Exam Ref SC-100 Microsoft Cybersecurity Architect

Exam Ref SC-100 Microsoft Cybersecurity Architect

by Yuri Diogenes, Sarah Young, Mark Simos, Gladys Rodriguez
Released February 2023
Publisher(s): Microsoft Press
ISBN: 9780137997299

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Prepare for Microsoft Exam SC-100 and demonstrate your real-world mastery of skills and knowledge needed to design and evolve cybersecurity strategy for all aspects of enterprise architecture. Designed for experienced IT professionals, this Exam Ref focuses on critical thinking and decision-making acumen needed for success at the Microsoft Certied: Cybersecurity Architect Expert level.

Focus on the expertise measured by these objectives:

  • Design a Zero Trust strategy and architecture

  • Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies

  • Design a strategy for data and applications

  • Recommend security best practices and priorities

This Microsoft Exam Ref:

  • Organizes its coverage by exam objectives

  • Features strategic, what-if scenarios to challenge you

  • Assumes you have advanced security engineering experience and knowledge and experience with hybrid and cloud implementations

About the Exam

Exam SC-100 focuses on the knowledge needed to build overall security strategy and architecture; design strategies for security operations, identity security, and regulatory compliance; evaluate security posture; recommend technical strategies to manage risk; design strategies to secure server endpoints, client endpoints, and SaaS, PaaS, and IaaS services; specify application security requirements; design data security strategy; recommend security best practices based on Microsoft Cybersecurity Reference Architecture and Azure Security Benchmarks; use the Cloud Adoption Framework to recommend secure methodologies; use Microsoft Security Best Practices to recommend ransomware strategies.

About Microsoft Certication

The Microsoft Certied: Cybersecurity Architect Expert certication credential demonstrates your ability to plan and implement cybersecurity strategy that meets business needs and protects the organizations mission and processes across its entire enterprise architecture. To fulll your requirements, pass this exam and earn one of these four prerequisite certications: Microsoft Certied: Azure Security Engineer Associate; Microsoft Certied: Identity and Access Administrator Associate; Microsoft365 Certied: Security Administrator Associate; Microsoft Certied: Security Operations Analyst Associate.

See full details at: microsoft.com/learn

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Pearson’s Commitment to Diversity, Equity, and Inclusion
  5. Contents at a glance
  6. Contents
  7. Introduction
    1. Organization of this book
    2. Preparing for the exam
    3. Microsoft certifications
    4. Quick access to online references
    5. Errata, updates, & book support
    6. Stay in touch
  8. Acknowledgments
  9. About the authors
  10. Chapter 1. Build an overall security strategy and architecture
    1. Security architecture
    2. Security architects
    3. Architects work across teams and roles
    4. Zero Trust transformation and security architects
    5. Skill 1-1: Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architectures (MCRA)
    6. Skill 1-2: Translate business goals into security requirements
    7. Skill 1-3: Translate security requirements into technical capabilities, including security services, security products, and security processes
    8. Skill 1-4: Design security for a resiliency strategy
    9. Skill 1-5: Integrate a hybrid or multi-tenant environment into a security strategy
    10. Skill 1-6: Develop a technical governance strategy for security
    11. Thought experiment
    12. Thought experiment answers
    13. Chapter summary
  11. Chapter 2. Design a security operations strategy
    1. Skill 2-1: Design a logging and auditing strategy to support security operations
    2. Skill 2-2: Develop security operations to support a hybrid or multi-cloud environment
    3. Skill 2-3: Design a strategy for SIEM and SOAR
    4. Skill 2-4: Evaluate security workflows
    5. Skill 2-5: Evaluate a security operations strategy for the incident management lifecycle
    6. Skill 2-6: Evaluate a security operations strategy for sharing technical threat intelligence
    7. Thought experiment
    8. Thought experiment answers
    9. Chapter summary
  12. Chapter 3. Design an identity security strategy
    1. Skill 3-1: Design a strategy for access to cloud resources
    2. Skill 3-2: Recommend an identity store (tenants, B2B, B2C, and hybrid)
    3. Skill 3-3: Recommend an authentication strategy
    4. Skill 3-4: Recommend an authorization strategy
    5. Skill 3-5: Design a strategy for conditional access
    6. Skill 3-6: Design a strategy for role assignment and delegation
    7. Skill 3-7: Design security strategy for privileged-role access to infrastructure, including identity-based firewall rules and Azure PIM
    8. Skill 3-8: Design security strategy for privileged activities, including PAM, entitlement management, and cloud tenant administration
    9. Thought experiment
    10. Thought experiment answers
    11. Chapter summary
  13. Chapter 4. Design a regulatory compliance strategy
    1. Skill 4-1: Interpret compliance requirements and translate into specific technical capabilities (new or existing)
    2. Skill 4-2: Evaluate infrastructure compliance by using Microsoft Defender for Cloud
    3. Skill 4-3: Interpret compliance scores and recommend actions to resolve issues or improve security
    4. Skill 4-4: Design implementation of Azure Policy
    5. Skill 4-5: Design for data residency requirements
    6. Skill 4-6: Translate privacy requirements into requirements for security solutions
    7. Thought experiment
    8. Thought experiment answers
    9. Chapter summary
  14. Chapter 5. Evaluate security posture and recommend technical strategies to manage risk
    1. Skill 5-1: Evaluate security posture by using benchmarks (including Azure security benchmarks for Microsoft Cloud security benchmark, ISO 27001, etc.)
    2. Microsoft cloud security benchmark
    3. Skill 5-2: Evaluate security posture by using Microsoft Defender for Cloud
    4. Skill 5-3: Evaluate security posture by using Secure Scores
    5. Skill 5-4: Evaluate security posture of cloud workloads
    6. Skill 5-5: Design security for an Azure Landing Zone
    7. Skill 5-6: Interpret technical threat intelligence and recommend risk mitigations
    8. Skill 5-7: Recommend security capabilities or controls to mitigate identified risks
    9. Thought experiment
    10. Thought experiment answers
    11. Chapter summary
  15. Chapter 6. Design a strategy for securing server and client endpoints
    1. Skill 6-1: Specify security baselines for server and client endpoints
    2. Skill 6-2: Specify security requirements for servers, including multiple platforms and operating systems
    3. Skill 6-3: Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
    4. Skill 6-4: Specify requirements to secure Active Directory Domain Services
    5. Skill 6-5: Design a strategy to manage secrets, keys, and certificates
    6. Skill 6-6: Design a strategy for secure remote access
    7. Thought experiment
    8. Thought experiment answers
    9. Chapter summary
  16. Chapter 7. Design a strategy for securing SaaS, PaaS, and IaaS services
    1. Skill 7-1: Specify security baselines for SaaS, PaaS, and IaaS services
    2. Skill 7-2: Specify security requirements for IoT workloads
    3. Skill 7-3: Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB
    4. Skill 7-4: Specify security requirements for web workloads, including Azure App Service
    5. Skill 7-5: Specify security requirements for storage workloads, including Azure Storage
    6. Skill 7-6: Specify security requirements for containers
    7. Skill 7-7: Specify security requirements for container orchestration
    8. Thought experiment
    9. Thought experiment answers
    10. Chapter summary
  17. Chapter 8. Specify security requirements for applications
    1. Skill 8-1: Specify priorities for mitigating threats to applications
    2. Skill 8-2: Specify a security standard for onboarding a new application
    3. Skill 8-3: Specify a security strategy for applications and APIs
    4. Thought experiment
    5. Thought experiment answers
    6. Chapter summary
  18. Chapter 9. Design a strategy for securing data
    1. Skill 9-1: Specify priorities for mitigating threats to data
    2. Skill 9-2: Design a strategy to identify and protect sensitive data
    3. Skill 9-3: Specify an encryption standard for data at rest and in motion
    4. Thought experiment
    5. Thought experiment answers
    6. Chapter summary
  19. Chapter 10. Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices
    1. What are best practices?
    2. Skill 10-1: Recommend best practices for cybersecurity capabilities and controls
    3. Skill 10-2: Recommend best practices for protecting from insider and external attacks
    4. Skill 10-3: Recommend best practices for Zero Trust security
    5. Skill 10-4: Recommend best practices for the Zero Trust Rapid Modernization Plan
    6. Thought experiment
    7. Thought experiment answers
    8. Chapter summary
  20. Chapter 11. Recommend a secure methodology by using the Cloud Adoption Framework (CAF)
    1. Skill 11-1: Recommend a DevSecOps process
    2. Skill 11-2: Recommend a methodology for asset protection
    3. Skill 11-3: Recommend strategies for managing and minimizing risk
    4. Thought experiment
    5. Thought experiment answers
    6. Chapter summary
  21. Chapter 12. Recommend a ransomware strategy by using Microsoft Security Best Practices
    1. Skill 12-1: Plan for ransomware protection and extortion-based attacks
    2. Skill 12-2: Protect assets from ransomware attacks
    3. Skill 12-3: Recommend Microsoft ransomware best practices
    4. Thought experiment
    5. Thought experiment answers
    6. Chapter summary
  22. Index
  23. Code Snippets

Product information

  • Title: Exam Ref SC-100 Microsoft Cybersecurity Architect
  • Author(s): Yuri Diogenes, Sarah Young, Mark Simos, Gladys Rodriguez
  • Release date: February 2023
  • Publisher(s): Microsoft Press
  • ISBN: 9780137997299