Earlier I tried to compile list of Microsoft documentation and other resources relevant for 70-473 exam preparation but I quickly realized that exam scope makes this list too huge and unwieldy. I now decided that I would rather split this into smaller resources lists following specific exam sections. Below you can see the list of reading resources relevant for Design and Implement Security section of 70-473 exam. You will mainly find links to Microsoft documentation in this list.
Here you can see Design and Implement Security exam section topics as described on official exam page:
- Design and implement SQL Server Database security
- Configure firewalls; manage logins, users, and roles; assign permissions; configure auditing; configure Transparent Database Encryption (TDE); configure row-level security; configure data encryption; configure data masking; configure Always Encrypted
- Design and implement Azure SQL Database security
- Configure firewalls; manage logins, users, and roles; assign permissions; configure auditing; configure row-level security; configure data encryption; configure data masking; configure Always Encrypted, configure Automatic Threat Detection
I tried to structure list of links below based on sub-objectives.
Configure Firewalls
Azure SQL Database and SQL Data Warehouse firewall rules
sp_set_database_firewall_rule (Azure SQL Database)
Azure SQL Database: Firewall security
Configure a Windows Firewall for Database Engine Access
Configure a Server to Listen on a Specific TCP Port
Configure the Windows Firewall to Allow SQL Server Access
TCP/IP Properties (IP Addresses Tab)
SQL Server: Frequently Used Ports
Security Considerations for SQL Server in Azure Virtual Machines
Manage logins, users and roles
Server and Database Roles in SQL Server
Managing Users, Roles, and Logins
Getting Started with Database Engine
CREATE CREDENTIAL (Transact-SQL)
SQL Server Separation of Duties (Word document download)
Assign Permissions
Getting Started with Database Engine Permissions
GRANT Server Permissions (Transact-SQL)
SQL Server Best Practices – Implementation of Database Object Schemas
+ see also: What are some best practices for using schemas in SQL Server?
Azure SQL Database and SQL Data Warehouse access control
Configure Auditing
Get started with SQL database auditing
Set-AzureRmSqlServerAuditingPolicy
Use-AzureRmSqlServerAuditingPolicy
Configure Transparent Database Encryption (TDE)
Transparent Data Encryption (TDE)
Transparent data encryption for SQL Database and Data Warehouse
Enable TDE on SQL Server Using EKM
ALTER DATABASE (Azure SQL Database)
Configure Row-Level Security (RLS)
SQL Server 2016 : Implement Row Level Security using Predicate Function and Security Policy
SQL Server Security Blog – Row-Level Security block predicates are generally available on Azure SQL DatabaseCREATE SECURITY POLICY (Transact-SQL)
Configure Data Encryption
SQL Server 2016 New Features: Security and Encryption
Encrypt a Column of Data (column/cell level encryption)
Extensible Key Management Using Azure Key Vault (SQL Server)
CREATE ASYMMETRIC KEY (Transact-SQL)
SQL Server Certificates and Asymmetric Keys
OPEN SYMMETRIC KEY (Transact-SQL)
Get started with Azure Key Vault
About keys, secrets, and certificates
Configure Data Masking
SQL Database dynamic data masking
Use Dynamic Data Masking to obfuscate your sensitive data
Configure Always Encrypted
Always Encrypted (Database Engine)
Always Encrypted (client development)
Develop using Always Encrypted with .NET Framework Data Provider
Microsoft Azure SQL Database provides unparalleled data security in the cloud with Always Encrypted
Configure Always Encrypted using SQL Server Management Studio
SqlConnection.ConnectionString Property
Use .NET (C#) with Visual Studio to connect and query an Azure SQL database
Configure Automatic Threat Detection
Use PowerShell to configure SQL Database auditing and threat detection
Azure SQL Database Threat Detection
Azure Security Center Documentation
Other/General
Azure Cosmos DB: SQL API getting started tutorial
Get started with Azure Table storage and the Azure Cosmos DB Table API using .NET
Monitoring SQL Server Performance
Monitor Resource Usage (System Monitor)
Next time I will try to compile similar list for Design and implement high availability, disaster recovery, and scalability section of the exam.