+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

MCE Microsoft Certified Expert Cybersecurity Architect Study Guide. Exam SC-100. Edition No. 1

  • Book

  • 512 Pages
  • May 2023
  • John Wiley and Sons Ltd
  • ID: 5837577
Prep for the SC-100 exam like a pro with Sybex’ latest Study Guide

In the MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100, a team of dedicated software architects delivers an authoritative and easy-to-follow guide to preparing for the SC-100 Cybersecurity Architect certification exam offered by Microsoft. In the book, you’ll find comprehensive coverage of the objectives tested by the exam, covering the evaluation of Governance Risk Compliance technical and security operations strategies, the design of Zero Trust strategies and architectures, and data and application strategy design.

With the information provided by the authors, you’ll be prepared for your first day in a new role as a cybersecurity architect, gaining practical, hands-on skills with modern Azure deployments. You’ll also find: - In-depth discussions of every single objective covered by the SC-100 exam and, by extension, the skills necessary to succeed as a Microsoft cybersecurity architect - Critical information to help you obtain a widely sought-after credential that is increasingly popular across the industry (especially in government roles) - Valuable online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of crucial technical terms

An essential roadmap to the SC-100 exam and a new career in cybersecurity architecture on the Microsoft Azure cloud platform, MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 is also ideal for anyone seeking to improve their knowledge and understanding of cloud-based management and security.

Table of Contents

Introduction xxi

Assessment Test xxxii

Chapter 1 Define and Implement an Overall Security Strategy and Architecture 1

Basics of Cloud Computing 2

The Need for the Cloud 3

Cloud Service Models 4

Cloud Deployment Models 5

Introduction to Cybersecurity 6

The Need for Cybersecurity 7

Cybersecurity Domains 9

Getting Started with Zero Trust 12

NIST Abstract Definition of Zero Trust 12

Key Benefits of Zero Trust 13

Guiding Principles of Zero Trust 13

Zero Trust Architecture 14

Design Integration Points in an Architecture 16

Security Operations Center 17

Software as a Service 18

Hybrid Infrastructure - IaaS, PaaS, On- Premises 19

Endpoints and Devices 21

Information Protection 22

Identity and Access 24

People Security 25

IOT and Operational Technology 26

Design Security Needs to Be Based on Business Goals 27

Define Strategy 28

Prepare Plan 28

Get Ready 29

Adopt 29

Secure 29

Manage 31

Govern 31

Decode Security Requirements to Technical Abilities 32

Resource Planning and Hardening 32

Design Security for a Resiliency Approach 34

Before an Incident 34

During an Incident 35

After an Incident 35

Feedback Loop 35

Identify the Security Risks Associated with Hybrid and Multi- Tenant Environments 36

Deploy a Secure Hybrid Identity Environment 36

Deploy a Secure Hybrid Network 36

Design a Multi- Tenancy Environment 37

Responsiveness to Individual Tenants’ Needs 39

Plan Traffic Filtering and Segmentation Technical and Governance Strategies 40

Logically Segmented Subnets 41

Deploy Perimeter Networks for Security Zones 41

Avoid Exposure to the Internet with Dedicated WAN Links 42

Use Virtual Network Appliances 42

Summary 42

Exam Essentials 43

Review Questions 45

Chapter 2 Define a Security Operations Strategy 49

Foundation of Security Operations and Strategy 50

SOC Operating Model 51

SOC Framework 51

SOC Operations 54

Microsoft SOC Strategy for Azure Cloud 55

Microsoft SOC Function for Azure Cloud 57

Microsoft SOC Integration Among SecOps and Business Leadership 58

Microsoft SOC People and Process 59

Microsoft SOC Metrics 60

Microsoft SOC Modernization 61

Soc Mitre Att&ck 61

Design a Logging and Auditing Strategy to Support Security Operations 64

Overview of Azure Logging Capabilities 66

Develop Security Operations to Support a Hybrid or Multi- Cloud Environment 68

Integrated Operations for Hybrid and Multi- Cloud Environments 70

Customer Processes 71

Primary Cloud Controls 73

Hybrid, Multi- Cloud Gateway, and Enterprise Control Plane 74

Azure Security Operation Services 74

Using Microsoft Sentinel and Defender for Cloud to Monitor Hybrid Security 76

Design a Strategy for SIEM and SOAR 78

Security Operations Center Best Practices for SIEM and SOAR 79

Evaluate Security Workflows 81

Microsoft Best Practices for Incident Response 81

Microsoft Best Practices for Recovery 82

Azure Workflow Automation Uses a Few Key Technologies 82

Evaluate a Security Operations Strategy for the Incident Management Life Cycle 83

Preparation 84

Detection and Analysis 85

Containment, Eradication, and Recovery 86

Evaluate a Security Operations Strategy for Sharing Technical Threat Intelligence 87

Microsoft Sentinel’s Threat Intelligence 89

Defender for Endpoint’s Threat Intelligence 89

Defender for IoT’s Threat Intelligence 90

Defender for Cloud’s Threat Intelligence 90

Microsoft 365 Defender’s Threat Intelligence 91

Summary 92

Exam Essentials 92

Review Questions 94

Chapter 3 Define an Identity Security Strategy 99

Design a Strategy for Access to Cloud Resources 100

Deployment Objectives for Identity Zero Trust 102

Microsoft’s Method to Identity Zero Trust Deployment 104

Recommend an Identity Store (Tenants, B2B, B2C, Hybrid) 109

Recommend an Authentication and Authorization Strategy 111

Cloud Authentication 112

Federated Authentication 115

Secure Authorization 121

Design a Strategy for Conditional Access 122

Verify Explicitly 123

Use Least-Privileged Access 123

Assume Breach 124

Conditional Access Zero Trust Architecture 125

Summary of Personas 126

Design a Strategy for Role Assignment and Delegation 127

Design a Security Strategy for Privileged Role Access to Infrastructure Including Identity- Based Firewall Rules and Azure PIM 130

Securing Privileged Access 132

Develop a Road Map 133

Best Practices for Managing Identity and Access on the Microsoft Platform 135

Design a Security Strategy for Privileged Activities Including PAM, Entitlement Management, and Cloud Tenant Administration 136

Developing a Privileged Access Strategy 137

Azure AD Entitlement Management 140

Summary 141

Exam Essentials 142

Review Questions 145

Chapter 4 Identify a Regulatory Compliance Strategy 149

Interpret Compliance Requirements and Translate into Specific Technical Capabilities 150

Review the Organization Requirements 156

Design a Compliance Strategy 157

Key Compliance Consideration 159

Evaluate Infrastructure Compliance by Using Microsoft Defender for Cloud 162

Protect All of Your IT Resources Under One Roof 163

Interpret Compliance Scores and Recommend Actions to Resolve Issues or Improve Security 165

Design and Validate Implementation of Azure Policy 166

Design for Data Residency Requirements 175

Storage of Data for Regional Services 176

Storage of Data for Nonregional Services 176

Data Sovereignty 177

Personal Data 177

Azure Policy Consideration 178

Azure Blueprints Consideration 178

Protecting Organizational Data 179

Encryption of Data at Rest 179

Encryption of Data in Transit 180

Encryption During Data Processing 181

Azure Customer Lockbox 182

Translate Privacy Requirements into Requirements for Security Solutions 182

Leverage Azure Policy 183

Summary 186

Exam Essentials 186

Review Questions 189

Chapter 5 Identify Security Posture and Recommend Technical Strategies to Manage Risk 193

Analyze Security Posture by Using Azure Security Benchmark 194

Evaluating Security Posture in Azure Workloads 198

Analyze Security Posture by Using Microsoft Defender for Cloud 199

Assess the Security Hygiene of Cloud Workloads 201

Evaluate the Security Posture of Cloud Workloads 203

Design Security for an Azure Landing Zone 207

Design Security Review 210

Security Design Considerations 211

Security in the Azure Landing Zone Accelerator 212

Improve Security in the Azure Landing Zone 212

Evaluate Security Postures by Using Secure Scores 216

References 217

Identify Technical Threats and Recommend Mitigation Measures 220

Recommend Security Capabilities or Controls to Mitigate Identified Risks 224

Summary 227

Exam Essentials 227

Review Questions 229

Chapter 6 Define a Strategy for Securing Infrastructure 233

Plan and Deploy a Security Strategy Across Teams 234

Security Roles and Responsibilities 235

Security Strategy Considerations 237

Deliverables 238

Best Practices for Building a Security Strategy 238

Strategy Approval 239

Deploy a Process for Proactive and Continuous Evolution of a Security Strategy 239

Considerations in Security Planning 239

Establish Essential Security Practices 241

Security Management Strategy 241

Continuous Assessment 242

Continuous Strategy Evolution 243

Specify Security Baselines for Server and Client Endpoints 244

What Are Security Baselines? 245

What Is Microsoft Intune? 245

What Are Security Compliance Toolkits? 245

Foundation Principles of Baselines 245

Selecting the Appropriate Baseline 246

Specify Security Baselines for the Server, Including Multiple Platforms and Operating Systems 248

Analyze Security Configuration 248

Secure Servers (Domain Members) 248

Chapter 7 Specify Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration 252

App Isolation and Control 252

Choose Between Device Management and Application Management 253

Device Settings 256

Client Requirements 256

Specify Requirements for Securing Active Directory Domain Services 257

Securing Domain Controllers Against Attack 258

Microsoft Defender for Identity 259

Design a Strategy to Manage Secrets, Keys, and Certificates 260

Manage Access to Secrets, Certificates, and Keys 262

Restrict Network Access 263

Design a Strategy for Secure Remote Access 265

Design a Strategy for Securing Privileged Access 271

Building the Recommended Design Strategy 271

Summary 273

Exam Essentials 274

Review Questions 276

Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services 281

Establish Security Baselines for SaaS, PaaS, and IaaS Services 282

PaaS Security Baseline 290

IaaS Security Baseline 299

Establish Security Requirements for IoT Workloads 306

Establish Security Requirements for Data Workloads, Including SQL Server, Azure SQL, Azure Synapse, and Azure Cosmos DB 311

Security Posture Management for Data 312

Databases 313

Define the Security Requirements for Web Workloads 315

Security Posture Management for App Service 315

Determine the Security Requirements for Storage Workloads 317

Security Posture Management for Storage 317

Define Container Security Requirements 319

Security Posture Management for Containers 320

Define Container Orchestration Security Requirements 321

Summary 324

Exam Essentials 324

Review Questions 327

Chapter 8 Define a Strategy and Requirements for Applications and Data 331

Knowing the Application Threat Intelligence Model 332

Analyze the Application Design Progressively 334

Mitigation Categories 334

Mitigate the Identified Threats 340

Specify Priorities for Mitigating Threats to Applications 341

Identify and Classify Applications 341

Assess the Potential Impact or Risk of Applications 342

Specify a Security Standard for Onboarding a New Application 343

Onboarding New Applications 344

Security Standards for Onboarding Applications 345

Specify a Security Strategy for Applications and APIs 346

Enforcing Security for DevOps 347

Security Strategy Components 348

Strategies for Mitigating Threats 349

Specify Priorities for Mitigating Threats to Data 349

Ransomware Protection 352

Design a Strategy to Identify and Protect Sensitive Data 353

Data Discovery: Know Your Data 353

Data Classification 353

Data Protection 355

Specify an Encryption Standard for Data at Rest and in Motion 361

Encryption of Data at Rest 361

Encryption of Data in Transit 362

Azure Data Security and Encryption Best Practices 364

Manage with Secure Workstations 365

Key Management with Key Vault 366

Summary 367

Exam Essentials 367

Review Questions 370

Chapter 9 Recommend Security Best Practices and Priorities 375

Recommend Best Practices for Cybersecurity Capabilities and Controls 376

Essential Best Practices in the MCRA 377

Recommend Best Practices for Protecting from Insider and External Attacks 383

Recommend Best Practices for Zero Trust Security 387

Recommend Best Practices for Zero Trust Rapid Modernization Plan 390

Recommend a DevSecOps Process 391

Plan and Develop 391

Commit the Code 394

Build and Test 395

Go to Production and Operate 397

Recommend a Methodology for Asset Protection 398

Get Secure 399

Stay Secure 399

Dilemmas Surrounding Patches 400

Network Isolation 401

Getting Started 401

Key Information 402

Recommend Strategies for Managing and Minimizing Risk 403

What Is Cybersecurity Risk? 404

Align Your Security Risk Management 404

Knowing Cybersecurity Risk 406

Plan for Ransomware Protection and Extortion- Based Attacks 407

Regain Access for a Fee 407

Avoid Disclosure by Paying 407

Protect Assets from Ransomware Attacks 411

Strategy for Privileged Access 412

Recommend Microsoft Ransomware Best Practices 415

Remote Access 416

Email and Collaboration 417

Endpoints 419

Accounts 421

Summary 423

Exam Essentials 424

Review Questions 428

Appendix Answers to Review Questions 433

Chapter 1: Define and Implement an Overall Security Strategy and Architecture 434

Chapter 2: Define a Security Operations Strategy 436

Chapter 3: Define an Identity Security Strategy 438

Chapter 4: Identify a Regulatory Compliance Strategy 440

Chapter 5: Identify Security Posture and Recommend Technical Strategies to Manage Risk 441

Chapter 6: Define a Strategy for Securing Infrastructure 443

Chapter 7: Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services 446

Chapter 8: Define a Strategy and Requirements for Applications and Data 447

Chapter 9: Recommend Security Best Practices and Priorities 449

Index 453

Authors

Kathiravan Udayakumar Puthiyavan Udayakumar