Microsoft Cybersecurity Architect Exam Ref SC-100: Get certified with ease while learning how to develop highly effective cybersecurity strategies

Cover
Title Page
Copyright and Credits
Foreword
Contributors
Table of Contents
Preface
Part 1: The Evolution of Cybersecurity in the Cloud
Chapter 1: Cybersecurity in the Cloud
	What is cybersecurity?
	Evolution of cybersecurity from on-premises to the cloud
		Defense-in-depth security strategy
		Building a defense-in-depth security posture
		Shared responsibility in cloud security
	Cybersecurity architecture use cases
		Security operations
		Understanding the stages of a cyber attack
	Understanding the scope of cybersecurity in the cloud
		Shared responsibility scope
		Principles of the zero-trust methodology
		Common threats and attacks
		Internal threats
		External threats
	Summary
Part 2: Designing a Zero-Trust Strategy and Architecture
Chapter 2: Building an Overall Security Strategy and Architecture
	Identifying the integration points in an architecture by using the Microsoft Cybersecurity Reference Architecture
		How are the MCRA used?
		What are the components of the MCRA?
	Translating business goals into security requirements
		Threat analysis
	Translating security requirements into technical capabilities
		Physical
		Identity and access
		Perimeter security
		Network security
		Compute
		Applications
		Data
	Designing security for a resiliency strategy
	Integrating a hybrid or multi-tenant environment into a security strategy
	Developing a technical and governance strategy for traffic filtering and segmentation
	Summary
Chapter 3: Designing a Security Operations Strategy
	Designing a logging and auditing strategy to support security operations
		Security operations overview
		Microsoft security operations tools
		Logging and auditing for threat and vulnerability detection
	Developing security operations to support a hybrid or multi-cloud environment
	Designing a strategy for SIEM and SOAR
	Evaluating security workflows
		Security strategies for incident management and response
		Security workflows
	Evaluating a security operations strategy for the incident management life cycle
	Evaluating a security operations strategy for sharing technical threat intelligence
	Summary
Chapter 4: Designing an Identity Security Strategy
	Zero Trust for identity and access management
	Designing a strategy for access to cloud resources
	Recommending an identity store
		Azure AD tenant synchronization with SCIM
		B2B
		B2C
	Recommending an authentication and authorization strategy
		Hybrid identity infrastructure
		Secure authorization methods
	Designing a strategy for CA
	Designing a strategy for role assignment and delegation
	Designing a security strategy for privileged role access
		Azure AD PIM
	Designing a security strategy for privileged activities
		Privileged access reviews
		Entitlement management (aka permission management)
		Cloud tenant administration
	Case study – designing a Zero Trust architecture
	Summary
Part 3: Evaluating Governance, Risk, and Compliance (GRC) Technical Strategies and Security Operations Strategies
Chapter 5: Designing a Regulatory Compliance Strategy
	Interpreting compliance requirements and translating them into specific technical capabilities
	Evaluating infrastructure compliance by using Microsoft Defender for Cloud
	Interpreting compliance scores and recommending actions to resolve issues or improve security
	Designing the implementation of Azure Policy
	Designing for data residency requirements
	Translating privacy requirements into requirements for security solutions
	Case study – designing for regulatory compliance
	Summary
Chapter 6: Evaluating the Security Posture and Recommending Technical Strategies to Manage Risk
	Evaluating the security posture by using benchmarks
	Evaluating the security posture by using Microsoft Defender for Cloud
	Evaluating the security posture by using Secure Scores
	Evaluating the security posture of cloud workloads
	Designing security for an Azure Landing Zone
	Interpreting technical threat intelligence and recommending risk mitigations
	Recommending security capabilities or controls to mitigate identified risks
	Case study – evaluating the security posture
	Summary
Part 4: Designing Security for Infrastructure
Chapter 7: Designing a Strategy for Securing Server and Client Endpoints
	Planning and implementing a security strategy across teams
	Specifying security baselines for server and client endpoints
	Specifying security requirements for servers, including multiple platforms and operating systems
	Specifying security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
	Specifying requirements to secure AD DS
	Designing a strategy to manage secrets, keys, and certificates
	Designing a strategy for secure remote access
	Understanding security operations frameworks, processes, and procedures
	Case study – designing a secure architecture for endpoints
	Summary
Chapter 8: Designing a Strategy for Securing SaaS, PaaS, and IaaS
	Specifying security baselines for SaaS, PaaS, and IaaS services
		Security baselines for SaaS
		Security baselines for IaaS
		Security baselines for PaaS
	Specifying security requirements for IoT workloads
	Specifying security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB
	Specifying security requirements for storage workloads, including Azure Storage
	Specifying security requirements for web workloads, including Azure App Service
	Specifying security requirements for containers
	Specifying security requirements for container orchestration
	Case study – security requirements for IaaS, PaaS, and SaaS
	Summary
Part 5: Designing a Strategy for Data and Applications
Chapter 9: Specifying Security Requirements for Applications
	Specifying priorities for mitigating threats to applications
		Identity and secrets handling and use
		Segmentation and configuration
		Static and dynamic testing
		Data handling and access
		Security posture management and workload protection
	Specifying a security standard for onboarding a new application
	Specifying a security strategy for applications and APIs
	Case study – security requirements for applications
	Summary
Chapter 10: Designing a Strategy for Securing Data
	Specifying priorities for mitigating threats to data
		Managing the risk to data
		Ransomware protection and recovery
	Designing a strategy to identify and protect sensitive data
	Specifying an encryption standard for data at rest and in motion
		Encryption at rest
		Encryption in transit
		Identity and secrets handling and use
	Case study – designing a strategy to secure data
	Summary
Chapter 11: Case Study Responses and Final Assessment/Mock Exam
	Case study sample responses
		Chapter 4 – designing a zero-trust architecture
		Chapter 5 – designing for regulatory compliance
		Chapter 6 – evaluating the security posture
		Chapter 7 – designing a secure architecture for endpoints
		Chapter 8 – security requirements for IaaS, PaaS, and SaaS
		Chapter 9 – security requirements for applications
		Chapter 10 – designing a strategy to secure data
	Mock exam practice questions
		Questions
	Mock exam answers and chapter reference
	Summary
Appendix: Preparing for Your Microsoft Exam
	Technical requirements
	Preparing for a Microsoft exam
		Resources to prepare for the exam
		Access to a subscription
		Where to take the exam
		Exam format
	Resources available and accessing Microsoft Learn
		Accessing Microsoft Learn
		Finding content on Microsoft Learn
		Exam pages on Microsoft Learn
	Creating a Microsoft 365 trial subscription
		Office 365 or Microsoft 365 trial subscription
		Enterprise Mobility + Security subscription
	Setting up a free month of Azure services
	Exam objectives
	Who should take the SC-100 exam?
	Summary
Index
Other Books You May Enjoy