WEBVTT 0:00:02.260000 --> 0:00:08.480000 Hi, let's take a few minutes to go through the implement platform protection 0:00:08.480000 --> 0:00:12.760000 objective domain for the AZ500 exam. 0:00:12.760000 --> 0:00:21.160000 This objective domain, as you can see, has 15 to 20% of the overall exam 0:00:21.160000 --> 0:00:26.140000 waiting. Now the specific objectives, there's only two specific objectives 0:00:26.140000 --> 0:00:30.680000 in this objective domain, although there are many details for each of 0:00:30.680000 --> 0:00:35.560000 those. So there's implementing advanced network security and configuring 0:00:35.560000 --> 0:00:38.020000 advanced security for compute. 0:00:38.020000 --> 0:00:41.420000 Now one thing to understand real quick, and I'll get into this in just 0:00:41.420000 --> 0:00:45.540000 a moment and more of the details, but anytime you see the word compute, 0:00:45.540000 --> 0:00:48.880000 understand that's more than just virtual machines, right? 0:00:48.880000 --> 0:00:51.980000 That would be both infrastructure, which will be virtual machines and 0:00:51.980000 --> 0:00:53.960000 also platform options as well. 0:00:53.960000 --> 0:00:58.600000 We'll get into that so it makes sense to give that right up front. 0:00:58.600000 --> 0:01:03.880000 All right, let's talk about the details that go into the objectives for 0:01:03.880000 --> 0:01:07.420000 this particular domain. 0:01:07.420000 --> 0:01:10.720000 We start out with advanced network. 0:01:10.720000 --> 0:01:14.860000 So we have securing the connectivity of virtual networks. 0:01:14.860000 --> 0:01:20.200000 We have VPN, bring your own key for express route encryption and variations, 0:01:20.200000 --> 0:01:24.360000 point to site and site to site, which are of course variations of VPN. 0:01:24.360000 --> 0:01:28.200000 We're going to talk about network security groups and application security 0:01:28.200000 --> 0:01:31.520000 groups, which go hand in hand if you're not familiar with them. 0:01:31.520000 --> 0:01:34.420000 We have lots of content at INE on that. 0:01:34.420000 --> 0:01:39.520000 We're going to take a look at the Azure firewall resource, what that is. 0:01:39.520000 --> 0:01:43.680000 We're also going to look at the Azure front door resource, being able 0:01:43.680000 --> 0:01:46.700000 to use that as an application gateway. 0:01:46.700000 --> 0:01:50.760000 Being able to use the web application firewall on the Azure application 0:01:50.760000 --> 0:01:54.480000 gateway. Also, configuring Azure Bastion. 0:01:54.480000 --> 0:01:57.560000 It's one of my favorite topics. 0:01:57.560000 --> 0:02:01.820000 And then these topics really go together, configuring a firewall on a 0:02:01.820000 --> 0:02:07.900000 storage account, Azure SQL, Key Vault or App Service, and also implementing 0:02:07.900000 --> 0:02:08.840000 service endpoints. 0:02:08.840000 --> 0:02:10.940000 Those are two sides of the same coin. 0:02:10.940000 --> 0:02:12.420000 You need to be familiar with those. 0:02:12.420000 --> 0:02:17.880000 And finally, as far as network security, implementing the DDOS distributed 0:02:17.880000 --> 0:02:24.600000 denial of service protection that is available within the Azure platform. 0:02:24.600000 --> 0:02:28.060000 All right, so that's advanced network. 0:02:28.060000 --> 0:02:29.640000 What about compute? 0:02:29.640000 --> 0:02:33.660000 What are our advanced compute options here? 0:02:33.660000 --> 0:02:37.840000 So configuring security for compute. 0:02:37.840000 --> 0:02:40.660000 We're going to look at endpoint protection. 0:02:40.660000 --> 0:02:45.620000 And one thing to note that some of these go across both virtual machines 0:02:45.620000 --> 0:02:50.760000 as well as containers and as applicable also web applications. 0:02:50.760000 --> 0:02:55.080000 Configuring monitor system updates for virtual machines. 0:02:55.080000 --> 0:02:57.860000 So what are the automation processes for that? 0:02:57.860000 --> 0:03:02.340000 Then for containers, we have a few that are specific to containers here. 0:03:02.340000 --> 0:03:06.360000 Configure authentication for containers and configure security for different 0:03:06.360000 --> 0:03:07.440000 types of containers. 0:03:07.440000 --> 0:03:11.420000 What are the container options that are available? 0:03:11.420000 --> 0:03:16.000000 We'll talk about vulnerability management, how it can be implemented and 0:03:16.000000 --> 0:03:20.280000 automated for both virtual machines as well as containers. 0:03:20.280000 --> 0:03:25.000000 We'll get configure isolation for Azure Kubernetes services, which is 0:03:25.000000 --> 0:03:30.300000 of course a large scale container, large scale is kind of an odd thing 0:03:30.300000 --> 0:03:36.420000 to say. It is an enterprise container clustering hosting solution. 0:03:36.420000 --> 0:03:39.500000 And then we're going to look at security for container registry. 0:03:39.500000 --> 0:03:42.380000 You need to understand security for container registry. 0:03:42.380000 --> 0:03:47.000000 And you also need to understand Azure disk encryption. 0:03:47.000000 --> 0:03:49.780000 That shows up in a whole lot of places. 0:03:49.780000 --> 0:03:55.620000 All right, and then the next couple are actually really next three are 0:03:55.620000 --> 0:03:58.020000 related to Azure app service. 0:03:58.020000 --> 0:04:02.860000 We'll take a look, you need to take a look at security for Azure app service, 0:04:02.860000 --> 0:04:06.100000 understand the security capabilities and techniques that are available 0:04:06.100000 --> 0:04:08.160000 for the Azure app service. 0:04:08.160000 --> 0:04:15.700000 You also want to understand SSL and TLS certificates. 0:04:15.700000 --> 0:04:17.620000 How are those applied? 0:04:17.620000 --> 0:04:19.140000 And again, it's really TLS. 0:04:19.140000 --> 0:04:23.500000 SSL is just sort of still there for people that have been around for a 0:04:23.500000 --> 0:04:26.600000 while, like myself, who still sometimes call it SSL, even though it's 0:04:26.600000 --> 0:04:30.140000 really TLS. But that's not what's important. 0:04:30.140000 --> 0:04:36.120000 What's important is that you understand how you can use certificates to 0:04:36.120000 --> 0:04:40.580000 protect communications between clients and servers in the Azure environment, 0:04:40.580000 --> 0:04:45.360000 particularly with application services such as web apps. 0:04:45.360000 --> 0:04:48.740000 All right, and then also configure automatic updates. 0:04:48.740000 --> 0:04:56.200000 So those are the details for the advanced network security and the advanced 0:04:56.200000 --> 0:04:58.720000 compute security objectives.