Azure Security Engineer Associate Boot Camp

Azure Security Engineer Associate Boot Camp

DreamsPlus presents an extensive Azure Security Engineer Associate Boot Camp in Singapore and online, tailored to deliver hands-on training and equip participants for the Microsoft certification in Azure security engineering.

Syllabus 

• Manage identity and access (25–30%)
• Secure networking (20–25%)
• Secure compute, storage, and databases (20–25%)
• Manage security operations (25–30%)

Manage identity and access (25–30%)

Manage Microsoft Entra identities

• Protect users of Microsoft Entra
• Safe Microsoft Entra groups
• Recommend when to use external identities
• Safe external personas
• Put Microsoft Entra ID Protection into Practice

Manage Microsoft Entra authentication

• Put multi-factor authentication into practice (MFA).
• Set up your Microsoft Entra Verified Identity.
• Put passwordless authentication into practice.
• Put in place password protection.
• Use single-sign-on (SSO) technology.
• Integrate identity providers with single sign-on (SSO).
• Encourage and implement contemporary methods of authentication.

Manage Microsoft Entra authorization

• Set up resource groups, subscriptions, management groups, and resources’ role permissions in Azure.
• Assign Microsoft Entra pre-built positions
• Assign roles built into Azure
• Assign and create custom roles, such as Microsoft Entra and Azure roles.
  Manage and put Microsoft Entra Permissions Management into practice.
• Set up Private Identity Management for Microsoft Entra
• Set up Microsoft Entra’s role management and access reviews.
• Put conditional access policies into practice.

 Manage Microsoft Entra application access

• Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants

• Control registrations for Microsoft Entra apps.
• Define the scope of permissions for app registration.
• Control permissions for app registration.
  Utilize and manage service principles.
• Control Azure resource-controlled identities.
• Give advice on when to use and set up an authentication-enabled Microsoft Entra Application Proxy.

Secure networking (20–25%)

Plan and implement security for virtual networks

•  Create and execute Application Security Groups (ASGs) and Network Security Groups (NSGs).
• Create and put into action user-defined routes (UDRs).
• Create and execute a VPN gateway or virtual network peering system.
• Create a secure virtual hub as part of your virtual wide area network plan.
• Secure VPN access, both site-to-site and point-to-site
  Use encryption when using ExpressRoute.
• Set up the firewall on PaaS resources.
• Use Network Watcher to keep an eye on network security, including NSG flow logging.

Plan and implement security for private access to Azure resources

• Create and install service endpoints for virtual networks.
• Create and put into use private endpoints.
• Develop and put into action Private Link services.
• Organize and carry out Azure App Service and Azure Functions network integration.
  Construct and execute network security setups for an Application Service Environment (ASE).
• Create and carry out network security settings for a managed Azure SQL instance.

 Plan and implement security for public access to Azure resources

• Arrange and put into practice Transport Layer Security (TLS) for applications, such as API Management and Azure App Service.
• Create, deploy, and oversee an Azure Firewall, encompassing firewall policies and Azure Firewall Manager.
• Create and put into action an Azure Application Gateway.
• Create and put into action an Azure Front Door that incorporates a Content Delivery Network (CDN).
• Construct and put into action a Web Application Firewall (WAF)
• Indicate when Azure DDoS Protection Standard should be used.

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

• Create and execute a plan for remote access to public endpoints, such as just-in-time (JIT) virtual machine (VM) access and Azure Bastion.
• For the Azure Kubernetes Service, configure network isolation (AKS).
• Safeguard and keep an eye on AKS.
• Set up AKS authentication.
• Configure Azure Container Instances (ACIs) security monitoring.
• Configure Azure Container Apps (ACAs) security monitoring.
• Control the Azure Container Registry (ACR) access.
• Set up disk encryption, such as secret disk encryption, host-based encryption, and
• Azure Disk Encryption (ADE).
• Provide security setup recommendations for Azure API management.

Plan and implement security for storage

• Configure storage account access control.
• Oversee the storage account access key life cycle.
• Choose and set up a suitable Azure Files access mechanism.
• Choose and set up a suitable way to access Azure Blob Storage.
  Choose and set up a suitable Azure Tables access mechanism.
• Choose and set up a suitable way to access Azure queues.
• Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
• Set Up Bring a spare key with you (BYOK).
• At the infrastructure level of Azure Storage, enable double encryption.

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

• Configure storage account access control.
• Oversee the storage account access key life cycle.
• Choose and set up a suitable Azure Files access mechanism.
• Choose and set up a suitable way to access Azure Blob Storage.
  Choose and set up a suitable Azure Tables access mechanism.
• Choose and set up a suitable way to access Azure queues.
• Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
• Set Up Bring a spare key with you (BYOK).
• At the infrastructure level of Azure Storage, enable double encryption.

Manage security operations (25–30%)

Plan, implement, and manage governance for security

• In Azure Policy, create, assign, and understand security initiatives and policies.
  Utilize Azure Blueprints to configure security settings.
• Use landing zones to deploy secure infrastructure.
• Establish and set up an Azure Key Vault.
• Indicate when a specialized hardware security module should be used (HSM).
• Set up Azure Role-Based Access Control and vault access policies for key vault access.
• Control keys, secrets, and certifications.
• Set up the rotation of keys.
• Set up keys, secrets, and certificates for backup and recovery.

 Manage security posture by using Microsoft Defender for Cloud

• Using the Microsoft Defender for Cloud Secure Score and Inventory, locate and address security threats.
• Evaluate adherence to security protocols and Microsoft Defender for Cloud
• Microsoft Defender for Cloud should incorporate industry and regulatory requirements.
• Integrate unique projects with Microsoft Defender for Cloud
• Link Microsoft Defender for Cloud to multi-cloud and hybrid cloud settings.
• Microsoft Defender External Attack Surface management can be used to locate and keep an eye on external assets.

Configure and manage threat protection by using Microsoft Defender for Cloud

• Microsoft Defender for Cloud workload protection services, such as Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, and Resource Manager, can be enabled.
• Set up Windows Defender on Servers
• Microsoft Defender configuration for an Azure SQL database
• Handle Microsoft Defender for cloud security warnings and take appropriate action.
  Set up automation of workflows with Microsoft Defender for Cloud.
• Assess the security scans conducted by Microsoft Defender for Server.

Configure and manage security monitoring and automation solutions

• Observe security incidents using Azure Monitor.
• Configure Microsoft Sentinel’s data connectors.
• Create and alter Microsoft Sentinel’s analytics rules.
• Analyze Microsoft Sentinel incidents and alerts
• Configure Microsoft Sentinel’s automation.