Courses delivered Online

An effective Access Control System can form an integral part of an effective security system. At Hi-Tech Training our course is designed to give participants a practical knowledge of the operation and installation of Access Control Systems. Our experience has taught us that in order to gain the required skills an installer needs to learn through as much practical training as possible. This course involves 50% “Hands-On” training which involves building, setting up, testing and troubleshooting faults using core elements of modern Access Control Systems. At the end of the course, an interested and hardworking participant will have a good solid foundation of knowledge of what access control is all about.

Learners will be introduced to the design, installation, commissioning, and maintenance of Access Control systems.

The Hi-Tech Training Digital Text & Voice Communicator Course is designed to provide participants with the skills required to connect Digital, Text & Voice Communicators to an Alarm Control Panel for transmission of Digital status signals via the telephone line, GSM Network or IP network to a central monitoring station. The Digital Communicator Course’s practical application and our highly experienced trainers ensure that this course is second to none. The course is technical and practical in nature and is suitable for participants who have successfully completed the Hi-Tech Training Intruder Alarm Installation Course or equivalent.

Duration 5 Days 30 CPD hours This course is intended for The primary audience for this course are Application Consultants, Business Process Architects, and Business Process Owners/Team Leads/Power Users. Overview This course will prepare you to:Describe tasks performed by a typical SAP Access Control userDiscuss Harmonization topics as they relate to SAP Access ControlExplain how SAP GRC helps you to address business challengesIdentify authorization risks in typical business processesDescribe the Segregation of Duties Risk Management ProcessDescribe and configure functionality and features for SAP Access Control 10.1Use the SAP Access Control 10.1 application to analyze and manage risk, design and manage roles, and provision and manage usersDescribe the SAP Access Control 10.1 architecture and landscape, SAP Access Control Repository, and Object Level SecurityDescribe the Periodic Access Review processPlan for and manage emergency accessDiscuss the reporting frameworkConfigure workflows, including multi-stage multi-path (MSMP) workflows and BRF+Describe how the different applications of the SAP GRC Solution integrate with each otherDiscuss key steps in the SAP Access Control implementation process In this course, students gain hands-on configuration and implementation experience of SAP Access Control 10.1, as well as important concepts they will need to know in order to prepare for implementation and ongoing access risk prevention. Introduction to SAP Access Control Discussing Business Challenges and Solutions Using SAP Access Control Architecture, Security, and Authorizations Describing the System Architecture Describing Security and Authorizations Shared Configuration Settings Configuring Shared GRC Settings Configuring Shared SAP Access Control Settings Authorization Risks and the Segregation of Duties (SoD) Management Process Identifying Authorization Risks Managing Risk by Segregating Duties SAP Access Control Repository Synchronizing Objects into the Repository Scheduling and Viewing Background Jobs Risk Analysis Maintaining Shared Master Data Configuring and Maintaining the Rule Set Configuring and Using Audit Trail Tracking Using the Risk Analysis Framework Remediating Risks Mitigating Risks Mitigating Multiple Risks at One Time Business Rule Framework Creating Rules in the Business Rule Framework (BRF) Defining Business Rules Multi-Stage, Multi-Path (MSMP) Workflow Describing Multi-Stage, Multi-Path (MSMP) Workflow Maintaining MSMP Workflow Building MSMP Workflow User Provisioning Configuring User Provisioning Settings Configuring Access Request Forms Requesting Access Preparing Roles and Owner Data for MSMP Workflow Creating Simplified Access Requests Reviewing Search Request Results SAP Fiori User Experience (UX) for GRC Describing SAP Fiori UX Role Design and Management Configuring Role Management Configuring Role Methodology Configuring Role Search Attributes Planning for Technical Role Definition Planning for Business Role Definition Consolidating Roles Through Role Mining Performing Role Mass Maintenance Operations Emergency Access Management Describing Emergency Access Management Planning for Emergency Access Monitoring Emergency Access Periodic Access Review Process Planning Periodic Review Monitoring Periodic Review Reports and Custom Fields Use the Reporting Framework SAP Access Control Implementation Using the SAP Access Control Implementation Process Designing the SAP Access Control Solution Planning Upgrade and Migration Configuring SAP Access Control Implementing the SAP Access Control solution Optimizing the SAP Access Control Suite Additional course details: Nexus Humans GRC300 SAP Access Control Implementation and Configuration training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the GRC300 SAP Access Control Implementation and Configuration course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Securing UNIX systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure UNIX accounts. Secure UNIX file systems. Secure UNIX access through the network. Securing UNIX systems course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing UNIX systems course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Securing Linux systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure Linux accounts. Secure Linux file systems. Secure Linux access through the network. Securing Linux systems training course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing Linux systems training course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.

Security+ training course description A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. What will you learn Explain general security concepts. Describe the security concepts in communications. Describe how to secure an infrastructure. Recognise the role of cryptography. Describe operational/organisational security. Security+ training course details Who will benefit: Those wishing to pass the Security+ exam. Prerequisites: TCP/IP foundation for engineers Duration 5 days Security+ training course contents General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.

CWSP training course description A hands-on training course concentrating solely on WiFi security with an emphasis on the delegates learning the necessary knowledge and skills to pass the CWSP exam. The course progresses from simple authentication, encryption and key management onto in depth coverage of 802.X and EAP along with many other security solutions such as access control, intrusion prevention and secure roaming. What will you learn Demonstrate the threats to WiFi networks. Secure WiFi networks. Configure: WPA2 RADIUS 802.1x EAP Pass the CWSP exam. CWSP training course details Who will benefit: Technical network staff. Technical security staff. Prerequisites: Certified Wireless Network Associate. Duration 5 days CWSP training course contents WLAN Security overview Standards, security basics, AAA, 802.11 security history. Hands on WLAN connectivity. Legacy 802.11 security Authentication: Open system, shared key. WEP. VPNs. MAC filters. SSID segmentation, SSID cloaking. Hands on Analysing 802.11 frame exchanges, viewing hidden SSIDs. Encryption Basics, AES, TKIP, CCMP, WPA, WPA2. Hands on Decrypting 802.11 data frames. 802.11 layer 2 authentication 802.1X: Supplicant, Authenticator, Authentication server. Credentials. Legacy authentication. EAP, Weak EAP protocols, Strong EAP protocols: EAP -PEAP, EAP-TTLS, EAP-TLS, EAP-FAST. Hands on Analysing 802.1X/EAP frames. 802.11 layer 2 dynamic key generation Robust Security Network. Hands on Authentication and key management. SOHO 802.11 security WPA/WPA2 personal, Preshared Keys, WiFi Protected Setup (WPS). Hands on PSK mapping. WLAN security infrastructure DS, Autonomous APs, WLAN controllers, split MAC, mesh, bridging, location based access control. Resilience. Wireless network management system. RADIUS/LDAP servers, PKI, RBAC. Hands on 802.1X/EAP configuration. RADIUS configuration. 802.11 Fast secure roaming History, RSNA, OKC, Fast BSS transition, 802.11k. Hands on Roaming. Wireless security risks Rogue devices, rogue prevention. Eavesdropping, DOS attacks. Public access and hotspots. Hands on Backtrack. WiFi security auditing Layer 1 audit, layer 2 audit, pen testing. WLAN security auditing tools. WiFi security monitoring Wireless Intrusion Detection and Prevention Systems. Device classification, WIDS/WIPS analysis. Monitoring. 802.11w. Hands on Laptop spectrum analysers. VPNs, remote access, guest access Role of VPNs in 802.11, remote access, hotspots, captive portal. Wireless security policies General policy, functional policy, recommendations.

Microsoft Lync training course description This course teaches IT staff how to plan, design, deploy, configure, and administer a Microsoft Lync Server solution. The course emphasizes Lync Server Enterprise Unified Communications features focussing particularly on coexisting with and migrating from legacy communication services. The labs in this course create a solution that includes IM and Presence, Conferencing, and Persistent Chat. This course helps prepare for Exam 70-336. What will you learn Describe the Lync Server architecture. Install and deploy Lync Server. Use Lync Server management interfaces. Deploy and manage clients. Manage and administer dial-in conferencing. Design audio and video for web conferencing. Plan for instant message and presence Federation. Deploy and configure persistent chat in Lync. Configure archiving and monitoring services. Troubleshoot Lync Server. Describe the required daily, weekly, and monthly maintenance tasks. Use SIP commands and analyze SIP logs. Configure high availability features in Lync. Design load balancing in Lync Server. Backup and restore Lync Server data. Microsoft Lync training course details Who will benefit: Technical staff working with Microsoft Lync. Prerequisites: Supporting Windows 2008 or 2012. Duration 5 days Microsoft Lync training course contents Microsoft Lync Server architecture Lync Server architecture, Lync core capabilities, Lync design process, assessing infrastructure requirements and updating the design, planning for all Microsoft solutions framework phases. Designing a Lync Server topology Infrastructure requirements for Lync Server, using the planning tool, using topology builder, server infrastructure, documentation. Hands on Environment preparation and Lync Server pools. Users and rights in Microsoft Lync Server Managing Lync Server, role based access control. Hands on Using the management shell, configuring role-based access control. Client/device deployment and management Deploy and manage clients, prepare for device deployment, IP phones. Hands on Clients. Conferencing in Lync Server Introduction to conferencing in Lync Server, designing for audio\video and web conferencing, dial-in conferencing in Lync Server, managing and administering conferencing. Hands on Conferencing in Microsoft Lync. Designing and deploying external access Conferencing and external capabilities of Lync Server, planning for IM and presence federation, designing edge services. Hands on Deploying Edge Server and Configuring Remote Access, Validating the Edge Server. Deploying Lync Server persistent chat Overview of persistent chat architecture in Lync Server, designing persistent chat, deploying and persistent chat. Hands on persistent chat server. Monitoring and archiving The archiving service, the monitoring service, configuring archiving and monitoring. Hands on Archiving and monitoring in Lync Server. Administration and maintenance of Lync Lync Server troubleshooting tools, Lync Server operational tasks, Lync Server troubleshooting techniques. Hands on Lync administration tools, centralized logging service, analysing Lync Server logs and traces. High Availability in Lync Server High availability in Lync Server, configuring high availability in Lync Server, planning for load balancing, designing load balancing. Hands on Configuring database mirroring, experiencing a scheduled SQL Server outage, experiencing an unscheduled SQL Server outage. Disaster recovery in Lync Server Disaster recovery in Lync Server, tools for backing up and restoring Lync Server, critical Lync Server data to back up and restore, critical data to export and import, designing branch site resiliency. Hands on Configure pool pairing, experiencing a pool failure or outage. Planning a migration to Lync Server Coexistence and migration, migration steps, planning for clients and devices. Designing a client migration and device migration strategy. Hands on Creating a migration plan, documenting the migration phases.

Duration 4 Days 24 CPD hours This course is intended for This course is for Azure Administrators. The Azure Administrator implements, manages, and monitors identity, governance, storage, compute, and virtual networks in a cloud environment. The Azure Administrator will provision, size, monitor, and adjust resources as appropriate. This course teaches IT Professionals how to manage their Azure subscriptions, secure identities, administer the infrastructure, configure virtual networking, connect Azure and on-premises sites, manage network traffic, implement storage solutions, create and scale virtual machines, implement web apps and containers, back up and share data, and monitor your solution. Prerequisites Successful Azure Administrators start this role with experience in virtualization, networking, identity, and storage. Understanding of on-premises virtualization technologies, including: VMs, virtual networking, and virtual hard disks. Understanding of network configurations, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies. Understanding of Active Directory concepts, including users, groups, and role-based access control. Understanding of resilience and disaster recovery, including backup and restore operations. 1 - Configure Microsoft Entra ID Describe Microsoft Entra ID benefits and features Describe Microsoft Entra concepts Compare Active Directory Domain Services to Microsoft Entra ID Select Microsoft Entra editions Implement Microsoft Entra join Implement Microsoft Entra self-service password reset 2 - Configure user and group accounts Create user accounts Manage user accounts Create bulk user accounts Create group accounts Create administrative units 3 - Configure subscriptions Identify Azure regions Implement Azure subscriptions Obtain an Azure subscription Identify Azure subscription usage Implement Microsoft Cost Management Apply resource tagging Apply cost savings 4 - Configure Azure Policy Create management groups Implement Azure policies Create Azure policies Create policy definitions Create an initiative definition Scope the initiative definition Determine compliance 5 - Configure role-based access control Implement role-based access control Create a role definition Create a role assignment Compare Azure roles to Microsoft Entra roles Apply role-based access control Review fundamental Azure RBAC roles 6 - Configure Azure resources with tools Use the Azure portal Use Azure Cloud Shell Use Azure PowerShell Use Azure CLI 7 - Use Azure Resource Manager Review Azure Resource Manager benefits Review Azure resource terminology Create resource groups Create Azure Resource Manager locks Reorganize Azure resources Remove resources and resource groups Determine resource limits 8 - Configure resources with Azure Resource Manager templates Review Azure Resource Manager template advantages Explore the Azure Resource Manager template schema Explore the Azure Resource Manager template parameters Consider Bicep templates Review QuickStart templates 9 - Configure virtual networks Plan virtual networks Create subnets Create virtual networks Plan IP addressing Create public IP addressing Associate public IP addresses Allocate or assign private IP addresses 10 - Configure network security groups Implement network security groups Determine network security group rules Determine network security group effective rules Create network security group rules Implement application security groups 11 - Configure Azure DNS Identify domains and custom domains Verify custom domain names Create Azure DNS zones Delegate DNS domains Add DNS record sets Plan for Azure Private DNS zones Review Azure Private DNS zone scenarios 12 - Configure Azure Virtual Network peering Determine Azure Virtual Network peering uses Determine gateway transit and connectivity Create virtual network peering Extend peering with user-defined routes and service chaining 13 - Configure network routing and endpoints Review system routes Identify user-defined routes Determine service endpoint uses Determine service endpoint services Identify private link uses 14 - Configure Azure Load Balancer Determine Azure Load Balancer uses Implement a public load balancer Implement an internal load balancer Determine load balancer SKUs Create back-end pools Create health probes Create load balancer rules 15 - Configure Azure Application Gateway Implement Azure Application Gateway Determine Azure Application Gateway routing Configure Azure Application Gateway components 16 - Configure storage accounts Implement Azure Storage Explore Azure Storage services Determine storage account types Determine replication strategies Access storage Secure storage endpoints 17 - Configure Azure Blob Storage Implement Azure Blob Storage Create blob containers Assign blob access tiers Add blob lifecycle management rules Determine blob object replication Upload blobs Determine Blob Storage pricing 18 - Configure Azure Storage security Review Azure Storage security strategies Create shared access signatures Identify URI and SAS parameters Determine Azure Storage encryption Create customer-managed keys Apply Azure Storage security best practices 19 - Configure Azure Files and Azure File Sync Compare storage for file shares and blob data Manage Azure file shares Create file share snapshots Implement Azure File Sync Identify Azure File Sync components Deploy Azure File Sync 20 - Configure Azure Storage with tools Use Azure Storage Explorer Use the Azure Import/Export service Use the WAImportExport tool Use the AzCopy tool 21 - Configure virtual machines Review cloud services responsibilities Plan virtual machines Determine virtual machine sizing Determine virtual machine storage Create virtual machines in the Azure portal Connect to virtual machines 22 - Configure virtual machine availability Plan for maintenance and downtime Create availability sets Review update domains and fault domains Review availability zones Compare vertical and horizontal scaling Implement Azure Virtual Machine Scale Sets Create Virtual Machine Scale Sets Implement autoscale Configure autoscale 23 - Configure Azure App Service plans Implement Azure App Service plans Determine Azure App Service plan pricing Scale up and scale out Azure App Service Configure Azure App Service autoscale 24 - Configure Azure App Service Implement Azure App Service Create an app with App Service Explore continuous integration and deployment Create deployment slots Add deployment slots Secure your App Service app Create custom domain names Back up and restore your App Service app Use Azure Application Insights 25 - Configure Azure Container Instances Compare containers to virtual machines Review Azure Container Instances Implement container groups Review the Docker platform 26 - Configure file and folder backups Describe Azure Backup benefits Implement Backup Center for Azure Backup Configure Azure Recovery Services vault backup options Use the Microsoft Azure Recovery Services (MARS) agent Configure on-premises file and folder backups 27 - Configure virtual machine backups Explore options to protect virtual machine data Create virtual machine snapshots in Azure Backup Set up Azure Recovery Services vault backup options Back up your virtual machines Restore your virtual machines Implement System Center DPM and Azure Backup Server Compare the MARS agent and Azure Backup Server Implement soft delete for your virtual machines Implement Azure Site Recovery 28 - Configure Azure Monitor Describe Azure Monitor key capabilities Describe Azure Monitor components Define metrics and logs Identify monitoring data and tiers Describe activity log events Query the activity log 29 - Configure Azure alerts Describe Azure Monitor alerts Manage Azure Monitor alerts Create alert rules Create action groups 30 - Configure Log Analytics Determine Log Analytics uses Create a Log Analytics workspace Create Kusto (KQL) queries Structure Log Analytics queries 31 - Configure Network Watcher Describe Azure Network Watcher features Review IP flow verify diagnostics Review next hop diagnostics Visualize the network topology