AZ‐500 Microsoft Azure Security Technologies Study Guide_9 - itnett/FTD02H-N GitHub Wiki

Sure! Here’s the continuation of the AZ-500 Exam Comprehensive Cheat Sheet, structured for GitHub Wiki markdown with emojis for clarity and engagement. This second part focuses on advanced topics, practical tips, and more specific scenarios.

🛡️ AZ-500 Exam Comprehensive Cheat Sheet (Page 2) 🛡️

🌐 11. Azure AD Conditional Access & MFA 🌐

What to Know:

  • Conditional Access 🧠 provides automated access decisions based on conditions like user location, device health, and sign-in risk.
  • Azure AD Multi-Factor Authentication (MFA) 🔐 adds an extra layer of protection to user sign-ins, requiring a second form of authentication.

Key Concepts:

  • Conditional Access Policies 📋: Create policies to require MFA for risky sign-ins, specific IP locations, or device health compliance.
  • Sign-In Risk 🔍: High or medium sign-in risks can trigger policies to block access or require additional authentication.
  • MFA Enrollment 📲: Automatically enforce MFA enrollment for specific groups.

Question Types to Expect:

  1. Scenario-based MFA configuration: When to enforce MFA based on location or device compliance.
  2. Conditional Access configuration: How to create and apply policies for specific sign-in conditions (e.g., block access from risky locations).

🚨 12. Azure DDoS Protection & Network Security 🚨

What to Know:

  • Azure DDoS Protection 🛡️ defends against distributed denial of service (DDoS) attacks by automatically detecting and mitigating such threats.
  • Network Security Groups (NSGs) 🛑 filter network traffic to and from Azure resources.

Key Concepts:

  • DDoS Protection Plans 🧱: Use Standard protection for critical services like public-facing applications.
  • NSG Rules 📋: Define inbound and outbound rules to control traffic between VMs, subnets, and the internet.
  • Azure Firewall 🔥: A managed cloud firewall that provides traffic filtering across networks.

Question Types to Expect:

  1. DDoS protection scenarios: How to set up DDoS Standard Protection for web apps or other services.
  2. NSG rule configuration: How to create and prioritize rules to block unwanted traffic (e.g., specific IP ranges).

📂 13. Azure Logging, Monitoring & Alerts 📂

What to Know:

  • Azure Monitor 📈 collects and analyzes telemetry data, providing detailed insights into the performance and security of your environment.
  • Azure Log Analytics 🧮 helps you run queries on your logs to identify patterns or suspicious activities.
  • Alerts & Metrics 🔔 trigger notifications when specific thresholds are met.

Key Concepts:

  • Kusto Query Language (KQL) 📊: Write queries to extract meaningful insights from your log data (e.g., failed login attempts).
  • Metric-based alerts 📉: Configure alerts based on performance thresholds (e.g., high CPU usage, login failures).
  • Activity Logs 📝: Track management operations and resource changes.

Question Types to Expect:

  1. Log Analytics queries: Write KQL queries to detect failed logins or abnormal patterns.
  2. Alert configuration: How to set up metric-based alerts for specific thresholds, such as a high number of sign-in failures.

🔐 14. Azure RBAC (Role-Based Access Control) Advanced 🔐

What to Know:

  • Role-Based Access Control (RBAC) 🔑 defines granular permissions for users and applications.
  • Custom Roles 🛠️ provide specific access controls tailored to your organization’s needs.

Key Concepts:

  • Built-in Roles 🛠️: Familiarize yourself with built-in roles like Reader, Contributor, and Owner.
  • Custom Role Definition 📜: Create custom roles that define the exact actions users can perform (e.g., access to read logs but no write access).
  • Role Assignments 🎯: Apply roles at the subscription, resource group, or resource level.

Question Types to Expect:

  1. Role-based access control scenarios: How to assign specific roles to users or services (e.g., access only to manage storage).
  2. Custom roles: Know how to define a custom role with specific permissions (e.g., read-only for resources but full access to storage).

⚙️ 15. Azure Automation & Logic Apps ⚙️

What to Know:

  • Azure Automation 🛠️ allows for the automation of common tasks, such as resource cleanup, patch management, and configuration drift.
  • Logic Apps 🤖 automates workflows and integrates with various services, improving process efficiency.

Key Concepts:

  • Runbooks 📜: Automate routine operations using PowerShell or Python scripts.
  • Automation State Configuration 🔄: Ensure consistent configurations across VMs using desired state configuration (DSC).
  • Logic Apps 🔁: Use to automate workflows between Azure and external services (e.g., integrating with Office 365).

Question Types to Expect:

  1. Automation scenarios: How to automate patching for VMs using runbooks.
  2. Workflow automation: Use Logic Apps to automatically send alerts or remediate issues when specific conditions are met.

🖥️ 16. Azure Security Best Practices for Virtual Machines 🖥️

What to Know:

  • Azure Disk Encryption (ADE) 🔒 ensures data at rest is secure using BitLocker for Windows and DM-Crypt for Linux.
  • Just-in-Time (JIT) VM Access ⏲️ minimizes exposure by allowing access only for a limited time.

Key Concepts:

  • Disk Encryption 🔑: Secure VM disks with encryption to ensure data at rest is protected.
  • JIT Access ⏳: Temporarily grant access to virtual machines based on time windows and IP restrictions.
  • VM Extensions 🧩: Use extensions to enable additional security features (e.g., installing anti-malware).

Question Types to Expect:

  1. Disk encryption setup: How to enable Azure Disk Encryption for Windows and Linux VMs.
  2. JIT access scenarios: How to configure and enforce JIT access to VMs to reduce the attack surface.

🔍 17. Azure Sentinel & Advanced Threat Detection 🔍

What to Know:

  • Azure Sentinel 🧠 is a cloud-native SIEM (Security Information and Event Management) platform that helps detect, investigate, and respond to threats.
  • Threat Hunting 🕵️ enables proactive detection of security threats using built-in hunting queries and playbooks.

Key Concepts:

  • SIEM Capabilities 📊: Azure Sentinel integrates with various data sources to provide real-time security analytics.
  • Workbooks 📝: Use built-in workbooks to visualize threat data and identify security trends.
  • Automated Playbooks 🤖: Automate responses to incidents using Logic Apps to streamline remediation efforts.

Question Types to Expect:

  1. Threat detection: How to create automated playbooks to respond to security alerts in Sentinel.
  2. Workbooks: Use Azure Sentinel workbooks to identify patterns and trends in security events.

🧑‍💻 18. Azure Active Directory Hybrid Configuration 🧑‍💻

What to Know:

  • Azure AD Hybrid Configuration 🔄 enables the synchronization of on-premises directories with Azure AD, allowing for seamless identity management.
  • Azure AD Connect 🔗 is the tool used to synchronize on-premises identities to Azure AD.

Key Concepts:

  • Password Hash Sync 🔑: Synchronize user passwords from on-prem AD to Azure AD for single sign-on (SSO).
  • Pass-Through Authentication (PTA) 🔄: Authenticate users directly against on-prem AD without storing passwords in the cloud.
  • Seamless SSO 🌐: Provide users with transparent access to cloud services without re-authentication.

Question Types to Expect:

  1. Hybrid configuration scenarios: When to use password hash sync versus pass-through authentication.
  2. Azure AD Connect setup: Know how to configure AD Connect for seamless hybrid identity management.

💼 19. Azure DevOps & Security Integration 💼

What to Know:

  • Azure DevOps 🏗️ integrates security into the CI/CD pipeline, ensuring that security checks are part of the build and release process.
  • DevSecOps 🔐 emphasizes security automation during development and deployment.

Key Concepts:

  • Security Scanning 🔎: Integrate tools like WhiteSource and SonarCloud to scan for vulnerabilities in code.
  • Pipeline Policies 📋: Apply policies in CI/CD pipelines to ensure compliance with security standards.
  • Automated Testing 🔬: Use automated security testing to identify vulnerabilities before production deployment.

Question Types to Expect:

  1. DevOps pipeline security: How to integrate security scans into CI/CD workflows.
  2. DevSecOps tools: Understand which tools are used for automating security checks during code builds.

🌍 20. Azure Resource Locking & Resource Management 🌍

What to Know:

  • Azure Resource Locks 🔒 prevent accidental deletion or modification of critical resources.
  • Resource Tags 🏷️ help organize resources and apply governance rules based on tags.

Key Concepts:

  • Read-Only Lock 🔐: Prevents any changes to a resource while still allowing read access.
  • Delete Lock 🚫: Prevents the resource from being deleted

but allows modifications.

  • Tagging 🏷️: Organize resources and apply policies based on specific tags (e.g., environment tags like Prod or Dev).

Question Types to Expect:

  1. Resource lock scenarios: How to prevent accidental deletion of resources using Delete Locks.
  2. Tag-based governance: Apply resource governance rules based on tagging to ensure compliance.

🎯 Final Exam Prep for AZ-500 🎯

Common Mistakes to Avoid:

  • Overlooking Conditional Access Scenarios: Remember to pay attention to MFA and sign-in risk policies.
  • Forgetting Built-in vs. Custom Roles: Understand the difference between default roles and when to create custom ones.
  • Missing Just-in-Time Access: Make sure you know how to configure JIT access for virtual machines.

🚀 Good Luck on Your AZ-500 Certification Journey! 🚀

This second part of the cheat sheet provides detailed coverage on Azure DevOps security, Sentinel, Azure AD hybrid setups, and more. Each section includes question types to expect and best practices according to Microsoft's exam guidelines. Be sure to practice these concepts hands-on in Azure to solidify your knowledge before the exam.