Azure Security Engineer Associate Boot Camp
DreamsPlus offers a comprehensive Azure Security Engineer Associate Boot Camp in Chennai and online, designed to provide hands-on experience and prepare you for the Microsoft certification in security engineering.
Syllabus
- Manage identity and access (25–30%)
- Secure networking (20–25%)
- Secure compute, storage, and databases (20–25%)
- Manage security operations (25–30%)
Manage identity and access (25–30%)
Manage Microsoft Entra identities
- Protect users of Microsoft Entra
- Safe Microsoft Entra groups
- Recommend when to use external identities
- Safe external personas
- Put Microsoft Entra ID Protection into Practice
Manage Microsoft Entra authentication
- Put multi-factor authentication into practice (MFA).
- Set up your Microsoft Entra Verified Identity.
- Put passwordless authentication into practice.
- Put in place password protection.
- Use single-sign-on (SSO) technology.
- Integrate identity providers with single sign-on (SSO).
- Encourage and implement contemporary methods of authentication.
Manage Microsoft Entra authorization
- Set up resource groups, subscriptions, management groups, and resources’ role permissions in Azure.
- Assign Microsoft Entra pre-built positions
- Assign roles built into Azure
- Assign and create custom roles, such as Microsoft Entra and Azure roles.
Manage and put Microsoft Entra Permissions Management into practice.
- Set up Private Identity Management for Microsoft Entra
- Set up Microsoft Entra’s role management and access reviews.
- Put conditional access policies into practice.
Manage Microsoft Entra application access
- Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
- Control registrations for Microsoft Entra apps.
- Define the scope of permissions for app registration.
- Control permissions for app registration.
Utilize and manage service principles.
- Control Azure resource-controlled identities.
- Give advice on when to use and set up an authentication-enabled Microsoft Entra Application Proxy.
Secure networking (20–25%)
Plan and implement security for virtual networks
- Create and execute Application Security Groups (ASGs) and Network Security Groups (NSGs).
- Create and put into action user-defined routes (UDRs).
- Create and execute a VPN gateway or virtual network peering system.
- Create a secure virtual hub as part of your virtual wide area network plan.
- Secure VPN access, both site-to-site and point-to-site
Use encryption when using ExpressRoute.
- Set up the firewall on PaaS resources.
- Use Network Watcher to keep an eye on network security, including NSG flow logging.
Plan and implement security for private access to Azure resources
- Create and install service endpoints for virtual networks.
- Create and put into use private endpoints.
- Develop and put into action Private Link services.
- Organize and carry out Azure App Service and Azure Functions network integration.
Construct and execute network security setups for an Application Service Environment (ASE).
- Create and carry out network security settings for a managed Azure SQL instance.
Plan and implement security for public access to Azure resources
- Arrange and put into practice Transport Layer Security (TLS) for applications, such as API Management and Azure App Service.
- Create, deploy, and oversee an Azure Firewall, encompassing firewall policies and Azure Firewall Manager.
- Create and put into action an Azure Application Gateway.
- Create and put into action an Azure Front Door that incorporates a Content Delivery Network (CDN).
- Construct and put into action a Web Application Firewall (WAF)
- Indicate when Azure DDoS Protection Standard should be used.
Secure compute, storage, and databases (20–25%)
Plan and implement advanced security for compute
- Create and execute a plan for remote access to public endpoints, such as just-in-time (JIT) virtual machine (VM) access and Azure Bastion.
- For the Azure Kubernetes Service, configure network isolation (AKS).
- Safeguard and keep an eye on AKS.
- Set up AKS authentication.
- Configure Azure Container Instances (ACIs) security monitoring.
- Configure Azure Container Apps (ACAs) security monitoring.
- Control the Azure Container Registry (ACR) access.
- Set up disk encryption, such as secret disk encryption, host-based encryption, and
- Azure Disk Encryption (ADE).
- Provide security setup recommendations for Azure API management.
Plan and implement security for storage
- Configure storage account access control.
- Oversee the storage account access key life cycle.
- Choose and set up a suitable Azure Files access mechanism.
- Choose and set up a suitable way to access Azure Blob Storage.
Choose and set up a suitable Azure Tables access mechanism.
- Choose and set up a suitable way to access Azure queues.
- Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
- Set Up Bring a spare key with you (BYOK).
- At the infrastructure level of Azure Storage, enable double encryption.
Plan and implement security for Azure SQL Database and Azure SQL Managed Instance
- Configure storage account access control.
- Oversee the storage account access key life cycle.
- Choose and set up a suitable Azure Files access mechanism.
- Choose and set up a suitable way to access Azure Blob Storage.
Choose and set up a suitable Azure Tables access mechanism.
- Choose and set up a suitable way to access Azure queues.
- Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
- Set Up Bring a spare key with you (BYOK).
- At the infrastructure level of Azure Storage, enable double encryption.
Manage security operations (25–30%)
Plan, implement, and manage governance for security
- In Azure Policy, create, assign, and understand security initiatives and policies.
Utilize Azure Blueprints to configure security settings.
- Use landing zones to deploy secure infrastructure.
- Establish and set up an Azure Key Vault.
- Indicate when a specialized hardware security module should be used (HSM).
- Set up Azure Role-Based Access Control and vault access policies for key vault access.
- Control keys, secrets, and certifications.
- Set up the rotation of keys.
- Set up keys, secrets, and certificates for backup and recovery.
Manage security posture by using Microsoft Defender for Cloud
- Using the Microsoft Defender for Cloud Secure Score and Inventory, locate and address security threats.
- Evaluate adherence to security protocols and Microsoft Defender for Cloud
- Microsoft Defender for Cloud should incorporate industry and regulatory requirements.
- Integrate unique projects with Microsoft Defender for Cloud
- Link Microsoft Defender for Cloud to multi-cloud and hybrid cloud settings.
- Microsoft Defender External Attack Surface management can be used to locate and keep an eye on external assets.
Configure and manage threat protection by using Microsoft Defender for Cloud
- Microsoft Defender for Cloud workload protection services, such as Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, and Resource Manager, can be enabled.
- Set up Windows Defender on Servers
- Microsoft Defender configuration for an Azure SQL database
- Handle Microsoft Defender for cloud security warnings and take appropriate action.
Set up automation of workflows with Microsoft Defender for Cloud.
- Assess the security scans conducted by Microsoft Defender for Server.
Configure and manage security monitoring and automation solutions
- Observe security incidents using Azure Monitor.
- Configure Microsoft Sentinel’s data connectors.
- Create and alter Microsoft Sentinel’s analytics rules.
- Analyze Microsoft Sentinel incidents and alerts
- Configure Microsoft Sentinel’s automation.