In this training, You will learn to design a Zero Trust strategy and architecture; evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies; design security for infrastructure; and design a strategy for data and applications.
To pass this exam, you should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations
Prerequisites
- IT professionals with minimum 1 year experience
- Working knowledge of networking, server administration, DNS, and PowerShell
- Should know the Windows Server, domain environment, Active Directory administration. Complete our Windows administration course.
- Recommended training Microsoft Security Fundamentals SC-900
Skills measured:
- Design a Zero Trust strategy and architecture (30–35%)
- Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
- Design security for infrastructure (20–25%)
- Design a strategy for data and applications (20–25%)
| Sr. |
Details |
1 |
Design a Zero Trust strategy and architecture (30–35%)
Build an overall security strategy and architecture
- Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architecture (MCRA)
- Translate business goals into security requirements
- Translate security requirements into technical capabilities, including security services, security products, and security processes
- Design security for a resiliency strategy
- Integrate a hybrid or multi-tenant environment into a security strategy
- Develop a technical governance strategy for security
Design a security operations strategy
- Design a logging and auditing strategy to support security operations
- Develop security operations to support a hybrid or multi-cloud environment
- Design a strategy for SIEM and SOAR
- Evaluate security workflows
- Evaluate a security operations strategy for incident management lifecycle
- Evaluate a security operations strategy for sharing technical threat intelligence
Design an identity security strategy
- Design a strategy for access to cloud resources
- Recommend an identity store (tenants, B2B, B2C, hybrid)
- Recommend an authentication strategy
- Recommend an authorization strategy
- Design a strategy for conditional access
- Design a strategy for role assignment and delegation
- Design security strategy for privileged role access to infrastructure including identity-based firewall
rules, Azure PIM
- Design security strategy for privileged activities including PAM, entitlement management, cloud tenant
administration
|
2 |
Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
Design a regulatory compliance strategy
- Interpret compliance requirements and translate into specific technical capabilities (new or existing)
- Evaluate infrastructure compliance by using Microsoft Defender for Cloud
- Interpret compliance scores and recommend actions to resolve issues or improve security
- Design implementation of Azure Policy
- Design for data residency requirements
- Translate privacy requirements into requirements for security solutions
Evaluate security posture and recommend technical strategies to manage risk
- Evaluate security posture by using benchmarks (including Azure security benchmarks, ISO 2701, etc.)
- Evaluate security posture by using Microsoft Defender for Cloud
- Evaluate security posture by using Secure Scores
- Evaluate security posture of cloud workloads
- Design security for an Azure Landing Zone
- Interpret technical threat intelligence and recommend risk mitigations
- Recommend security capabilities or controls to mitigate identified risks
|
3 |
Design security for infrastructure (20–25%)
Design a strategy for securing server and client endpoints
- Specify security baselines for server and client endpoints
- Specify security requirements for servers, including multiple platforms and operating systems
- Specify security requirements for mobile devices and clients, including endpoint protection, hardening,
and configuration
- Specify requirements to secure Active Directory Domain Services
- Design a strategy to manage secrets, keys, and certificates
- Design a strategy for secure remote access
Design a strategy for securing SaaS, PaaS, and IaaS services
- Specify security baselines for SaaS, PaaS, and IaaS services
- Specify security requirements for IoT workloads
- Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse,
and Azure Cosmos DB
- Specify security requirements for web workloads, including Azure App Service
- Specify security requirements for storage workloads, including Azure Storage
- Specify security requirements for containers
- Specify security requirements for container orchestration
|
4 |
Design a strategy for data and applications (20–25%)
Specify security requirements for applications
- Specify priorities for mitigating threats to applications
- Specify a security standard for onboarding a new application
- Specify a security strategy for applications and APIs
Design a strategy for securing data
- Specify priorities for mitigating threats to data
- Design a strategy to identify and protect sensitive data
- Specify an encryption standard for data at rest and in motion
|
After completing this training, you can appear the "Exam SC-100: Microsoft Cybersecurity Architect".
Exam details for Microsoft Cybersecurity Architect (Exam SC-100):
- Exam pricing:$165 USD per exam. In India current Microsoft exam fee is $80 per exam. Worldwide it may vary.
- Total exam is of 1000 marks and you need to earn 700 marks to pass the exam.
- You will get 55 to 60 questions in an approximate 2-2½ hours of duration and may change per exam basis.
- Exam formats and question types: Mostly single or multiple choice, drag and drop, repeated answer choices and hands-on labs.
Click to view current exam offer »
