Download the AI & Machine Learning For Dummies App: iOS - Android
Microsoft Azure Administrator Certification Questions and Answers Dumps – AZ 104
Microsoft Azure Administrator AZ 104 is one of the most popular Microsoft Azure Administrator certification exams. To pass this exam, you need to have a good understanding of Microsoft Azure and its various components. The best way to prepare for this exam is to use this Microsoft AZ 104 dumps. These dumps will help you to understand the Microsoft Azure platform and its various features. In addition, you will also get an idea about the types of questions that are asked in this exam. With the help of these dumps, you can easily pass the Microsoft AZ 104 exam.
Microsoft Certified: Azure Administrator Associate Average Salary — $125,993
Candidates for the Azure Administrator Associate certification should have subject matter expertise implementing, managing, and monitoring an organization’s Microsoft Azure environment.
Responsibilities for this role include implementing, managing, and monitoring identity, governance, storage, compute, and virtual networks in a cloud environment, plus provision, size, monitor, and adjust resources, when needed.
Manage Azure identities and governance (15-20%), Manage Azure AD objects, Manage role-based access control (RBAC), Manage subscriptions and governance, Implement and manage storage (10-15%), Manage storage accounts, Manage data in Azure Storage, Configure Azure files and Azure blob storage, Deploy and manage Azure compute resources (25-30%), Configure VMs for high availability and scalability, Automate deployment and configuration of VMs, Create and configure VMs, Create and configure containers, Create and configure Web Apps, Configure and manage virtual networking (30-35%), Implement and manage virtual networking, Configure name resolution, Secure access to virtual networks, Configure load balancing, Monitor and troubleshoot virtual networking, Integrate an on-premises network with an Azure virtual network, Monitor and back up Azure resources (10-15%), Monitor resources by using Azure Monitor, Implement backup and recovery,
Question 1:In our subscription, we have four different resource groups. They are RG1, RG2, RG3, RG4. RG2 has a Read-only lock at the resource group scope. RG3 has a Delete lock at the resource group scope. RG1 and RG4 do not have locks. We need to determine how we could move resources between resource groups during the lifecycle of these resources. Assuming all resources provisioned support moving between resource groups regardless of region. Which of the following statements are plausible?
A. We can move resources from RG1 to RG4.
B. We can move resources between any of these resource groups.
Notes: We can effectively move resources from RG1 and RG4 because RG1 does not have a lock. We can move resources from RG4 and RG3 because RG4 does not have a lock. Also, while RG3 does have a Delete lock this does not stop resources from being moved into this resource group.
Question 2: Your company has recently added a few new users to your Azure Active Directory. You have already added them to an active directory group, and now you have asked them to add their devices to the domain. When they add their devices, you have to ensure they are prompted to use a mobile phone to verify their identity. How do you configure this?
A. Require multi-factor authentication to join devices
Question 3: Under your Azure Subscription, you are trying to identify VMs that are underutilized in order to shutdown all VMs with CPU utilization under 5%. Which blade should you use?
Question4: You have just purchased the domain name arseemagroup.com from a third party registrar. Using your Azure Active Directory domain, you’d like to create new users with the suffix @arseemagroup.com. Which three things must you do?
Notes: In order to add the domain “arseemagroup.com” to Azure AD, you must add the domain from the custom domain names blade.
When you add your custom domain to Azure AD, you must create an MX or TXT record with a destination address (provided) in order to verify that the domain does indeed belong to you.
Question 5: You have two subscriptions named Subscription1 and Subscription2. You are logged into Azure using Azure PowerShell from Computer1. How can you identify which subscription you are currently viewing and then switch from one subscription to the other for the current session at Computer1.
A. Set-AzContext -SubscriptionName
B. Get-AzContext
C. Select-AzContext
D. AzShow-Context
ANSWER5:
A and B
Notes: In Az PowerShell 3.7.0, Set-AzContext sets the tenant, subscription, and environment for cmdlets to use in the current session.
In Az PowerShell 3.7.0, ‘Get-AzContext’ gets the metadata used to authenticate Azure Resource Manager requests.
Question 6: You have two subscriptions named Subscription1 and Subscription2. You are currently managing resources in Subscription1 from Computer1 that has the Azure CLI installed. You need to switch to Subscription2. Which command should you run?
A. az set account –subscription “Subscription2”
B. az account set –subscription “Subscription2”
C. az subscription set “Subscription2”
D. Select-AzureSubscription -SubscriptionName “Subscription2”
ANSWER6:
B
Notes: You are accessing Azure from Computer1 with the Azure CLI installed; therefore, this command is the correct command.
Question 7: You work at the IT help desk for Consilium Corporation. You have been getting an influx of calls into the help desk about resetting users’ passwords. They keep reporting that they can’t seem to figure out how to reset their password in order to gain access to their Customer Relationship Management (CRM) software. What do you do?
A. Ensure that the users who are having problems are within the correct AD group
B. Make sure you have Azure Active Directory Free
C. Make sure they have their verification device (mobile app or access to email)
D. Verify that self-service password reset is enabled in Azure Active Directory
ANSWER7:
A C and D
Notes: Self-service password may not apply to those not in a specific Active Directory group. If the user is not in the group, they will not be able to reset their password.
In order to reset their password, the user will have to verify their identity using a mobile phone, mobile app, office phone or email.
Self-service password reset is an optional feature in Azure Active Directory, which may not apply to any and all users in the organization.
Question 8: In this scenario, we are working for Cloud Chase Support. We our the active administrator, and we have been tasked with determining how to ensure we do not incur costs in either our Prod-Subscription and our Dev-Subscription for virtual machine resources. We have a CloudChase management group where both subscription nested. We decide to use Azure Policy to enforce compliance on Virtual Machines. Our Policy definition states that virtual machines are not an allowed resource type at the scope of our CloudChase management group. There are some existing virtual machines in our Prod-Subscription at the time this policy is created. After the enforcement of our new policy which of the below statements is true?
A. We cannot create virtual machines in any subscription under the scope of our management group and our existing virtual machines will be deallocated.
B. Virtual machines can be created in our Prod-Subscription if they are compliant.
C. Virtual machines can be created in our Dev-Subscription.
D. We cannot create virtual machines in any subscription under the scope of our management group.
ANSWER8:
D
Notes: We created a policy that has a definition that defines that virtual machines are not a supported resource type at the scope of our management group. Any subscription under the scope of this management group will not support the provisioning of virtual machine resources.
Question 9: You recently signed up for Azure Active Directory Premium and need users to be able to reset their passwords if they are unable to login. What should you configure in Azure Active Directory?
A. Set “block sign-in” to off when creating the user
B. User password reset
C. User password change
D. Add user to sign-in group in Azure AD
ANSWER9:
B
Notes: With the password reset capability, the user will be able to click “forgot password” when trying to log in to the portal and reset their password on their own.
Question 10: You have an Azure Pay-as-you-go Subscription named Subscription1. You have some concerns about cost for Subscription1, and you would like to spend less than $100.00 US per month on all resources in this subscription. If you spend more than $90.00 US, you would like to get an alert in the form of a text message. What should you do?
A. Shutdown VMs when you are not using them
B. Create an alert in Azure Monitor
C. Create a budget alert condition tied to an action group
D. Create a budget in the subscriptions blade
ANSWER10:
C
Notes: Creating an alert condition is available when setting your budget, it is not required that you create an action group, however in this case where we want to be notified via SMS (text message), it is required that we tie an action group to our budget alert.
Question 11: We want to be provide an Azure AD B2B guest user the ability to manage all resources inside of our DevRG resource group. We want to give them these abilities over managing all resources inside of this resource group and nothing more. What role would we assign to the user to accomplish this goal? Assume we are assigning the role to the DevRG scope.
A. User Access Administrator
B. Owner
C. Contributor
D. Global Admin
ANSWER11:
C
Notes: This role will allow us to give this guest user the ability to manage all resources inside of the DevRG resource group, and nothing more like manage role assignments. This is exactly what we need for our scenario. When assigning permissions we need to think the principle of least privilege.
Question 12: You have just created a General-purpose V2 storage account in Azure. From a VM located in your on-prem environment, you’ve logged into your Azure subscription using the Connect-AzConnect command from the PowerShell command line. Next, you need to retrieve the key, in order to access your storage account. Which PowerShell cmdlet will you use to retrieve the access key?
A. Get-AzStorageAccount
B. Get-AzStorageContainerKey
C. Get-AzStorageContainerStoredAccessPolicy
D. Get-AzStorageAccountKey
ANSWER12:
D
Notes: The Get-AzStorageAccountKey cmdlet gets the access keys for an Azure Storage account.
Question 13: You have been directed to copy all data from one storage account to another using the AzCopy tool. You need to report which storage services you can copy. Which of those services would it be?
A. Only Azure File Shares
B. Azure Queues and Blobs
C. Azure Blob and File Shares
D. Azure Table and File Shares
ANSWER13:
C
Notes: AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Question 14: You have a general purpose v1 storage account named consiliumstore that has a private container named container2. You need to allow read access to the data inside container2, but only within a 14 day window. How do you accomplish this using the Azure Portal?
A. Upgrade the storage account to general purpose v2
B. Create a shared access signatures
C. Create a service SAS
D. Create a stored access policy
ANSWER14:
B and D
Notes: A Shared Access Signature (SAS) allows you to have granular control over your storage account, including access to only certain services (i.e. Azure Blobs) and permitting only read, write, delete, list, add, or create access. A Stored Access Policy allows granular control over a single storage container using a Shared Access Signature (SAS).
Question 15: You have an existing Microsoft Enterprise Agreement (EA) Subscription. You need to ship 34TB of data from an on-premise Windows 2016 server to your Azure storage account. You need to ensure that the data transfer has zero impact on the network, preserves your existing drives and is the fastest and most secure method. What should be your first step to starting the import job?
A. Open a ticket with Microsoft Support
B. Order an Azure Databox via the Azure Portal
C. Start an Import Job via the Azure Portal
D. Prepare your hard drives using the WAImportExport tool
ANSWER15:
B
Notes: This option would be the best, as Azure Data boxsupports Windows 2016 servers, and is secure and reliable.
Question 16: You have data in an AWS S3 Bucket named myS3Bucket and you need to copy all of its contents to a container named container1 in an Azure storage account named companydata. Which command would be most efficient use of getting the data from the S3 bucket to the Azure storage container?
A. azcopy copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’ –recursive=true
B. aws s3 cp s3://mybucket/test.txt https://companydata.blob.core.windows.net/container1
C. azcopy blob copy ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’
D. azcopy copy sync ‘https://s3.amazonaws.com/myS3Bucket’ ‘https://companydata.blob.core.windows.net/container1’
ANSWER16:
A
Notes: The AzCopy tool can copy directly from an AWS S3 bucket to an Azure Storage Account. source
Question 17: You have the following Azure Storage Accounts in your Subscription: stor1 (BlockBlobStorage) stor2 (FileStorage) stor3 (StorageV2) Which of these storage accounts can be converted to Read-Access Geo-Redundant Storage (RA-GRS) based on their storage account kind? Please select the most appropriate answer.
Question 18: You create an Azure storage account named companystore with a publicly accessible container named container1. You upload a file to container1 named pic1.png. What will be the URL in order to access this blob?
Notes: The URL of the blob, by default will be the storage account name, followed by blob.core.windows.net, the container name, then the name of the blob.
Question 19: You have an Azure subscription named Subscription1. In Subscription1, you have an Azure virtual machine named VM1. Attached to VM1 are two network interface cards. You require a third network interface card with a network bandwidth above 1000 Mbps for your storage area network. What should you do?
A. Create an additional VM in the same subnet and connect to VM1 over the LAN
B. Create a new subnet with a sufficient number of available IP addresses
C. Create a new storage account to store data for VM1
Question 20: You are trying to create a new Azure Kubernetes Service (AKS) cluster from your local workstation. The AKS cluster must contain three nodes and ensure access to the worker nodes in order to troubleshoot the kubelet. You have authenticated to Azure from your local workstation with the Azure CLI. What command will you use to create an AKS cluster named AKS1 with the necessary components inside of the resource group named RG1?
A. az aks create -g RG1 -n AKS1 –generate-ssh-keys –node-count 3
B. az kubernetes create –name AKS1 –group RG1 –nodes 3 –generate-keys
C. az aks create –name AKS1 –resource-group RG1 –nodes 3 –ssh-key-value ~/.ssh/id_rsa.pub
D. az kubernetes create –name AKS1 –resource-group RG1 –nodes 3 –generate-keys
ANSWER20:
A
Notes: The correctcommand to use for creating an AKS cluster is az aks create and the -g and -n values are abbreviated syntax for resource group and name respectively. The --generate-ssh-keys flag will create the SSH keys in order to access the worker nodes. The --node-count flag will ensure that there are three worker nodes in the cluster.
Question 21: VM1 is located in the West US region, and the OS disk is Premium SSD. The size of VM1 is currently Standard_D2s_v3, but you need to change the size to Standard_D2. You are able to select the size from the size blade, but you receive an error message. Why can’t you change the VM size?
A. You need to provide the username and password for the OS to upgrade
B. Standard_D2 does not support premium SSD disks
C. The size Standard_D2 is not available in the West US region
D. You did not shut down (deallocated) VM1 before you change the size
ANSWER21:
B
Notes: Standard_D2 does not support premium disks; therefore, you are unable to change VM1 to this size. A good way to remember which size is available is the s in the size, as the s indicates Premium SSD. See more here: dsv3-series
Question 22: You have an Azure Kubernetes Service (AKS) cluster named AKS1 within the resource group named RG1. You are trying run the command kubectl get all from the Azure Cloud Shell (https://shell.azure.com) to view your cluster resources. You received the error Error from server (BadRequest): the server rejected our request for an unknown reason. You’ve verified that the resources exist and the command is correct. What do you need to do in order to view your cluster resources from the Azure Cloud Shell?
A. Retrieve the access credentials using the command az aks get-credentials --name AKS1 --resource-group RG1
B. Log into the cluster GUI from the Azure Portal
C. Install the kubectl tool
D. Access the Kubernetes Dashboard using the command az aks browse --name AKS1 --resource-group RG1
ANSWER22:
A
Notes: AKS does not have a cluster GUI that is accessible from the Azure Portal. You must use a machine with kubectl installed, or the Azure Cloud Shell.
The kubeconfig is required in order to access the Kubernetes API. You can retrieve the kubeconfig using the az aks get-credentials command.
Question 23: You have a subscription named Subscription1. You create a new Azure VM in your subscription named VM5 running Windows 2012 R2. You try to connect and login to VM5, but you get an error that says “We couldn’t connect to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled.” You have verified that VM5 is running and has been assigned a public IP address. What change do you need to make in order to successfully connect and login to VM5?
A. Add a rule to the Network Security Group that will allow port 3389
B. Select Reset password from the VM blade
C. Use Network Watcher for detailed connection tracing
D. You need to access the VM from a computer that’s in the same subnet
ANSWER23:
A
Notes: A Network Security Group (NSG) is designed to filter traffic to and from Azure resources, including Azure VMs. Allowing port 3389 from your machine to the Azure VM will address the connection issue. You may reset the password, but being you received the error before attempting to enter your credentials says that it’s a connectivity problem, not a credentials problem.
Question 24: Subscription1 contains an Azure VM named VM1 with the following configuration:VM Size: Standard_D2s_v3
Public IP Address: 52.173.36.55
Resource Group: RG1
Availability Zone: None
Location: Japan East
Disk Type: Standard HDD
What are two things you can do to reduce data loss and achieve a 99.9% SLA?
A. Create a recovery services vault and enable replication for VM1
B. Move VM1 to a paired region
C. Place the VM in an availability zone
D. Change the disk type to Premium SSD
ANSWER24:
A and D
Notes: Creating a recovery services vault will allow you to back up the VM to a different region and location. You will enable replication to ensure that VM data and settings are continually replicated to the backup location for simple recovery.
Virtual machines with Premium SSD disks qualify for the 99.9% connectivity SLA.
Question 25: You have created an application that is to be run on Linux containers named ContainerApp1. You’ve created an Azure container instance with an FQDN, but you notice that when the container restarts, all application data is lost. What is the best solution to preserve the data associated with your application?
A. Create a public blob storage container and share the URI with the application
B. Create a storage account and share the SAS with the application
C. Mount an Azure file share as a volume in Azure Container Instances
D. Run the container on a VM, and use the managed disk attached to the VM
ANSWER25:
C
Notes:Azure Container Instancescan mount an Azure file share created with Azure Files. Azure Files offers fully managed file shares hosted in Azure Storage that are accessible via Server Message Block (SMB) protocol. Using an Azure file share with Azure Container Instances provides file-sharing features similar to using an Azure file share with Azure virtual machines.
Question 26: You’ve created a Dockerfile that contains the necessary steps to build an image that you plan to use for your application running as a Web App in App Services named APP1. You have created an Azure Container Registry, which is where you plan to store your images to be used for APP1. What should your next step be?
A. Run the az acr build command
B. Create the App Service Plan
C. Run the docker push command
D. Run the docker login command
ANSWER26:
A
Notes: The az acr build command will build and push your image to an Azure Container Registry all in one command. You should use this if you don’t have docker installed, and/or if you don’t have the compute resources to build images on your local machine.
Question 27: You have an application that runs on instances in a Virtual Machine Scale Set. The number of instances in the VMSS is at three starting Monday. The minimum number of instances is one, and the maximum is 5 instances. There are two scaling rules for this VMSS:
Rule
Condition
Action
Rule1
CPU > 75%
+1 instance
Rule2
CPU < 25%
-1 instance
Based on the rules above and the chart below, on Wednesday how many instances will there be in our VMSS?
Notes: We start with 3 instances on Monday. Based on the chart we will still be at 3 instances on Tuesday at 12:01 because we have not met a condition for any scaling actions to take place, but then at 13:36 on Tuesday we will scale down an instance due to the CPU% being below 25%. Now we have 2 instances. Then on Wednesday at 12:10 we will be scale-out by one instance because our CPU% has gone above 75%. This gives us three instances on Wednesday.
Question 28: Subscription1 contains an Azure VM named VM1. You have added a data disk to VM1, as well as a new network interface card. You need to create two more Azure VMs just like this one named VM2 and VM3. What is the most efficient way to create VM2 and VM3 that will minimize cost?
A. Backup the VM and recover to a different region
B. Redeploy VM1 with the new disk and NIC and deploy the template to VM2 and VM3
C. Select Export template from VM1 blade, then deploy VM2 and VM3 with that template
D. Create an image from VM1 and use the image to deploy VM2 and VM3
ANSWER28:
C
Notes: Exporting the template from a VM is a quick and easy way to take the existing VM settings and automate future deployments.
Question 29: You have an Azure subscription named Subscription1. You have created a web app named App1 in Subscription1 that is sourced from a git repository named Git1. You need to ensure that every commit to the master branch in Git1 triggers a deployment to a test version of the application before releasing it to production. What are two changes that you must make to App1 to fulfill this requirement?
A. Create a build server with the master branch of Git1 as the trigger
B. Configure custom domains for test and production versions of App1
C. Add a new deployment slot to App1 to release the test version of App1
D. Create a new web app and configure failover settings from test to production
ANSWER29:
A and C
Notes: You have the option of creating a build server natively in App Services by selecting Deployment Center in the App1 blade. This will trigger a build every time a commit is made to the master branch of Git1.
Deployment Slots allow greater flexibility within app services, providing a built-in staging environment for your app, allowing you access to your application without deploying it to production.
Question 30: You plan to create an Azure Web App in the East US region. You need to ensure that this web app scales out with demand, to prevent downtime. You also need to ensure that the data that resides inside of the application will remain secure and never become exposed to anyone outside of the organization. Which App Service plan SKU will you chose that will meet these requirements and also save on cost?
A. FREE
B. B1
C. SHARED
D. I1
ANSWER30:
D
Notes: The I1 SKU allows your app to run on dedicated hardware, and also provides network isolation on top of compute isolation to protect your app. It also provides the maximum scale-out capabilities.
Question 31: VM1 is located in the East US region. You have added a premium SSD data disk to VM1, but the IOPS are not satisfying the needs of your application, how can you change the speed of the disk?
A. Select the disk configuration and increase the size
B. Shut down (Deallocate) the VM
C. Export the disk and convert to VHD
D. Create a new disk and migrate the data
ANSWER31:
A and B
Notes: Premium disk performance increases based on the size of the disk, while standard disks have consistent performance for all disk sizes. Disks can be resized only when they are unattached or the owner VM is deallocated. Disks can be resized only when they are unattached or the owner VM is deallocated.
Question 32: The NoName Company has just deployed a number of Azure VMs into a specific subnet in an Azure virtual network. They have also implemented a network security plan which includes the use of Azure Firewall. From those newly deployed VMs, the company wants to deny access to the website https://www.microsoft.com. How can you achieve this using their current Azure resources?
A. A network rule
B. Create a route via Route Table to the firewall (as a virtual appliance hop)
C. Configure an application rule on the Azure Firewall that blocks FQDNS www.microsoft.com
D. An Application Gateway
E. A Subnet named AzureFirewallSubnet
F. A VPN Gateway
ANSWER32:
A B C
Notes: A network rule would allow access to an external public DNS service, to lookup the microsoft.com domain name. Creating a route via Route Table to the firewall is required to direct incoming traffic (from the firewall public IP address) to a specific destination.
An application rule allows or blocks an address by URL. This is necessary in order to block https://www.microsoft.com according to the requirements of the company.
Question 33: You need to create an Azure virtual machine named VM1 that requires a static private IP address configured inside the IP address space for the VNet in which the VM resides. How do you configure a static IP address for this Azure VM?
A. After the VM has been created, create a new network interface and configure a static IP address for that network interface
B. After the VM has been created, go to the network interface attached to the VM and change the IP configuration to static assignment
C. When creating a VM in the portal, select New next to private ip address and choose static after assigning the correct IP address
D. When creating the VM in the portal, change the setting from dynamic to static on the networking tab under private IP address
ANSWER33:
B
Notes: Changing the IP configuration on the network interface will achieve this goal.
Question 34: You have an Azure subscription named Subscription1. In Subscription1, you have a web server that has the IP address 10.1.0.83 and a database server that has the IP address 10.1.0.142. Instead of remembering the IP addresses of the servers, you’d like to connect to these servers using a DNS name. With no DNS server currently, and without having to create a new DNS server, how can you access your database server from your web server by the DNS name db.yourcompany.com?
A. Public DNS Zone
B. Promote Server to Domain Controller
C. Access the Domain Controller
D. Private DNS Zone
ANSWER34:
D
Notes: A private DNS zone is an easy way to register servers with a DNS name versus having to access them by their IP address
Question 35: You have an Azure subscription named Subscription1. In Subscription1 you have two VNets, one named VNet-Hub and one named VNet-Spoke. Within VNet-Hub, there is an Azure Firewall with a public IP address, configured as a Standard SKU. In VNet-Spoke, there is a Windows Server 2016 with no public IP address and no Network Security Group (NSG). Using which three items can you utilize the public IP address of the Azure firewall to connect to the Windows Server, without exposing the server to the public internet directly?
A. NAT Rule for the Firewall
B. Route Table
C. Virtual Network Gateway
D. Virtual Network Peering
E. ExpressRoute Gateway
ANSWER35:
A B D
Notes: You can configure a NAT rule on the firewall to translate and filter inbound Internet traffic to your subnets. You will need a route table to route ingress traffic to the firewall virtual appliance. In order for traffic to flow from the VNet-Spoke to VNet-Hub, you will need a peer connection between the virtual networks (Virtual Network Peering).
Question 36: You have an on-premises environment as well as your Azure environment with a subscription named Subscription1. Subscription1 has a virtual network named VNET1 and you need to connect to the on-premises network securely using an ExpressRoute link and Site-to-site VPN. What Azure resources do you need in order to establish the connection while minimizing cost?
A. Azure VPN Gateway
B. Network virtual appliance
C. No resources needed, ExpressRoute is encrypted by default
Notes: VPN tunnels over Microsoft peering can be terminated either using VPN gateway, or using an appropriate Network Virtual Appliance (NVA) available through Azure Marketplace. We choose to use NVA because it accomplishes our goal, but for a lesser cost than Azure VPN Gateway. A route table is required to specify the next hop for traffic coming and going from the on-premises network.
Question 37: You have a Network Security Group (NSG) that is associated with a network interface that is attached to an Azure virtual machine named VM1 running Windows Server 2019. VM1 is in subnet named subnet1, in a virtual network named VNet1. A different NSG is attached to subnet1, but you notice that there is an inbound rule to allow port 3389. When you try to connect to VM1, you cannot connect. You reviewed the NSG and the source IP address and the protocol are correct. How can you connect to VM1 using best practices for NSGs in Azure?
A. The protocol on the NSG rule is set to UDP
B. The NSG attached to the network interface needs to be removed
C. The source IP address on the NSG rule is incorrect
D. You need to add an inbound rule for the NSG attached to the network interface
ANSWER37:
B
Notes: Removing the NSG from the network interface would allow the VM to use the NSG associated with the subnet, which is best practice.
Question 38: You have an Azure subscription named Subscription1. In Subscription1 you have an Azure VM named VM1 with Windows Server 2019 as the operating system. VM1 does not have a public IP address assigned to it. VM1 is located in a virtual network named VNet1, in subnet1. Attached to subnet1 is a Network Security Group (NSG) that has port 3389 open inbound. On your local machine, you do not have an RDP client installed, but you need to login into the VM. Without assigning a public IP address to the VM, what three things in combination can we use to log into VM1?
A. HTML5 supported Web Browser
B. Azure VPN Gateway
C. A subnet named AzureBastionSubnet
D. A Gateway Subnet
E. Azure Bastion Host
F. Inbound security rule to open port 443
ANSWER38:
A C E
Notes: The RDP connection to the virtual machine happens via Bastion host using the Azure portal (over HTML5) using port 443 and the Bastion service.
The subnet inside your virtual network to which the Bastion resource will be deployed must have the name AzureBastionSubnet. The name lets Azure know which subnet to deploy the Bastion resource to. This is different than a Gateway Subnet.
The Azure Bastion service is a new fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines do not need a public IP address.
Question 39: You have a subscription named Subscription1. Subscription1 has two virtual networks named VNet1 and VNet2 in two different resource groups. VNet1 is located in the West US region and VNet2 is located in the East US region. You need to apply a network security group named NSG1 to a subnet in VNet1. NSG1 is located in the East US region. How do you attach NSG1 to the subnet in VNet1?
A. You can’t. Create a new network security group in the west us region
B. Move VNet1 into a resource group located in the east us region
C. Select the subnet and choose NSG1 from the network security group drop-down
D. Move NSG1 into the VNet1 resource group
ANSWER39: A
Notes: In order for you to associate a network security group to a subnet, both the virtual network and the network security group must be in the same region.
Question 40: You have a subscription named Subscription1. Subscription1 has one Azure virtual machine named VM1 which is an Ubuntu server. You can’t seem to login to the server via SSH. What tool should you use to verify if the problem is the network security group?
A. IP flow verify tool in Azure Network Watcher
B. Azure Monitor VM metrics
C. Azure Traffic Manager traffic view
D. Azure Virtual Network logs
ANSWER40:
A
Notes: The IP Flow Verify tool checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and a remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned.
Question 41: You have two Azure virtual machines named VM1 and VM2. VM1 is using the Red Hat Enterprise Linux 8.1 (LVM) operating system and is located in VNet1, within subnet1. VM2 is using the Windows Server 2019 operating system, and is located in VNet1, within subnet2. VNet1 has custom DNS configured, pointing to a DNS server with the IP address 172.168.0.6. VM2 has 10.0.1.15 configured as the DNS server on its network interface. Which DNS server will VM2 use for DNS queries?
A. 8.8.8.8
B. 10.0.1.15 for primary, 172.168.0.6 as secondary
C. 10.0.1.15
D. 172.168.0.6
ANSWER41:
C
Notes: Since the network interface attached to VM2 is assigned to a specific DNS server, it takes precedence over the DNS configured on the VNet.
Question 42: You have created a new Azure virtual machine in a subnet named Subnet1 with an attached network interface card named NIC1. The NIC1, attached to Subnet1, has the following effective routes:
Question 43: You have a standard load balancer that directs traffic from port 80 externally to three different virtual machines. You need to direct all incoming TCP traffic on port 5000 to port 22 internally for connecting to Linux VMs. What do you need in order to connect to the VM via SSH?
A. A public IP address for all three VMs
B. A Route Table with at least one rule
C. A Network Security Group (NSG)
D. A Network Address Translation (NAT) Rule
ANSWER43:
C and D
Notes: The NSG rules work alongside the NAT rules to provide a connection to a VM that’s behind a load balancer. NAT rules work alongside NSG rules to provide a connection to a VM that’s behind a load balancer.
Question 44: You have a web application that serves video and images to those visiting the site. You start to notice that your web server is overloaded, and often crashes because the requests have consumed all of its resources. To combat this, you’ve added an additional web server and you plan to load balance these servers by serving images from the first server only and serving video from the second server only. Which Azure resource can you implement that will properly load balance (at OSI layer 7) with URL-based routing and secure with SSL at the lowest cost?
A. Azure Load Balancer
B. Azure Front Door
C. Azure Application Gateway
D. Web Application Firewall
ANSWER44:
C
Notes: Azure Application Gateway operates at layer 7 (the application layer), and is a web traffic load balancer that enables you to manage traffic to your web applications. Application Gateway can make routing decisions based on URI path and secure with SSL.
Question 45: You manage a virtual network named VNet1 that is hosted in the West US region. Two virtual machines named VM1 and VM2, both running Windows Server, are on VNet1. You need to monitor traffic between VM1 and VM2 for a period of five hours. As a solution, you propose to create a connection monitor in Azure Network Watcher. Does this solution meet the goal?
A. Yes
B. –
C. –
D. No
ANSWER45:
A
Notes: The connection monitor capability in Azure Network Watcher monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
Question 46: You have an Azure subscription named Subscription1. You would like to connect your on-premises environment to Subscription1. You have to meet three requirements from the business. The first requirement is that the connection from the on-premises office and Azure must be a private connection. No network traffic is allowed to go over the public internet. The second requirement is that all traffic from the on-premises office and Azure must happen at layer 3 (network layer). The third requirement is that this connection from on-premises to Azure must be redundant to minimize the opportunity for failure. What type of connection fulfills these three requirements?
A. ExpressRoute with premium add-on
B. ExpressRoute
C. Site-to-Site VPN
D. Virtual WAN
ANSWER46:
B
Notes:ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. ExpressRoute connections do not go over the public Internet. An ExpressRoute Connection is a layer 3 connection between your on-premises network and Azure through a connectivity provider (e.g. Verizon).
Question 47: You have an Azure subscription as well as an on-premises environment that is connected via ExpressRoute circuit. You have two additional branch offices that you need to connect to the network, as well as ten remote employees that change locations frequently but still need access to Azure resources. What is the solution that will provide the quickest setup at the lowest cost?
A. Site-to-Site VPN
B. Point-to-Site VPN
C. Virtual WAN
D. Hub-and-Spoke Network Topology
ANSWER47:
C
Notes: The Virtual WAN architecture is a hub and spoke architecture for branches and users. It enables global transit network architecture, where the cloud-hosted network ‘hub’ enables transitive connectivity between endpoints that may be distributed across different types of ‘spokes’. All hubs are connected in full mesh in a Standard Virtual WAN making it easy for the user to use the Microsoft backbone for any-to-any (any spoke) connectivity. This satisfies the requirement to provide the quickest set up at the lowest cost.
Question 48: You have a small number of servers running a microservice, and you want to make sure that all the servers have connectivity to each other. You also need to calculate network performance metrics like packet loss and link latency. Which two Azure resources do you need to meet this requirement?
A. Log Analytics Workspace
B. Network Performance Monitor
C. Azure Monitor
D. Azure Traffic Manager
ANSWER48:
A and B
Notes:A Log Analytics workspace is a data repository for Azure Monitor log data. A pre-requisite in order to use Network Performance Monitor. Network Performance Monitor helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
Question 49: You have two virtual networks named VNet1 and VNet2. VNet1 is located in the West US region, whereas VNet2 is located in the East US region. You need to configure a virtual machine that’s located in VNet1 to also communicate with VMs in VNet2. From the choices available how can we enable communication between resources in VNet1 and VNet2
A. Migrate the VNet1 VM to VNet2 and leave the other VM components on VNet1
B. Migrate the network interface card (NIC), the network security group (NSG) and the VM disks to VNet2
C. Just the VM disks will need to be migrated to VNet2
D. Configure a VNet-to-VNet VPN gateway connection to allow communication between VNets in different regions
Question 50: You have two subscriptions, one named Subscription1 and the other named Subscription2. Both subscriptions are located within the same tenant. You have one Azure virtual machine located within Subscription1 and another Azure virtual machine within Subscription2 and you’d like to view CPU utilization metrics on both virtual machines. How can you achieve this while maintaining the minimum number of Azure resources and minimizing cost?
A. Create a Log Analytics Workspace for both VMs
B.Turn on VM Insights in Azure Monitor
C. Install the Log Analytics (OMS) Agent on the VMs
D. Enable guest-level monitoring on each VM
ANSWER50:
A and B
Notes: You can view metrics data (such as CPU utilization %) over time by sending your metrics data to a log analytics workspace. This workspace can collect metrics data from multiple VMs, no matter if they are located in the same or different subscriptions.
VM integration with Azure Monitor Logs delivers powerful aggregation and filtering, allowing Azure Monitor for VMs to analyze data trends over time. You can view this data in a single VM from the virtual machine directly, or you can use Azure Monitor to deliver an aggregated view of your VMs where the view supports Azure resource-context or workspace-context modes.
Question 51: You have created a new Azure virtual machine named VM1. You plan to use VM1 as a web server, which will require the VM to be accessible using HTTP/S (HTTP and HTTPS) protocol. A Network Security Group (NSG) is attached to the NIC of VM1 with the following rules:
What changes do you have to make to the NSG in order to meet the requirements for VM1?
A. Change the priority of Rule3 to 200
B. Change the action of Rule1 to Allow
C. Change the priority of Rule4 to 200
D. Change the port of Rule5 to 443
ANSWER51:
C
Notes: Lower priority rules take precedence over higher ones. Changing Rule4 to a lower number will negate all the other rules of a lesser priority, therefore allowing traffic on ports 60-500, which includes 80 and 443, the ports necessary for allowing traffic over HTTP/S. Remember the lower the priority the priority number the higher the priority in regards to reading the rules.
Question 52: You have an Azure virtual machine running Windows Server 2016. You need to collect OS level metrics on this virtual machine, including Windows event logs and performance counters. Which of the following items do you need in order to collect this metrics data?
A. Enable guest-level monitoring
B. Windows Diagnostics Extension
C. Log Analytics Agent
D. InfluxData Telegraf Agent
E. Storage Account for Diagnostic Data
ANSWER52:
A B E
Notes: In order to install the diagnostics extension on an Azure VM, you must enable guest-level monitoring from the VM settings in the portal. Windows Diagnostic Extension is an agent in Azure Monitor that collects monitoring data from the guest operating system and workloads of Azure virtual machines and other compute resources. In order to enable guest-level monitoring, you need to create a storage account for storing the metrics data.
Question 53: You have an Azure subscription with a virtual machine named VM1. You are using Recovery Services Vault (RSV) to backup VM1 with soft delete enabled. The backup policy is set to backup daily at 11 PM UTC, retain an instant recovery snapshot for 2 days, and retain the daily backup point for 14 days. After the initial backup of VM1, you are instructed to delete the vault and all of the backup data. What should you do?
A. Turn off soft delete in the vault security settings
B. Wait 14 days
C. Stop the backup of VM1 and delete backup data
D. Delete the backup policy
E. Delete Backup Jobs Workload
F. Wait 15 days
ANSWER53:
A and C
Notes: When you stop the backup and delete the backup data, because you have soft delete enabled, the backup data is still kept. Permanently delete the soft-deleted backup items that would remove the backup data indefinitely. If you stop the backup of VM1 and choose delete backup data from the dropdown menu, this will stop future backups and delete the existing backup data.
Question 54: You have a number of virtual machines and web applications running in your Azure environment. These Azure resources are critical for business operations, so you’ve locked the resources in order to prevent deletion. In addition, how can you alert on these actions in the portal, and notify your team via email and SMS when a user is trying to delete or create a new resource from within your Azure subscription?
A. Pin the activity log to your dashboard
B. Create a new alert rule
C. Query Administrative Events and Copy Link to Query
D. Create a new action group
ANSWER54:
B and D
Notes: Alert rules specify the conditions for which the alert is triggered. Activity log alerts are the alerts that get activated when a new activity log event occurs that matches the conditions specified in the alert. An action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor and Service Health alerts use action groups to notify users that an alert has been triggered.
Question 55: You have a .NET Core application running in Azure App Services. You are expecting a huge influx of traffic to your application in the coming days. When your application experiences this spike in traffic, you want to detect any anomalies such as request errors or failed queries immediately. What service can you use to assure that you know about these types of errors related to your .NET application immediately?
A. Client-side monitoring
B. Live Metrics Stream in Application Insights
C. Application Insights Search
D. Log analytics workspace
ANSWER55:
B
Notes: Live metrics stream includes such information as the number of incoming requests, the duration of those requests, and any failures that occur. You can also inspect critical performance metrics such as processor and memory.
Question 56: You have an Azure subscription named Subscription1. In Subscription1 you have two Azure VMs named VM1 and VM2, both running Windows Server 2016. VM1 is backed up using Recovery Services Vault, with a backup policy of producing a daily backup and keeping that daily backup for seven days. Also, a snapshot is kept for 2 days. VM1 is compromised by a virus that infects the entire system, including the files. You need to restore the files from yesterday’s backup of VM1. Where can you restore the files to in the quickest manner?
A. A new Azure VM
B. Restore the VM1 snapshot
C. VM2
D. In-place
ANSWER56:
B
Notes: Using snapshots for VM backups, you speed up the recovery time considerably. The snapshots are stored with the disks in Azure, so the transfer speeds are optimal.
Question 57: You have a subscription named Subscription1. You would like to be alerted upon certain administrative events within Subscription1 to detect unauthorized access. Which of the following is the quickest method to setup these types of alerts?
A. Monitor > Alerts > New Alert Rule
B. Log Analytics Workspace > myWorkdspace > Advanced Settings
C. Policy > Assignments > Assign Policy
D. Subscriptions > mySubscription > Activity Log > New Alert
ANSWER57:
A
Notes: Alerts can be created from within Azure Monitor
Microsoft Azure Administrator Certification Q&A:
What does az vmss deallocate do?
Theaz vmss deallocate command will deallocate and remove the VMs within a VMSS. Azure Doc
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise. Would this fulfill the requirement?
– Yes, you can use resource tags to organize your Azure resources and also apply billing techniques department wise. The Microsoft documentation mentions the following.
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure rolebased access control to separate the bills department wise. Would this fulfill the requirement?
– No, This is used to control access to resources and can’t be used for billing purposes.
A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure policies to separate the bills department wise. Would this fulfill the requirement?
– No, Azure policies are used from a governance perspective and can’t be used to create bills department wise.
A company is planning to use the Azure Import/Export service to move data out of its Azure Storage account. Which of the following service could be used when defining the Azure Export job?
– Only the BLOB service is supported by the Export job feature. This is also given in the Microsoft documentation.
Suppose you have an application running on a windows virtual machine in azure. what is the best-practice guidance on where the app should store data files?
– Dedicated data disks are generally considered the best place to store application data files. They can be larger than OS disks and you can optimize them for the cost and performance characteristics appropriate for your data.
Hi All, I am trying to find the pros & cons between a system assigned identity and a user assigned identity for azure monitoring agents and which would be best to proceed if the environment grows with a large number of subscriptions. Thanks in Advance. submitted by /u/advertpro [link] [comments]
Background: As a part of an ongoing environmental effort at work, we are trying to figure out some key numbers of the data centers we are using. As part of EU regulation 517/2014 the use of different cooling gasses can be expressed as a Global Warming Potential (GWP). Is there any documentation anywhere about this number for any of the Azure Cloud datacenters? Simillary, there is a lot of information about Sustainability on Azure, with talk of being water positive, zero-waste and 100% renewable energy, but little about actual hard data divived into separate data centers or even regions. ISO/IEC 30134-6:2021 defines Energy Reuse Factor, and an increasing number of customers demand this number from us. A number I cannot seem to find anywhere. I find some fancy Pdfs talking about potential ERFs, but nothing about actual use. My suspicion is 0, but if anybody knows where these things are documented, I'd be very happy. Lastly there is ISO 50600-4-3, this is the Renewable Energy Factor, which Azure claims will be 100% by 2025, but I cannot find any actual numbers per region or datacenters submitted by /u/Over_Artichoke6252 [link] [comments]
Hey everyone, We and some of our otherwise unrelated colleagues in West Europe have been experiencing a dramatic increase in transient 403 errors when connecting to Azure Key Vault using RBAC. It doesn't seem to be a client issue, as we've seen it in multiple different integrations. Has someone else experienced this lately? submitted by /u/countkillalot [link] [comments]
Let us we want to deploy a model OpenAI. To do that we need to make a deployment that takes a deployment name (arbitrary) and a model name (from the list pre-defined by OpenAI service). What are best practices for deployment naming? For now, I just say deploymentName = modelName (see example). There are recommendations on this subject? Feel free to provide links. My company does not have their own conventions. Example: yaml modelDeployments: - deploymentName: gpt-4o modelName: gpt-4o location: francecentral sku: name: Standard capacity: 5 submitted by /u/StreetMedium6827 [link] [comments]
Hi, We want to send syslogs to Azure Log Analytics from our Arc server. I have created the data collection ruleset, and the Azure Monitor Agent is automatically installed during the process. However, the events directory is getting flooded with entries and consuming a lot of space over time. root@localhost:~# ls /var/lib/waagent/events/ | wc -l 38328 I can still see the syslog entries in Azure Log Analytics, but I'm not sure how to prevent the events from filling up this directory. Could you please assist? submitted by /u/fareast87 [link] [comments]
Hello. I have a Linux VM that was migrated from on-premise some time ago and wasn't placed into an Availability Zone, so I'm trying to move it into one now. Unfortunately, it fails the validation with the following error: "The Azure operation failed with code 'StorageAccountNotFound'. Possible Causes: The operation failed with error: 'Storage account 'migratersa1829839641' not found. Ensure storage account is not deleted and belongs to the same Azure location as the VM.'. Recommended Action: Review the resource settings and retry the operation. If the issue persists, contact support" I don't know what this Storage Account could be, as it doesn't exist and I don't remember it ever existing, so what could be linking the VM to it, and how to I remove it? I can't see any reference to it on any of the blades for the VM in the Azure Portal. I've successfully moved some similar VMs without encountering this error, seems to be unique to this one VM. Thanks in advance! submitted by /u/dai_webb [link] [comments]
Hi All, I am encountering an issue where I have setup the appliance and it can reach all servers. When i went into discovery it discovered all the VM's of all Hyper V hosts but somehow didn't discover the Hosts themselves are a physical server was also not discovered which is not relate to Hyper V. As far as I am aware the Azure Migrate appliance should discover everything. And if i want it discover a physical server that is not a Host how am I supposed to do that as inside the appliance it says to specify Hyper V hosts. submitted by /u/NorthYogurtcloset452 [link] [comments]
I'm using Azure Front Door and would like to know if it's possible to serve cached content when the origin server returns a 500 error, even if the cached content has expired. Is there a way to configure Front Door so that it delivers stale cached content in case of an origin failure, rather than showing the error to the user? If so, how can I set this up in the caching rules or configuration? Something like stale-if-error support of AWS Cloudfront ? Thanks in advance for any guidance or suggestions! edit: I use App Service with NextJS submitted by /u/ZecKa63 [link] [comments]
What's your strategy for partitioning data in BigQuery or Redshift? Need some insights on balancing query performance and cost. submitted by /u/riya_techie [link] [comments]
I can replicate the disks, but are you just applying a deployment yaml to reattach on the new aks instance? A lot of reference architectures for this scenario when it is stateless pods, but nothing for stateful. submitted by /u/thesaintjim [link] [comments]
Hi everyone, I have deployed a simple REST application using Spring Security and JWT on Azure App Service. When I try to invoke endpoints using Postman, I am getting a 401 response, regardless of whether the endpoint has access allowed or protected by authentication. I think it may be something related to CORS, although I am not making requests from a browser. Could someone give me a hint as to what is going on, thank you. submitted by /u/West_Swimmer_1914 [link] [comments]
Hello Azure community. I am transitioning careers from sales to Azure. I am working on learning Azure, so far I have 3 fundamentals Certs (AZ-900, AI-900 & DP-900). I am currently studying for the AZ-104 and would like to get some hands-on experience and learn the Azure platform by doing some labs + projects. What is the best study platform that has Projects + Videos + Labs. I tried Pluralsight, but had issues with the site tracking my progress and accessing the Labs. Any suggestions? submitted by /u/GDMFB1 [link] [comments]
Hi guys, i work for a consulting firm, my boss told me i need to get the Sc-200 certification in a "crash course", during the last 3 weeks i did the entire ms learning percourse twice, an udemy course, youtube videos, etc... Today i had tried the exam and got a little more than 525 points. The exam was mostly extremelly difficult, questions with technical arguments (tables) or commands that i am sure i would had know only if working as a sentinel analyst for years. I am discoraged as i feel that i was even "lucky" to arrive to the 500 points. I don't think what my company is asking me is doable, or at least without working in a SOC for sometime as a analyst. Do you guys agree or was i just unlucky to get the most dificult questions on the exam? I have 9 years of experience on IT Security. submitted by /u/Infamous_Warning8412 [link] [comments]
I have a small business with 15 people. Looking for a reputable company based in US that can setup Azure Virtual Desktop. Any recommendations? submitted by /u/legen-wait-for-it- [link] [comments]
We have been slowly migrating to SaaS applications, and only a couple of things remain on-prem. I don't understand why an SMB would need any kind of systems admin anymore, has Azure essentially replaced that need for all but very large enterprises? At this point almost everything is just passing data between API endpoints to setup and configure and it's very automated. It would seem that the real work is left to software developers. Am I correct here? submitted by /u/TerrificGeek90 [link] [comments]
We are testing the new web sign in enabled pc's for our domain because we need to be able to MFA into the workstations. Everything works perfect except mapped drives for a domain file server. An Entra AD device maps the drives just fine but Web Enabled does not. We are using conditional access set to the serial number of the machine of what machines get web enabled enforced. If I remove that pc from the list and let it go back to Entra AD only; the drives map again via intune. Web sign-in for Windows | Microsoft Learn I have narrowed it down the authentication that it is using that doesnt work. If you go on the PC and connect your vpn or domain network cable and use: net use but pass your domain credentails like domain\username and password it works just fine. There are zero eventvwr logs on DC, zero logs on machine itself. or I just cannot find them. We are using Azure AD Connect with Password Hash, Password Writeback enabled, device writeback disabled. We use a GCC tenant with P2. Whoami on both machines come back with domain\username Does Web Sign In Enabled allow seamless access to domain resources the normal entra ad on its own or did they just say not supported? submitted by /u/Afraid-Ad8986 [link] [comments]
I have a sign up flow (custom policy) within Power Pages. Within the custom policy I have some custom claims. Everything works fine. However I found out I can only share the endpoint with users I want to invite to the platform and that does not parse the custom claims as well to Dataverse. I want to pass those claims to Dataverse as well and I can do that if I press the internal link within Power Pages. I am quite new but the endpoint from the Power Pages side scope=openid&state=OpenIdConnect.AuthenticationProperties contains this within while the normal custom policy endpoint does not. How would I be able to share the internal link, or even better, what would be the formulation for it ? submitted by /u/TalosTheRobot [link] [comments]
Hey all, I am currently reviewing some assessments for Azure AD and one of the suggestions is to disable soft/hard matching of attributes in Azure AD sync. It says that they should be turned off at all times unless when they are needed but doesn't really say when soft/hard matching is really needed - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-existing-tenant One case I am aware of is when you need to force a sync during a migration or simply match up the source anchor when there are errors in the attribute sync. Would disabling both soft and hard matching feature cause any issues with everyday user account syncs? or any gotchas that I should be aware of? TIA! submitted by /u/Chipperchoi [link] [comments]
I've been googling an answer for this, which I thought was straightforward, but I haven't found anything. I created a simple asp.net web app in my PC that includes just a webform that sends an email. I want to deploy this to Azure. On the Azure side, my domain is already pointing to an Azure Static Web App (i.e. I get the Congratulations on your new site! page) So the question is: how can I deploy this simple asp.net webform to Azure? submitted by /u/East_Sentence_4245 [link] [comments]
Azure Fundamentals –> Azure Administrator –> Microsoft Security, Compliance, and Identity Fundamentals –> Azure Solutions Architect Expert or Microsoft Azure Security Technologies
or Designing and Implementing Microsoft DevOps Solutions
That being said, I’d recommend learn scripting as that would come in handy for this admin path expert. If you passed SAA, I’m positive you can pass any cert with proper dedication.
FYI – I created this free tool to carve out your certification path. Give it a try here. Open to feedback on how it can be improved for everyone.
Certifications for Microsoft Azure
There’s a Microsoft certification for you, whether or not you’re thinking about what Microsoft Azure is and where to start, or where you should go next in your cloud job. There are around 16 Azure cloud assertions open. Here is an overview of current Microsoft Azure assertions.
Microsoft Certified: Azure Administrator Associate
Microsoft Certified: Azure Developer Associate
Microsoft Certified: Azure Database Administrator Associate
Microsoft Certified: Azure Security Engineer Associate
Microsoft Certified: Azure Data Scientist Associate
Microsoft Certified: Azure Data Engineer Associate
Microsoft Certified: Azure AI Engineer Associate
Microsoft Certified: Azure Stack Hub Operator Associate
Expert Level Certifications
Microsoft Certified: Azure Solutions Architect Expert
Microsoft Certified: DevOps Engineer Expert
Specialty Certifications
Microsoft Certified: Azure IoT Developer Specialty
Microsoft Certified: Azure for SAP Workloads Specialty
Microsoft Certified: Azure Virtual Desktop Specialty
There are also two other Microsoft assertions that are Azure-related. While we won’t cautiously depict them in this post, dependent upon your master way and limit, they might justify researching.
For security engineers responsible for peril the leaders, checking, and response, the Microsoft Certified: Security Operations Analyst Associate confirmation is required. It requires completing the SC-200 appraisal.
Test SC-300 is required for the Microsoft Certified: Identity and Access Administrator Associate, which is for heads who use Azure AD to manage IAM.
What mightbe prudent for you to do first?
In particular, you should make certain with regards to what a Microsoft Azure confirmation is and isn’t. Is simply clear? Phenomenal! Then, at that point, we ought to explore three circumstances that can assist you with picking where to start.
“I’m new to development. I’m essentially uninformed in regards to this ‘cloud’ that is quite serious.”
You can sort out some way to cloud in the event that you’re the kind of person who counts “Microsoft Word” as a specific capacity on your resume. On the off chance that you’re just beginning started, a section level certification will outfit you with the language and understanding you’ll need to all the more promptly analyze your ensuing stages. The AZ-900 Azure Fundamentals accreditation is your first stop on the Azure road.
The cloud might be alarming, yet the capacities you’ll get as you seek after this accreditation will help you with understanding it in a way that even an all out beginner can understand — especially if you have the right getting ready. (Look at me as a hotshot, yet I think our Azure Fundamentals getting ready is astonishing.)
“I have a fundamental cognizance of the cloud.”
Perhaps you’ve worked in the IT field beforehand. Perhaps you’ve attempted various things with AWS, GCP, or Azure. Do you accept you’re ready to make a dive? Press the brakes. Start with the Azure Fundamentals affirmation, if you haven’t at this point. In the best circumstance, you’ll see it to be a breeze. Regardless, paying little heed to how far you advance in Azure, this accreditation will give the establishment to future accomplishment. The accompanying crosspiece on the ladder (Azure Administrator Associate) can be an inconvenient one to ascend. Before dealing with it, you’ll need all of the Fundamentals data notwithstanding a huge load of Azure included knowledge.
Here are different Azure Certifications (Microsoft Certified)
AZ-900
For beginners, this is the best Microsoft Azure accreditation. It’s an unprecedented spot to start on the off chance that you’re new to appropriated processing or Microsoft Azure. This one would be Azure 101 if test names appeared to be okay and acceptable.
Test AZ-900: Microsoft Azure Fundamentals ($99 USD) is required.
There are no fundamentals.
For whom this is for?
In a general sense, everyone. Non-particular individuals with a cloud-related calling, similarly as new or cheerful designers or IT experts, could benefit from acknowledging what the cloud is and isn’t. Any person who needs to comprehend the Microsoft Azure environment should have the data expected to complete this evaluation.
Fundamentals DP-900 Microsoft Certified
For inescapable data focused cloud subject matter experts, this is a significant beginning advance assertion.
Test DP-900: Microsoft Azure Data Fundamentals ($99 USD) is required.
There are no fundamentals.
For whom this is for?
This helper is for informational collection draftsmen and data base administrators who are essentially starting with cloud data.
AI Fundamentals AI-900 Microsoft Certified
This Microsoft Azure affirmation exhibits that you appreciate the fundamentals of man-made mental ability (AI) and AI (ML) in Azure for amateurs with both particular and non-specific establishments.
Test AI-900: Microsoft Azure AI Fundamentals ($99 USD) is required.
There are no basics.
For whom this is for?
Reproduced insight Engineers, Data Scientists, Developers, and Solutions Architects with a working data on AL and ML, similarly as Azure organizations related with them. This affirmation, like the others in the Azure Fundamentals series, is normal for those with both specific and non-particular establishments. That proposes data science and PC programming experience aren’t required, but Microsoft recommends making them program data or experience.
Administrator Associate AZ-104 is a Microsoft attestation.
For the IT swarm, this is the rudiments of Azure organization. This takes you from a fundamental perception of the cloud to having the alternative to perform cloud tasks (and get repaid to do them).
Test AZ-104: Microsoft Azure Administrator ($165 USD) is required.
For whom this is for?
This affirmation is for IT specialists and administrators who screen cloud assets and resources and direct cloud system. This test is (mistakenly) seen as an entry level test, yet you’ll need to know an immense heap of anticipated that information should pass and do whatever it takes not to have your AZ denied.
Azure Container Apps is a serverless offering you can use to host your containers. It is a good fit for containerized apps and hosting microservices. Integrated services like KEDA, Envoy proxy, and Dapr provide you with out-of-the-box auto-scaling, ingress, traffic splitting, and simplified microservice connectivity.
Container Apps service is built on top of Kubernetes. Container Apps are an Azure Resource Manager deployment object, meaning you can’t just use your existing Kubernetes object descriptions and migrate them to Container Apps. You need to rewrite your deployment stack using Bicep or ARM templates. Terraform is not yet supported.
CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps
Almost 4.57 billion people were active internet users as of July 2020, encompassing 59 percent of the global population. 94% of enterprises use cloud. 77% of organizations worldwide have at least one application running on the cloud. This results in an exponential growth of cyber attacks. Therefore, CyberSecurity is one the biggest challenge to individuals and organizations worldwide: 158,727 cyber attacks per hour, 2,645 per minute and 44 every second of every day.
I- The AWS Certified Security – Specialty (SCS-C01) examination is intended for individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform.
It validates an examinee’s ability to demonstrate:
An understanding of specialized data classifications and AWS data protection mechanisms.
An understanding of data-encryption methods and AWS mechanisms to implement them.
An understanding of secure Internet protocols and AWS mechanisms to implement them.
Question 2: A company has AWS workloads in multiple geographical locations. A Developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the Developer wants to create the same encrypted database in the us-east-1 Region. Which approach should the Developer take to accomplish this task?
A) Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region and specify a KMS key in the us-east-1 Region. Restore the database from the copied snapshot.
B) Create an unencrypted snapshot of the database in the us-west-1 Region. Copy the snapshot to the useast-1 Region. Restore the database from the copied snapshot and enable encryption using the KMS key from the us-east-1 Region
C) Disable encryption on the database. Create a snapshot of the database in the us-west-1 Region. Copy the snapshot to the us-east-1 Region. Restore the database from the copied snapshot.
D) In the us-east-1 Region, choose to restore the latest automated backup of the database from the us-west1 Region. Enable encryption using a KMS key in the us-east-1 Region
ANSWER2:
A
Notes/Hint2:
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region specific. Instead, users must specify a KMS key that is valid in the destination Region
Question 3: A corporate cloud security policy states that communication between the company’s VPC and KMS must travel entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST satisfies this requirement? (Select TWO.)
A) Add the aws:sourceVpce condition to the AWS KMS key policy referencing the company’s VPC endpoint ID.
B) Remove the VPC internet gateway from the VPC and add a virtual private gateway to the VPC to prevent direct, public internet connectivity.
C) Create a VPC endpoint for AWS KMS with private DNS enabled.
D) Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. E) Add the following condition to the AWS KMS key policy: “aws:SourceIp”: “10.0.0.0/16“.
Question 4: An application team is designing a solution with two applications. The security team wants the applications’ logs to be captured in two different places, because one of the applications produces logs with sensitive data. Which solution meets the requirement with the LEAST risk and effort?
A) Use Amazon CloudWatch Logs to capture all logs, write an AWS Lambda function that parses the log file, and move sensitive data to a different log.
B) Use Amazon CloudWatch Logs with two log groups, with one for each application, and use an AWS IAM policy to control access to the log groups, as required.
C) Aggregate logs into one file, then use Amazon CloudWatch Logs, and then design two CloudWatch metric filters to filter sensitive data from the logs.
D) Add logic to the application that saves sensitive data logs on the Amazon EC2 instances’ local storage, and write a batch script that logs into the Amazon EC2 instances and moves sensitive logs to a secure location.
In an n-tier architecture, each tier’s security group allows traffic from the security group sending it traffic only. The presentation tier opens traffic for HTTP and HTTPS from the internet. Since security groups are stateful, only inbound rules are required.
Question 6: A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the engineer take to enable users to be authenticated into the web application and call APIs? (Select THREE).
A) Create a custom authorization service using AWS Lambda.
B) Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
C) Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
D) Configure an Amazon Cognito identity pool to integrate with social login providers.
E) Update DynamoDB to store the user email addresses and passwords.
F) Update API Gateway to use an Amazon Cognito user pool authorizer.
ANSWER6:
B, C and F
Notes/Hint6:
When Amazon Cognito receives a SAML assertion, it needs to be able to map SAML attributes to user pool attributes. When configuring Amazon Cognito to receive SAML assertions from an identity provider, you need ensure that the identity provider is configured to have Amazon Cognito as a relying party.Amazon API Gateway will need to be able to understand the authorization being passed from Amazon Cognito, which is a configuration step.
Question 7: A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A security engineer has written the following bucket policy to grant public read access:
Attempts to read an object, however, receive the error: “Action does not apply to any resource(s) in statement.” What should the engineer do to fix the error?
A) Change the IAM permissions by applying PutBucketPolicy permissions.
B) Verify that the policy has the same name as the bucket name. If not, make it the same.
C) Change the resource section to “arn:aws:s3:::appbucket/*”.
D) Add an s3:ListBucket action.
ANSWER7:
C
Notes/Hint7:
The resource section should match with the type of operation. Change the ARN to include /* at the end, as it is an object operation.
Question 8: A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)
A) Check to see if the application servers are in a private subnet or public subnet.
B) Check the route tables for the application server subnets for routes to the VPC peering connection.
C) Check the NACLs for the database subnets for rules that allow traffic from the internet.
D) Check the database security groups for rules that allow traffic from the application servers.
E) Check to see if the database VPC has an internet gateway.
Question 9: A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture:
Data must be encrypted in transit.
Data must be encrypted at rest.
The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
Which combination of steps would meet the requirements? (Select TWO.)
A) Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.
B) Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.
C) Add a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.
D) Add a bucket policy with aws:SourceIp to allow uploads and downloads from the corporate intranet only.
E) Enable Amazon Macie to monitor and act on changes to the data lake’s S3 bucket.
Question 10: A security engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way?
A) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket with versioning enabled. Set a lifecycle policy to move the data to Amazon Glacier daily, and expire the data after 90 days.
B) Enable AWS CloudTrail logging across all accounts to S3 buckets. Set a lifecycle policy to expire the data in each bucket after 7 years.
C) Enable AWS CloudTrail logging across all accounts to Amazon Glacier. Set a lifecycle policy to expire the data after 7 years.
D) Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket. Set a lifecycle policy to move the data to Amazon Glacier after 90 days, and expire the data after 7 years.
ANSWER10:
D
Notes/Hint10:
Meets all requirements and is cost effective by using lifecycle policies to transition to Amazon Glacier.
Question 11: A security engineer has been informed that a user’s access key has been found on GitHub. The engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities. Which steps must be taken to perform these tasks?
A) Review the user’s IAM permissions and delete any unrecognized or unauthorized resources.
B) Delete the user, review Amazon CloudWatch Logs in all regions, and report the abuse.
C) Delete or rotate the user’s key, review the AWS CloudTrail logs in all regions, and delete any unrecognized or unauthorized resources.
D) Instruct the user to remove the key from the GitHub submission, rotate keys, and re-deploy any instances that were launched.
Question 12: You have a CloudFront distribution configured with the following path patterns: When users request objects that start with ‘static2/’, they are receiving 404 response codes. What might be the problem?
A) CloudFront distributions cannot have multiple different origin types
B) The ‘*’ path pattern must appear after the ‘static2/*’ path
C) CloudFront distributions cannot have origins in different AWS regions
D) The ‘*’ path pattern must appear before ‘static1/*’ path
ANSWER12:
C
Notes/Hint12:
CloudFront distributions cannot have origins in different AWS regions
Question 13: An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?
A) Access the data through an Internet Gateway.”,
B) Access the data through a VPN connection.”,
C) Access the data through a NAT Gateway.”,
D) Access the data through a VPC endpoint for Amazon S3″,
ANSWER13:
D
Notes/Hint13:
VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.
Question 14: An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data. How can the organization control which networks can access the cluster?
A) Run the cluster in a different VPC and connect through VPC peering
B) Create a database user inside the Amazon Redshift cluster only for users on the network
C) Define a cluster security group for the cluster that allows access from the allowed networks
D) Only allow access to networks that connect with the shared services network via VPN
ANSWER14:
C
Notes/Hint14:
A security group can grant access to traffic from the allowed networks via the CIDR range for each network. VPC peering and VPN are connectivity services and cannot control traffic for security. Amazon Redshift user accounts address authentication and authorization at the user level and have no control over network traffic
Question 15: From a security perspective, what is a principal?
A) An identity
B) An anonymous user
C) An authenticated user
D) A resource
ANSWER15:
B and C
Notes/Hint15:
An anonymous user falls under the definition of a principal. A principal can be an anonymous user acting on a system. An authenticated user falls under the definition of a principal. A principal can be an authenticated user acting on a system
Question 16: A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?
A) Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
B) Pass the access key to the instances through instance user data.
C) Obtain the access key from a key server launched in a private subnet
D) Create an IAM role with permissions to access the table, and launch all instances with the new role
ANSWER16:
D
Notes/Hint16:
IAM roles for EC2 instances allow applications running on the instance to access AWS resources without having to create and store any access keys. Any solution involving the creation of an access key then introduces the complexity of managing that secret
Question 17: While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using ____.”,
Question 18: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?
A) Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
B) Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
C) Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
D) Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.”,
ANSWER18:
D
Notes/Hint18:
With Envelope Encryption, unencrypted data is encrypted using plaintext Data key. This Data is further encrypted using plaintext Master key. This plaintext Master key is securely stored in AWS KMS & known as Customer Master Keys.
Question 19: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?
A) Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
B) Configure S3 bucket tags with your AWS access keys for your bucket hosting your website so that the application can query them for access.
C) Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
D) Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
ANSWER2:
C
Notes/Hint19:
With web identity federation, you don’t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don’t have to embed and distribute long-term security credentials with your application. Option A is invalid since Roles cannot be assigned to S3 buckets Options B and D are invalid since the AWS Access keys should not be used
Question 20: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?
A) Cognito Data
B) Cognito Events
C) Cognito Streams
D) Cognito Callbacks
ANSWER20:
C
Notes/Hint20:
Amazon Cognito Streams gives developers control and insight into their data stored in Amazon Cognito. Developers can now configure a Kinesis stream to receive events as data is updated and synchronized. Amazon Cognito can push each dataset change to a Kinesis stream you own in real time. All other options are invalid since you should use Cognito Streams
Question 22:Which of the following statements are correct? (Choose 2)
A) The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
B) The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
C) The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
D) The Customer MasterKey is used to encrypt and decrypt plain text files.
ANSWER22:
A and B
Notes/Hint22:
AWS Key Management Service Concepts: The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key, The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
Question 23:Which of the following is an encrypted key used by KMS to encrypt your data
A) Customer Managed Key
B) Encryption Key
C) Envelope Key
D) Customer Master Key
ANSWER23:
C
Notes/Hint23:
Your Data key also known as the Enveloppe key is encrypted using the master key. This approach is known as Envelope encryption. Envelope encryption is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key
Question 26: A Security engineer must develop an AWS Identity and Access Management (IAM) strategy for a company’s organization in AWS Organizations. The company needs to give developers autonomy to develop and test their applications on AWS, but the company also needs to implement security guardrails to help protect itself. The company creates and distributes applications with different levels of data classification and types. The solution must maximize scalability.
Which combination of steps should the security engineer take to meet these requirements? (Choose three.)
A) Create an SCP to restrict access to highly privileged or unauthorized actions to specific AM principals. Assign the SCP to the appropriate AWS accounts.
B) Create an IAM permissions boundary to allow access to specific actions and IAM principals. Assign the IAM permissions boundary to all AM principals within the organization
C) Create a delegated IAM role that has capabilities to create other IAM roles. Use the delegated IAM role to provision IAM principals by following the principle of least privilege.
D) Create OUs based on data classification and type. Add the AWS accounts to the appropriate OU. Provide developers access to the AWS accounts based on business need.
E) Create IAM groups based on data classification and type. Add only the required developers’ IAM role to the IAM groups within each AWS account.
F) Create IAM policies based on data classification and type. Add the minimum required IAM policies to the developers’ IAM role within each AWS account.
Answer: A B and C
Notes:
If you look at the choices, there are three related to SCP, which controls services, and three related to IAM and permissions boundaries.
Limiting services doesn’t help with data classification – using boundaries, policies and roles give you the scalability and can solve the problem.
Question 27: A Network Load Balancer (NLB) target instance is not entering the InService state. A security engineer determines that health checks are failing,
Which factors could cause the health check failures? (Choose three.)
A) The target instance’s security group does not allow traffic from the NLB.
B) The target instance’s security group is not attached to the NLB
C) The NLB’s security group is not attached to the target instance.
D) The target instance’s subnet network ACL does not allow traffic from the NLB.
E) The target instance’s security group is not using IP addresses to allow traffic from the NLB.
F) The target network ACL is not attached to the NLB.
B D and E I believe. You have a one to many relationship based on L3 NLB, and it’s unreachable – well architected would put them in same security group, the traffic would have to be allowed on the port that’s sending and receiving. The host points back to NLB as default gateway. Don’t think other ones fit. Plus BDE is a preferred combo for their tests. I remember it with the acronym big dice envy.
Cryptography: Practice and study of techniques for secure communication in the presence of third parties called adversaries.
Hacking: catch-all term for any type of misuse of a computer to break the security of another computing system to steal data, corrupt systems or files, commandeer the environment or disrupt data-related activities in any way.
Cyberwarfare: Uuse of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists
Penetration testing: Colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.
Malwares: Any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
Malware Analysis Tool: Any .Run Malware hunting with live access to the heart of an incident https://any.run/Malware Analysis Total: VirusTotal – Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community https://www.virustotal.com/gui/
VPN: A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection.
Antivirus: Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
DDos: A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack.
Fraud Detection: Set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.
Spywares: Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device’s security.
Spoofing: Disguising a communication from an unknown source as being from a known, trusted source
Pharming: Malicious websites that look legitimate and are used to gather usernames and passwords.
Catfishing: Creating a fake profile for fraudulent or deceptive purposes
SSL: Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
Phishing emails: Disguised as trustworthy entity to lure someone into providing sensitive information
Intrusion detection System: Device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
Encryption: Encryption is the method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
MFA: Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
Vulnerabilities: A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
SQL injections: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Cyber attacks: In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
Confidentiality: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
Secure channel: In cryptography, a secure channel is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing, but not necessarily resistant to tampering.
Tunneling: Communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
SSH: Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSL Certificates: SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information.
Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Cybercrime: Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation’s security and financial health.
Backdoor: A backdoor is a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
Salt and Hash: A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts.
Password: A password, sometimes called a passcode,[1] is a memorized secret, typically a string of characters, usually used to confirm the identity of a user.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant’s identity.
Fingerprint: A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal.
Facial recognition: Facial recognition works better for a person as compared to fingerprint detection. It releases the person from the hassle of moving their thumb or index finger to a particular place on their mobile phone. A user would just have to bring their phone in level with their eye.
Asymmetric key ciphers versus symmetric key ciphers (Difference between symmetric and Asymmetric encryption): The basic difference between these two types of encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.
Decryption: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
Algorithms: Finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation.
Authentication: is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate,[1] determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.
DFIR: Digital forensic and incident response: Multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. We’ll discuss those more below.
OTP: One Time Password: A one-time password, also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device
Proxy Server and Reverse Proxy Server:A proxyserver is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverseproxyserver is a type of proxyserver that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.
Offensive * Exploit Database – The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. https://www.exploit-db.com/
Dark Reading Cyber security’s comprehensive news site is now an online community for security professionals. https://www.darkreading.com/
The Hacker News – The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts. https://thehackernews.com
SecuriTeam – A free and independent source of vulnerability information. https://securiteam.com/
SANS NewsBites – “A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.” Published for free on Tuesdays and Fridays. https://www.sans.org/newsletters/newsbites
SimplyCyber Weekly vids, Simply Cyber brings Information security related content to help IT or Information Security professionals take their career further, faster. Current cyber security industry topics and techniques are explored to promote a career in the field. Topics cover offense, defense, governance, risk, compliance, privacy, education, certification, conferences; all with the intent of professional development. https://www.youtube.com/c/GeraldAuger
HackADay – Hackaday serves up Fresh Hacks Every Day from around the Internet. https://hackaday.com/
TheCyberMentor – Heath Adams uploads regular videos related to various facets of cyber security, from bug bounty hunts to specific pentest methodologies like API, buffer overflows, networking. https://www.youtube.com/c/TheCyberMentor/
Grant Collins – Grant uploads videos regarding breaking into cybersecurity, various cybersecurity projects, building up a home lab amongst many others. Also has a companion discord channel and a resource website. https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA/featured
Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
Security Now – Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
Daily Information Security Podcast (“StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
ShadowTalk Threat Intelligence Podcast by Digital Shadow_. The weekly podcast highlights key findings of primary-source research our Intelligence Team is conducting, along with guest speakers discussing the latest threat actors, campaigns, security events and industry news. https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk
Don’t Panic – The Unit 42 Podcast Don’t Panic! is the official podcast from Unit 42 at Palo Alto Networks. We find the big issues that are frustrating cyber security practitioners and help simplify them so they don’t need to panic. https://unit42.libsyn.com/
Recorded Future Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. https://www.recordedfuture.com/resources/podcast/
The Cybrary Podcast Listen in to the Cybrary Podcast where we discuss a range topics from DevSecOps and Ransomware attacks to diversity and how to retain of talent. Entrepreneurs at all stages of their startup companies join us to share their stories and experience, including how to get funding, hiring the best talent, driving sales, and choosing where to base your business. https://www.cybrary.it/info/cybrary-podcast/
Cyber Life The Cyber Life podcast is for cyber security (InfoSec) professionals, people trying to break into the industry, or business owners looking to learn how to secure their data. We will talk about many things, like how to get jobs, cover breakdowns of hot topics, and have special guest interviews with the men and women “in the trenches” of the industry. https://redcircle.com/shows/cyber-life
Career Notes Cybersecurity professionals share their personal career journeys and offer tips and advice in this brief, weekly podcast from The CyberWire. https://www.thecyberwire.com/podcasts/career-notes
Down the Security Rabbitholehttp://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
The Privacy, Security, & OSINT Showhttps://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
Defensive Security Podcasthttps://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
Darknet Diarieshttps://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
Brakeing Down Securityhttps://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
Open Source Security Podcasthttps://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
Cyber Motherboardhttps://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
Hak5https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
Threatpost Podcast Serieshttps://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
CISO-Security Vendor Relationship Podcasthttps://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.
Getting Into Infosec Podcast Stories of how Infosec and Cybersecurity pros got jobs in the field so you can be inspired, motivated, and educated on your journey. – https://gettingintoinfosec.com/
Unsupervised Learning Weekly podcasts and biweekly newsletters as a curated summary intersection of security, technology, and humans, or a standalone idea to provoke thought, by Daniel Miessler. https://danielmiessler.com/podcast/
SECURITY BOOKS:
Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O’Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://landing.google.com/sre/books/
Security Engineering By Ross Anderson – A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
The Cyber Skill Gap By Vagner Nunes – The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
Texas A&M Security Courses The web-based courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power the global economy remain intact and secure. The web-based courses are offered through three discipline-specific tracks: general, non-technical computer users; technical IT professionals; and business managers and professionals. https://teex.org/program/dhs-cybersecurity/
AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
“Using ATT&CK for Cyber Threat Intelligence Training” – 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
Chief Information Security Officer (CISO) Workshop Training – The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
CLARK Center Plan C – Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
Enroll Now Free: PCAP Programming Essentials in Pythonhttps://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
Stanford University Webinar – Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: — The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
Stanford University Webinar – Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
Kill Chain: The Cyber War on America’s Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
Pluralsight and Microsoft Partnership to help you become an expert in Azure. With skill assessments and over 200+ courses, 40+ Skill IQs and 8 Role IQs, you can focus your time on understanding your strengths and skill gaps and learn Azure as quickly as possible.https://www.pluralsight.com/partners/microsoft/azure
Blackhat Webcast Series Monthly webcast of varying cyber topics. I will post specific ones in the training section below sometimes, but this is worth bookmarking and checking back. They always have top tier speakers on relevant, current topics. https://www.blackhat.com/html/webcast/webcast-home.html
Federal Virtual Training Environment – US Govt sponsored free courses. There are 6 available, no login required. They are 101 Coding for the Public, 101 Critical Infrastructure Protection for the Public, Cryptocurrency for Law Enforcement for the Public, Cyber Supply Chain Risk Management for the Public, 101 Reverse Engineering for the Public, Fundamentals of Cyber Risk Management. https://fedvte.usalearning.gov/public_fedvte.php
Harrisburg University CyberSecurity Collection of 18 curated talks. Scroll down to CYBER SECURITY section. You will see there are 4 categories Resource Sharing, Tools & Techniques, Red Team (Offensive Security) and Blue Teaming (Defensive Security). Lot of content in here; something for everyone. https://professionaled.harrisburgu.edu/online-content/
OnRamp 101-Level ICS Security Workshop Starts this 4/28. 10 videos, Q&A / discussion, bonus audio, great links. Get up to speed fast on ICS security. It runs for 5 weeks. 2 videos per week. Then we keep it open for another 3 weeks for 8 in total. https://onramp-3.s4xevents.com
HackXOR WebApp CTF Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I’ve personally found while doing pentests, bug bounty hunting, and research. https://hackxor.net/
flAWS System Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). Multiple levels, “Buckets” of fun. http://flaws.cloud/
Stanford CS 253 Web Security A free course from Stanford providing a comprehensive overview of web security. The course begins with an introduction to the fundamentals of web security and proceeds to discuss the most common methods for web attacks and their countermeasures. The course includes video lectures, slides, and links to online reading assignments. https://web.stanford.edu/class/cs253
Linux Journey A free, handy guide for learning Linux. Coverage begins with the fundamentals of command line navigation and basic text manipulation. It then extends to more advanced topics, such as file systems and networking. The site is well organized and includes many examples along with code snippets. Exercises and quizzes are provided as well. https://linuxjourney.com
Ryan’s Tutorials A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions. https://ryanstutorials.net
CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn:The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise. How to use TI to respond to and minimize impact of cyber incidents. How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers. https://www.shadowscape.io/cyber-intelligence-analytics-operat
Linux Command Line for Beginners 25 hours of training – In this course, you’ll learn from one of Fullstack’s top instructors, Corey Greenwald, as he guides you through learning the basics of the command line through short, digestible video lectures. Then you’ll use Fullstack’s CyberLab platform to hone your new technical skills while working through a Capture the Flag game, a special kind of cybersecurity game designed to challenge participants to solve computer security problems by solving puzzles. Finally, through a list of carefully curated resources through a series of curated resources, we’ll introduce you to some important cybersecurity topics so that you can understand some of the common language, concepts and tools used in the industry. https://prep.fullstackacademy.com/
Hacking 101 6 hours of free training – First, you’ll take a tour of the world and watch videos of hackers in action across various platforms (including computers, smartphones, and the power grid). You may be shocked to learn what techniques the good guys are using to fight the bad guys (and which side is winning). Then you’ll learn what it’s like to work in this world, as we show you the different career paths open to you and the (significant) income you could make as a cybersecurity professional. https://cyber.fullstackacademy.com/prepare/hacking-101
Choose Your Own Cyber Adventure Series: Entry Level Cyber Jobs Explained YouTube Playlist (videos from my channel #simplyCyber) This playlist is a collection of various roles within the information security field, mostly entry level, so folks can understand what different opportunities are out there. https://www.youtube.com/playlist?list=PL4Q-ttyNIRAqog96mt8C8lKWzTjW6f38F
NETINSTRUCT.COM Free Cybersecurity, IT and Leadership Courses – Includes OS and networking basics. Critical to any Cyber job. https://netinstruct.com/courses
HackerSploit – HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. https://hackersploit.org/
Computer Science courses with video lectures Intent of this list is to act as Online bookmarks/lookup table for freely available online video courses. Focus would be to keep the list concise so that it is easy to browse. It would be easier to skim through 15 page list, find the course and start learning than having to read 60 pages of text. If you are student or from non-CS background, please try few courses to decide for yourself as to which course suits your learning curve best. https://github.com/Developer-Y/cs-video-courses?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
Cryptography I -offered by Stanford University – Rolling enrollment – Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. https://www.coursera.org/learn/crypto
Software Security Rolling enrollment -offered by University of Maryland, College Park via Coursera – This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. https://www.coursera.org/learn/software-security
Intro to Information Security Georgia Institute of Technology via Udacity – Rolling Enrollment. This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming knowledge — both undergraduate and graduate — understand this important priority in society today. Offered at Georgia Tech as CS 6035 https://www.udacity.com/course/intro-to-information-security–ud459
Cyber-Physical Systems Security Georgia Institute of Technology via Udacity – This course provides an introduction to security issues relating to various cyber-physical systems including industrial control systems and those considered critical infrastructure systems. 16 week course – Offered at Georgia Tech as CS 8803 https://www.udacity.com/course/cyber-physical-systems-security–ud279
Finding Your Cybersecurity Career Path – University of Washington via edX – 4 weeks long – self paced – In this course, you will focus on the pathways to cybersecurity career success. You will determine your own incoming skills, talent, and deep interests to apply toward a meaningful and informed exploration of 32 Digital Pathways of Cybersecurity. https://www.edx.org/course/finding-your-cybersecurity-career-path
Building a Cybersecurity Toolkit – University of Washington via edX – 4 weeks self-paced The purpose of this course is to give learners insight into these type of characteristics and skills needed for cybersecurity jobs and to provide a realistic outlook on what they really need to add to their “toolkits” – a set of skills that is constantly evolving, not all technical, but fundamentally rooted in problem-solving. https://www.edx.org/course/building-a-cybersecurity-toolkit
Cybersecurity: The CISO’s View – University of Washington via edX – 4 weeks long self-paced – This course delves into the role that the CISO plays in cybersecurity operations. Throughout the lessons, learners will explore answers to the following questions: How does cybersecurity work across industries? What is the professionals’ point of view? How do we keep information secure https://www.edx.org/course/cybersecurity-the-cisos-view
Introduction to Cybersecurity – University of Washington via edX – In this course, you will gain an overview of the cybersecurity landscape as well as national (USA) and international perspectives on the field. We will cover the legal environment that impacts cybersecurity as well as predominant threat actors. – https://www.edx.org/course/introduction-to-cybersecurity
Cyber Attack Countermeasures New York University (NYU) via Coursera – This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. – https://www.coursera.org/learn/cyber-attack-countermeasures
Introduction to Cyber Attacks New York University (NYU) via Coursera – This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. https://www.coursera.org/learn/intro-cyber-attacks
Enterprise and Infrastructure Security New York University (NYU) via Coursera – This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. https://www.coursera.org/learn/enterprise-infrastructure-security
Network Security Georgia Institute of Technology via Udacity – This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas. – https://www.udacity.com/course/network-security–ud199
Real-Time Cyber Threat Detection and Mitigation – New York University (NYU) via Coursera This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. https://www.coursera.org/learn/real-time-cyber-threat-detection
Hey everyone, I’ve started getting into hacking, and would like to know the cheapest but best Wi-Fi cracking/deauthing/hacking adapter. I’m on a fairly tight budget of 20AUD and am willing to compromise if needed. Priority is a card with monitor mode, then cracking capabilities, then deauthing, etc. Thank you guys! By the way, if there are any beginner tips you are willing to give, please let me know!
A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
The web server sends the browser/server a copy of its SSL certificate.
The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
Encrypted data is shared between the browser/server and the web server.
There are many benefits to using SSL certificates. Namely, SSL customers can:
Utilize HTTPs, which elicits a stronger Google ranking
Create safer experiences for your customers
Build customer trust and improve conversions
Protect both customer and internal data
Encrypt browser-to-server and server-to-server communication
Authentication — The process of checking if a user is allowed to gain access to a system. eg. Login forms with username and password.
Authorization — Checking if the authenticated user has access to perform an action. eg. user, admin, super admin roles.
Audit — Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
Access Control List — A list that contains users and their level of access to a system.
Aircrack-ng — Wifi penetration testing software suite. Contains sniffing, password cracking, and general wireless attacking tools.
Backdoor — A piece of code that lets hackers get into the system easily after it has been compromised.
Burp Suite — Web application security software, helps test web apps for vulnerabilities. Used in bug bounty hunting.
Banner Grabbing — Capturing basic information about a server like the type of web server software (eg. apache) and services running on it.
Botnet — A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
Brute-Force Attack — An attack where the hacker tries different login combinations to gain access. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other buffers (memory partitions) corrupting existing data.
Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
Cipher — Cryptographic algorithm for encrypting and decrypting data.
Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
Dumpster Diving — Looking into a company’s trash cans for useful information.
Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
Encryption — Encoding a message with a key so that only the parties with the key can read the message.
Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
Enumeration — Mapping out all the components of a network by gaining access to a single system.
Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
John The Ripper — Brilliant password cracking tool, runs on all major platforms.
Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
KeyLogger — A software program that captures all keystrokes that a user performs on the system.
Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
Network Interface Card(NIC) — Hardware that helps a device connect to a network.
Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
Netcat — Simple but powerful tool that can view and record data on a TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
Phishing — Building fake web sites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
Rainbow Table — Pre calculated password hashes that will help you crack password hashes of the target easily.
Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
Reverse Engineering — Rebuilding a piece of software based on its functions.
Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to login to remote servers and perform system administration.
Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare with another hash, you cannot re-hash it to its earlier format.
Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
Trojan — A malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
Traceroute — Tool that maps the route a packet takes between the source and destination.
Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. autoplaying a USB drive.
Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to built a botnet. Unlike Viruses, Worms don’t need a trigger.
Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerabilities since there is no possible way to protect against one.
Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.
Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector – security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.
Re-evaluate your approach to cyber
Which cyber scenarios your organization appears to be preparing for or is prepared?
Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
The organizations should reflect the following scenarios at a minimum and consider:
Which cyber scenarios your organization appears to be preparing for or is prepared?
Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
To tackle the outcome from the above scenarios, the following measures are the key:
Inoculation through education: Educate and / or remind your employees about –
Your organization’s defense – remote work cyber security policies and best practices
Potential threats to your organization and how will it attack – with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
Assisting remote employees with enabling MFA across the organization assets
Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:
Set intelligence collection priorities
Share threat intelligence with other organizations
Use intelligence to move at the speed of the threat
Focus on known tactics, such as phishing and C-suite fraud.
Prioritize unpatched critical systems and common vulnerabilities.
Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:
Protect key systems through isolation
Fully understand and contain the incident
Eradicate any malware
Implement appropriate protection measures to improve overall system posture
Identify and prioritize the recovery of key business processes to deliver operations
Implement a prioritized recovery plan
Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:
Secure and monitor your cloud environments and remote working applications
Increase monitoring to identify threats from shadow IT
Analyze behavior patterns to improve detection content
Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.
Critical actions to address
At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:
Getting a seat at the table
Understanding the risk prioritization:
Remote workforce/technology performance
Operational and financial implications
Emerging insider and external threats
Business continuity capabilities
Assessing cyber governance and security awareness in the new operating environment
Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.
Keeping leadership and the Board apprised of ever-changing risk profile
Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.
CyberSecurity: Protect Yourself on Internet
Use two factor authentication when possible. If not possible, use strong unique passwords that are difficult to guess or crack. This means avoiding passwords that use of common words, your birthdate, your SSN, names and birthdays of close associates, etc.
Make sure the devices you are using are up-to-date and have some form of reputable anti-virus/malware software installed.
Never open emails, attachments, programs unless they are from a trusted source (i.e., a source that can be verified). Also disregard email or web requests that ask you to share your personal or account information unless you are sure the request and requestor are legitimate.
Try to only use websites that are encrypted. To do this, look for either the trusted security lock symbol before the website address and/or the extra “s” at the end of http in the URL address bar.
Avoid using an administrator level account when using the internet.
Only enable cookies when absolutely required by a website.
Make social media accounts private or don’t use social media at all.
Consider using VPNs and encrypting any folders/data that contains sensitive data.
Stay away from using unprotected public Wi-Fi networks.
Social media is genetically engineered in Area 51 to harvest as much data from you as possible. Far beyond just having your name and age and photograph.
Never use the same username twice anywhere, or the same password twice anywhere.
Use Tor/Tor Browser whenever possible. It’s not perfect, but it is a decent default attempt at anonymity.
Use a VPN. Using VPN and Tor can be even better.
Search engines like DuckDuckGo offer better privacy (assuming they’re honest, which you can never be certain of) than Google which, like social media, works extremely hard to harvest every bit of data from you that they can.
Never give your real details anywhere. Certainly not things like your name or pictures of yourself, but even less obvious things like your age or country of origin. Even things like how you spell words and grammatical quirks can reveal where you’re from.
Erase your comments from websites after a few days/weeks. It might not erase them from the website’s servers, but it will at least remove them from public view. If you don’t, you can forget they exist and you never know how or when they can and will be used against you.
With Reddit, you can create an account fairly easily over Tor using no real information. Also, regularly nuke your accounts in case Reddit or some crazy stalker is monitoring your posts to build a profile of who you might be. Source: Reddit
Notable Hackers
Adrian Lamo – gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
Albert Gonzales – an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
Andrew Auernheimer (known as Weev) – Went to jail for using math against AT&T website.
Barnaby Jack – was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
Gary McKinnon – a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
George Hotz aka geohot – “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
Hector Monsegur (known as Sabu) – an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
Jacob Appelbaum – an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
James Forshaw – one of the world’s foremost bug bounty huners
Jeanson James Ancheta – On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
Jeremy Hammond – He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
John Draper – also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
Kimberley Vanvaeck (known as Gigabyte) – a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also created a Sharp virus (also called “Sharpei”), credited as being the first virus to be written in C#.
Lauri Love – a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
Michael Calce (known as MafiaBoy) – a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
Mudge – Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
PRAGMA – Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
The 414s – The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
The Shadow Brokers – is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.
The Strange History of Ransomware The first ransomware virus predates e-mail, even the Internet as we know it, and was distributed on floppy disk by the postal service. It sounds quaint, but in some ways this horse-and-buggy version was even more insidious than its modern descendants. Contemporary ransomware tends to bait victims using legitimate-looking email attachments — a fake invoice from UPS, or a receipt from Delta airlines. But the 20,000 disks dispatched to 90 countries in December of 1989 were masquerading as something far more evil: AIDS education software.
How to protect sensitive data for its entire lifecycle in AWS
You can protect data in-transit over individual communications channels using transport layer security (TLS), and at-rest in individual storage silos using volume encryption, object encryption or database table encryption. However, if you have sensitive workloads, you might need additional protection that can follow the data as it moves through the application stack. Fine-grained data protection techniques such as field-level encryption allow for the protection of sensitive data fields in larger application payloads while leaving non-sensitive fields in plaintext. This approach lets an application perform business functions on non-sensitive fields without the overhead of encryption, and allows fine-grained control over what fields can be accessed by what parts of the application. Read m ore here…
I Passed AWS Security Specialty SCS-C01 Testimonials
Passing the SCS-C01 AWS Certified Security Specialty exam
I’ve been studying for both DevOps DOP-C01 and Security Specialty SCS-C01 tests but opted to just focus on SCS-C01 since the DevOps exam seems like a tough one to pass. I’m planning to take the DevOps one next but I read that there’s a new DOP-C02 version just came out so I might postpone it until for a couple of months.
This AWS Certified Security Specialty exam is easier than the SAA exam since the main focus is all about security. The official Exam Guide has been my ultimate guide in knowing the particular AWS services to focus for the test. Once I got 90% on all my practice tests attempts from TD, I went ahead and booked my exam.
Here’s a compilation of all the helpful SCS-C01 posts that helped me:
The Exam Readiness: AWS Certified Security Specialty course provides a good summary of all the relevant topics that are about to be asked in the exam. Prepare to see topics in Key Management Infrastructure, IPS/IDS, network security, EKS/ECS container security and many more.
In a world of high powered AI and evolving threat actors; cyber security leaders are facing significant amounts of burnout and stress. Anyone experienced this as well? https://www.forbes.com/sites/tonybradley/2024/10/15/the-cybersecurity-burnout-crisis-is-reaching-the-breaking-point/ submitted by /u/Navid_Shams [link] [comments]
Opening Statement In argument theory, there's a concept of a false dichotomy. Within a false dichotomy, we assess that things can be good or bad. It's time to leave or stay. I'm burned out or I'm passionate. It's a natural human decision tree method, which makes decisions binary and - in some cases- that's easier than having options. (Un)fortunately, life is rarely so binary - despite our careers literally being about ones and zeroes. I've been a community member here for a while across different accounts. On a given day, you'll see at least one post about "HoW dO I bEcOmE a L33T H@xor wItHOuT DoInG mY oWn ReSeArCh?" and it's balanced out with "How do I get out?". If it weren't so frequent that we see the same two posts day in and day out, it would be funny. The goal of this post is to provide you options to assess what's in the decimal points between 1 and 0, and hopefully some of the tricks and strategies will help you. Tricks to be discussed: Challenge the status quo Diversify your value streams Intra-preneurship [Not a typo] Why Me? Before I start, I want to give my obligitory "why does my opinion matter?". Brutally honest - it doesn't. This is just some more text in the world that's repeating great things others have said before. Ego inflating - I've launched and sold a successful security start up, worked for fortune 5 companies, and I'm an ex-lifeguard at the YMCA. Disclaimers I'm not a mental health professional and the advice I'm giving should be taking with that in mind. There are mental health challenges, temporary or chronic, that may be associated with thoughts of being trapped into a situation. This advice is intended to be taken broadly and with a slab of salt. Challenge the Status Quo I have yet to be in a single business where the processes were perfect, everything worked like a well oiled machine, and it was sunshine and rainbows. If you have a workplace like this, and you're reading this article, kindly go climb a tree. This is for the rest of us who live on earth. With the status quo often comes things like routine, manual tasks that offer minimal value. There are standing meetings that don't make sense. There are boundaries that you aren't allowed to cross, even though the fix is right in plain sight. It can entrap you into a box of function that feels self defeating in many ways. On the other hand... The status quo may come with such disorganized chaos that nothing is getting done. Everyone complains about issues all the time, but nothing is getting done about any of them. The backlog (if there even is one) is so long and out of date that the thought of prioritizing and executing it requires mental stamina that only tibetan monks have attained. It's crazy out there. In either situation, I find that a lot of people stuck in the status quo feel helpless to change things and don't feel like they have options. Depending on the company, that may be true, but there are some things to try before giving up. In any situations where you are challenging the status quo, it needs to be done with respect for why the tape (or chaos) is there. The best way to justify doing what you see as important is to understand the biggest pain points in the business and tackling them. This means talking with your management and other stake holders to see what's bothering them. Once you have a good sense of the boundaries and challenges that exist, you can start to put together a strategy for dealing with them. Most boundaries are there for good reasons, but sometimes they need to be adjusted. This is where a proof of concept comes into play. Often times when I have an idea for a change, the most effetive way to get support is to put something in a decision maker's hand that shows the change. This could be a script, or a diagram, or a spreadsheet; it just needs to show the value you're bringing. An anecdote -- Once upon a time, I worked at a large utility company and I'm pretty sure the entire thing was built with red tape. I've never spent more time or energy on documentation and process than I did at that organization, so it definitely fell into the first status quo definiton. While my time there was cut short by a certain pandemic, I was quite successful in my role ther and still have many good relationships from the role. What helped me succeed in the role was doing what I knew needed to be done rather than waiting for a process to complete. The project needed a script built and the devs were busy? I wrote one. We needed to parse and analyze 16GB of logs a day and I had a 6th gen U processor to do it with? Time to learn rust. We needed a business primer on MFA methods? I crafted one. We needed a financial projection for different solutions? I built it. Instead of being constrained to what my job title was, I actively filled gaps and drove success. I prioritized the biggest pain points and allowed the noisy red tape to whine in the background unless it really was urgent. Along the way, I built the relationships with key people in the organization who also wanted change but needed help showing the path forward. On the flipside, I had a colleague who was such a rule follower, he genuinely struggled in his role. On top of that, his manager was quite strict in his persuit of delivery. For months I watched the colleague flail about, until one day I snapped at him. I pointed out that he wasn't likely going to be perfect at attaining all the written expectations for his role given the amount of tape. In that situation, demonstrating value by completing work was more important than being perfect at following the red lines. When he let go of trying to do everything by the book, and focus on getting things done he felt more empowered to do his job and was actually recognized for it. The manager who had been overbearing came to be trusting instead. Diversify your value streams Originally, I had this section titled for income streams, but I realize that was a single minded approach. In reality, a lot of the times we feel stuck because we don't have other engagements in our lives. Those could be side hustles, hobbies, or community work but they should all be something that keeps you engaged in something else. This (then) excludes mindless activities that lead to less fulfillment, such as watching TV. Now, I'm not attacking watching TV. There's a time and place for sitting in front of the screen and getting lost in a story or catching up on the news. However, activities like this or doom scrolling have been demonstrated to do little for our motivation and sense of fulfillment. In fact, at too much exposure they can demotivate and defalte our sense of self. For me, I have found the freelancing keeps me well engaged. I get to learn and solve different problems, often for temporary clients so nothing to long or boring after a period of time. I've also donated a lot of time to local non-profits to support their IT and provide teaching to those who want to get into the field. All these activities are outside of my work hours and keep me engaged by forcing my focus onto other activities for a while. Note on the excuse of having families: I have one. Four kids, a disabled wife, and all the extras that brings. As the single income earner for the family, I do a lot to keep them taken care of, but I still make time to play Minecraft with the kids, build legos, build camp fires, etc. with them. Most of my side work is done early morning or after the kids go to bed. Intra-preneurship Now, some of you don't want to or aren't allowed (by your employment agreement) to seek externaml work. In any case, I highly recommend at looking in your business and seeing if there are opportunities for you to take on responsibilities that align with your career goals and business need. With the exception of large enterprises (and even they have these gaps), there's more hats to be worn than people to fill them. Any start up people know this too well. In the small-medium business category, if you really need a change of pace but like the people you're with, speak up. Create a business case for the change and demonstrate how you could make a difference in that area. You may find that you're able to build your own brand within the organization as the person who brings positive change. With the reputational growth comes increased trust and opportunity to change the status quo, drive value, and make a fulfilling career of your own chosing within the organizatoin construct. If you want to learn more about this specific topic, David Bet Patrick wrote a great book "5 Steps Ahead" that covers this and more. I recommend it. In Closing These are just three techniques for fighting your sense of being trapped or stuck. Each of them allows you to create a decimal point between "should I stay or go" leading to options like: 0.0: Leave 0.2: Attempt Intraprenuership 0.5: Challenge the status quo 0.8: Diversify Value Steams 1.0: Stay Good luck out there, and remember that jobs are a major factor in life and they aren't going to make you personally fulfilled 100% of the time. It's not any company's job to make you happy as an employee; and HR is there to make sure you're productive. This is all as it should be. Your fulfillment and happiness is largely depenent on your ability to control your response to situations. These strategies will help, and there are many others to choose from as well. submitted by /u/NoUselessTech [link] [comments]
I liked the layering of Base Score, Vulnerability intel and Environmental factors to contribute the risk calculation into a single platform. it makes sense although the calculation needs to be more comprehensive. What do you think? https://pulse.latio.tech/p/how-to-do-vulnerability-prioritization?utm_source=post-email-title&publication_id=2632814&post_id=150190253&utm_campaign=email-post-title&isFreemail=true&r=3wuso3&triedRedirect=true&utm_medium=email submitted by /u/EK47_ [link] [comments]
We're evaluating SIEM technologies, and would love any feedback on major differentiators between the top tools, like "Stay away from X if you care about Y". Trying to cut through some marketing hype. Our network architecture is a bit hub-and-spoke, with around 80K servers and workstations. Most of our tools are "best in class" offerings for things like firewalls, secure email gateway, endpoint, etc. Super interested in stories like "We just switched from Splunk to Google Sec Ops because ...." or "We moved from Sentinel to Devo, but it turns out Devo is garbage and we want to switch back", etc etc. We're going to do some pretty through demos and RFPs and try to talk to objective reference accounts (where we can find them), but I figured I'd throw the question out here and see what experiences we could hear about to help hone in on some of the lurking differentiators that may not be obvious. Thank you!! submitted by /u/Hexbeallatrocious [link] [comments]
Ive been invited to participate in a full-day security training exercise involving a situation where my entire network is compromised by a simulated APT. As a member of the blue team, I need to work with my team to identify all levels of persistence the APT has on my services, remove them, and implement workstation hardening practices on my devices to keep them out. Some caveats: In this exercise, my blue team is part of an IT Consultancy, meaning availability of certain services is a huge factor. There are a variety of systems in place (e.g. standalone Windows and Linux machines, DNS servers, webservers, etc.). Many of the devices have legacy/outdated OSs (e.g. Windows 8) Per 1., certain services cannot simply be closed down permanently. Network segmentation (both physical and through the use of VLANs) cannot be used I don’t have Incident Response experience so I am unsure as to what initial steps to take. Given the above, what best practices / tools would be good to read up on / acquire before the start of the event? submitted by /u/gbz8 [link] [comments]
What do most proffesionals use for their work? I tried searching for this and I get the generic answer "the right tool for the job'. But what is that right job and what is the right tool? And if people use both then how do they use both? submitted by /u/No_Natural_8377 [link] [comments]
I've been talking with an HR rep from a (legitimate) company for a couple of weeks, I've had several online interviews with other staff members too but I still haven't been called into the office. It looks legit from what I can tell but I'd still like to be sure, because it seems a bit weird that they'd make me an offer (which they already have) without ever seeing me in person. The recruiter is using a company email, same as everyone else I've interviewed with. They all have a legit linkedin profile with verified working experience at said company, but I guess they could've spoofed the addresses. I've checked the e-mail header and it seems legit too. What other checks can I run? submitted by /u/persona_1212 [link] [comments]
In a blog post on Dark Reading titled “New Windows Feature Limits Admin Privileges,” it is mentioned: “Once the elevated admin token is activated, any malware running in the background can potentially hijack it and perform malicious actions.” How does this happen? If the malware already has the privileges to steal the token, doesn’t it already need admin rights? How would the new feature prevent this? If malware has the rights to steal a token, couldn’t it just impersonate SYSTEM and then perform any malicious actions it wants? Consider the following attack vectors: An admin runs malware by right-clicking and selecting “Run as admin.” The malware then impersonates SYSTEM and gains persistence. Isn’t this already game over? An admin runs malware by simply double-clicking. Does the new feature prevent UAC-bypass-like attacks? For example, malware sets up the SilentCleanup UAC bypass (a scheduled task set to run with the highest privileges). Will this feature stop working with Administrator Protection? If not, how will it prevent the Administrator Protection bypass? The SilentCleanup scheduled task requires high privileges to perform its task. What exactly does the new feature aim to protect against? submitted by /u/OutrageousBattle8095 [link] [comments]
Hi, i know Cisco Secure Endpoint has a possibility to whitelist removable media devices regarding its device vendor, model, and serial ID for each computer individually. So basically you can whitelist a media X for computer Y exclusively via its ID/vendor etc.. Thing is - ive seen that its possible to change the ID of removable media devices as you wish - what could be abused if you just copy the ID of a whitelited device and use it for the malicous device you plan to plug in. So im a bit sceptical about this solution regardings its safety - but am i missing something? Are there other possibilities? Now my question is - is this the way to go in big enterprises? Are People using 3rd party software for more control? how are you all managing your removable media devices? thanks in advance, br, submitted by /u/sw4gyJ0hnson [link] [comments]
Hello everyone! So I have a couple Raspberry Pi’s laying around and I was wondering if anyone thought that setting it up as a test bed and trying to “mini” red team/blue team the network would be a worthwhile experiment? submitted by /u/Slyraks-2nd-Choice [link] [comments]
Can someone advise me on a good school I can look into for a cyber security degree? So far all I've seen are boot camps but am interested in a four year program, preferably in person. submitted by /u/Comfortable_Kiwi6812 [link] [comments]
With the rise of cloud computing, businesses are definitely running more efficiently, but it also feels like the security risks are growing just as fast. Ransomware and data breaches are happening more frequently these days, so cloud security has become a top priority. But how can we really be sure our cloud environments are secure when traditional security measures sometimes don’t seem to cut it? Do we need to step up our defenses, or are the current methods enough to protect critical data? What are some of the best practices or resources you’d recommend? submitted by /u/imdavidnaga [link] [comments]
I've heard people in cybersecurity mention how the basics of how computers interact with one another, going back to the Arpanet and early routing configurations, were not optimized for security. Now it's too late to go back. What are these people specifically referring to? Do you all have your own thoughts or articles you can point me to? submitted by /u/anonymouse11394 [link] [comments]
Hi, I’ve been working on a tool called Argus—a recon toolkit . It took me months to finish, and I’d love for you to check it out. If you think it’s useful, I’d really appreciate a share! : https://github.com/jasonxtn/Argus submitted by /u/Happy-Ship6839 [link] [comments]
I'm attending this year SF SEC504: Hacker Tools, Techniques, and Incident Handling, this is the first SANS Certification i sign up for, do I need to purchase the practice tests or are practice tests included with the training? I appreciate any other guidance or recommendation as well. submitted by /u/Apex-toso [link] [comments]
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.