MCA Microsoft Certified Associate Azure Security E Engineer Study Guide – Exam AZ–500: Sybex Study Guide

ABOUT THE AUTHOR SHIMON BRATHWAITE is Editor-in-Chief of securitymadesimple.org, a website dedicated to teaching business owners how to secure their companies and helping cybersecurity professionals start and advance their careers. He is the author of three cybersecurity books and holds CEH, Security+, and AWS Security specialist certifications.

Introduction xix Assessment Test xxv Chapter 1 Introduction to Microsoft Azure 1 What Is Microsoft Azure? 3 Cloud Environment Security Objectives 4 Confidentiality 4 Integrity 4 Availability 5 Nonrepudiation 5 Common Security Issues 5 Principle of Least Privilege 5 Zero-Trust Model 6 Defense in Depth 6 Avoid Security through Obscurity 9 The AAAs of Access Management 9 Encryption 10 End-to-End Encryption 11 Symmetric Key Encryption 11 Asymmetric Key Encryption 11 Network Segmentation 13 Basic Network Configuration 13 Unsegmented Network Example 14 Internal and External Compliance 15 Cybersecurity Considerations for the Cloud Environment 16 Configuration Management 17 Unauthorized Access 17 Insecure Interfaces/APIs 17 Hijacking of Accounts 17 Compliance 18 Lack of Visibility 18 Accurate Logging 18 Cloud Storage 18 Vendor Contracts 19 Link Sharing 19 Major Cybersecurity Threats 19 DDoS 19 Social Engineering 20 assword Attacks 21 Malware 21 Summary 24 Exam Essentials 24 Review Questions 26 Chapter 2 Managing Identity and Access in Microsoft Azure 29 Identity and Access Management 31 Identifying Individuals in a System 31 Identifying and Assigning Roles in a System and to an Individual 32 Assigning Access Levels to Individuals or Groups 33 Adding, Removing, and Updating Individuals and Their Roles in a System 33 Protecting a System's Sensitive Data and Securing the System 33 Enforcing Accountability 34 IAM in the Microsoft Azure Platform 34 Creating and Managing Azure AD Identities 34 Managing Azure AD Groups 37 Managing Azure Users 39 Adding Users to Your Azure AD 39 Managing External Identities Using Azure AD 40 Managing Secure Access Using Azure Active Directory 42 Implementing Conditional Access Policies, Including MFA 44 Implementing Azure AD Identity Protection 45 Enabling the Policies 47 Implement Passwordless Authentication 50 Configuring an Access Review 52 Managing Application Access 57 Integrating Single Sign-On and Identity Providers for Authentication 57 Creating an App Registration 58 Configuring App Registration Permission Scopes 58 Managing App Registration Permission Consent 59 Managing API Permission to Azure Subscriptions 60 Configuring an Authentication Method for a Service Principal 61 Managing Access Control 62 Interpret Role and Resource Permissions 62 Configuring Azure Role Permissions for Management Groups, Subscriptions, Resource Groups, and Resources 63 Assigning Built-In Azure AD Roles 64 Creating and Assigning Custom Roles, Including Azure Roles and Azure AD Roles 65 Summary 66 Exam Essentials 67 Review Questions 70 Chapter 3 Implementing Platform Protections 73 Implementing Advanced Network Security 75 Securing Connectivity of Hybrid Networks 75 Securing Connectivity of Virtual Networks 77 Creating and Configuring Azure Firewalls 78 Azure Firewall Premium 79 Creating and Configuring Azure Firewall Manager 82 Creating and Configuring Azure Application Gateway 82 Creating and Configuring Azure Front Door 87 Creating and Configuring a Web Application Firewall 91 Configuring Network Isolation for Web Apps and Azure Functions 93 Implementing Azure Service Endpoints 94 Implementing Azure Private Endpoints, Including Integrating with Other Services 97 Implementing Azure Private Link 98 Implementing Azure DDoS Protection 101 Configuring Enhanced Security for Compute 102 Configuring Azure Endpoint Protection for VMs 102 Enabling Update Management in Azure Portal 104 Configuring Security for Container Services 108 Managing Access to the Azure Container Registry 109 Configuring Security for Serverless Compute 109 Microsoft Recommendations 111 Configuring Security for an Azure App Service 112 Exam Essentials 118 Review Questions 122 Chapter 4 Managing Security Operations 125 Configure Centralized Policy Management 126 Configure a Custom Security Policy 126 Create Custom Security Policies 127 Creating a Policy Initiative 128 Configuring Security Settings and Auditing by Using Azure Policy 129 Configuring and Managing Threat Protection 130 Configuring Microsoft Defender for Cloud for Servers (Not Including Microsoft Defender for Endpoint) 131 Configuring Microsoft Defender for SQL 134 Using the Microsoft Threat Modeling Tool 139 Azure Monitor 147 Visualizations in Azure Monitor 148 Configuring and Managing Security Monitoring Solutions 149 Creating and Customizing Alert Rules by Using Azure Monitor 149 Configuring Diagnostic Logging and Retention Using Azure Monitor 157 Monitoring Security Logs Using Azure Monitor 159 Microsoft Sentinel 167 Configuring Connectors in Microsoft Sentinel 170 Evaluating Alerts and Incidents in Microsoft Sentinel 175 Summary 176 Exam Essentials 177 Review Questions 179 Chapter 5 Securing Data and Applications 183 Configuring Security for Storage in Azure 184 Storage Account Access Keys 185 Configuring Access Control for Storage Accounts 185 Configuring Storage Account Access Keys 189 Configuring Azure AD Authentication for Azure Storage and Azure Files 191 Configuring Delegated Access for Storage Accounts 202 Configuring Security for Databases 220 Summary 254 Exam Essentials 255 Review Questions 257 Appendix A An Azure Security Tools Overview 261 Chapter 2, "Managing Identity and Access on Microsoft Azure" 262 Azure Active Directory (AD) 262 Microsoft Authenticator App 265 Azure API Management 265 Chapter 3, "Implementing Platform Protections" 266 Azure Firewall 266 Azure Firewall Manager 267 Azure Application Gateway 269 Azure Front Door 273 Web Application Firewall 273 Azure Service Endpoints 274 Azure Private Links 274 Azure DDoS Protection 275 Microsoft Defender for Cloud 276 Azure Container Registry 277 Azure App Service 278 Chapter 4, "Managing Security Operations" 279 Azure Policy 279 Microsoft Threat Modeling Tool 281 Microsoft Sentinel 287 How Does Microsoft Sentinel Work? 289 Automation 290 Chapter 5, "Securing Data and Applications" 290 Azure Key Vault 299 Appendix B Answers to Review Questions 301 Chapter 1: Introduction to Microsoft Azure 302 Chapter 2: Managing Identity and Access in Microsoft Azure 303 Chapter 3: Implementing Platform Protections 304 Chapter 4: Managing Security Operations 305 Chapter 5: Securing Data and Applications 306 Index 309