Welcome to DreamsPlus

Azure Cloud

Azure Security Engineer Associate Boot Camp

Get hands-on experience with Azure Security Engineer Associate Boot Camp in Chennai and online. Prepare for Microsoft…

Azure Security Engineer Associate Boot Camp

DreamsPlus offers a comprehensive Azure Security Engineer Associate Boot Camp in Chennai and online, designed to provide hands-on experience and prepare you for the Microsoft certification in security engineering.

Syllabus 

  • Manage identity and access (25–30%)
  • Secure networking (20–25%)
  • Secure compute, storage, and databases (20–25%)
  • Manage security operations (25–30%)

Manage identity and access (25–30%)

Manage Microsoft Entra identities

  • Protect users of Microsoft Entra
  • Safe Microsoft Entra groups
  • Recommend when to use external identities
  • Safe external personas
  • Put Microsoft Entra ID Protection into Practice

Manage Microsoft Entra authentication

  • Put multi-factor authentication into practice (MFA).
  • Set up your Microsoft Entra Verified Identity.
  • Put passwordless authentication into practice.
  • Put in place password protection.
  • Use single-sign-on (SSO) technology.
  • Integrate identity providers with single sign-on (SSO).
  • Encourage and implement contemporary methods of authentication.

Manage Microsoft Entra authorization

  • Set up resource groups, subscriptions, management groups, and resources’ role permissions in Azure.
  • Assign Microsoft Entra pre-built positions
  • Assign roles built into Azure
  • Assign and create custom roles, such as Microsoft Entra and Azure roles.
    Manage and put Microsoft Entra Permissions Management into practice.
  • Set up Private Identity Management for Microsoft Entra
  • Set up Microsoft Entra’s role management and access reviews.
  • Put conditional access policies into practice.

 Manage Microsoft Entra application access

  • Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
  • Control registrations for Microsoft Entra apps.
  • Define the scope of permissions for app registration.
  • Control permissions for app registration.
    Utilize and manage service principles.
  • Control Azure resource-controlled identities.
  • Give advice on when to use and set up an authentication-enabled Microsoft Entra Application Proxy.

Secure networking (20–25%)

Plan and implement security for virtual networks

  •  Create and execute Application Security Groups (ASGs) and Network Security Groups (NSGs).
  • Create and put into action user-defined routes (UDRs).
  • Create and execute a VPN gateway or virtual network peering system.
  • Create a secure virtual hub as part of your virtual wide area network plan.
  • Secure VPN access, both site-to-site and point-to-site
    Use encryption when using ExpressRoute.
  • Set up the firewall on PaaS resources.
  • Use Network Watcher to keep an eye on network security, including NSG flow logging.

Plan and implement security for private access to Azure resources

  • Create and install service endpoints for virtual networks.
  • Create and put into use private endpoints.
  • Develop and put into action Private Link services.
  • Organize and carry out Azure App Service and Azure Functions network integration.
    Construct and execute network security setups for an Application Service Environment (ASE).
  • Create and carry out network security settings for a managed Azure SQL instance.

 Plan and implement security for public access to Azure resources

  • Arrange and put into practice Transport Layer Security (TLS) for applications, such as API Management and Azure App Service.
  • Create, deploy, and oversee an Azure Firewall, encompassing firewall policies and Azure Firewall Manager.
  • Create and put into action an Azure Application Gateway.
  • Create and put into action an Azure Front Door that incorporates a Content Delivery Network (CDN).
  • Construct and put into action a Web Application Firewall (WAF)
  • Indicate when Azure DDoS Protection Standard should be used.

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

  • Create and execute a plan for remote access to public endpoints, such as just-in-time (JIT) virtual machine (VM) access and Azure Bastion.
  • For the Azure Kubernetes Service, configure network isolation (AKS).
  • Safeguard and keep an eye on AKS.
  • Set up AKS authentication.
  • Configure Azure Container Instances (ACIs) security monitoring.
  • Configure Azure Container Apps (ACAs) security monitoring.
  • Control the Azure Container Registry (ACR) access.
  • Set up disk encryption, such as secret disk encryption, host-based encryption, and
  • Azure Disk Encryption (ADE).
  • Provide security setup recommendations for Azure API management.

Plan and implement security for storage

  • Configure storage account access control.
  • Oversee the storage account access key life cycle.
  • Choose and set up a suitable Azure Files access mechanism.
  • Choose and set up a suitable way to access Azure Blob Storage.
    Choose and set up a suitable Azure Tables access mechanism.
  • Choose and set up a suitable way to access Azure queues.
  • Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
  • Set Up Bring a spare key with you (BYOK).
  • At the infrastructure level of Azure Storage, enable double encryption.

Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

  • Configure storage account access control.
  • Oversee the storage account access key life cycle.
  • Choose and set up a suitable Azure Files access mechanism.
  • Choose and set up a suitable way to access Azure Blob Storage.
    Choose and set up a suitable Azure Tables access mechanism.
  • Choose and set up a suitable way to access Azure queues.
  • Choose and set up the necessary defenses against risks to data security, such as versioning, soft deletion, backups, and immutable storage.
  • Set Up Bring a spare key with you (BYOK).
  • At the infrastructure level of Azure Storage, enable double encryption.

Manage security operations (25–30%)

Plan, implement, and manage governance for security

  • In Azure Policy, create, assign, and understand security initiatives and policies.
    Utilize Azure Blueprints to configure security settings.
  • Use landing zones to deploy secure infrastructure.
  • Establish and set up an Azure Key Vault.
  • Indicate when a specialized hardware security module should be used (HSM).
  • Set up Azure Role-Based Access Control and vault access policies for key vault access.
  • Control keys, secrets, and certifications.
  • Set up the rotation of keys.
  • Set up keys, secrets, and certificates for backup and recovery.

 Manage security posture by using Microsoft Defender for Cloud

  • Using the Microsoft Defender for Cloud Secure Score and Inventory, locate and address security threats.
  • Evaluate adherence to security protocols and Microsoft Defender for Cloud
  • Microsoft Defender for Cloud should incorporate industry and regulatory requirements.
  • Integrate unique projects with Microsoft Defender for Cloud
  • Link Microsoft Defender for Cloud to multi-cloud and hybrid cloud settings.
  • Microsoft Defender External Attack Surface management can be used to locate and keep an eye on external assets.

Configure and manage threat protection by using Microsoft Defender for Cloud

  • Microsoft Defender for Cloud workload protection services, such as Microsoft Defender for Storage, Databases, Containers, App Service, Key Vault, and Resource Manager, can be enabled.
  • Set up Windows Defender on Servers
  • Microsoft Defender configuration for an Azure SQL database
  • Handle Microsoft Defender for cloud security warnings and take appropriate action.
    Set up automation of workflows with Microsoft Defender for Cloud.
  • Assess the security scans conducted by Microsoft Defender for Server.

Configure and manage security monitoring and automation solutions

  • Observe security incidents using Azure Monitor.
  • Configure Microsoft Sentinel’s data connectors.
  • Create and alter Microsoft Sentinel’s analytics rules.
  • Analyze Microsoft Sentinel incidents and alerts
  • Configure Microsoft Sentinel’s automation.

What Will You Learn?

  • Learn network engineering for the Azure Network Engineer Associate certification.
  • Understand Azure networking for Microsoft certification.
  • Develop secure, scalable network solutions.
  • Gain hands-on experience in focused workshops

Course Curriculum

Course Benefits

  • Prepare for the Microsoft Azure Security Engineer Associate certification.
  • Develop your security engineering abilities for higher-level positions.
  • Gain better job opportunities by earning a Microsoft certification.
  • Gain a competitive edge in the employment market by specializing in Azure Security Engineer Associate opportunities.