Tag: IT

How to Pass the Azure AZ-700: Resources and Tips

I recently studied for, took, and passed the AZ-700 exam. I was able to pass the exam by using the resources I listed below.

A Note on My Experience with the Exam

The exam was challenging. It felt much harder than AZ-104. The case study questions were the biggest challenge for me. While they weren’t difficult, they required me to keep track of a lot of information. It was one of the few times in recent exams that I used the markers and laminated graph paper they gave us for the exam.

Tim Warner’s AZ-700 Class on PluralSight

Here is where I started. Tim Warner’s course: Designing and Implementing Microsoft Azure Networking Solutions (AZ-700) is where the bulk of my training took place. I spent hours watching his videos and following along in my Azure lab. I took this route on this exam because it felt more structured around the objectives. This may not be the route you want to go because PluralSight does have a cost.

John Savill’s Technical Training on YouTube

John Savill’s training is free on his YouTube channel. This may be the best route for those who prefer not to pay for study materials. I focused mainly on the cram video. I did pick through some subjects in his playlist. I used his videos to help me with concepts that were harder for me to nail down, like load balancing.

Exam Ref AZ-700 Microsoft Azure Administrator

I bought and read through this copy of the exam reference guide. It was helpful for helping to break down concepts that I saw in videos I watched that I quite didn’t understand. I still appreciate having a book in my hand when I study, but people on a budget may be better served by just using the free learning path.

Playing Around in the Azure Environment

As I have done with all my past exams from AZ-104 to AZ-305, I played around in the environment to better understand what I was learning. I built VPN tunnels and even used Terraform to save money. I stood up multiple VNets to better understand pairing. This is a crucial part of pulling all that I was learning together.

Measureup Practice Test

Practice tests are really helpful for me to get a feel for the exam. It is important that I use practice tests that have questions that are close to the actual test but are NOT the actual test. The only test I found was the Measureup practice test. Unfortunately, it is expensive. I am aware that there is a test by Whizlabs, but I am not confident in recommending them.

Conclusion

These tools helped me study for and pass the exam. I hope that they help you along in your Azure certification journey.

IT Security Policies: Your First Line of Defense in Cybersecurity

Technology Can’t do Everything

You walk into the office Monday morning, attempt to login to your desktop, and realize that you can’t login because you’ve been hacked or there is a ransomware note ominously dominating your screen. The first thing you may think of is to look at logs and other use the other tools of the trade to figure out how this happened.

You find out later that this breach was caused by a phishing attack on an unsuspecting employee, this innocuous failure of operational security (OpSec) by one of your employees resulted in tremendous losses in man-hours, money, and reputation.

When we think of cybersecurity, the first thing that usually comes to mind are firewalls, endpoint protection, Security Information, and Event Management (SIEM) solutions, and the like. While these products and solutions are a vital part of cybersecurity, they can only marginally influence human behavior. This is where policies are effective; they can bridge the divide between technology and employee behavior, complementing technology by outlining expectations and defining consequences for noncompliance.

What’s the purpose?

To better understand the role of IT security policies as a part of a cybersecurity strategy, we need to understand why we have them in the first place and what we are trying to accomplish. Put simply, we want to keep our organization’s information safe. We accomplish this by ensuring three things:

  • Confidentiality -information must not be made available or disclosed to unauthorized individuals, entities, or processes.
  • Integrity -data must not be altered or destroyed in an unauthorized manner, and accuracy and consistency must be preserved regardless of changes.
  • Availability -information must be accessible and usable on demand by authorized entities.

To that end, we often must build a strategy that incorporates technological and policy solutions which balance information security with the needs of the organization.

The Human Side of Tech

Now that we have briefly gone over the purpose of IT security policies, we must look at how they should be implemented. Effective policies are policies that not only protect data and help the organization avoid liability, but also take into consideration the culture of the organization and its employees. For example, an organization with a large remote workforce should have Multi-Factor Authentication (MFA) to login to applications. In contrast, a small organization with all employees working in one office could consider MFA optional.

Additionally, effective policy always reflects the following ideals:

  • Clear – vague policies leave confuse IT system users and leave room for bad actors to claim a plausible misunderstanding of the rules.
  • Consequential – policies without an enforcement mechanism with clear consequences for violations are not likely to be followed in large organizations.
  • Current – policies should be reviewed and modified periodically to reflect the technology and security posture of the organization as it is today.

Bottom Line

Until killer robots and rouge AI become our overlords, humans will be the center and the weakest link of any cybersecurity strategy. And while the technology used will always be a huge part of cybersecurity, implementing effective IT security policies must not be overlooked.

%d bloggers like this: