Microsoft Security Operations Analyst Exam Syllabus

Security Operations Analyst PDF, SC-200 Dumps, SC-200 PDF, Security Operations Analyst VCE, SC-200 Questions PDF, Microsoft SC-200 VCE, Microsoft Security Operations Analyst Dumps, Microsoft Security Operations Analyst PDFUse this quick start guide to collect all the information about Microsoft Security Operations Analyst (SC-200) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SC-200 Microsoft Security Operations Analyst exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Microsoft Security Operations Analyst certification exam.

The Microsoft Security Operations Analyst certification is mainly targeted to those candidates who want to build their career in Microsoft Security Compliance and Identity domain. The Microsoft Certified - Security Operations Analyst Associate exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Microsoft Security Operations Analyst.

Microsoft Security Operations Analyst Exam Summary:

Exam Name Microsoft Certified - Security Operations Analyst Associate
Exam Code SC-200
Exam Price $165 (USD)
Duration 120 mins
Number of Questions 40-60
Passing Score 700 / 1000
Books / Training Course SC-200T00: Microsoft Security Operations Analyst
Schedule Exam Pearson VUE
Sample Questions Microsoft Security Operations Analyst Sample Questions
Practice Exam Microsoft SC-200 Certification Practice Exam

Microsoft SC-200 Exam Syllabus Topics:

Topic Details

Mitigate threats using Microsoft 365 Defender (25-30%)

Detect, investigate, respond, and remediate threats to the productivity environment by using Microsoft Defender for Office 365 - detect, investigate, respond, and remediate threats to Microsoft Teams, SharePoint, and OneDrive
- detect, investigate, respond, remediate threats to email by using Defender for Office 365
- manage data loss prevention policy alerts
- assess and recommend sensitivity labels
- assess and recommend insider risk policies
Detect, investigate, respond, and remediate endpoint threats by using Microsoft Defender for Endpoint - manage data retention, alert notification, and advanced features
- configure device attack surface reduction rules
- configure and manage custom detections and alerts
- respond to incidents and alerts
- manage automated investigations and remediations
- assess and recommend endpoint configurations to reduce and remediate vulnerabilities by using the Microsoft’s threat and vulnerability management solution.
- manage Microsoft Defender for Endpoint threat indicators
- analyze Microsoft Defender for Endpoint threat analytics
Detect, investigate, respond, and remediate identity threats - identify and remediate security risks related to sign-in risk policies
- identify and remediate security risks related to Conditional Access events
- identify and remediate security risks related to Azure Active Directory
- identify and remediate security risks using Secure Score
- identify, investigate, and remediate security risks related to privileged identities
- configure detection alerts in Azure AD Identity Protection
- identify and remediate security risks related to Active Directory Domain Services using Microsoft Defender for Identity
Detect, investigate, respond, and remediate application threats - identify, investigate, and remediate security risks by using Microsoft Defender for Cloud Apps
- configure Microsoft Defender for Cloud Apps to generate alerts and reports to detect threats
Manage cross-domain investigations in Microsoft 365 Defender portal - manage incidents across Microsoft 365 Defender products
- manage actions pending approval across products
- perform advanced threat hunting

Mitigate threats using Microsoft Defender for Cloud (25-30%)

Design and configure a Microsoft Defender for Cloud implementation - plan and configure Microsoft Defender for Cloud settings, including selecting target subscriptions and workspace
- configure Microsoft Defender for Cloud roles
- configure data retention policies
- assess and recommend cloud workload protection
Plan and implement the use of data connectors for ingestion of data sources in Microsoft Defender for Cloud - identify data sources to be ingested for Microsoft Defender for Cloud
- configure automated onboarding for Azure resources
- connect on-premises computers
- connect AWS cloud resources
- connect GCP cloud resources
- configure data collection
Manage Microsoft Defender for Cloud alert rules - validate alert configuration
- setup email notifications
- create and manage alert suppression rules
Configure automation and remediation - configure automated responses in Microsoft Defender for Cloud
- design and configure workflow automation in Microsoft Defender for Cloud
- remediate incidents by using Microsoft Defender for Cloud recommendations
- create an automatic response using an Azure Resource Manager template
Investigate Microsoft Defender for Cloud alerts and incidents - describe alert types for Azure workloads
- manage security alerts
- manage security incidents
- analyze Microsoft Defender for Cloud threat intelligence
- respond to Microsoft Defender Cloud for Key Vault alerts
- manage user data discovered during an investigation

Mitigate threats using Microsoft Sentinel (40-45%)

Design and configure a Microsoft Sentinel workspace - plan a Microsoft Sentinel workspace
- configure Microsoft Sentinel roles
- design Microsoft Sentinel data storage
- configure security settings and access for Microsoft Sentinel
Plan and Implement the use of data connectors for ingestion of data sources in Microsoft Sentinel - identify data sources to be ingested for Microsoft Sentinel
- identify the prerequisites for a data connector
- configure and use Microsoft Sentinel data connectors
- configure data connectors by using Azure Policy
- design and configure Syslog and CEF event collections
- design and Configure Windows Security events collections
- configure custom threat intelligence connectors
- create custom logs in Azure Log Analytics to store custom data
Manage Microsoft Sentinel analytics rules - design and configure analytics rules
- create custom analytics rules to detect threats
- activate Microsoft security analytics rules
- configure connector provided scheduled queries
- configure custom scheduled queries
- define incident creation logic
Configure Security Orchestration Automation and Response (SOAR) in Microsoft Sentinel - create Microsoft Sentinel playbooks
- configure rules and incidents to trigger playbooks
- use playbooks to remediate threats
- use playbooks to manage incidents
- use playbooks across Microsoft Defender solutions
Manage Microsoft Sentinel Incidents - investigate incidents in Microsoft Sentinel
- triage incidents in Microsoft Sentinel
- respond to incidents in Microsoft Sentinel
- investigate multi-workspace incidents
- identify advanced threats with User and Entity Behavior Analytics (UEBA)
Use Microsoft Sentinel workbooks to analyze and interpret data - activate and customize Microsoft Sentinel workbook templates
- create custom workbooks
- configure advanced visualizations
- view and analyze Microsoft Sentinel data using workbooks
- track incident metrics using the security operations efficiency workbook
Hunt for threats using Microsoft Sentinel - create custom hunting queries
- run hunting queries manually
- monitor hunting queries by using Livestream
- perform advanced hunting with notebooks
- track query results with bookmarks
- use hunting bookmarks for data investigations
- convert a hunting query to an analytical

To ensure success in Microsoft Security Operations Analyst certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Microsoft Security Operations Analyst (SC-200) exam.

Rating: 5 / 5 (70 votes)