WSQ - Microsoft Azure Security Engineer Associate (AZ-500)

Topic 1: Secure Azure solutions with Azure Active Directory

• Explore Azure Active Directory features
• Self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services
• Azure AD DS and self-managed AD DS
• Azure AD DS and Azure AD
• Investigate roles in Azure AD
• Azure AD built-in roles
• Deploy Azure AD Domain Services
• Create and manage Azure AD users
• Manage users with Azure AD groups
• Configure Azure AD administrative units
• Implement passwordless authentication

Topic 2: Implement Hybrid identity 

• Deploy Azure AD connect
• Explore authentication options
• Configure Password Hash Synchronization (PHS)
• Implement Pass-through Authentication (PTA)
• Deploy Federation with Azure AD
• Explore the authentication decision tree
• Configure password writeback

Topic 3: Deploy Azure AD identity protection 

• Explore Azure AD identity protection
• Configure risk event detections
• Implement user risk policy
• Implement sign-in risk policy
• Deploy multifactor authentication in Azure
• Explore multifactor authentication settings
• Enable multifactor authentication
• Implement Azure AD conditional access
• Configure conditional access conditions
• Implement access reviews

Topic 4: Configure Azure AD privileged identity management 

• Explore the zero trust model
• Review the evolution of identity management
• Deploy Azure AD privileged identity management
• Configure privileged identity management scope
• Implement privileged identity management onboarding
• Explore privileged identity management configuration settings
• Implement a privileged identity management workflow

Topci 5: Design an enterprise governance strategy 

• Review the shared responsibility model
• Explore the Azure cloud security advantages
• Review Azure hierarchy of systems
• Configure Azure policies
• Enable Azure role-based access control (RBAC)
• Compare and contrast Azure RBAC vs Azure policies
• Configure built-in roles
• Enable resource locks
• Deploy Azure blueprints
• Design an Azure subscription management plan

Topic 6: Implement perimeter security 

• Define defense in depth
• Explore virtual network security
• Enable Distributed Denial of Service (DDoS) Protection
• Configure a distributed denial of service protection implementation
• Explore Azure Firewall features
• Deploy an Azure Firewall implementation
• Configure VPN forced tunneling
• Create User Defined Routes and Network Virtual Appliances
• Explore hub and spoke topology

Topic 7: Configure network security 

• Explore Network Security Groups (NSG)
• Deploy a Network Security Groups implementation
• Create Application Security Groups
• Enable service endpoints
• Configure service endpoint services
• Deploy private links
• Implement an Azure application gateway
• Deploy a web application firewall
• Configure and manage Azure front door

Topic 8: Configure and manage host security

• Enable endpoint protection
• Define a privileged access device strategy
• Deploy privileged access workstations
• Create virtual machine templates
• Enable and secure remote access management
• Configure update management
• Deploy disk encryption
• Managed disk encryption options
• Deploy and configure Windows Defender
• Microsoft cloud security benchmark in Defender for Cloud
• Explore Microsoft Defender for Cloud recommendations

Topic 9: Enable Containers security 

• Explore containers
• Configure Azure Container Instances security
• Manage security for Azure Container Instances (ACI)
• Explore the Azure Container Registry (ACR)
• Enable Azure Container Registry authentication
• Review Azure Kubernetes Service (AKS)
• Implement an Azure Kubernetes Service architecture
• Configure Azure Kubernetes Service networking
• Deploy Azure Kubernetes Service storage
• Secure authentication to Azure Kubernetes Service with Active Directory
• Manage access to Azure Kubernetes Service using Azure role-based access controls

Topic 10: Deploy and secure Azure Key Vault 

• Explore Azure Key Vault
• Configure Key Vault access
• Review a secure Key Vault example
• Deploy and manage Key Vault certificates
• Create Key Vault keys
• Manage customer managed keys
• Enable Key Vault secrets
• Configure key rotation
• Manage Key Vault safety and recovery features
• Perform Try-This exercises
• Explore the Azure Hardware Security Module

Topic 11: Configure application security features 

• Review the Microsoft identity platform
• Explore the Application model
• Register an application with App Registration
• Configure Microsoft Graph permissions
• Enable managed identities
• Azure App Services
• App Service Environment
• Azure App Service plan
• App Service Environment networking
• Availability Zone Support for App Service Environments
• App Service Environment Certificates

Topic 12: Implement storage security 

• Define data sovereignty
• Configure Azure storage access
• Deploy shared access signatures
• Manage Azure AD storage authentication
• Implement storage service encryption
• Configure blob data retention policies
• Configure Azure files authentication
• Enable the secure transfer required property

Topic 13: Configure and manage SQL database security 

• Enable SQL database authentication
• Configure SQL database firewalls
• Enable and monitor database auditing
• Implement data discovery and classification
• Microsoft Defender for SQL
• Vulnerability assessment for SQL Server
• SQL Advanced Threat Protection
• Explore detection of a suspicious event
• SQL vulnerability assessment express and classic configurations
• Configure dynamic data masking
• Implement transparent data encryption
• Deploy always encrypted features
• Deploy an always encrypted implementation

Topic 14: Configure and manage Azure Monitor 

• Explore Azure Monitor
• Configure and monitor metrics and logs
• Enable Log Analytics
• Manage connected sources for log analytics
• Enable Azure monitor Alerts
• Configure properties for diagnostic logging

Topic 15: Enable and manage Microsoft Defender for Cloud 

• MITRE Attack matrix
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Configure Microsoft Defender for Cloud security policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access

Topic 16: Configure and monitor Microsoft Sentinel 

• Enable Microsoft Sentinel
• Configure data connections to Sentinel
• Create workbooks to monitor Sentinel data
• Enable rules to create incidents
• Configure playbooks
• Hunt and investigate potential breaches

Final Assessment

• Written Assessment (Q&A)
• Practical Performance

Promotion Code

Promo or discount cannot be applied to WSQ courses

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions with minimum Computer Literacy Level 2 based on ICAS Computer Skills Assessment Framework
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Year Group : 21-65 years old

Minimum Software/Hardware Requirement

Software:

You need to sign up a Azure account (Credit Card is required).

Hardware: Windows and Mac Laptops

About Progressive Wage Model (PWM)

The Progressive Wage Model (PWM) helps to increase wages of workers through upgrading skills and improving productivity. 

Employers must ensure that their Singapore citizen and PR workers meet the PWM training requirements of attaining at least 1 Workforce Skills Qualification (WSQ) Statement of Attainment, out of the list of approved WSQ training modules.

For more information on PWM, please visit MOM site.

Funding Eligility Criteria

Steps to Apply Skills Future Claim

• The staff will send you an invoice with the fee breakdown.
• Login to the MySkillsFuture portal, select the course you’re enrolling on and enter the course date and schedule.
• Enter the course fee payable by you (including GST) and enter the amount of credit to claim.
• Upload your invoice and click ‘Submit’

SkillsFuture Level-Up Program

The  SkillsFuture Level-Up Programme provides greater structural support for mid-career Singaporeans aged 40 years and above to pursue a substantive skills reboot and stay relevant in a changing economy. For more information, visit SkillsFuture Level-Up Programme

Get Additional Course Fee Support Up to $500 under UTAP

The Union Training Assistance Programme (UTAP) is a training benefit provided to NTUC Union Members with an objective of encouraging them to upgrade with skills training. It is provided to minimize the training cost. If you are a NTUC Union Member then you can get 50% funding (capped at $500 per year) under Union Training Assistance Programme (UTAP).

For more information visit NTUC U Portal – Union Training Assistance Program (UTAP)

Steps to Apply UTAP

• Log in to your U Portal account to submit your UTAP application upon completion of the course.

Note

• SSG subsidy is available for Singapore Citizens, Permanent Residents, and Corporates.
• All Singaporeans aged 25 and above can use their SkillsFuture Credit to pay. For more details, visit www.skillsfuture.gov.sg/credit
• An unfunded course fee can be claimed via SkillsFuture Credit or paid in cash.
• UTAP funding for NTUC Union Members is capped at $250 for 39 years and below and at $500 for 40 years and above.
• UTAP support amount will be paid to training provider first and claimed after end of class by learner.

• Security Engineer
• Cloud Security Analyst
• Systems Administrator
• Network Administrator
• IT Security Specialist
• DevOps Engineer
• Solutions Architect
• Security Consultant
• Cybersecurity Analyst
• Infrastructure Architect
• IT Manager
• Cloud Solutions Architect
• Security Compliance Analyst
• Security Auditor
• Incident Responder

Agus Salim is a professional with more than 10 years of experience in Project Management, IT Solutions Management, and Systems Integration both in waterfall and agile methodology. He started out his career as a Web Developer before moving on to Business Analyst/Project Manager. He has strong leadership and the capability of leading a team with a proven ability to deliver projects with tight timelines. Besides his experiences in managing projects, he has good knowledge in Cybersecurity and hands-on experience in Next Generation Firewall such as Check Point. During his free time, he likes to explore Cloud Technology, especially on Microsoft Azure. Agus has obtained AZ-104, AZ-500 and other Microsoft certifications. I am also a ALCP certified trainer.