Azure Security Engineer Associate (AZ-500)
1 Manage Identity and Access
1-1 Implement and manage Azure Active Directory (Azure AD)
1-1 1 Configure Azure AD users and groups
1-1 2 Manage Azure AD roles and role-based access control (RBAC)
1-1 3 Implement and manage Azure AD identity protection
1-1 4 Configure and manage Azure AD conditional access policies
1-1 5 Implement and manage Azure AD Privileged Identity Management (PIM)
1-1 6 Configure and manage Azure AD B2B and B2C
1-1 7 Implement and manage Azure AD Connect
1-1 8 Configure and manage Azure AD Domain Services
1-2 Implement and manage hybrid identity
1-2 1 Configure and manage Azure AD Connect
1-2 2 Implement and manage password hash synchronization
1-2 3 Implement and manage pass-through authentication
1-2 4 Implement and manage federation
1-2 5 Configure and manage Azure AD Connect Health
1-3 Implement and manage multi-factor authentication (MFA)
1-3 1 Configure and manage Azure AD MFA
1-3 2 Implement and manage conditional access policies with MFA
1-3 3 Configure and manage MFA for on-premises users
1-4 Implement and manage Azure role-based access control (RBAC)
1-4 1 Configure and manage Azure RBAC roles and assignments
1-4 2 Implement and manage custom roles
1-4 3 Configure and manage resource locks
1-4 4 Implement and manage Azure Blueprints
1-5 Implement and manage Azure AD Privileged Identity Management (PIM)
1-5 1 Configure and manage PIM roles and assignments
1-5 2 Implement and manage PIM alerts and reports
1-5 3 Configure and manage PIM access reviews
2 Implement Platform Protection
2-1 Implement and manage network security
2-1 1 Configure and manage Azure Firewall
2-1 2 Implement and manage Azure DDoS protection
2-1 3 Configure and manage network security groups (NSGs)
2-1 4 Implement and manage Azure Network Watcher
2-1 5 Configure and manage Azure Bastion
2-1 6 Implement and manage Azure Private Link
2-1 7 Configure and manage Azure VPN Gateway
2-1 8 Implement and manage Azure ExpressRoute
2-2 Implement and manage storage security
2-2 1 Configure and manage Azure Storage account security
2-2 2 Implement and manage Azure Storage encryption
2-2 3 Configure and manage Azure Storage access control
2-2 4 Implement and manage Azure Storage firewalls and virtual networks
2-2 5 Configure and manage Azure Storage service encryption
2-3 Implement and manage virtual machine security
2-3 1 Configure and manage virtual machine (VM) security
2-3 2 Implement and manage VM encryption
2-3 3 Configure and manage VM access control
2-3 4 Implement and manage VM security baselines
2-3 5 Configure and manage VM extensions for security
2-4 Implement and manage container security
2-4 1 Configure and manage Azure Kubernetes Service (AKS) security
2-4 2 Implement and manage container image security
2-4 3 Configure and manage container registry security
2-4 4 Implement and manage container network security
2-5 Implement and manage application security
2-5 1 Configure and manage Azure Web Application Firewall (WAF)
2-5 2 Implement and manage Azure Application Gateway security
2-5 3 Configure and manage Azure Front Door security
2-5 4 Implement and manage Azure API Management security
3 Manage Security Operations
3-1 Implement and manage security monitoring
3-1 1 Configure and manage Azure Security Center
3-1 2 Implement and manage Azure Sentinel
3-1 3 Configure and manage Azure Monitor
3-1 4 Implement and manage Azure Log Analytics
3-1 5 Configure and manage Azure Activity Log
3-2 Implement and manage threat detection
3-2 1 Configure and manage Azure Advanced Threat Protection (ATP)
3-2 2 Implement and manage Azure Defender
3-2 3 Configure and manage Azure Security Center alerts
3-2 4 Implement and manage Azure Sentinel alerts
3-3 Implement and manage incident response
3-3 1 Configure and manage Azure Security Center incident response
3-3 2 Implement and manage Azure Sentinel incident response
3-3 3 Configure and manage Azure Automation for incident response
3-3 4 Implement and manage Azure Key Vault for incident response
3-4 Implement and manage compliance and governance
3-4 1 Configure and manage Azure Policy
3-4 2 Implement and manage Azure Blueprints
3-4 3 Configure and manage Azure Security Center compliance
3-4 4 Implement and manage Azure Information Protection (AIP)
4 Secure Data and Applications
4-1 Implement and manage encryption
4-1 1 Configure and manage Azure Key Vault
4-1 2 Implement and manage Azure Disk Encryption
4-1 3 Configure and manage Azure Storage encryption
4-1 4 Implement and manage Azure SQL Database encryption
4-1 5 Configure and manage Azure Cosmos DB encryption
4-2 Implement and manage data protection
4-2 1 Configure and manage Azure Backup
4-2 2 Implement and manage Azure Site Recovery
4-2 3 Configure and manage Azure Storage lifecycle management
4-2 4 Implement and manage Azure Information Protection (AIP)
4-3 Implement and manage application security
4-3 1 Configure and manage Azure Web Application Firewall (WAF)
4-3 2 Implement and manage Azure Application Gateway security
4-3 3 Configure and manage Azure Front Door security
4-3 4 Implement and manage Azure API Management security
4-4 Implement and manage identity and access for applications
4-4 1 Configure and manage Azure AD authentication for applications
4-4 2 Implement and manage OAuth2 and OpenID Connect
4-4 3 Configure and manage Azure AD B2B and B2C
4-4 4 Implement and manage Azure AD Conditional Access for applications
4-5 Implement and manage security for serverless computing
4-5 1 Configure and manage Azure Functions security
4-5 2 Implement and manage Azure Logic Apps security
4-5 3 Configure and manage Azure Event Grid security
4-5 4 Implement and manage Azure Service Bus security
Configure and Manage Azure Firewall

Configure and Manage Azure Firewall

Key Concepts

Detailed Explanation

Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a stateful firewall, meaning it can distinguish legitimate packets for different types of connections.

Firewall Rules

Firewall Rules define the traffic that is allowed or denied by the Azure Firewall. These rules can be categorized into Network Rules and Application Rules, each serving a specific purpose in controlling network traffic.

Network Rules

Network Rules specify the protocols, source and destination IP addresses, and ports for network traffic. They are used to control traffic at the network layer, allowing or denying specific types of network communication.

Example: A Network Rule might allow traffic from a specific IP range to access a database server on port 1433, ensuring that only authorized sources can connect to the database.

Application Rules

Application Rules are used to control outbound HTTP/HTTPS traffic to specific fully qualified domain names (FQDNs). They allow or deny traffic based on domain names, making it easier to manage access to specific web applications.

Example: An Application Rule could allow access to only specific SaaS applications like Office 365, ensuring that users can only access approved cloud services.

Threat Intelligence

Threat Intelligence enables Azure Firewall to alert and deny traffic from/to known malicious IP addresses and domains. This feature helps in proactively blocking threats, enhancing the overall security posture of the network.

Example: If a known malicious IP address attempts to connect to your network, Azure Firewall can automatically block the connection and alert the administrators.

Firewall Policies

Firewall Policies are collections of rules and settings that can be applied to one or more Azure Firewalls. They provide a centralized way to manage and enforce security policies across multiple firewalls.

Example: A Firewall Policy might include a set of Network and Application Rules that are applied to all firewalls in a specific region, ensuring consistent security across the organization.

Examples and Analogies

Example: Azure Firewall

Imagine Azure Firewall as a security guard at the entrance of a gated community. This guard checks every incoming and outgoing vehicle to ensure they are authorized to enter or leave, protecting the community from unauthorized access.

Example: Network Rules

Think of Network Rules as the guard's list of approved vehicles. The guard only allows vehicles that match the list (specific IP addresses and ports) to enter, ensuring that only authorized traffic is allowed into the community.

Example: Application Rules

Consider Application Rules as the guard's list of approved destinations. The guard only allows vehicles to leave the community if they are headed to approved locations (FQDNs), ensuring that residents can only access specific websites.

Example: Threat Intelligence

Threat Intelligence is like the guard receiving real-time updates about known criminals. If a vehicle driven by a known criminal attempts to enter, the guard immediately blocks it and alerts the authorities.

Example: Firewall Policies

Firewall Policies are akin to a central security office that issues standardized rules and guidelines to all guards in different communities. This ensures that all guards follow the same security protocols, maintaining consistent security across all locations.