(在家觀看 = 0%,在校觀看 = 100%)
100% 在校觀看日期及時間:
自由選擇,點選以下地區觀看辦公時間及位置
課時: 24 小時
享用時期: 8 星期。進度由您控制,可快可慢。
課堂錄影導師:Larry
在校免費試睇:首 3 小時,請致電以上地點與本中心職員預約。
本課程提供在校免費重睇及導師解答服務。
(在家觀看 = 100%,在校觀看 = 0%)
100% 在家觀看日期及時間:
每天 24 小時全天候不限次數地觀看
學費:$4,980 報名 phone
電話:2332-6544
課時: 24 小時
享用時期: 8 星期。進度由您控制,可快可慢。
課堂錄影導師:Larry
在校免費試睇:首 3 小時,請致電以上地點與本中心職員預約。
本課程提供導師解答服務。
Preface
Initially, public cloud migrations were driven by cost savings, agility to innovate and ability to scale on-demand.
Security was considered a major concern for some time, and even a show stopper, for public cloud migration.
However, public cloud security has transitioned from a major concern to one of the drivers for cloud migration.
About Microsoft Azure’s Security services and certification
Microsoft Azure provides the following Security Capabilities which would be mentioned throughout our Cloud-focused Azure Security Engineer Associate training course:
- Advanced Threat Detection and Analytics
- Azure Logging and Auditing
- Azure Network Security including NSG (Network Security Group) and Firewall virtual appliances
- Azure Serverless Platform Security
- Azure AKS (Azure Kubernetes Services) and Container Security
- Operational Security, Azure Security Center and Advisor
- Azure Tenant Level Isolation and Role Based Access Control
- Secure Hybrid Networking
Microsoft Certified: Azure Security Engineer Associate
The Certification “Microsoft Certified: Azure Security Engineer Associate” validates your capability to implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure.
About the course
Our training course will guide you through carefully selected exam topics, along with real-life examples, practical demonstration and business cases of implementing, verifying and maintaining various Azure Security features.
Evaluations, Pros and Cons and may be comparisons of different Azure Security products would be verbally provided throughout the training course.
As Microsoft has been partnering with multiple 3rd party vendor and built security-related ecosystems, it is inevitable that a small portion of the course time would be spent on briefly discussing popular partner security solutions.
Our senior instructor Mr. Larry Chan would give you advise, tricks and tips on various cloud security-related products.課程名稱: |
Microsoft Certified Azure Security Engineer Associate (1 科 Azure 雲端保安) 國際認可證書課程 - 簡稱:Azure Security Training Course |
課程時數: | 24 小時 (共 8 堂,共 1 科) |
適合人士: | 有志考取 Microsoft Certified Azure Security Engineer Associate 證書人士 或 對雲端保安技術有興趣人士 並具備有 Azure 雲端基本認識 或 有少量 Azure 使用經驗 或 已修畢本中心的 Microsoft Certified Azure Administrator Associate (1科 Azure Cloud) 國際認可證書課程 |
授課語言: | 以廣東話為主,輔以英語 |
課程筆記: | 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
1. 模擬考試題目: | 本中心為學員提供模擬考試題目,每條考試題目均附有標準答案。 |
2. 時數適中: | 本中心的 Microsoft Certified Azure Security Engineer Associate (1 科 Azure 雲端保安) 國際認可證書課程時數適中,有 24 小時。 令學員能真正了解及掌握課程內容,而又能於 2 個月內考獲以下 1 張國際認可證書:
|
3. 導師親自編寫筆記: | 由本中心已擁有五項 MCITP , 十多項 MCTS,MCSA 及 MCSE 資格,並有教授 Microsoft 相關課程 24年以上經驗的資深導師 Larry Chan 親自編寫筆記,絕對適合考試及實際管理之用,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
4. 一人一機上課: | 本課程以一人一機模式上課。 |
5. 免費重讀: | 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
Microsoft 已公佈考生只要通過以下 1 個 Azure Cloud Security 相關科目的考試,便可獲發 Microsoft Certified Azure Security Engineer Associate 國際認可證書:
考試編號 | 科目名稱 |
AZ-500 | Microsoft Certified: Azure Security Engineer Associate |
本中心為Microsoft指定的考試試場。報考時請致電本中心,登記欲報考之科目考試編號、考試日期及時間
(最快可即日報考)。臨考試前要出示身份證及繳付每科HK$943之考試費。 考試不合格便可重新報考,不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料,可瀏覽本中心網頁 "各科考試分數資料"。 |
課程名稱:Microsoft Certified Azure Security Engineer Associate (1 科 Azure 雲端保安) 國際認可證書課程 - 簡稱:Azure Security Training Course |
AZ-500 Microsoft Certified Azure Security Engineer Associate
1. Azure Active Directory
1.1 Creating a Free Azure account
1.1.1 Services included in Azure Free account
1.1.2 Setting up a Free Account
1.2 Azure RBAC roles, and Azure AD administrator roles
1.2.1 How roles are related each other
1.2.2 Classic Subscription Administrator roles
1.2.3 Azure account and Azure subscriptions
1.3 Azure RBAC roles
1.4 Deny Assignments
1.5 Azure AD Administrator Roles
1.6 Differences between Azure RBAC roles and Azure AD administrator roles
1.7 Elevate access for a Azure AD Global Administrator
1.8 Users and Licenses of Azure Active Directory
1.9 Terminology of Azure Active Directory
1.10 Azure Active Directory Custom Domain names
1.11 Creating Azure AD User account
1.12 Managing User Profile Information
1.13 Resetting Azure Active Directory User Password
1.14 Configure Access with Azure Active Directory Groups
1.15 Dynamic Group
1.16 Creating an Azure AD application and service principal that can access resources
1.16.1 Creating an Azure Active Directory application
1.16.2 Assigning the application to a role
1.17 Planning Cloud-Based Azure Multi-Factor Authentication
1.17.1 Prerequisites
1.17.2 Plan User Rollout
1.17.3 Deployment Considerations and features of Azure MFA
1.17.4 Authentication methods available via Azure MFA
1.17.5 Combined Registration Experience
1.17.6 Interrupt or Manage Combined Registration modes
1.17.7 Manage Combined Registration Mode
1.18 Introduction to Azure MFA Implementation
1.19 Implementing cloud-based Azure Multi-Factor Authentication
1.20 Installing Microsoft Authenticator App
1.21 Testing Azure MFA
1.22 Configure Azure MFA Settings
1.22.1 Block and unblock users
1.22.2 Fraud Alert
1.23 Azure AD Sign-ins report
1.24 B2B Guest User Access in Azure Active Directory
1.24.1 Collaborate with any partner using their identities
1.24.2 Invite guest users with a simple invitation and redemption process
2. Azure Active Directory Privileged Identity Management
2.1 Introduction to Azure Active Directory Identity Protection
2.2 Identity Protection capabilities and roles
2.3 Detection and Investigation
2.3.1 Multi-Factor Authentication registration not configured
2.3.2 Unmanaged cloud apps
2.3.3 Azure Active Directory risk events
2.3.4 Detection Type and Reporting Delay
2.4 Enabling Azure Active Directory Identity Protection
2.5 Introduction to Azure AD Privileged Identity Management
2.6 Key PIM Terminology and High-Level view of PIM flow
2.7 Enabling Azure AD Privileged Identity Management
2.8 Assigning Azure Resource Roles in PIM
2.9 Activating an Eligible resource role in Azure AD PIM
2.10 Transferring Billing Ownership of Azure Subscription
3. Azure Network Security
3.1 An introduction to Azure Virtual Network (VNet)
3.2 Azure Security Groups
3.3 Service Tags
3.4 Micro-Segmentation Application Security Groups (ASGs)
3.5 Azure Firewall
3.5.1 Introduction to Azure Firewall
3.5.2 Creating Subnets for Azure Firewall deployment
3.5.3 Create two more Subnets
3.5.4 Creating the Jump Virtual machine
3.5.5 Deploying Azure Firewall
3.5.6 Creating a default route to redirect traffic
3.5.7 Configure an application rule
3.5.8 Creating a network rule
3.5.9 Change the primary and secondary DNS address for the Workload’s network interface
3.5.10 Test the Azure Firewall
3.6 Using FQDN Tags in Azure Firewall Rule
3.7 Azure Firewall Threat Intelligence
3.8 Configuring Azure Firewall Logs
3.9 Azure Security Center for Network Resource Protection
3.10 Securing Remote Management Access
3.10.1 About Remote Management Threats
3.10.2 Operational security fundamentals
3.10.3 Providing security for Azure remote management
3.11 Configuring Azure Storage Firewall
3.11.1 Creating an Azure Storage Account as preparation
3.11.2 Creating a Blob container
3.11.3 Upload a block blob
3.11.4 Usage Scenario of Azure Storage Firewall
3.12 Azure SQL Database IP Firewall Rule
4. Implementing Host Security
4.1 Security related best practices for IaaS
4.1.1 Protect VMs by using authentication and access control
4.2 Protection Against Malware
4.2.1 Integrate security solutions in Azure Security Center
4.3 Enabling Data Collection in Security Center
4.4 Manual Agent Provisioning via Security Policy
4.5 Just-in-time virtual machine access
4.6 Configuring Windows Updates by Azure Automation
5. Azure Monitor for Security
5.1 Introduction to Azure Monitor
5.2 Configuring Log Analytics for Data Security
5.2.1 Data segregation
5.2.2 Data retention
5.2.3 Physical security
5.3 Cloud computing security data flow
5.4 Collect data from Azure Virtual Machine
5.5 Access Control modes in Azure Log Analytics
5.6 Diagnostic Log Settings
5.7 Configuring Vulnerability Assessment
5.8 Security Center Security Policies
5.9 Configure Data Sovereignty using Azure Policy
5.10 Storage Analytics
5.10.1 Enabling Azure Storage metrics and viewing metrics data
5.10.2 Storage Analytics Logging
6. Securing Data
6.1 Azure Active Directory Authentication for Azure SQL Database
6.1.1 Introduction to Azure AD Authentication
6.1.2 Azure AD Authentication Architecture for Azure SQL Database
6.1.3 Administrator rights structure
6.1.4 Required Permissions
6.2 Configuring and Managing Azure AD Authentication for Azure SQL Database
6.2.1 Preparing an Azure SQL Database
6.2.2 Assigning an Azure AD administrator for Azure SQL server
6.2.3 Provision an Azure Active Directory administrator for your Azure SQL Database serve
6.2.4 Create contained database users in your database mapped to Azure AD identities
6.3 SQL Database Auditing
6.3.1 Introduction to SQL Database Auditing
6.3.2 Server-Level vs. Database-Level Auditing policy
6.3.3 Configuring Server-Level Auditing policy
6.3.4 Viewing Audit logs and reports
6.4 Advanced Threat Protection for Azure SQL Database
6.4.1 Introduction to Advanced Threat Protection
6.4.2 Advanced Threat Protection Alerts
6.4.3 Configuring Advanced Threat Protection for Azure SQL Database
6.4.4 Reviewing Threats
7. Encryption for Data At Rest
7.1 Protecting Sensitive Data with Always Encrypted
7.1.1 Introduction to Always Encrypted in Azure SQL database
7.1.2 Always Encrypted Keys and Principals
7.2 Implementing Azure SQL Database Always Encrypted
7.2.1 Creating an Azure Key Vault to store your CMK
7.2.2 Configuring Column Encryption
7.3 Protecting Azure Key Vault and objects with Soft-Delete
7.3.1 To enable Soft-Delete on Key Vault “systematic365AeKeyVault”
7.3.2 Deleting a soft-delete protected key vault
7.3.3 Recovering a key vault
8. Azure Disk Encryption
8.1 Introduction to Azure Disk Encryption
8.2 Azure Disk Encryption Workflow
8.3 Azure Disk Decryption Workflow
8.4 Azure Disk Encryption Prerequisites
8.4.1 Supported VM Sizes
8.4.2 Virtual Networking
8.4.3 Key Vault Access Policy
8.5 Enable encryption on existing or running IaaS Windows VMs