MCE Microsoft Certified Expert Cybersecurity Architect Study Guide

Introduction xxi Assessment Test xxxii Chapter 1 Define and Implement an Overall Security Strategy and Architecture 1 Basics of Cloud Computing 2 The Need for the Cloud 3 Cloud Service Models 4 Cloud Deployment Models 5 Introduction to Cybersecurity 6 The Need for Cybersecurity 7 Cybersecurity Domains 9 Getting Started with Zero Trust 12 NIST Abstract Definition of Zero Trust 12 Key Benefits of Zero Trust 13 Guiding Principles of Zero Trust 13 Zero Trust Architecture 14 Design Integration Points in an Architecture 16 Security Operations Center 17 Software as a Service 18 Hybrid Infrastructure— IaaS, PaaS, On- Premises 19 Endpoints and Devices 21 Information Protection 22 Identity and Access 24 People Security 25 IOT and Operational Technology 26 Design Security Needs to Be Based on Business Goals 27 Define Strategy 28 Prepare Plan 28 Get Ready 29 Adopt 29 Secure 29 Manage 31 Govern 31 Decode Security Requirements to Technical Abilities 32 Resource Planning and Hardening 32 Design Security for a Resiliency Approach 34 Before an Incident 34 During an Incident 35 After an Incident 35 Feedback Loop 35 Identify the Security Risks Associated with Hybrid and Multi- Tenant Environments 36 Deploy a Secure Hybrid Identity Environment 36 Deploy a Secure Hybrid Network 36 Design a Multi- Tenancy Environment 37 Responsiveness to Individual Tenants’ Needs 39 Plan Traffic Filtering and Segmentation Technical and Governance Strategies 40 Logically Segmented Subnets 41 Deploy Perimeter Networks for Security Zones 41 Avoid Exposure to the Internet with Dedicated WAN Links 42 Use Virtual Network Appliances 42 Summary 42 Exam Essentials 43 Review Questions 45 Chapter 2 Define a Security Operations Strategy 49 Foundation of Security Operations and Strategy 50 SOC Operating Model 51 SOC Framework 51 SOC Operations 54 Microsoft SOC Strategy for Azure Cloud 55 Microsoft SOC Function for Azure Cloud 57 Microsoft SOC Integration Among SecOps and Business Leadership 58 Microsoft SOC People and Process 59 Microsoft SOC Metrics 60 Microsoft SOC Modernization 61 Soc Mitre Att&ck 61 Design a Logging and Auditing Strategy to Support Security Operations 64 Overview of Azure Logging Capabilities 66 Develop Security Operations to Support a Hybrid or Multi- Cloud Environment 68 Integrated Operations for Hybrid and Multi- Cloud Environments 70 Customer Processes 71 Primary Cloud Controls 73 Hybrid, Multi- Cloud Gateway, and Enterprise Control Plane 74 Azure Security Operation Services 74 Using Microsoft Sentinel and Defender for Cloud to Monitor Hybrid Security 76 Design a Strategy for SIEM and SOAR 78 Security Operations Center Best Practices for SIEM and SOAR 79 Evaluate Security Workflows 81 Microsoft Best Practices for Incident Response 81 Microsoft Best Practices for Recovery 82 Azure Workflow Automation Uses a Few Key Technologies 82 Evaluate a Security Operations Strategy for the Incident Management Life Cycle 83 Preparation 84 Detection and Analysis 85 Containment, Eradication, and Recovery 86 Evaluate a Security Operations Strategy for Sharing Technical Threat Intelligence 87 Microsoft Sentinel’s Threat Intelligence 89 Defender for Endpoint’s Threat Intelligence 89 Defender for IoT’s Threat Intelligence 90 Defender for Cloud’s Threat Intelligence 90 Microsoft 365 Defender’s Threat Intelligence 91 Summary 92 Exam Essentials 92 Review Questions 94 Chapter 3 Define an Identity Security Strategy 99 Design a Strategy for Access to Cloud Resources 100 Deployment Objectives for Identity Zero Trust 102 Microsoft’s Method to Identity Zero Trust Deployment 104 Recommend an Identity Store (Tenants, B2B, B2C, Hybrid) 109 Recommend an Authentication and Authorization Strategy 111 Cloud Authentication 112 Federated Authentication 115 Secure Authorization 121 Design a Strategy for Conditional Access 122 Verify Explicitly 123 Use Least-Privileged Access 123 Assume Breach 124 Conditional Access Zero Trust Architecture 125 Summary of Personas 126 Design a Strategy for Role Assignment and Delegation 127 Design a Security Strategy for Privileged Role Access to Infrastructure Including Identity- Based Firewall Rules and Azure PIM 130 Securing Privileged Access 132 Develop a Road Map 133 Best Practices for Managing Identity and Access on the Microsoft Platform 135 Design a Security Strategy for Privileged Activities Including PAM, Entitlement Management, and Cloud Tenant Administration 136 Developing a Privileged Access Strategy 137 Azure AD Entitlement Management 140 Summary 141 Exam Essentials 142 Review Questions 145 Chapter 4 Identify a Regulatory Compliance Strategy 149 Interpret Compliance Requirements and Translate into Specific Technical Capabilities 150 Review the Organization Requirements 156 Design a Compliance Strategy 157 Key Compliance Consideration 159 Evaluate Infrastructure Compliance by Using Microsoft Defender for Cloud 162 Protect All of Your IT Resources Under One Roof 163 Interpret Compliance Scores and Recommend Actions to Resolve Issues or Improve Security 165 Design and Validate Implementation of Azure Policy 166 Design for Data Residency Requirements 175 Storage of Data for Regional Services 176 Storage of Data for Nonregional Services 176 Data Sovereignty 177 Personal Data 177 Azure Policy Consideration 178 Azure Blueprints Consideration 178 Protecting Organizational Data 179 Encryption of Data at Rest 179 Encryption of Data in Transit 180 Encryption During Data Processing 181 Azure Customer Lockbox 182 Translate Privacy Requirements into Requirements for Security Solutions 182 Leverage Azure Policy 183 Summary 186 Exam Essentials 186 Review Questions 189 Chapter 5 Identify Security Posture and Recommend Technical Strategies to Manage Risk 193 Analyze Security Posture by Using Azure Security Benchmark 194 Evaluating Security Posture in Azure Workloads 198 Analyze Security Posture by Using Microsoft Defender for Cloud 199 Assess the Security Hygiene of Cloud Workloads 201 Evaluate the Security Posture of Cloud Workloads 203 Design Security for an Azure Landing Zone 207 Design Security Review 210 Security Design Considerations 211 Security in the Azure Landing Zone Accelerator 212 Improve Security in the Azure Landing Zone 212 Evaluate Security Postures by Using Secure Scores 216 References 217 Identify Technical Threats and Recommend Mitigation Measures 220 Recommend Security Capabilities or Controls to Mitigate Identified Risks 224 Summary 227 Exam Essentials 227 Review Questions 229 Chapter 6 Define a Strategy for Securing Infrastructure 233 Plan and Deploy a Security Strategy Across Teams 234 Security Roles and Responsibilities 235 Security Strategy Considerations 237 Deliverables 238 Best Practices for Building a Security Strategy 238 Strategy Approval 239 Deploy a Process for Proactive and Continuous Evolution of a Security Strategy 239 Considerations in Security Planning 239 Establish Essential Security Practices 241 Security Management Strategy 241 Continuous Assessment 242 Continuous Strategy Evolution 243 Specify Security Baselines for Server and Client Endpoints 244 What Are Security Baselines? 245 What Is Microsoft Intune? 245 What Are Security Compliance Toolkits? 245 Foundation Principles of Baselines 245 Selecting the Appropriate Baseline 246 Specify Security Baselines for the Server, Including Multiple Platforms and Operating Systems 248 Analyze Security Configuration 248 Secure Servers (Domain Members) 248 Chapter 7 Specify Security Requirements for Mobile Devices and Clients, Including Endpoint Protection, Hardening, and Configuration 252 App Isolation and Control 252 Choose Between Device Management and Application Management 253 Device Settings 256 Client Requirements 256 Specify Requirements for Securing Active Directory Domain Services 257 Securing Domain Controllers Against Attack 258 Microsoft Defender for Identity 259 Design a Strategy to Manage Secrets, Keys, and Certificates 260 Manage Access to Secrets, Certificates, and Keys 262 Restrict Network Access 263 Design a Strategy for Secure Remote Access 265 Design a Strategy for Securing Privileged Access 271 Building the Recommended Design Strategy 271 Summary 273 Exam Essentials 274 Review Questions 276 Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services 281 Establish Security Baselines for SaaS, PaaS, and IaaS Services 282 PaaS Security Baseline 290 IaaS Security Baseline 299 Establish Security Requirements for IoT Workloads 306 Establish Security Requirements for Data Workloads, Including SQL Server, Azure SQL, Azure Synapse, and Azure Cosmos DB 311 Security Posture Management for Data 312 Databases 313 Define the Security Requirements for Web Workloads 315 Security Posture Management for App Service 315 Determine the Security Requirements for Storage Workloads 317 Security Posture Management for Storage 317 Define Container Security Requirements 319 Security Posture Management for Containers 320 Define Container Orchestration Security Requirements 321 Summary 324 Exam Essentials 324 Review Questions 327 Chapter 8 Define a Strategy and Requirements for Applications and Data 331 Knowing the Application Threat Intelligence Model 332 Analyze the Application Design Progressively 334 Mitigation Categories 334 Mitigate the Identified Threats 340 Specify Priorities for Mitigating Threats to Applications 341 Identify and Classify Applications 341 Assess the Potential Impact or Risk of Applications 342 Specify a Security Standard for Onboarding a New Application 343 Onboarding New Applications 344 Security Standards for Onboarding Applications 345 Specify a Security Strategy for Applications and APIs 346 Enforcing Security for DevOps 347 Security Strategy Components 348 Strategies for Mitigating Threats 349 Specify Priorities for Mitigating Threats to Data 349 Ransomware Protection 352 Design a Strategy to Identify and Protect Sensitive Data 353 Data Discovery: Know Your Data 353 Data Classification 353 Data Protection 355 Specify an Encryption Standard for Data at Rest and in Motion 361 Encryption of Data at Rest 361 Encryption of Data in Transit 362 Azure Data Security and Encryption Best Practices 364 Manage with Secure Workstations 365 Key Management with Key Vault 366 Summary 367 Exam Essentials 367 Review Questions 370 Chapter 9 Recommend Security Best Practices and Priorities 375 Recommend Best Practices for Cybersecurity Capabilities and Controls 376 Essential Best Practices in the MCRA 377 Recommend Best Practices for Protecting from Insider and External Attacks 383 Recommend Best Practices for Zero Trust Security 387 Recommend Best Practices for Zero Trust Rapid Modernization Plan 390 Recommend a DevSecOps Process 391 Plan and Develop 391 Commit the Code 394 Build and Test 395 Go to Production and Operate 397 Recommend a Methodology for Asset Protection 398 Get Secure 399 Stay Secure 399 Dilemmas Surrounding Patches 400 Network Isolation 401 Getting Started 401 Key Information 402 Recommend Strategies for Managing and Minimizing Risk 403 What Is Cybersecurity Risk? 404 Align Your Security Risk Management 404 Knowing Cybersecurity Risk 406 Plan for Ransomware Protection and Extortion- Based Attacks 407 Regain Access for a Fee 407 Avoid Disclosure by Paying 407 Protect Assets from Ransomware Attacks 411 Strategy for Privileged Access 412 Recommend Microsoft Ransomware Best Practices 415 Remote Access 416 Email and Collaboration 417 Endpoints 419 Accounts 421 Summary 423 Exam Essentials 424 Review Questions 428 Appendix Answers to Review Questions 433 Chapter 1: Define and Implement an Overall Security Strategy and Architecture 434 Chapter 2: Define a Security Operations Strategy 436 Chapter 3: Define an Identity Security Strategy 438 Chapter 4: Identify a Regulatory Compliance Strategy 440 Chapter 5: Identify Security Posture and Recommend Technical Strategies to Manage Risk 441 Chapter 6: Define a Strategy for Securing Infrastructure 443 Chapter 7: Define a Strategy and Requirements for Securing PaaS, IaaS, and SaaS Services 446 Chapter 8: Define a Strategy and Requirements for Applications and Data 447 Chapter 9: Recommend Security Best Practices and Priorities 449 Index 453