Section 2: Identity and Security
Design for identity and security (20-25%)
Design Identity Management
Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
Design Authentication
Choose an authentication approach; design a single-sign on approach; design for IPSec, logon, multi-factor, network access, and remote authentication
Design Authorization
Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys
Choose the right authentication method for your Azure Active Directory hybrid identity solution
Ensure that proper authorization is in place and principle of least privileges is followed
How to secure back-end services using client certificate authentication in Azure API Management
Design for Risk Prevention for Identity
Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors