Microsoft Cybersecurity Architect Exam Ref SC-100

Microsoft Cybersecurity Architect Exam Ref SC-100

by Dwayne Natwick
Released January 2023
Publisher(s): Packt Publishing
ISBN: 9781803242392

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Advance your knowledge of architecting and evaluating cybersecurity services to tackle day-to-day challenges

Key Features

  • Gain a deep understanding of all topics covered in the SC-100 exam
  • Benefit from practical examples that will help you put your new knowledge to work
  • Design a zero-trust architecture and strategies for data, applications, access management, identity, and infrastructure

Book Description

Microsoft Cybersecurity Architect Exam Ref SC-100 is a comprehensive guide that will help cybersecurity professionals design and evaluate the cybersecurity architecture of Microsoft cloud services. Complete with hands-on tutorials, projects, and self-assessment questions, you’ll have everything you need to pass the SC-100 exam.

This book will take you through designing a strategy for a cybersecurity architecture and evaluating the governance, risk, and compliance (GRC) of the architecture. This will include cloud-only and hybrid infrastructures, where you’ll learn how to protect using the principles of zero trust, along with evaluating security operations and the overall security posture. To make sure that you are able to take the SC-100 exam with confidence, the last chapter of this book will let you test your knowledge with a mock exam and practice questions.

By the end of this book, you’ll have the knowledge you need to plan, design, and evaluate cybersecurity for Microsoft cloud and hybrid infrastructures, and pass the SC-100 exam with flying colors.

What you will learn

  • Design a zero-trust strategy and architecture
  • Evaluate GRC technical strategies and security operations strategies
  • Design security for infrastructure
  • Develop a strategy for data and applications
  • Understand everything you need to pass the SC-100 exam with ease
  • Use mock exams and sample questions to prepare for the structure of the exam

Who this book is for

This book is for a wide variety of cybersecurity professionals – from security engineers and cybersecurity architects to Microsoft 365 administrators, user and identity administrators, infrastructure administrators, cloud security engineers, and other IT professionals preparing to take the SC-100 exam. It’s also a good resource for those designing cybersecurity architecture without preparing for the exam. To get started, you’ll need a solid understanding of the fundamental services within Microsoft 365, and Azure, along with knowledge of security, compliance, and identity capabilities in Microsoft and hybrid architectures.

Table of contents

  1. Microsoft Cybersecurity Architect Exam Ref SC-100
  2. Foreword
  3. Contributors
  4. About the author
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
    8. Download a free PDF copy of this book
  7. Part 1: The Evolution of Cybersecurity in the Cloud
  8. Chapter 1: Cybersecurity in the Cloud
    1. What is cybersecurity?
    2. Evolution of cybersecurity from on-premises to the cloud
      1. Defense-in-depth security strategy
      2. Building a defense-in-depth security posture
      3. Shared responsibility in cloud security
    3. Cybersecurity architecture use cases
      1. Security operations
      2. Understanding the stages of a cyber attack
    4. Understanding the scope of cybersecurity in the cloud
      1. Shared responsibility scope
      2. Principles of the zero-trust methodology
      3. Common threats and attacks
      4. Internal threats
      5. External threats
    5. Summary
  9. Part 2: Designing a Zero-Trust Strategy and Architecture
  10. Chapter 2: Building an Overall Security Strategy and Architecture
    1. Identifying the integration points in an architecture by using the Microsoft Cybersecurity Reference Architecture
      1. How are the MCRA used?
      2. What are the components of the MCRA?
    2. Translating business goals into security requirements
      1. Threat analysis
    3. Translating security requirements into technical capabilities
      1. Physical
      2. Identity and access
      3. Perimeter security
      4. Network security
      5. Compute
      6. Applications
      7. Data
    4. Designing security for a resiliency strategy
    5. Integrating a hybrid or multi-tenant environment into a security strategy
    6. Developing a technical and governance strategy for traffic filtering and segmentation
    7. Summary
  11. Chapter 3: Designing a Security Operations Strategy
    1. Designing a logging and auditing strategy to support security operations
      1. Security operations overview
      2. Microsoft security operations tools
      3. Logging and auditing for threat and vulnerability detection
    2. Developing security operations to support a hybrid or multi-cloud environment
    3. Designing a strategy for SIEM and SOAR
    4. Evaluating security workflows
      1. Security strategies for incident management and response
      2. Security workflows
    5. Evaluating a security operations strategy for the incident management life cycle
    6. Evaluating a security operations strategy for sharing technical threat intelligence
    7. Summary
  12. Chapter 4: Designing an Identity Security Strategy
    1. Zero Trust for identity and access management
    2. Designing a strategy for access to cloud resources
    3. Recommending an identity store
      1. Azure AD tenant synchronization with SCIM
      2. B2B
      3. B2C
    4. Recommending an authentication and authorization strategy
      1. Hybrid identity infrastructure
      2. Secure authorization methods
    5. Designing a strategy for CA
    6. Designing a strategy for role assignment and delegation
    7. Designing a security strategy for privileged role access
      1. Azure AD PIM
    8. Designing a security strategy for privileged activities
      1. Privileged access reviews
      2. Entitlement management (aka permission management)
      3. Cloud tenant administration
    9. Case study – designing a Zero Trust architecture
    10. Summary
  13. Part 3: Evaluating Governance, Risk, and Compliance (GRC) Technical Strategies and Security Operations Strategies
  14. Chapter 5: Designing a Regulatory Compliance Strategy
    1. Interpreting compliance requirements and translating them into specific technical capabilities
    2. Evaluating infrastructure compliance by using Microsoft Defender for Cloud
    3. Interpreting compliance scores and recommending actions to resolve issues or improve security
    4. Designing the implementation of Azure Policy
    5. Designing for data residency requirements
    6. Translating privacy requirements into requirements for security solutions
    7. Case study – designing for regulatory compliance
    8. Summary
  15. Chapter 6: Evaluating the Security Posture and Recommending Technical Strategies to Manage Risk
    1. Evaluating the security posture by using benchmarks
    2. Evaluating the security posture by using Microsoft Defender for Cloud
    3. Evaluating the security posture by using Secure Scores
    4. Evaluating the security posture of cloud workloads
    5. Designing security for an Azure Landing Zone
    6. Interpreting technical threat intelligence and recommending risk mitigations
    7. Recommending security capabilities or controls to mitigate identified risks
    8. Case study – evaluating the security posture
    9. Summary
  16. Part 4: Designing Security for Infrastructure
  17. Chapter 7: Designing a Strategy for Securing Server and Client Endpoints
    1. Planning and implementing a security strategy across teams
    2. Specifying security baselines for server and client endpoints
    3. Specifying security requirements for servers, including multiple platforms and operating systems
    4. Specifying security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
    5. Specifying requirements to secure AD DS
    6. Designing a strategy to manage secrets, keys, and certificates
    7. Designing a strategy for secure remote access
    8. Understanding security operations frameworks, processes, and procedures
    9. Case study – designing a secure architecture for endpoints
    10. Summary
  18. Chapter 8: Designing a Strategy for Securing SaaS, PaaS, and IaaS
    1. Specifying security baselines for SaaS, PaaS, and IaaS services
      1. Security baselines for SaaS
      2. Security baselines for IaaS
      3. Security baselines for PaaS
    2. Specifying security requirements for IoT workloads
    3. Specifying security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB
    4. Specifying security requirements for storage workloads, including Azure Storage
    5. Specifying security requirements for web workloads, including Azure App Service
    6. Specifying security requirements for containers
    7. Specifying security requirements for container orchestration
    8. Case study – security requirements for IaaS, PaaS, and SaaS
    9. Summary
  19. Part 5: Designing a Strategy for Data and Applications
  20. Chapter 9: Specifying Security Requirements for Applications
    1. Specifying priorities for mitigating threats to applications
      1. Identity and secrets handling and use
      2. Segmentation and configuration
      3. Static and dynamic testing
      4. Data handling and access
      5. Security posture management and workload protection
    2. Specifying a security standard for onboarding a new application
    3. Specifying a security strategy for applications and APIs
    4. Case study – security requirements for applications
    5. Summary
  21. Chapter 10: Designing a Strategy for Securing Data
    1. Specifying priorities for mitigating threats to data
      1. Managing the risk to data
      2. Ransomware protection and recovery
    2. Designing a strategy to identify and protect sensitive data
    3. Specifying an encryption standard for data at rest and in motion
      1. Encryption at rest
      2. Encryption in transit
      3. Identity and secrets handling and use
    4. Case study – designing a strategy to secure data
    5. Summary
  22. Chapter 11: Case Study Responses and Final Assessment/Mock Exam
    1. Case study sample responses
      1. Chapter 4 – designing a zero-trust architecture
      2. Chapter 5 – designing for regulatory compliance
      3. Chapter 6 – evaluating the security posture
      4. Chapter 7 – designing a secure architecture for endpoints
      5. Chapter 8 – security requirements for IaaS, PaaS, and SaaS
      6. Chapter 9 – security requirements for applications
      7. Chapter 10 – designing a strategy to secure data
    2. Mock exam practice questions
      1. Questions
    3. Mock exam answers and chapter reference
    4. Summary
  23. Appendix: Preparing for Your Microsoft Exam
    1. Technical requirements
    2. Preparing for a Microsoft exam
      1. Resources to prepare for the exam
      2. Access to a subscription
      3. Where to take the exam
      4. Exam format
    3. Resources available and accessing Microsoft Learn
      1. Accessing Microsoft Learn
      2. Finding content on Microsoft Learn
      3. Exam pages on Microsoft Learn
    4. Creating a Microsoft 365 trial subscription
      1. Office 365 or Microsoft 365 trial subscription
      2. Enterprise Mobility + Security subscription
    5. Setting up a free month of Azure services
    6. Exam objectives
    7. Who should take the SC-100 exam?
    8. Summary
  24. Index
    1. Why subscribe?
  25. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Microsoft Cybersecurity Architect Exam Ref SC-100
  • Author(s): Dwayne Natwick
  • Release date: January 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781803242392