Short Answer Questions (WA-SAQ)
• Practical Performance (PP)

Promotion Code

Promo or discount cannot be applied to WSQ courses

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions with minimum Computer Literacy Level 2 based on ICAS Computer Skills Assessment Framework
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Year Group : 21-65 years old

Minimum Software/Hardware Requirement

Software:

You need to sign up a Azure account (Credit Card is required).

Hardware: Windows and Mac Laptops

About Progressive Wage Model (PWM)

The Progressive Wage Model (PWM) helps to increase wages of workers through upgrading skills and improving productivity. 

Employers must ensure that their Singapore citizen and PR workers meet the PWM training requirements of attaining at least 1 Workforce Skills Qualification (WSQ) Statement of Attainment, out of the list of approved WSQ training modules.

For more information on PWM, please visit MOM site.

Funding Eligility Criteria

Steps to Apply Skills Future Claim

• The staff will send you an invoice with the fee breakdown.
• Login to the MySkillsFuture portal, select the course you’re enrolling on and enter the course date and schedule.
• Enter the course fee payable by you (including GST) and enter the amount of credit to claim.
• Upload your invoice and click ‘Submit’

SkillsFuture Level-Up Program

The  SkillsFuture Level-Up Programme provides greater structural support for mid-career Singaporeans aged 40 years and above to pursue a substantive skills reboot and stay relevant in a changing economy. For more information, visit SkillsFuture Level-Up Programme

Get Additional Course Fee Support Up to $500 under UTAP

The Union Training Assistance Programme (UTAP) is a training benefit provided to NTUC Union Members with an objective of encouraging them to upgrade with skills training. It is provided to minimize the training cost. If you are a NTUC Union Member then you can get 50% funding (capped at $500 per year) under Union Training Assistance Programme (UTAP).

For more information visit NTUC U Portal – Union Training Assistance Program (UTAP)

Steps to Apply UTAP

• Log in to your U Portal account to submit your UTAP application upon completion of the course.

Note

• SSG subsidy is available for Singapore Citizens, Permanent Residents, and Corporates.
• All Singaporeans aged 25 and above can use their SkillsFuture Credit to pay. For more details, visit www.skillsfuture.gov.sg/credit
• An unfunded course fee can be claimed via SkillsFuture Credit or paid in cash.
• UTAP funding for NTUC Union Members is capped at $250 for 39 years and below and at $500 for 40 years and above.
• UTAP support amount will be paid to training provider first and claimed after end of class by learner.

• Security Engineer
• Cloud Security Analyst
• Systems Administrator
• Network Administrator
• IT Security Specialist
• DevOps Engineer
• Solutions Architect
• Security Consultant
• Cybersecurity Analyst
• Infrastructure Architect
• IT Manager
• Cloud Solutions Architect
• Security Compliance Analyst
• Security Auditor
• Incident Responder

Sanjiv Venkatram: Sanjiv i is an ACTA certified experienced leader with a proven track record in business / finance consulting and in developing i) business intelligence (BI) solutions ii) data analytics/analysis solutions and iii) IOT lead BI solutions. Sanjiv's goal through Prudentia Consulting, is to promote the simple joy and excitement of actively using the Microsoft Platform. He believes that the agility afforded by the Microsoft platform helps businesses get time back for deeper business thinking and to spend more time with their end customers

Sanjiv has rich experiences in diverse/complex high-tech businesses, turn around environments and strategic transformations. His functional expertise is in sales analytics, financial planning and analysis, engineering and program management. He has worked across discrete manufacturing, professional services and higher education verticals. He also has a working knowledge of equities portfolio management within the financial services domain.Sanjiv is the CEO of Prudentia Consulting, an organization committed to promoting the active usage of the Microsoft Platform. Prior to this, he has worked at Microsoft (US & APAC: 9.2 years), Cognizant Tech Solutions (3.3 years), Yazaki North America (8 years) and until recently at Oracle. Here are a few of his BI/analytics projects driven at scale: Built APAC wide BI dashboard using the Power BI umbrella tool set (Power BI online, Power BI desktop and Power Pivot) and a KPI lake (SQL DB), Helped develop key KPIs – identified key KPIs and helped land this in the DB, Developed a budget audit tool that captured budget inputs from a host of countries across the globe, Developed a business unit P&L reporting tool (functional architecture) in Business Objects for the world-wide financial planning and analysis team.

 Alec Tan: Alec Tan is a ACTA certified trainer, He has a number of Comptia certifications. Since 2002, starting off from IT technical background to pre-sales, sales account manager, system integration, operate IT retail / repair shop business in Sim Lim Square 2008 ~ 2012, and back to IT industry employment, freelance IT Trainer till present.

Kishan Raaj: Kishan Raaj is a seasoned Data Science and SAP Program Manager with over 15 years of experience, currently leading all end-to-end training and projects for Data Science across Asia at LITHAN, Singapore. With expertise in machine learning, data analytics, and cloud technologies, he is well-versed in techniques such as regression, decision trees, clustering, and text mining. He has hands-on experience with tools like Python, R, Tableau, PowerBI, and Microsoft Azure Machine Learning Studio.
As an ACTA certified trainer, Kishan has designed and delivered comprehensive courses for SAP and Data Science programs, managing teams and training in multiple countries, including Singapore, Malaysia, China, India, and Vietnam. His background in SAP, particularly in S4/HANA and ABAP, combined with his expertise in machine learning libraries such as TensorFlow and Keras, positions him as a highly capable leader in technical education and project management across various industries.

Quah Chee Yong: Quah Chee Yong is a ACTA certified trainer. Quah Chee Yong Chee Yong is an experienced professional who has held various Technical, Operations and Commercial positions across several industriesA firm believer that AI can create a better world, he has equipped himself with the Knowledge and Skills in the fields of Data Science, Machine Learning, Deep Learning and Cloud Deployment

He has a deep passion for training & facilitating and is currently a Singapore WSQ certified Adult Educator. He particularly enjoys the interactive engagements with his fellow trainers and learners

Agus Salim is a professional with more than 10 years of experience in Project Management, IT Solutions Management, and Systems Integration both in waterfall and agile methodology. He started out his career as a Web Developer before moving on to Business Analyst/Project Manager. He has strong leadership and the capability of leading a team with a proven ability to deliver projects with tight timelines. Besides his experiences in managing projects, he has good knowledge in Cybersecurity and hands-on experience in Next Generation Firewall such as Check Point. During his free time, he likes to explore Cloud Technology, especially on Microsoft Azure. Agus has obtained AZ-104, AZ-500 and other Microsoft certifications. I am also a ALCP certified trainer.