book

Exam Ref SC-100 Microsoft Cybersecurity Architect

Name: Exam Ref SC-100 Microsoft Cybersecurity Architect
ISBN: 9780137997299

by Yuri Diogenes, Sarah Young, Mark Simos, Gladys Rodriguez

February 2023

Intermediate to advanced

352 pages

10h 37m

English

Microsoft Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
Humans are born to learn
Contents at a glance
Contents
Introduction
Organization of this bookPreparing for the examMicrosoft certificationsQuick access to online referencesErrata, updates, & book supportStay in touch
Acknowledgments
About the authors
Chapter 1. Build an overall security strategy and architecture
Security architectureSecurity architectsArchitects work across teams and rolesZero Trust transformation and security architectsSkill 1-1: Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architectures (MCRA)Skill 1-2: Translate business goals into security requirementsSkill 1-3: Translate security requirements into technical capabilities, including security services, security products, and security processesSkill 1-4: Design security for a resiliency strategySkill 1-5: Integrate a hybrid or multi-tenant environment into a security strategySkill 1-6: Develop a technical governance strategy for securityThought experimentThought experiment answersChapter summary

Chapter 2. Design a security operations strategy
Skill 2-1: Design a logging and auditing strategy to support security operationsSkill 2-2: Develop security operations to support a hybrid or multi-cloud environmentSkill 2-3: Design a strategy for SIEM and SOARSkill 2-4: Evaluate security workflowsSkill 2-5: Evaluate a security operations strategy for the incident management lifecycleSkill 2-6: Evaluate a security operations strategy for sharing technical threat intelligenceThought experimentThought experiment answersChapter summary
Chapter 3. Design an identity security strategy
Skill 3-1: Design a strategy for access to cloud resourcesSkill 3-2: Recommend an identity store (tenants, B2B, B2C, and hybrid)Skill 3-3: Recommend an authentication strategySkill 3-4: Recommend an authorization strategySkill 3-5: Design a strategy for conditional accessSkill 3-6: Design a strategy for role assignment and delegationSkill 3-7: Design security strategy for privileged-role access to infrastructure, including identity-based firewall rules and Azure PIMSkill 3-8: Design security strategy for privileged activities, including PAM, entitlement management, and cloud tenant administrationThought experimentThought experiment answersChapter summary
Chapter 4. Design a regulatory compliance strategy
Skill 4-1: Interpret compliance requirements and translate into specific technical capabilities (new or existing)Skill 4-2: Evaluate infrastructure compliance by using Microsoft Defender for CloudSkill 4-3: Interpret compliance scores and recommend actions to resolve issues or improve securitySkill 4-4: Design implementation of Azure PolicySkill 4-5: Design for data residency requirementsSkill 4-6: Translate privacy requirements into requirements for security solutionsThought experimentThought experiment answersChapter summary
Chapter 5. Evaluate security posture and recommend technical strategies to manage risk
Skill 5-1: Evaluate security posture by using benchmarks (including Azure security benchmarks for Microsoft Cloud security benchmark, ISO 27001, etc.)Microsoft cloud security benchmarkSkill 5-2: Evaluate security posture by using Microsoft Defender for CloudSkill 5-3: Evaluate security posture by using Secure ScoresSkill 5-4: Evaluate security posture of cloud workloadsSkill 5-5: Design security for an Azure Landing ZoneSkill 5-6: Interpret technical threat intelligence and recommend risk mitigationsSkill 5-7: Recommend security capabilities or controls to mitigate identified risksThought experimentThought experiment answersChapter summary
Chapter 6. Design a strategy for securing server and client endpoints
Skill 6-1: Specify security baselines for server and client endpointsSkill 6-2: Specify security requirements for servers, including multiple platforms and operating systemsSkill 6-3: Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configurationSkill 6-4: Specify requirements to secure Active Directory Domain ServicesSkill 6-5: Design a strategy to manage secrets, keys, and certificatesSkill 6-6: Design a strategy for secure remote accessThought experimentThought experiment answersChapter summary
Chapter 7. Design a strategy for securing SaaS, PaaS, and IaaS services
Skill 7-1: Specify security baselines for SaaS, PaaS, and IaaS servicesSkill 7-2: Specify security requirements for IoT workloadsSkill 7-3: Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DBSkill 7-4: Specify security requirements for web workloads, including Azure App ServiceSkill 7-5: Specify security requirements for storage workloads, including Azure StorageSkill 7-6: Specify security requirements for containersSkill 7-7: Specify security requirements for container orchestrationThought experimentThought experiment answersChapter summary
Chapter 8. Specify security requirements for applications
Skill 8-1: Specify priorities for mitigating threats to applicationsSkill 8-2: Specify a security standard for onboarding a new applicationSkill 8-3: Specify a security strategy for applications and APIsThought experimentThought experiment answersChapter summary
Chapter 9. Design a strategy for securing data
Skill 9-1: Specify priorities for mitigating threats to dataSkill 9-2: Design a strategy to identify and protect sensitive dataSkill 9-3: Specify an encryption standard for data at rest and in motionThought experimentThought experiment answersChapter summary
Chapter 10. Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices
What are best practices?Skill 10-1: Recommend best practices for cybersecurity capabilities and controlsSkill 10-2: Recommend best practices for protecting from insider and external attacksSkill 10-3: Recommend best practices for Zero Trust securitySkill 10-4: Recommend best practices for the Zero Trust Rapid Modernization PlanThought experimentThought experiment answersChapter summary
Chapter 11. Recommend a secure methodology by using the Cloud Adoption Framework (CAF)
Skill 11-1: Recommend a DevSecOps processSkill 11-2: Recommend a methodology for asset protectionSkill 11-3: Recommend strategies for managing and minimizing riskThought experimentThought experiment answersChapter summary
Chapter 12. Recommend a ransomware strategy by using Microsoft Security Best Practices
Skill 12-1: Plan for ransomware protection and extortion-based attacksSkill 12-2: Protect assets from ransomware attacksSkill 12-3: Recommend Microsoft ransomware best practicesThought experimentThought experiment answersChapter summary
Index
Code Snippets

Content preview from Exam Ref SC-100 Microsoft Cybersecurity Architect

Introduction

The SC-100 exam measures your ability to accomplish the following technical tasks: design a Zero Trust strategy and architecture; evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies; design security for infrastructure; and design a strategy for data and applications.

Candidates for this exam should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations.

Responsibilities for a Microsoft Cybersecurity Architect include designing and evolving the cybersecurity strategy to protect ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Microsoft Cybersecurity Architect Exam Ref SC-100

Publisher Resources

ISBN: 9780137997299

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Exam Ref SC-100 Microsoft Cybersecurity Architect

by Yuri Diogenes, Sarah Young, Mark Simos, Gladys Rodriguez

Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.