Advanced Database Security Development

Advanced Database Security Development

• discover the key concepts covered in this course
• identify the available data platforms and the strengths and weaknesses of each platform
• create a database schema using the MS Entity Framework and a Code First Approach
• identify advanced security options when using MS Azure SQL database
• configure and test an Azure SQL database
• control and grant database access to the MS Azure SQL database
• configure and manage Azure Active Directory authentication with the Azure SQL database
• configure and manage transparent data encryption using the Azure portal
• configure Azure SQL database auditing using the Azure portal
• enable Advanced Data Security and start classifying data, tracking vulnerabilities, and investigating threat alerts
• classify your Azure SQL database using the Azure portal
• run a vulnerability assessment scan using the Azure portal, analyze the results, and set a baseline
• access Advanced Threat Protection alerts for the Azure SQL database using the Azure portal
• summarize the key concepts covered in this course

Explore full stack development (FSD) data platform options, along with their strengths and weaknesses, in this 14-video course. Learn how to create a database schema by using the MS Entity Framework and a Code First Approach. Take a look at the advanced security options when using MS Azure SQL database, and then learn how to configure and test, control, and grant database access to the MS Azure SQL database. Next, learn about configuring and managing Azure Active Directory authentication with the Azure SQL database and configuring and managing transparent data encryption by using the Azure portal. Examine how to configure Azure SQL database auditing by using the Azure portal; enable Advanced Data Security; and start classifying data, tracking vulnerabilities, and investigating threat alerts. Learn how to classify the Azure SQL database and run a vulnerability assessment scan by using the Azure portal, analyze the results, and set a baseline. Finally, discover how to access Advanced Threat Protection alerts for the Azure SQL database by using the Azure portal.

Advanced Database Security Development

Advanced Database Security Development

• discover the key concepts covered in this course
• identify the available data platforms and the strengths and weaknesses of each platform
• create a database schema using the MS Entity Framework and a Code First Approach
• identify advanced security options when using MS Azure SQL database
• configure and test an Azure SQL database
• control and grant database access to the MS Azure SQL database
• configure and manage Azure Active Directory authentication with the Azure SQL database
• configure and manage transparent data encryption using the Azure portal
• configure Azure SQL database auditing using the Azure portal
• enable Advanced Data Security and start classifying data, tracking vulnerabilities, and investigating threat alerts
• classify your Azure SQL database using the Azure portal
• run a vulnerability assessment scan using the Azure portal, analyze the results, and set a baseline
• access Advanced Threat Protection alerts for the Azure SQL database using the Azure portal
• summarize the key concepts covered in this course

Explore full stack development (FSD) data platform options, along with their strengths and weaknesses, in this 14-video course. Learn how to create a database schema by using the MS Entity Framework and a Code First Approach. Take a look at the advanced security options when using MS Azure SQL database, and then learn how to configure and test, control, and grant database access to the MS Azure SQL database. Next, learn about configuring and managing Azure Active Directory authentication with the Azure SQL database and configuring and managing transparent data encryption by using the Azure portal. Examine how to configure Azure SQL database auditing by using the Azure portal; enable Advanced Data Security; and start classifying data, tracking vulnerabilities, and investigating threat alerts. Learn how to classify the Azure SQL database and run a vulnerability assessment scan by using the Azure portal, analyze the results, and set a baseline. Finally, discover how to access Advanced Threat Protection alerts for the Azure SQL database by using the Azure portal.

Final Exam: Security Architect

Final Exam: Security Architect

• analyze DNS activity and describe security events to look for
• analyze system log activity and describe security events to look for
• compare ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
• compare the relevance of security baselines, compliance reports, and regulatory compliance
• configure an IPS to protect a system with an Ansible playbook
• configure unattended upgrades with an Ansible playbook to keep a system up to date
• describe approaches to detecting anomalies and handling them with security triage
• describe automation techniques in security triage
• describe best practices you should outline in the event that testing is successful or unsuccessful
• describe common protocol anomalies that require triage
• describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
• describe common tips and rules of thumb for security triage
• describe elements that should be included in a final report such as actions taken, problems, and findings
• describe how proactive ethical hacking can build better overall security through vulnerability assessments
• describe how SIEM allows for centralized security event monitoring
• describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
• describe of the benefits of having a easy reference checklist or templates prepared when defining RoE
• describe PII and PHI
• describe some of the challenges in implementing security playbooks
• describe the concepts of security triage and strategies to implement triage
• describe the importance of communication and stakeholder management in security triage
• describe the important elements needed in a security playbook
• describe the tools used in security triage
• describe the transition to playbooks and services in the cloud
• describe the use of automation to improve consistency for security practices
• describe various approaches to security through playbooks
• describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
• discuss the Digital Privacy Act and breach response obligations and focus areas for the compliance plan
• discuss the General Data Protection Regulation breach guidelines and stakeholder response obligations
• discuss the Gramm Leach Bliley Act breach guidelines and stakeholder response obligations
• discuss the HIPAA breach guidelines and stakeholder response obligations
• execute a simple Ansible playbook
• identify common types of security data breaches and how the notification process is different for each type
• identify security solutions
• identify security solutions that align with business objectives
• identify stakeholders that need to be notified during a security breach incident and best practices for notifying them
• identify the best practice for creating a data privacy breach plan and notifying stakeholders
• identify the relevance of security baselines, compliance reports, and regulatory compliance
• identify the sections of the data breach response plan and why it is important to have one
• install Ansible and remotely execute commands on a managed host
• list common ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
• list different types of ethical hacking such as web application, system hacking, web server, wireless, and social engineering
• list different types of real-world hackers such as white hat, black hat, and grey hat
• list key logistical considerations such as testing tools, personnel, and test schedules
• plan how security can be implemented with DevOps
• plan security can be implemented with DevOps
• plan security with DevOps in mind
• provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
• provide an overview of the importance of ethical hacking in today's world
• recall how GDPR protects European Union citizen data
• recall how GLBA applies to financial institutions
• recall PCI security requirements
• recognize best practices when testing uncovers exploits or vulnerabilities
• recognize how HIPAA protects medical information
• recognize how to determine the appropriate scope of engagement
• recognize how to respond to and manage incidents
• recognize ISO security standards
• recognize NIST security standards
• recognize the importance of using templates or checklists prior to and during a penetration test
• recognize the need for proactive security incident planning

Final Exam: Security Architect will test your knowledge and application of the topics presented throughout the Security Architect track of the Skillsoft Aspire Security Analyst to Security Architect Journey.

Final Exam: Security Architect

Final Exam: Security Architect

• analyze DNS activity and describe security events to look for
• analyze system log activity and describe security events to look for
• compare ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
• compare the relevance of security baselines, compliance reports, and regulatory compliance
• configure an IPS to protect a system with an Ansible playbook
• configure unattended upgrades with an Ansible playbook to keep a system up to date
• describe approaches to detecting anomalies and handling them with security triage
• describe automation techniques in security triage
• describe best practices you should outline in the event that testing is successful or unsuccessful
• describe common protocol anomalies that require triage
• describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
• describe common tips and rules of thumb for security triage
• describe elements that should be included in a final report such as actions taken, problems, and findings
• describe how proactive ethical hacking can build better overall security through vulnerability assessments
• describe how SIEM allows for centralized security event monitoring
• describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
• describe of the benefits of having a easy reference checklist or templates prepared when defining RoE
• describe PII and PHI
• describe some of the challenges in implementing security playbooks
• describe the concepts of security triage and strategies to implement triage
• describe the importance of communication and stakeholder management in security triage
• describe the important elements needed in a security playbook
• describe the tools used in security triage
• describe the transition to playbooks and services in the cloud
• describe the use of automation to improve consistency for security practices
• describe various approaches to security through playbooks
• describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
• discuss the Digital Privacy Act and breach response obligations and focus areas for the compliance plan
• discuss the General Data Protection Regulation breach guidelines and stakeholder response obligations
• discuss the Gramm Leach Bliley Act breach guidelines and stakeholder response obligations
• discuss the HIPAA breach guidelines and stakeholder response obligations
• execute a simple Ansible playbook
• identify common types of security data breaches and how the notification process is different for each type
• identify security solutions
• identify security solutions that align with business objectives
• identify stakeholders that need to be notified during a security breach incident and best practices for notifying them
• identify the best practice for creating a data privacy breach plan and notifying stakeholders
• identify the relevance of security baselines, compliance reports, and regulatory compliance
• identify the sections of the data breach response plan and why it is important to have one
• install Ansible and remotely execute commands on a managed host
• list common ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
• list different types of ethical hacking such as web application, system hacking, web server, wireless, and social engineering
• list different types of real-world hackers such as white hat, black hat, and grey hat
• list key logistical considerations such as testing tools, personnel, and test schedules
• plan how security can be implemented with DevOps
• plan security can be implemented with DevOps
• plan security with DevOps in mind
• provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
• provide an overview of the importance of ethical hacking in today's world
• recall how GDPR protects European Union citizen data
• recall how GLBA applies to financial institutions
• recall PCI security requirements
• recognize best practices when testing uncovers exploits or vulnerabilities
• recognize how HIPAA protects medical information
• recognize how to determine the appropriate scope of engagement
• recognize how to respond to and manage incidents
• recognize ISO security standards
• recognize NIST security standards
• recognize the importance of using templates or checklists prior to and during a penetration test
• recognize the need for proactive security incident planning

Final Exam: Security Architect will test your knowledge and application of the topics presented throughout the Security Architect track of the Skillsoft Aspire Security Analyst to Security Architect Journey.

Security Rules: Rules of Engagement

Security Rules: Rules of Engagement

• discover the key concepts covered in this course
• provide a general overview of the Rules of Engagement, how the ROE relates to business, and the potential consequences of not having the ROE in place
• provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
• recognize how to determine the appropriate scope of engagement
• describe client (IT staff) considerations such as client contact details and potential impacts on their working environment
• describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
• list key logistical considerations such as testing tools, personnel, and test schedules
• describe incident handling best practices such as law enforcement contact, sensitive data/privacy, and encryption
• describe best practices you should outline in the event that testing is successful or unsuccessful
• outline best practices to follow or consider when in possession of a company's data, such as encryption and data destruction
• describe elements that should be included in a final report such as actions taken, problems, and findings
• describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
• describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
• summarize the key concepts covered in this course

Prior to performing any penetration testing, it is important to outline the Rules of Engagement with the client. Discover common elements found in a ROE such as the scope of the engagement, information handling, potential impacts, and liabilities. Explore how to draft templates and pre-defined checklists that can help ensure all responsibilities, rules, and directives are clearly communicated. 

Security Rules: Rules of Engagement

Security Rules: Rules of Engagement

• discover the key concepts covered in this course
• provide a general overview of the Rules of Engagement, how the ROE relates to business, and the potential consequences of not having the ROE in place
• provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
• recognize how to determine the appropriate scope of engagement
• describe client (IT staff) considerations such as client contact details and potential impacts on their working environment
• describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
• list key logistical considerations such as testing tools, personnel, and test schedules
• describe incident handling best practices such as law enforcement contact, sensitive data/privacy, and encryption
• describe best practices you should outline in the event that testing is successful or unsuccessful
• outline best practices to follow or consider when in possession of a company's data, such as encryption and data destruction
• describe elements that should be included in a final report such as actions taken, problems, and findings
• describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
• describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
• summarize the key concepts covered in this course

Prior to performing any penetration testing, it is important to outline the Rules of Engagement with the client. Discover common elements found in a ROE such as the scope of the engagement, information handling, potential impacts, and liabilities. Explore how to draft templates and pre-defined checklists that can help ensure all responsibilities, rules, and directives are clearly communicated.