βοΈ A Journey to the Cloud (AZ-900)
Prelude
I’ve had a significant downtime last year due to some unfortunate series of events. Did not stop me from wandering around at least with what’s left for me.
“We don’t rise to the level of our expectations; we fall to the level of our training.” Archilochus
I used this slow time for healing, and also to catch up on things I have been wanting to do.
Ready for the π π³ ?
Binge on Netflix Breaking Bad and Better Call Saul- Brush up on the ELK Stack
- In which I need to dust off this Docker knowledge as well
- Learn Networking
- The YouTube god introduced me to David Bombal, John Hammond, Neal Bridges, and Daniel Lowrie
- All of them were so inspirational ultimately leading me to The Pentester Blueprint by Phillip Wylie. A highly recommended and most references wanting to understand the field of cyber security point to here
- Talked about a formula (more on this later) which lead me to get my feet wet on the topics of Penetration Testing. Hence, another hole. Fasten your seatbelt.
- Penetration Testing Student Learning Path by INE to prepare for eJPT (WIP)
- TryHackMe (Currently Top 3% … Top 1% very soon!)
- HackTheBox
- picoCTF
- TCM Security courses to prepare for Practical Network Penetration Tester (WIP)
- Talked about a formula (more on this later) which lead me to get my feet wet on the topics of Penetration Testing. Hence, another hole. Fasten your seatbelt.
The industry of cloud computing is moving so fast. With it is the cyber security space. For me, it’s good to have all this knowledge but I wanted to see a place for myself where I am comfortable working, failing forward, and to help others while learning altogether.
DevSecOps. Why not? I get to code and develop, and help organizations reach their goals, and with a theat-informed security defense in mind.
The Pentester Blueprint Formula
In Sun Tzu’s The Art of War it says
βIf you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.β
What better way to be informed about the scope of the attacker than to be in that environment. If I wanted to understand the space in the cloud and to defend it, I need to have a footing on the cloud environment. There are specializations about cloud security research for cloud service providers. And it’s a cat-and-mouse game. The adversaries are knowledgeable and so should the defenders. But I’m not going into that just yet. Baby steps.
Technology Knowledge + Hacking Knowledge + Hacker Mindset = Pentester Blueprint Formula
Technology Knowledge. Let’s take it piece by piece.
“Phenomenal cosmic power! Itty bitty living space.” Genie.
It’s a huge knowledge area to cover. And I’ve got limited time in a day. Only 24 hours. You too?
So I needed to prioritize. I needed a structure. I needed a roadmap.
“Iβve gone where the universe takes me my whole life. Itβs better to make those decisions for yourself.” Jane, El Camino.
Admittedly so, I needed to go over and over the fundamentals to build a strong foundation. That’s when I decided to take up the challenge and gain my first cloud certificate.
Preparation for the Exam
Why AZ-900?
I chose to go with the AZ-900 Microsoft Certified: Azure Fundamentals.
Reasons:
- Microsoft being one of the major cloud services provider. See Magic Quadrant for Cloud Infrastructure and Platform Services. And I got a friend who is working on a company that is a Microsoft Cloud Solution Provider (MCSP) and it got me intrigued as to what it takes to be one.
- I was so naive and carried-away by TCM Security Academy. One of the topics is about Active Directory. I thought on-premises Active Directory and Azure Active Directory are the same thing! Spoiler alert β they are not! π Good problems.
- ITProTV has course offerings for AWS and Azure. I put them both on queue.
- The exam is free. Like free lunch! Actually you actually get an exam voucher for free when you attend and completed the virtual trainings. More on this later.
To put things in perspective, I’ve used a few Cloud Providers (Linode, Digital Ocean, and AWS) on my pet projects. I just decided it’s a good first industry-recognized cloud certificate.
Virtual Training
Microsoft offers Virtual Training Days to help IT professionals up-skill on the fields of Cloud Computing Fundamentals, AI, Data, DevOps, Linux OSS DB Migration, Business Apps, Microsoft 365, Security and more.
https://www.microsoft.com/en-us/trainingdays
For Microsoft Azure Virtual Training Day: Fundamentals, participants that completed the two-day training are eligible to to take the Microsoft Azure Fundamentals certification exam at no cost. It’s neat business strategy. They wanted to bring in more people into their cloud services. So they educate people about their cloud offerings.
Microsoft Learning
There are learning paths offered by Microsoft Learning to cover the exam objectives. I would say, I’m impressed of how clearly it is structured and the terms to be accessible not only to the IT professionals but also to the business people. IT experience is not required but having a basic knowledge of how cloud computing works and the benefits of doing business on these cloud offerings helps.
You as the learner works for a fictional IT company looking to expand opportunities to the cloud.
As you go through the “Units” or lessons, you rack up XPs and level up.
Learning paths are composed of modules. Modules are further broken down into units. At the end of each unit, you answer the knowledge checks which grants you badges.
ITProTV
ITProTV calls themselves “Edutainers”. For me, it’s a matter of turning that off-season breaks of the TV series into binge “Watch & Learn”.
ITProTV has been helpful for me to learn Ansible (https://github.com/aldnav/learning-ansible) with practical examples and you get to pick on the expert’s brain and experiences. I must say, Justin and Daniel, you guys are funny.
As I mentioned, I put on queue both AWS Certified Cloud Practitioner and Microsoft Azure Fundamentals (AZ-900) courses and eventually completing the latter.
Cherokee and Mike didn’t just go through over the coverage but also provided practical scenarios where each Azure services fit into the IT infrastructure, customer needs, and it is apparent that both of them are expert level in IT management and security. You learn from the best they say.
You can browse through the other couse libraries by category, certification, and learning paths. They’ve got a lot to cover.
Also, its talk-show format is really engaging even just for past-time. I have some good laughs too. Some of the quotes and jokes and expressions I have acquired just watching their videos.
YouTube: Inside Cloud and Security John Savill Technical Training
These videos has helped me acquire and end-to-end coverage of the course material. Normally, I switch through ITProTV and these videos so I can correlate the services, the exam pointers, and the practical scenarios.
- AZ-900 Azure Fundamentals Certification Exam Cram - Full Course 2021/2022 by Inside Cloud and Security
- AZ-900 Azure Fundamentals Study Cram - 2022 Edition! by John Savill
Both of these materials, and ITProTV course explores the Azure Portal which you can follow along.
I don’t do very well on exams. Not sure why. I only get through exams because of recall. Memory is not reliable too but at least I get some of the “anchors” which I can later on relate to possible answers. That said, taking practice exams is exciting.
Practice Tests on WHIZLABS
Taking practice tests on WHIZLABS gave me confidence and idea as to how the actual tests may be structured. Trained me to context-switch between different areas of the exam coverage. And also most importantly, being mindful of the time.
AZ-900 exam takers are bound by NDA so I cannot say much about the exact questions itself. Although I find the actual exam coverage and the practice tests by WHIZLABS close in terms of the types of questioning (multiple choice, one-item solution or composite-item solution, fill in the blanks, navigation to the Azure portal) and there is more types from the actual exam, and how much of each area in the coverage is being asked.
What I like about Whizlabs is it’s got a free test and a comprehensive report. And then they upsell you the rest of the practice test sets, video course, labs, and a completion certificate. I just purchased the practice tests.
Although to be fair I did not seek out other online practice tests. I just got this recommendation from a Discord channel with members seeking to pass the exam as well.
The review and performance reports after taking each test also provides a community-based queries which the WHIZLABS experts may respond to clarify issues on the platform itself or the subject matter, and also the explanations for the answers. Which is really helpful in cases where there are gaps from the learning resources. The community-based queries also provides a way for the platform to correct mistakes, and update the practice exams as it matures.
Hands-on Azure Portal
Last but not the least is the hands-on experience from the Azure Portal.
You can use a free account to explore the Azure Portal. They also give a credit which you can use to try other services on top of the free services. Unfortunately, my credits expired without me using it β courtesy of the tropical storm Odette which leaves the island of Cebu powerless for more than a month.
I have spent much time exploring the Azure Portal. Pausing the video lessons as I go through the UI, the cloud shell, the ARM templates, logical units of organization (management groups, resource groups, tags), the resources themselves (Azure VMs, Locks, Storage, Subscriptions, VNet, etc.,).
What I like about the portal is I don’t get lost on a tree of menus. I’m looking at you AWS π§. And it’s easy to the eyes.
Just be mindful of the limitations on pricing if it’s not a free resource so you don’t rack up on costs although Azure, by design, is transparent about it.
Taking the Exam
I scheduled the exam last January 27, 2022. I did not really put in much thought about as to when I actually wanted to take the exam. So I just counted weeks and plotted February 25, 2022.
Turns out, ITProTV provides a guide on scheduling for learning which I could have used. Next time then!
I chose the online proctored exam using Pearson Vue. I’m kind of new to this type of exam where a proctor is assigned to evaluate the physical test environment, (through the webcam like a mini tour), and also monitor you while you take the exam. There are rules, and these rules are important for a smooth exam taking experience.
For the actual process of the Pearson Vue exam, these videos helped me prepare.
- Pearson VUE Online Exam Tips (What you need to know before you do your certification) by Lisa Crosbie
- EXAM DAY: Process of using onVUE App (Pearsonvue Online Exam Application) at Home or Office by Mark Anthony V. Melendres
As I mentioned on the review of WHIZLABS, there are more to the methods of questioning in the actual exam but in my case, but it’s not too far off to surprise you.
You will be given a chance to mark items you wish to review and go back later on. There will be a survey also by Microsoft to further improve the quality of the exam. Also Pearson VUE does a survey also after everything.
Once you complete the exam, there will be a brief pause, so short I did not really expected to get the results so quickly. You get a detailed report on the strong and “needs improvement” areas of the coverage. The screen will also explain that it may take 48 hours to generate the certificate. Although, I got a verifiable Credly badge just minutes after.
I passed!Β π₯³
Continuing Education
I blocked much time to prepare for the exam. Now I can continue with my plans to develop applications deployed to Azure. Stay tuned as I explore the PaaS offerings of Azure.
Hope you picked up some tips and apply it to your personal learning.
Until next time.