In this post, I’m sharing a quick review of the Secure Your Data at Rest course, along with useful insights to support your prep for the AZ-500 certification exam.
Just completed this fifth course in the Microsoft Azure Security Engineer Associate Professional Certificate? You’re now focusing on one of the most critical aspects of cloud security — protecting sensitive information stored across your Azure environment. This course explores storage encryption, SQL threat protection, access controls, and compliance-focused features to ensure your data remains confidential and tamper-proof. If you’re serious about meeting security standards and protecting enterprise data, this course delivers the tools and concepts you need — and I’ve got the review to help guide your next steps.
Table of Contents
Module quiz: Storage security Quiz Answers
Question 1)
Select the scenario that best depicts the need for Storage service encryption in Azure.
- A software development company requires a secure method to share software packages and files with external entities without compromising their Azure Storage account credentials. They seek a solution that allows them to grant temporary access with customizable permissions and policies, ensuring data security and control.
- A technology company has identified the need to secure access to sensitive customer data in Azure Blob Storage. They want only specific IP addresses or network ranges associated with their trusted partners or internal systems to have access to the data.
- A financial services company stores sensitive information in Azure Blob Storage. They require a solution to safeguard this information even if the storage medium is compromised. They seek a mechanism to automatically encrypt the data at rest, ensuring its security and confidentiality.
- A multinational corporation requires a robust access control mechanism to safeguard its sensitive corporate data. They seek a solution that enables them to grant specific permissions to users or groups, ensuring that only authorized individuals can access and manipulate the data.
Question 2)
Your organization operates globally and stores customer data from different countries in Azure. You need to ensure compliance with data sovereignty regulations. Which benefit of Azure provides automatic data synchronization to a paired region for protection against regional outages?
- Physical isolation
- Region recovery order
- Platform-provided replication
- Sequential updates
Question 3)
Your organization wants to provide identity-based authorization for Blob and Queue services. Which among the following does Microsoft recommend?
- Azure AD Domain Services
- Public access
- Shared keys
- Azure Active Directory
Question 4)
You are building a secure file-sharing platform that allows users to upload and share files with specific access permissions. The files are stored in Azure Blob Storage, and you want to implement Microsoft-recommended best practices to reduce potential risks when using shared access signatures (SAS). Which one of the following represents a Microsoft-recommended best practice for securely using SAS in the file-sharing platform?
- Store the Storage account key in the application code for quicker access.
- Implement user delegation for SAS tokens wherever possible.
- Set a long expiration time for SAS tokens to reduce the need for frequent token generation.
- Use HTTP to distribute SAS tokens to users to ensure faster file access.
Question 5)
In which scenario is a service-level SAS most applicable? Provide only the minimum privileges.
- Granting access to an external reporting tool to generate monthly analytics reports based on data stored in the storage account
- Granting access to a mobile application to retrieve user-uploaded images from a specific container in the storage account using a stored access policy
- Granting access to a web application that allows users to upload files directly to Azure Blob Storage using their Azure Active Directory credentials
- Securing access to a backup and restoring service that requires downloading files from multiple containers in the storage account
Question 6)
Your team at TechMed Health Solutions has developed a mobile application that stores patients’ health data in Azure Blob Storage. For data security, you want the application only to be able to upload data to a specific container without any other permissions.
What SAS token permissions should you assign?
- Read, Write.
- Read, Write, List.
- Write.
- Write, Delete.
Question 7)
Identify the scenarios most suited for utilizing shared keys.
- An administrator needs access to an Azure Storage account to perform account-level operations.
- An application requires read-only access to a specific container within an Azure Storage account.
- A developer wants to enable secure access to Azure Storage resources using Azure Active Directory authentication.
- A user needs temporary access to upload files to an Azure Blob Storage container.
Question 8)
How can you ensure that the storage account access keys for your Azure Storage accounts are rotated regularly?
- Manually regenerate the access keys every month
- Enable automatic key rotation in the Azure portal
- Use Azure AD to manage access keys and enforce rotation
- Create a key expiration policy and set reminders for key rotation
Question 9)
You suspected a security breach and hence updated the access keys for an Azure Storage account using the Rotate key option in the Azure portal. How will you test the key rollover using Azure Storage Explorer? Select all that apply.
- Generating a new container within the Azure Storage account and checking if the new access keys are automatically applied.
- Attempting to access the Storage account using the old access keys.
- Generating a new Storage account in Azure Storage Explorer and attempting to access it using the new access keys.
- Verifying the connection to the Azure Storage account in Azure Storage Explorer using the new access keys.
Question 10)
You have designed a Blob container that uses a shared access signature (SAS) associated with a stored access policy. A request against this SAS failed with error code 403. What can be a probable reason for this?
- The permissions parameter contains the complete permission string, acdlrw.
- The request was raised after the expiry time of the policy.
- You have created more than five stored access policies for the Blob container.
- The start time of the stored access policy is mentioned as null.
Module quiz: Azure Storage and Azure Files Quiz Answers
Question 1)
As an IT admin, you are tasked with implementing a method for authorizing requests to blob data. The company wants to ensure enhanced security and minimum privilege access to Azure Storage accounts.
What is the best method to achieve this requirement?
- OAuth 2.0 token-only authorization
- Azure Active Directory (Azure AD) authentication
- Azure Functions authentication
- Shared Key authorization
Question 2)
A new hire at your company, John, will be assigned some tasks involving Azure AD authorization for blob data in Azure Storage. His tasks mainly revolve around viewing and listing blob data.
Which Azure built-in role should be assigned to John to perform his tasks effectively?
- Storage Blob Delegator
- Storage Blob Data Owner
- Storage Blob Data Contributor
- Storage Blob Data Reader
Question 3)
Your client, a healthcare technology provider, is in the process of migrating their data to Azure. They want granular control over encryption and decryption for Blob storage operations.
What key management option should they use in this case?
- Azure Disk Encryption
- Shared Access Signature
- Customer-provided key
- Microsoft-managed keys
Question 4)
You are developing a cloud-native application that requires a storage solution for large amounts of unstructured data, such as images and log files, with global accessibility.
Which Azure storage service would best meet these requirements?
- Azure Files
- Azure Disk Storage
- Azure Blob Storage
- Azure Table Storage
Question 5)
John, the IT Manager at TechMed Innovations, has to ensure that all patient health data stored in Azure Blob Storage is retained for a minimum of seven years due to new healthcare industry regulations. The data should not be altered or deleted during this period.
What policy should John implement to ensure the above requirements?
- Time-based retention policy
- Legal hold policy
- Azure Resource Logs
- Azure Activity Logs
Question 6)
Maria, a Cloud Solutions Architect at TechMed Innovations, learns that the company is involved in a legal case, and she needs to ensure certain blobs remain unchanged as they may serve as crucial evidence.
What policy should Maria implement to cater to these requirements?
- Time-based retention policy
- Legal hold policy
- Azure Activity Logs
- Azure Resource Logs
Question 7)
You have been tasked with setting up Azure AD Authentication for Azure Files. You’ve completed the setup of Azure AD Domain Services.
What should be your next step?
- Assign Azure role-based access control (RBAC) roles to users or groups
- Sync on-premises AD with Azure AD
- Mount the Azure File Share
- Enable Azure AD Domain Services Authentication for Azure Files in the Azure portal
Question 8)
Your company uses an Azure storage account for storing business-critical data. You must ensure all Azure Storage REST API calls are made over HTTPS.
What happens if someone tries to make an API call over HTTP after enabling the secure transfer required setting?
- The request will be rejected.
- The request will be redirected to HTTPS.
- The request will be processed normally.
- The request will be partially processed.
Question 9)
You are configuring your Azure Storage Account and want to ensure maximum security. You have a list of security measures to consider.
Which security measure ensures secure delegated access to resources in your storage account without sharing your keys?
- Azure Disk Encryption
- Shared Access Signature (SAS)
- Azure Private Link
- Azure Active Directory
Question 10)
As part of the security configuration for your Azure Storage, you want to limit network access to trusted networks only and permit trusted Microsoft services to access the storage account.
Which of the following configurations allows you to accomplish this?
- Setting up firewall rules and permitting trusted Microsoft services to access storage accounts
- Using blob versioning or immutable blobs
- Enabling Azure Disk Encryption
- Enabling Azure Defender
Module quiz: Database security and monitoring Quiz Answers
Question 1)
As an IT security manager for a financial firm, you’re tasked with improving the security measures for your Azure SQL Databases. You’re focusing on the authentication process and want to simplify user and permission management.
Which type of authentication should you employ?
- Contained database user authentication
- Role-Based Access Control (RBAC)
- SQL authentication
- Azure Active Directory (Azure AD) authentication
Question 2)
After migrating its user database to Azure SQL, your company wants to ensure its user accounts can access all databases, not just a specific one. The database administrator (DBA) must decide where to create these accounts.
Where can user accounts be created to grant permissions across all databases?
- User accounts can be created in the Azure Active Directory.
- User accounts can be created in the master database.
- User accounts can be created in any secondary database.
- User accounts can be created in the MySQL authentication plugin.
Question 3)
You are configuring Azure AD authentication for your SQL Database and want to use Azure AD-integrated authentication.
How do you authenticate to the SQL Database using Azure AD-integrated authentication?
- Enter the Azure AD username and password in the Connect to Server dialog and select Azure Active Directory – Password.
- Select Azure Active Directory – Integrated in the Authentication box without providing a password.
- Use the SQL Server Authentication method and provide your Azure AD username and password.
- Choose Windows Authentication and enter your Azure AD username and password.
Question 4)
EasyShop has implemented server-level IP firewall rules to secure its Azure SQL Database. They want to know what level of access these rules grant to clients.
What level of access do server-level IP firewall rules grant clients in an Azure SQL Database?
- Access only if the client’s IP address falls within the range specified by the database-level rule.
- Access to specific secured databases within the SQL Database server.
- Access to all databases within the same SQL Database server.
- Access to all Azure-based applications.
Question 5)
Imagine you are a security administrator in a retail organization that uses Azure SQL Database to store and process sensitive customer data. To ensure the safety of your organization’s data, you want the operations occurring on the database to be stored for inspection and analysis.
Which feature of the following will allow you to store and analyze database operations, report on database activity, and detect suspicious events?
- Vulnerability assessment
- Azure SQL Database Auditing
- Microsoft Defender for Identity
- Data discovery and classification
Question 6)
Consider you a security engineer, and you plan to enable database-level auditing on a specific database and server-level auditing.
What will be the consequences for the auditing process in Azure SQL Database if you enable both?
- Enabling auditing on the specific database applies the same auditing settings to all other databases on the server.
- Enabling auditing on both the server and database levels results in the database being audited twice.
- Enabling auditing on the server level disables auditing on the specific database.
- Enabling auditing on the database will change the server-level auditing settings.
Question 7)
You are a security administrator in a healthcare organization that recently enabled advanced data security features for its Azure SQL Database. You understand the importance of data security and take the initiative to implement these features.
How can you configure advanced data security features for Azure SQL Database?
- By enabling advanced data security at the server level
- By enabling advanced data security at the database level
- By enabling advanced data security at the subscription level
- By enabling advanced data security at the table level
Question 8)
Your organization, an e-commerce company, wants to improve its security posture and adhere to regulatory standards. You are tasked with implementing Azure Data Discovery and Classification.
What are the primary benefits that Azure Data Discovery and Classification offers?
- It reduces storage costs and optimizes resource usage.
- It allows direct interaction with Azure Storage and Azure SQL Database.
- It ensures business continuity and disaster recovery.
- It enhances security, ensures compliance, improves efficiency, and reduces risk.
Question 9)
Steve is a database administrator at a financial institution. His organization uses the Azure SQL Database to store customer information. One day, Joseph receives an alert regarding a critical security breach identified in the database component. He decides to run a vulnerability scan for the Azure SQL Database.
How will the vulnerability assessment scan help him?
- Generate audit reports
- Improve database performance
- Provide visibility into the security state
- Store the database operations for analysis
Question 10)
Imagine you are a security administrator in a retail organization that uses the Azure SQL Database to store and process sensitive customer data. To ensure the safety of your organization’s data, you want the operations occurring on the database to be stored for inspection and analysis.
Which feature of the following will allow you to store and analyze database operations, report on database activity, and detect suspicious events?
- Microsoft Defender for Identity
- Azure SQL Database Auditing
- Data discovery and classification
- Vulnerability Assessment
Module quiz: Defender for Cloud and data masking and encryption Quiz Answers
Question 1)
Imagine you are part of a newly set up healthcare organization that has recently implemented Defender for Cloud to enhance the security posture of its hybrid cloud environment. The organization has a low secure score and has room to improve its security. What does a secure score indicate for that organization?
- The number of recommendations provided by Defender for Cloud
- A percentage of the security strength of the environment
- A measure of how much data is stored in the cloud
- The level of encryption used for data storage
Question 2)
Imagine you are a security engineer at a multinational organization that operates in a hybrid cloud environment. You are responsible for monitoring the security posture of the cloud. You log in to Defender for Cloud dashboard to enhance the security posture of its cloud workloads and resources. One day you receive alerts informing you about cyber attacks.
Which part of Defender for Cloud is considered the reactive component that contributes to setting up automatic responses to cyberattacks such as brute-force attacks?
- Enhanced security features
- Cloud workload protection
- Cloud workload prevention
- Automatic responses
Question 3)
You are a cybersecurity analyst working for an e-commerce company that operates a cloud-based environment to serve customers worldwide. The company’s application is hosted on multiple cloud servers, and you are responsible for ensuring the security of the entire application infrastructure.
Which capability of Microsoft Defender for Cloud helps to diagnose the weaknesses in your application infrastructure that leave your environment susceptible to attack?
- Infrastructure service insights
- Security alerts
- Protect containers
- Security incidents
Question 4)
Suppose you are working as a security engineer in a financial institution. Recently, you have received several security warnings that your organization’s database is at high risk. You decide to take a step toward improving the security of your organization’s resources, and therefore, you decide to implement Microsoft Defender plans. Before choosing the kind of plan, what parameters should you consider?
- Resources used by the organization and regulatory requirements
- Operating system of the organization’s servers
- Number of employees in the organization
- Physical location of the organization’s headquarters
Question 5)
You are a cybersecurity analyst in a healthcare organization. You realize that enabling Microsoft Defender for SQL at the subscription level has a significant advantage. Therefore, you decide to enable it. What is the benefit of enabling Microsoft Defender for Azure SQL Database at the subscription level?
- Automatically protects all new resources
- Gives better performance for SQL queries
- Reduces the cost of SQL database storage
- Enhances the scalability of SQL databases
Question 6)
You work for a healthcare organization that stores patients’ financial and health records. What feature can you use to secure your data at rest if an interceptor tries to gain physical access to the database files?
- Microsoft Defender for Cloud
- Dynamic data masking
- Transparent data encryption (TDE)
- TLS network encryption
Question 7)
How does dynamic data masking (DDM) help prevent unauthorized access to sensitive data?
- By limiting data exposure through data masking for nonprivileged users
- By implementing strong access control lists
- By creating regular data backups
- By encrypting the data at rest and in transit
Question 8)
Suppose you are a database administrator at a financial institution that uses Azure SQL Database to store financial information. You have implemented transparent data encryption (TDE) to secure your data at rest and protect the information from unauthorized access.
One day, you discover that during a routine security review, the permissions of the logical SQL Server to the key vault are revoked. What will be the consequence of such a challenging situation?
- Permissions of the Key Vault will automatically be revoked.
- TDE protector will be transferred to the Key Vault.
- The database will become inaccessible, and all data will be encrypted.
- TDE protector will be generated by the Key Vault.
Question 9)
You are an Azure security engineer designing an encryption strategy. The company’s database includes a column used for point lookups and indexing.
What type of encryption should you use for this column?
- No encryption
- Randomized encryption
- Deterministic encryption
- Transparent Data Encryption (TDE)
Question 10)
You work for an online retailer, and you are implementing Always Encrypted on Azure SQL Database to safeguard sensitive customer information. You have created the Column Master Key (CMK) and Column Encryption Key (CEK).
What is the next step in deploying an Always Encrypted implementation?
- Develop and modify applications
- Setup key metadata and configure column encryption
- Design
- Validation and testing
Graded assessment: Secure Your Data at Rest Quiz Answers
Question 1)
Your organization wants to minimize downtime and potential issues during Azure system updates.
Which benefit of Azure paired regions ensures a staged roll-out to minimize the impact?
- Physical isolation
- Region recovery order
- Sequential updates
- Data residency
Question 2)
You want to revoke a stored access policy for a specific customer due to a security incident. The customer’s account has been compromised, and there is a potential risk of unauthorized access to their data.
Which actions can effectively revoke the stored access policy? Select all that apply.
- Rename the stored access policy by changing the signed identifier
- Make the Start time parameter null
- Extend the expiry time of the stored access policy to a future date
- Delete the stored access policy
Question 3)
As a security consultant for a healthcare tech company, you are responsible for auditing data transactions. The company uses SAS tokens for secure data sharing.
What is one of the benefits of using SAS tokens from an auditing perspective?
- SAS tokens provide an alert system for any suspicious activities.
- Each SAS token is unique, which allows the tracing of activities back to a specific token.
- SAS tokens allow you to track data usage in real time.
- SAS tokens automatically log all data transactions.
Question 4)
What is the purpose of assigning two storage account access keys to a storage account?
- To ensure continuous access to the storage account during key rotation
- To provide redundancy for data backup
- To enable simultaneous access from different geographic locations
- To allow multiple administrators to manage the account simultaneously
Question 5)
You want to grant anonymous read access to a container and its blobs in Azure Blob Storage without sharing your account key or requiring shared access signatures.
Which authorization option should you use?
- Public access
- Azure AD
- Shared keys
- Shared access signature
Question 6)
Alice, a developer in your organization, is setting up Azure RBAC for Blob storage access. She needs to use shared access signatures (SAS) signed with Azure AD credentials.
Which Azure role should Alice assign to enable this functionality?
- Storage Blob Data Owner
- Storage Blob Data Contributor
- Storage Blob Data Reader
- Storage Blob Delegator
Question 7)
Your organization plans to move large amounts of data to the cloud for analytics. They need a service that allows accessible data sharing with different tools in Azure.
Which feature of Azure would be most suitable for this requirement?
- Azure File Sync
- Azure Files
- Storage Account Key
- Azure AD Domain Services Authentication
Question 8)
As a part of your new project, you are working with Azure Storage Services and Azure Files. Your company’s policy dictates that all connections should be encrypted.
Which of the following statements is true when secure transfer required is enabled?
- Azure Files connections can be made via SMB 3.0 without encryption
- Azure Files connections require SMB with encryption
- Azure Files connections are not affected by the Secure transfer required setting
- Azure Files connections can be made via SMB 2.1
Question 9)
You are an IT specialist working with a company that needs to store and process a significant amount of data. They’re considering Azure Storage due to its cost efficiency and robust security. They must use the most secure method to authorize their Azure Storage Account requests.
What is the most recommended way of authorizing requests to Azure Storage accounts?
- Shared Key authorization
- Azure AD
- Azure Disk Encryption
- Shared Access Signature (SAS)
Question 10)
Your organization is expanding its Azure infrastructure and adopting more Azure services. Your task is to ensure only traffic from your virtual network (VNet) can access the Azure SQL Databases.
What feature should you employ to achieve this?
- Firewalls
- Data encryption
- Virtual network (VNet) service endpoints
- Role-based access control (RBAC)
Question 11)
You’re the IT director of a large educational institution that uses Azure SQL Database to store student information. The need for comprehensive control and management of identities that can authenticate and authorize activities within your database is paramount.
What built-in functionality does Azure SQL Database offer for this purpose?
- Transparent data encryption (TDE)
- Virtual Network (VNet) service endpoints
- Firewall rules
- SQL and Azure Active Directory (Azure AD) authentication
Question 12)
You want to connect to SQL Database using Azure AD password authentication but cannot access your domain.
How can you authenticate to SQL Database using Azure AD password authentication when you don’t have access to your domain?
- Use Windows Authentication and enter your Azure AD User name and Password
- Choose Azure Active Directory – Password in the Connect to Server dialog, and enter your Azure AD User name and Password
- Select Azure Active Directory – Integrated and provide your Azure AD User name and Password
- Select Azure Active Directory – Device Code and authenticate using a device code
Question 13)
You are a security engineer working for a large online retailer. Your company’s Azure SQL Database performance is suddenly declining, affecting the customer experience on your website. You want to use Azure SQL Database’s built-in features to diagnose and rectify the issue.
Which feature, also a prerequisite to using Azure threat detection on your Azure SQL database, should you use to track operations on the database for later inspection?
- Azure SQL Analytics
- Advanced Data Security for Azure SQL Database
- Azure SQL Database auditing
- Azure SQL Database Blob Storage
Question 14)
As a data manager, you have been asked to apply Azure Data Discovery and Classification for your organization’s Azure SQL Databases.
What are the main steps to implement Azure Data Discovery and Classification?
- Review the dashboard report, implement data protection, enable the feature, and apply labels and information types
- Configure VPN, enable Azure Data Discovery and Classification, review the dashboard report, and apply labels and information types
- Enable the feature, discover, and classify sensitive data, apply labels and information types, review the dashboard report, and implement data protection
- Enable Azure Disk Encryption, review the dashboard report, discover and classify sensitive data, and apply labels and information types
Question 15)
Imagine you are a cybersecurity engineer in a financial institution that uses Azure SQL Database to store and manage crucial customer information. It includes personal and financial information; therefore, protecting this data from security threats is of utmost importance to your organization. To ensure that, you are supposed to implement a data discovery and classification in Azure SQL Database.
What is the primary purpose of data discovery and classification in Azure SQL Database?
- To provide visibility into your database’s classification state
- To recommend how to investigate the threats
- To store the operations that occur on the database for inspection and analysis
- To enable advanced SQL security capabilities
Question 16)
Consider you are a cybersecurity analyst, and your team decides to enable Defender for open-source relational databases.
Which databases does Defender for open-source relational databases protect?
- Azure Database for PostgreSQL, Azure Database for MySQL, and Azure Database for MariaDB
- Azure Database for SQL Server, Azure Database for Oracle, and Azure Database for MongoDB
- Azure Database for PostgreSQL, Azure Database for Oracle, and Azure Database for MariaDB
- Azure Database for SQL Server, Azure Database for MySQL, and Azure Database for MongoDB
Question 17)
You are an IT security manager at a large multinational corporation that has adopted a multi-cloud strategy to leverage the benefits of different cloud service providers. The company uses a combination of Azure, AWS (Amazon Web Services), and Google Cloud Platform (GCP) to host various applications and store sensitive customer data securely. As part of your role, you ensure compliance with industry regulations and company policies across all cloud deployments.
You navigate to the regulatory compliance dashboard. What types of responsibilities can be managed through the compliance dashboard?
- Financial responsibilities for cloud services
- Only manual responsibilities related to security
- Compliance responsibilities for third-party vendors
- Automatic, manual, and shared responsibilities
Question 18)
You are a security engineer at a retail organization. Your organization uses Azure SQL Database to store customer information. While analyzing the features of Microsoft Defender for SQL, you discover it offers various features, so you plan to enable it.
In what way does Microsoft Defender for SQL help you?
- Manage the storage and retrieval of SQL data.
- Enable SQL database administrators to create queries.
- Provide advanced SQL security capabilities.
- Optimize the performance of SQL databases.
Question 19)
You are a data analyst at a telecommunications company that handles customers’ personal information. Your team frequently runs queries on the Azure SQL Database to generate reports.
Which Azure SQL Database feature allows you to control the visibility of sensitive data in query result sets to protect sensitive customer data and comply with privacy regulations?
- Microsoft Defender for Cloud
- Transport Layer Security network encryption
- Transparent data encryption
- Dynamic data masking
Question 20)
You are a security architect working for a large financial institution that handles sensitive customer data. The institution has strict security and compliance requirements, and data protection is a top priority. To enhance the security of your databases and ensure full control over encryption keys, you have decided to implement customer-managed transparent data encryption (TDE) in Azure SQL Database.
Where is the customer-managed asymmetric key stored in customer-managed transparent data encryption?
- Microsoft Trust Center
- Azure Managed Key Vault
- Azure Key Vault
- Azure SQL Database
You might also like: Secure Your Applications Quiz Answers
Review
I recently completed the Secure Your Data at Rest course on Coursera, and it’s a deep dive into the strategies and technologies for protecting stored data in Azure. With five comprehensive modules, the course walks you through deploying shared access signatures (SAS), managing encryption, monitoring data access, and implementing advanced SQL security features.
What stood out most was the hands-on experience with enabling Defender for SQL, configuring auditing, and deploying Always Encrypted implementations — all highly relevant for real-world security and compliance needs. The course also covers data masking, Azure Files authentication, blob retention policies, and AAD-based database authentication, giving you a full picture of how to secure storage services and databases.
If you’re preparing for the AZ-500 exam or working on compliance-heavy Azure projects, this course provides essential knowledge and practical skills. It’s an important step for security professionals responsible for safeguarding data in transit and at rest across cloud infrastructure.