Skip to content

Latest commit

 

History

History
47 lines (42 loc) · 1.48 KB

3-Develop a security and compliance plan (10-15%).md

File metadata and controls

47 lines (42 loc) · 1.48 KB
Raw

AZ-400: Develop a security and compliance plan (10-15%)

Design an authentication and authorization strategy

  • Design an access solution
    • Azure AD Privileged Identity Management (PIM)
    • Azure AD Conditional Access
    • MFA
    • Azure AD B2B
  • Implement Service Principals and Managed Identity
  • Design an application access solution using Azure AD B2C
  • Configure service connections

Design a sensitive information management strategy

  • Evaluate and configure vault solution
    • Azure Key Vault
    • Hashicorp Vault
  • Manage security certificates
  • Design a secrets storage and retrieval strategy
    • KeyVault secrets
    • GitHub secrets
    • Azure Pipelines secrets
  • Formulate a plan for deploying secret files as part of a release

Develop security and compliance

  • Automate dependencies scanning for security
    • container scanning
    • OWASP
  • Automate dependencies scanning for compliance (licenses: MIT, GPL)
  • Assess and report risks
  • Design a source code compliance solution
    • GitHub Code scanning
    • GitHub Secret scanning
    • pipeline-based scans
    • Git hooks
    • SonarQube
    • Dependabot

Design governance enforcement mechanisms

  • Implement Azure policies to enforce organizational requirements
  • Implement container scanning
    • static scanning
    • malware
    • crypto mining
  • Design and implement Azure Container Registry Tasks
  • Design break-the-glass strategy for responding to security incidents

Return to Table of Contents