cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!

TomWechsler
MVP

‎Jul 07 2022 05:25 AM

‎Jul 07 2022 05:25 AM

This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100)!

 

Dear Microsoft 365 Security and Azure Security Friends,

 

When I first read about this certification I was immediately excited! But at the same time I had a lot of respect, because it is an expert certification. I quickly started collecting information. The first thing I learned was that it takes a so-called prerequisite exam to become a Microsoft Certified: Cybersecurity Architect Expert certification. The following prerequisite exams are available (only one of these exams must be passed):

 

Microsoft Certified: Security Operations Analyst Associate (SC-200)
https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/

 

Microsoft Certified: Identity and Access Administrator Associate (SC-300)
https://docs.microsoft.com/en-us/learn/certifications/identity-and-access-administrator/

 

Microsoft Certified: Azure Security Engineer Associate (AZ-500)
https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/

 

Microsoft 365 Certified: Security Administrator Associate (MS-500)
https://docs.microsoft.com/en-us/learn/certifications/m365-security-administrator/

 

I have taken all these prerequisite exams. The two exams AZ-500 and MS-500 helped me the most in preparing for the SC-100 (this is certainly not the case for everyone). In this SC-100 exam you will be quizzed on topics in Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender for Cloud Apps (and all other Defender products), Azure Policy, Azure landing zone, etc. This spectrum is huge, please take enough time to "explore" these "portals" deeply. You don't have to have the technical knowledge down to the last detail. No not at all, in this exam it is important to use all the features and products with the right strategy. This was among other things my way to success!

 

Now to my preparations for the exam:


1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics.

https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/

 

Please take a close look at the skills assessed:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWVbXN

 

2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here.

https://azure.microsoft.com/en-us/free/

 

Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here.

https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products

 

I chose the "Microsoft 365 Business Premium" plan for my testing. I have also registered several free trials to test the various Defender products.

 

3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 4) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment.

https://docs.microsoft.com/en-us/learn/paths/sc-100-design-zero-trust-strategy-architecture/

 

https://docs.microsoft.com/en-us/learn/paths/sc-100-evaluate-governance-risk-compliance/

 

https://docs.microsoft.com/en-us/learn/paths/sc-100-design-security-for-infrastructure/

 

https://docs.microsoft.com/en-us/learn/paths/sc-100-design-strategy-for-data-applications/

 

4. Register for the exam early. This creates some pressure and you stay motivated.

https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/


5. Please also watch the video of John Savill, it is very helpful!

https://youtu.be/2Qu5gQjNQh4


6. The Exam Ref for the SC-200 exam was also very supportive.

https://www.microsoftpressstore.com/store/exam-ref-sc-200-microsoft-security-operations-analyst-9780...

 

7. Further I have summarized various links that have also helped me a lot. Sorted by Functional Group.

 

Design a Zero Trust strategy and architecture:

https://docs.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-governance

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/monitor-audit

 

https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-logging-monitoring

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-connectivity

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-network-segmentation

 

https://docs.microsoft.com/en-us/security/zero-trust/deploy/infrastructure

 

https://docs.microsoft.com/en-us/security/zero-trust/integrate/infrastructure

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/define-security-strategy

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/business-resilience

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/technical-considerations/

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/organize/

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist

 

https://azure.microsoft.com/en-us/services/defender-for-cloud/#features

 

https://docs.microsoft.com/en-us/azure/sentinel/overview

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation

 

https://docs.microsoft.com/en-us/security/compass/incident-response-overview

 

https://docs.microsoft.com/en-us/security/compass/incident-response-planning

 

https://docs.microsoft.com/en-us/security/compass/incident-response-process

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/security-operations

 

https://docs.microsoft.com/en-us/security/compass/security-operations

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-res...

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/manage-acces...

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/ident...

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices

 

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-over...

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-method...

 

https://docs.microsoft.com/en-us/microsoft-365/education/deploy/design-credential-authentication-str...

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authenticatio...

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-identity-authorization

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

 

https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust

 

https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices

 

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate

 

https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept

 

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

 

https://docs.microsoft.com/en-us/security/compass/identity

 

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

 

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate

 

https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-a...

 

https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/principles-of-operation

 

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning

 

Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies:

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/govern/policy-compliance/regulatory-...

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/technical-capabilities

 

https://docs.microsoft.com/en-us/security/compass/governance

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-wor...

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls

 

https://docs.microsoft.com/en-us/azure/governance/policy/overview

 

https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

 

https://azure.microsoft.com/en-us/global-infrastructure/data-residency/

 

https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azu...

 

https://azure.microsoft.com/en-us/overview/trusted-cloud/privacy/

 

https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemo...

 

https://docs.microsoft.com/en-us/security/benchmark/azure/introduction

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-access-and-track

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/enhanced-security-features-overview

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-governance-landing-zon...

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-se...

 

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/secur...

 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti?view=o365-...

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwid...

 

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/reduce-risk-across-your-envi...

 

Design security for infrastructure:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-f...

 

https://docs.microsoft.com/en-us/windows-server/security/security-and-assurance

 

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=...

 

https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-pra...

 

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-your-domain

 

https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/management

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline

 

https://azure.microsoft.com/en-us/overview/iot/security/

 

https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview?view=azuresql

 

https://docs.microsoft.com/en-us/azure/azure-sql/database/security-best-practice?view=azuresql

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/sql-database-security-baseline

 

https://docs.microsoft.com/en-us/azure/cosmos-db/database-security?tabs=sql-api

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/synapse-analytics-security-basel...

 

https://docs.microsoft.com/en-us/azure/app-service/overview-security

 

https://docs.microsoft.com/en-us/azure/app-service/security-recommendations

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-instances-security-bas...

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/container-registry-security-base...

 

https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/aks-security-baseline

 

https://docs.microsoft.com/en-us/azure/aks/concepts-security

 

https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli

 

https://docs.microsoft.com/en-us/azure/architecture/framework/services/compute/azure-kubernetes-serv...

 

Design a strategy for data and applications:

https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-mitigations

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-threat-model

 

https://docs.microsoft.com/en-us/compliance/assurance/assurance-security-development-and-operation

 

https://docs.microsoft.com/en-us/azure/security/develop/secure-design

 

https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-app-service-introduction

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/resilience

 

https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-governance-strategy

 

https://docs.microsoft.com/en-us/azure/architecture/data-guide/scenarios/securing-data-solutions

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage

 

https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-data-protection

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

 

https://docs.microsoft.com/en-us/azure/architecture/framework/security/design-storage-encryption

 

8. You can find a list of all the links here:

https://github.com/tomwechsler/Microsoft_Cloud_Security/blob/main/SC-100/Links.md

 

I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure. Let me give you an example at this point. You want to make a business app available. The authentication should be done by each person with his own LinkedIn account. Which variant of Azure Active Directory do you use for this? At this point you should know the different types of Azure Active Directory.

 

One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube!

 

I hope this information helps you and that you successfully pass the exam. I wish you success!

 

Kind regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

6,531 Views
10 Likes
6 Replies
Reply
6 Replies
Trevor_Rusher

‎Jul 11 2022 08:35 AM

‎Jul 11 2022 08:35 AM

Re: This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100

This is an awesome post Tom! Thank you for sharing :)
0 Likes
Reply
Bipin-prakash

‎Jul 11 2022 09:38 AM

‎Jul 11 2022 09:38 AM

Re: This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100

Wow! Thank you for this comprehensive study guide.

Best,
Bp
0 Likes
Reply
Stephanie_Kanak

‎Jul 11 2022 09:55 AM

‎Jul 11 2022 09:55 AM

Re: This was my preparation for the exam Microsoft Certified: Cybersecurity Architect Expert (SC-100

This post is incredibly comprehensive and helpful. Thank you for sharing!
0 Likes
Reply