آموزش MCSE در تبریز
Microsoft certified Solutions Expert (MCSE) Cloud Platform and Infrastructure
| نام دوره آموزشی | مدت (ساعت) | شهریه (ریال) | Microsoft Certified Solutions Expert (MCSE) Cloud Platform and Infrastructure | Securing Windows Server 2016 (70-744) | 80 (40 جلسه 1/5 ساعته) | 70,000,000 |
|---|
سرفصل MSCE
- (Implement Server Hardening Solutions (25-30%
Configure disk and file encryption ■
Determine hardware and firmware requirements for secure boot and encryption key functionality; deploy BitLocker encryption; deploy BitLocker without a Trusted Platform Module (TPM); deploy BitLocker with a TPM only; configure the Network Unlock feature; configure BitLocker Group Policy settings; enable Bitlocker to use secure boot for platform and BCD integrity validation; configure BitLocker on Cluster Shared Volumes (CSVs) and Storage Area Networks (SANs); implement BitLocker Recovery Process using self-recovery and recovery password retrieval solutions; configure Bitlocker for virtual machines (VMs) in Hyper-V; determine usage scenarios for Encrypting File System (EFS); configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
Implement malware protection ■
Implement antimalware solution with Windows Defender; integrate Windows Defender with WSUS and Windows Update; configure Windows Defender using Group Policy; configure Windows Defender scans using Windows PowerShell; implement AppLocker rules; implement AppLocker rules using Windows PowerShell; implement Control Flow Guard; implement Code Integrity (Device Guard) Policies; create Code Integrity policy rules; create Code Integrity file rules
Protect credentials ■
Determine requirements for implementing Credential Guard; configure Credential Guard using Group Policy, WMI, command prompt, and Windows PowerShell; implement NTLM blocking
Create security baselines ■
Install and configure Microsoft Security Compliance Toolkit; create, view, and import security baselines; deploy configurations to domain and non-domain joined servers
(Secure a Virtualization Infrastructure (5-10%
Implement a Guarded Fabric solution ■
Install and configure the Host Guardian Service (HGS); configure Admin-trusted attestation; configure TPM-trusted attestation; configure the Key Protection Service using HGS; migrate Shielded VMs to other guarded hosts; troubleshoot guarded hosts
Implement Shielded and encryption-supported VMs ■
Determine requirements and scenarios for implementing Shielded VMs; create a shielded VM using only a Hyper-V environment; enable and configure vTPM to allow an operating system and data disk encryption within a VM; determine requirements and scenarios for implementing encryption-supported VMs; troubleshoot Shielded and encryption-supported VMs
(Secure a Network Infrastructure (10-15%
Configure Windows Firewall ■
Configure Windows Firewall with Advanced Security; configure network location profiles; configure and deploy profile rules; configure firewall rules for multiple profiles using Group Policy; configure connection security rules using Group Policy, the GUI management console, or Windows PowerShell; configure Windows Firewall to allow or deny applications, scopes, ports, and users using Group Policy, the GUI management console, or Windows PowerShell; configure authenticated firewall exceptions; import and export settings
Implement a Software Defined Datacenter Firewall ■
Determine requirements and scenarios for Datacenter Firewall implementation with Software Defined Networking; determine usage scenarios for Datacenter Firewall policies and network security groups; Configure Datacenter Firewall Access Control Lists
Secure network traffic ■
Configure IPsec transport and tunnel modes; configure IPsec authentication options; configure connection security rules; implement isolation zones; implement domain isolation; implement server isolation zones; determine SMB 3.1.1 protocol security scenarios and implementations; enable SMB encryption on SMB Shares; configure SMB signing via Group Policy; disable SMB 1.0; secure DNS traffic using DNSSEC and DNS policies; install and configure Microsoft Message Analyzer (MMA) to analyze network traffic
(Manage Privileged Identities (25-30%
Implement Just-In-Time (JIT) Administration ■
Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager (MIM); configure trusts between production and bastion forests; create shadow principals in bastion forest; configure the MIM Web portal; request privileged access using the MIM Web portal; determine requirements and usage scenarios for Privileged Access Management (PAM) solutions; create and Implement MIM policies; implement Just-in-Time administration principals using time-based policies; request privileged access using Windows PowerShell
Implement Just-Enough-Administration (JEA) ■
Enable a JEA solution on Windows Server 2016; create and configure session configuration files; create and configure role capability files; create a JEA endpoint; connect to a JEA endpoint on a server for administration; view logs; download WMF 5.1 to a Windows Server 2008 R2; configure a JEA endpoint on a server using Desired State Configuration (DSC)
Implement Privileged Access Workstations (PAWs) and User Rights Assignments ■
Implement a PAWS solution; configure User Rights Assignment group policies; configure security options settings in Group Policy; enable and configure Remote Credential Guard for remote desktop access; Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach; Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest
Implement Local Administrator Password Solution (LAPS) ■
Install and configure the LAPS tool; secure local administrator passwords using LAPS; manage password parameters and properties using LAPS
(Implement Threat Detection Solutions (15-20%
Configure advanced audit policies ■
Determine the differences and usage scenarios for using local audit policies and advanced auditing policies; implement auditing using Group Policy and AuditPol.exe; implement auditing using Windows PowerShell; create expression-based audit policies; configure the Audit PNP Activity policy; configure the Audit Group Membership policy; enable and configure Module, Script Block, and Transcription logging in Windows PowerShell
Install and configure Microsoft Advanced Threat Analytics (ATA) ■
Determine usage scenarios for ATA; determine deployment requirements for ATA; install and configure ATA Gateway on a dedicated server; install and configure ATA Lightweight Gateway directly on a domain controller; configure alerts in ATA Center when suspicious activity is detected; review and edit suspicious activities on the attack time line
Determine threat detection solutions using Operations Management Suite (OMS) ■
Determine usage and deployment scenarios for OMS; determine security and auditing functions available for use; determine Log Analytics usage scenarios
(Implement Workload-Specific Security (5-10%
Secure application development and server workload infrastructure ■
Determine usage scenarios, supported server workloads, and requirements for deployments; install and configure Nano Server; implement security policies on Nano Servers using Desired State Configuration (DSC); Manage local policy on Nano Server; determine usage scenarios and requirements for Windows Server and Hyper-V containers; install and configure containers
Implement a secure file services infrastructure and Dynamic Access Control (DAC) ■
Install the File Server Resource Manager (FSRM) role service; configure quotas; configure file screens; configure storage reports; configure file management tasks; configure File Classification Infrastructure (FCI) using FSRM; implement work folders; configure file access auditing; configure user and device claim types; implement policy changes and staging; perform access-denied remediation; create and configure Central Access rules and policies; create and configure resource properties and lists
