AZ‐500 Microsoft Azure Security Technologies Study Guide_8 - itnett/FTD02H-N GitHub Wiki

Certainly! Below is a comprehensive cheat sheet for the AZ-500 exam, optimized for GitHub Wiki Markdown with emojis to make it more engaging and easier to navigate.

🛡️ AZ-500 Exam Comprehensive Cheat Sheet 🛡️

Welcome to your ultimate guide for mastering the AZ-500: Microsoft Azure Security Technologies exam! This cheat sheet will help you focus on the key areas, question types, and what you need to know to face the challenges in the exam.

🌐 1. Azure Identity Protection & Azure AD 🌐

What to Know:

  • Azure AD Identity Protection 🛡️ helps detect and automate responses to suspicious user behavior (e.g., leaked credentials, atypical travel).
  • Privileged Identity Management (PIM) ⏳ provides just-in-time access to Azure AD roles.
  • Conditional Access policies 🤖 are essential for controlling access based on conditions like sign-in risk and user location.

Key Concepts:

  • Risk-based conditional access: 🟢 Assign MFA for risky sign-ins (medium or above).
  • Just-in-Time (JIT) role assignment: 🟢 Use PIM to enforce time-bound access.
  • Azure AD B2B and B2C: 🤝 Collaborate securely with external partners.

Question Types to Expect:

  1. Scenario-based questions: You may be asked how to enforce MFA based on risky sign-ins.
  2. Concept-based questions: Understand the role of PIM and when to use JIT.

🏢 2. Azure Governance (Azure Blueprints & Policy) 🏢

What to Know:

  • Azure Policy 📝 helps enforce organizational rules, ensuring compliance.
  • Azure Blueprints 🖼️ allows for consistent policy deployment across multiple subscriptions.
  • RBAC (Role-Based Access Control) 👤 controls who can manage specific Azure resources.

Key Concepts:

  • DeployIfNotExists effect: 🚀 Automatically deploy resources if they don't exist, using a managed identity.
  • Deny & Audit effects: 🚫 Deny non-compliant resources or log audit events for review.
  • Azure Blueprints: 🏗️ Blueprint definitions include policies, role assignments, and ARM templates.

Question Types to Expect:

  1. Compliance-based scenarios: How to enforce compliance via Azure Policy and Blueprints.
  2. Effect-based questions: Know the difference between Audit, Deny, DeployIfNotExists, and Append.

🔒 3. Azure Key Vault & Encryption 🔒

What to Know:

  • Azure Key Vault 🔑 is the centralized tool for managing secrets, encryption keys, and certificates.
  • Soft Delete & Purge Protection 🔄 prevent permanent deletion of keys, offering data recovery.

Key Concepts:

  • Key Vault Access Policies: 🛂 Use RBAC or access policies to grant permissions.
  • Managed Identities: 🤖 Automatically provide VMs or services with secure access to Key Vaults without credentials.
  • Encryption at Rest: 💾 Enable Azure Disk Encryption using BitLocker (Windows) or DM-Crypt (Linux).

Question Types to Expect:

  1. Scenario-based: How to recover a deleted key vault object using Soft Delete and Purge Protection.
  2. Best practices: Choose the correct Key Vault policy settings for different access levels.

🚨 4. Azure Security Center & Threat Protection 🚨

What to Know:

  • Azure Security Center (ASC) 🛡️ helps monitor and protect Azure resources with built-in security recommendations.
  • Azure Defender 🛠️ provides advanced threat detection, vulnerability scanning, and alerts for VMs, SQL, and storage.

Key Concepts:

  • Just-in-Time (JIT) VM Access 🕒 reduces attack surfaces by restricting VM access for a limited time.
  • Secure Score 🔢 measures your security posture and offers actionable recommendations.
  • Advanced Threat Detection 🧠: Detect and respond to suspicious activities, including SQL injection and malware.

Question Types to Expect:

  1. Threat detection: What actions should be taken when a SQL injection is detected.
  2. Feature configuration: How to configure JIT VM Access and manage security alerts.

💼 5. Azure Networking Security & NSGs 💼

What to Know:

  • Network Security Groups (NSGs) 🛑 control inbound and outbound traffic at the subnet or VM level.
  • Azure Firewall 🔥 and DDoS Protection 🛡️ are key to defending against network-based attacks.

Key Concepts:

  • NSG Rules 📝: Set rules to allow or deny specific IP ranges or ports.
  • Azure Firewall: 🚪 Centralizes and filters network traffic across subnets.
  • DDoS Protection 🌐: Automatically protects against Distributed Denial of Service attacks.

Question Types to Expect:

  1. Traffic control scenarios: How to block inbound traffic from specific IP ranges.
  2. Firewall configuration: How to configure Azure Firewall to control network traffic between subnets.

🖥️ 6. Azure VM Security & Disk Encryption 🖥️

What to Know:

  • Azure Disk Encryption 🛡️ secures data at rest using BitLocker (Windows) and DM-Crypt (Linux).
  • Just-in-Time VM Access 🕰️ limits the time window when users can access VMs.

Key Concepts:

  • Managed Disks: 🧩 Ensure all data is encrypted at rest by default with Azure-managed encryption.
  • Encryption keys: 🔑 Store and manage encryption keys securely in Azure Key Vault.
  • Secure SSH/RDP Access: 🔐 Use JIT to control access to virtual machines.

Question Types to Expect:

  1. Encryption best practices: How to implement Azure Disk Encryption using Key Vault.
  2. JIT access: Configure JIT access for VMs to minimize unauthorized access.

📊 7. Azure Monitoring & Logging (Azure Monitor, Log Analytics) 📊

What to Know:

  • Azure Monitor 📈 collects, analyzes, and acts on telemetry data.
  • Azure Log Analytics 📊 helps you write queries to analyze logs across resources.

Key Concepts:

  • Log Queries: 🧮 Write Kusto queries to detect specific security events, such as failed sign-ins.
  • Activity Logs: 🗂️ Capture all management operations and resource changes.
  • Metrics & Alerts: 🛎️ Set up alerts based on performance thresholds or suspicious activities.

Question Types to Expect:

  1. Log Analytics queries: Write or interpret Kusto queries that detect anomalies.
  2. Alert configuration: Create metric-based alerts for failed login attempts or high resource usage.

👩‍💼 8. Azure RBAC (Role-Based Access Control) 👩‍💼

What to Know:

  • RBAC 🔑 is used to grant granular access permissions based on a user’s role.
  • Custom Roles 🛠️ allow specific actions on resources without granting full access.

Key Concepts:

  • Built-in Roles: 🛠️ Roles such as Reader, Contributor, and Owner define default permissions.
  • Custom Roles: 🧩 Create roles with specific permissions, like access to storage but not deletion rights.
  • Role Assignments: 🎯 Assign roles at different levels (e.g., subscription, resource group).

Question Types to Expect:

  1. Access control scenarios: How to restrict access based on specific resource-level roles.
  2. Custom role creation: Understand how to create custom roles with specific actions.

🔧 9. Azure Automation & DevOps Security 🔧

What to Know:

  • Azure Automation 🛠️ automates routine tasks like patch management and configuration compliance.
  • Azure DevOps 🏗️ integrates security into CI/CD pipelines using security policies.

Key Concepts:

  • Runbooks 📜: Automate patching and VM configuration updates with PowerShell or Python.
  • Azure Automation State Configuration 📋: Enforce desired state across machines for compliance.
  • DevSecOps 🔐: Integrate security checks within your CI/CD pipelines for continuous compliance.

Question Types to Expect:

  1. Automation scenarios: Automate the disabling of unused services or manage configuration drifts.
  2. DevOps security integration: Implement security policies and scans during code deployment.

🧠 10. Final Tips for AZ-500 🧠

What to Expect:

  • Scenario-Based Questions 🌐: Many questions will provide a scenario and ask for the best solution based on best practices.
  • Hands-On Labs 🧪: Be prepared for practical labs that assess your ability to apply skills like configuring JIT VM access or writing Azure Policy.
  • Best Practices Focus 🔎: Emphasize Azure's security best practices in areas like network security, identity protection, and threat detection.

Final Tips:

  • Stay Up-to-Date 🗓️: Azure features evolve frequently, so keep an eye on updates, especially around Azure Security Center and Azure AD.
  • Time Management ⏲️: The exam is time-limited, so practice prioritizing questions you know and revisit difficult ones.

🚀 **Good Luck!

You're ready for the AZ-500 exam!** 🚀

This cheat sheet is optimized for GitHub wikis and covers the most critical exam topics in a friendly, organized way. Make sure to practice in real Azure environments and labs to enhance your understanding of these concepts.