Section 2: Platform Protection

Implement Platform Protection (35-40%)
Implement Network Security

Configure virtual network connectivity; configure Network Security Groups (NSGs); create and configure Microsoft Azure firewall; create and configure application security groups; configure remote access management

• Configure Virtual Network connectivity

• Configure Network Security Groups (NSGs)

• Create and configure Microsoft Azure Firewall

• Create and configure application security groups

• Configure remote access management

Implement Host Security

Configure endpoint security within the VM; configure VM security; harden VMs in Microsoft Azure; configure system updates for VMs in Microsoft Azure; configure baseline

• Configure endpoint security within the VM

• Configure VM security

• Harden VMs in Microsoft Azure

• Configure system updates for VMs in Microsoft Azure

• Configure baseline

Configure Container Security

Configure network; configure authentication; configure container isolation; configure AKS security; configure container registry; configure container instance security; implement vulnerability management

• Configure container isolation

• Configure AKS security

• Configure container registry

• Configure container instance security

• Implement vulnerability management

Implement Microsoft Azure Resource Management Security

Create Microsoft Azure resource locks; manage resource group security; configure Microsoft Azure policies; configure custom RBAC roles; configure subscription and resource permissions

• Create Microsoft Azure resource locks

• Manage resource group security

• Configure Microsoft Azure policies

• Configure custom RBAC roles

• Configure subscription and resource permissions

Download the pdf here