Azure Security Center
You have been asked to create a proof of concept of Security Center-based environment. Specifically, you want to:
Configure Security Center to monitor a virtual machine.
Review Security Center recommendations for the virtual machine.
Implement recommendations for guest configuration and Just in time VM access.
Review how the Secure Score can be used to determine progress toward creating a more secure infrastructure.
17
views
Azure Sentinel
You have been asked to create a proof of concept of Azure Sentinel-based threat detection and response. Specifically, you want to:
Start collecting data from Azure Activity and Security Center.
Add built in and custom alerts
Review how Playbooks can be used to automate a response to an incident.
17
views
Azure Monitor
You have been asked to create a proof of concept of monitoring virtual machine performance. Specifically, you want to:
Configure a virtual machine such that telemetry and logs can be collected.
Show what telemetry and logs can be collected.
Show how the data can be used and queried.
7
views
Service Endpoints and Securing Storage
You have been asked to create a proof of concept to demonstrate securing Azure file shares. Specifically, you want to:
Create a storage endpoint so traffic destined to Azure Storage always stays within the Azure backbone network.
Configure the storage endpoint so only resources from a specific subnet can access the storage.
Confirm that resources outside of the specific subnet cannot access the storage.
4
views
Securing Azure SQL Database
You have been asked to review security features for Azure SQL database. Specifically, you are interested in:
Protection against attacks such as SQL injection and data exfiltration.
Ability to discover and classify database information into categories such as Confidential.
Ability to audit database server and database queries and log events.
6
views
Key Vault (Implementing Secure Data by setting up Always Encrypted)
You have been asked to create a proof of concept application that makes use of the Azure SQL Database support for Always Encrypted functionality. All of the secrets and keys used in this scenario should be stored in the key vault. The application should be registered in Azure Active Directory (Azure AD) in order to enhance its security posture. To accomplish these objectives, the proof of concept should include:
Creating an Azure key vault and storing keys and secrets in the vault.
Create a SQL Database and encrypting content of columns in database tables by using Always Encrypted.
5
views
Azure Firewall
You have been asked to install Azure Firewall. This will help your organization control inbound and outbound network access which is an important part of an overall network security plan. Specifically, you would like to create and test the following infrastructure components:
A virtual network with a workload subnet and a jump host subnet.
A virtual machine is each subnet.
A custom route that ensures all outbound workload traffic from the workload subnet must use the firewall.
Firewall Application rules that only allow outbound traffic to www.bing.com.
Firewall Network rules that allow external DNS server lookups.
30
views
Azure AD Privileged Identity Management
You have been asked to create a proof of concept that uses Azure Privileged Identity Management (PIM) to enable just-in-time administration and control the number of users who can perform privileged operations. The specific requirements are:
Create a permanent assignment of the aaduser2 Azure AD user to the Security Administrator role.
Configure the aaduser2 Azure AD user to be eligible for the Billing Administrator and Global Reader roles.
Configure the Global Reader role activation to require an approval of the aaduser3 Azure AD user
Configure an access review of the Global Reader role and review auditing capabilities.
14
views
MFA, Conditional Access and AAD Identity Protection
You have been asked to create a proof of concept of features that enhance Azure Active Directory (Azure AD) authentication. Specifically, you want to evaluate:
Azure AD multi-factor authentication
Azure AD conditional access
Azure AD Identity Protection
4
views
Resource Manager Locks
You have been asked to create a proof of concept showing how resource locks can be used to prevent accidental deletion or changes. Specifically, you need to:
create a ReadOnly lock
create a Delete lock
8
views
Azure Policy
You have been asked to create a proof of concept showing how Azure policy can be used. Specifically, you need to:
Create an Allowed Locations policy that ensures resource are only created in a specific region.
Test to ensure resources are only created in the Allowed location
6
views
Role Based Access Control
You have been asked to create a proof of concept showing how Azure users and groups are created. Also, how role-based access control is used to assign roles to groups. Specifically, you need to:
Create a Senior Admins group containing the user account of Joseph Price as its member.
Create a Junior Admins group containing the user account of Isabel Garcia as its member.
Create a Service Desk group containing the user account of Dylan Williams as its member.
Assign the Virtual Machine Contributor role to the Service Desk group.
102
views
Configuring and Securing ACR and AKS
You have been asked to deploy a proof of concept with Azure Container Registry and Azure Kubernetes Service. Specifically, the proof of concept should demonstrate:
Using Dockerfile to build an image.
Using Azure Container Registry to store images.
Configuring an Azure Kubernetes Service.
Securing and accessing container applications both internally and externally.
35
views
Implement Directory Synchronization
You have been asked to create a proof of concept demonstrating how to integrate on-premises Active Directory Domain Services (AD DS) environment with an Azure Active Directory (Azure AD) tenant. Specifically, you want to:
Implement a single-domain AD DS forest by deploying an Azure VM hosting an AD DS domain controller
Create and configure an Azure AD tenant
Synchronize the AD DS forest with the Azure AD tenant
35
views
Network Security Groups and Application Security Groups
You have been asked to implement your organization’s virtual networking infrastructure and test to ensure it is working correctly. In particular:
The organization has two groups of servers: Web Servers and Management Servers.
Each group of servers should be in its own Application Security Group.
You should be able to RDP into the Management Servers, but not the Web Servers.
The Web Servers should display the IIS web page when accessed from the internet.
Network security group rules should be used to control network access.
25
views