Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views2 pages

AZ-500 Cram Notes

The AZ-500 Quick Cram Notes cover key topics for Azure security, including Azure AD Privileged Identity Management, authentication options, and risk-based conditional access. It highlights important features like Azure Container Registry permissions, Azure Disk Encryption limitations, and the use of Azure Policy Effects. Additionally, it addresses logging, monitoring, and access control mechanisms within Azure services.

Uploaded by

emekabonginkosi4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views2 pages

AZ-500 Cram Notes

The AZ-500 Quick Cram Notes cover key topics for Azure security, including Azure AD Privileged Identity Management, authentication options, and risk-based conditional access. It highlights important features like Azure Container Registry permissions, Azure Disk Encryption limitations, and the use of Azure Policy Effects. Additionally, it addresses logging, monitoring, and access control mechanisms within Azure services.

Uploaded by

emekabonginkosi4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

AZ-500 Quick Cram Notes

Azure AD Privileged Identity Management (PIM)

- Only Global Administrators can enable PIM.

- Discover privileged roles first before enabling.

Azure AD Connect Authentication Options

- Pass-through Authentication + Seamless SSO + Password Hash Sync = best to enforce on-prem policies.

- Federation (AD FS) needs more servers.

Synchronization Filtering

- Use Synchronization Rules Editor for attribute-based filtering (block 'givenName = LAB*').

Risk-Based Conditional Access

- Users with leaked credentials = High Risk.

- Sign-ins from suspicious IPs = Medium Risk.

Access Reviews

- Set reviewers to Group Owners for resource access reviews.

Azure Container Registry (ACR) Permissions

- AcrPush = Upload images.

- AcrPull = Download images.

Service Endpoints for Containers

- No need for Application Security Group or Ingress Controller if Service Endpoint configured.

Azure Resource Manager VM Deployment

- Use Azure Automation State Configuration to disable unused Windows features.

Azure Disk Encryption

- Supported on Standard Tier VMs. NOT supported on Basic Tier VMs.

Azure SQL Database Advanced Threat Protection

- Faulty SQL triggers Vulnerability to SQL Injection alerts.

Azure Kubernetes Service (AKS) Authentication


AZ-500 Quick Cram Notes

- AKS auto-authenticates to ACR using Service Principal.

Azure Policy Effects

- DeployIfNotExists requires Managed Identity.

Azure Key Vault Access Control

- RBAC manages administrative vault control.

- Access Policies manage data access (certificates, keys).

Logging and Monitoring

- Azure Activity Log = Resource changes.

- Azure Log Analytics = Analyze events.

Azure Security Center Pricing

- Standard Tier needed for full protection.

Authentication Types

- Active Directory Integrated Authentication for seamless SSMS logins.

Conditional Access Evaluation

- Medium and High risks enforce Conditional Access.

Application Registration

- OAuth 2 Implicit Flow needs Client ID and Redirect URI.

Storage Account SAS Revocation

- Delete or change stored access policy to revoke SAS.

Always Encrypted in SQL

- Requires Column Encryption Keys + Column Master Keys.

You might also like