Microsoft Security Operations Analyst Exam Syllabus

Security Operations Analyst PDF, SC-200 Dumps, SC-200 PDF, Security Operations Analyst VCE, SC-200 Questions PDF, Microsoft SC-200 VCE, Microsoft Security Operations Analyst Dumps, Microsoft Security Operations Analyst PDFUse this quick start guide to collect all the information about Microsoft Security Operations Analyst (SC-200) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SC-200 Microsoft Security Operations Analyst exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Microsoft Security Operations Analyst certification exam.

The Microsoft Security Operations Analyst certification is mainly targeted to those candidates who want to build their career in Microsoft Security Compliance and Identity domain. The Microsoft Certified - Security Operations Analyst Associate exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Microsoft Security Operations Analyst.

Microsoft Security Operations Analyst Exam Summary:

Exam Name Microsoft Certified - Security Operations Analyst Associate
Exam Code SC-200
Exam Price $165 (USD)
Duration 120 mins
Number of Questions 40-60
Passing Score 700 / 1000
Books / Training Course SC-200T00: Microsoft Security Operations Analyst
Schedule Exam Pearson VUE
Sample Questions Microsoft Security Operations Analyst Sample Questions
Practice Exam Microsoft SC-200 Certification Practice Exam

Microsoft SC-200 Exam Syllabus Topics:

Topic Details

Mitigate threats using Microsoft 365 Defender (25-30%)

Mitigate threats to the productivity environment by using Microsoft 365 Defender - Investigate, respond, and remediate threats to Microsoft Teams, SharePoint, and OneDrive
- Investigate, respond, and remediate threats to email by using Microsoft Defender for Office 365
- Investigate and respond to alerts generated from Data Loss Prevention policies
- Investigate and respond to alerts generated from insider risk policies
- Identify, investigate, and remediate security risks by using Microsoft Defender for Cloud Apps
- Configure Microsoft Defender for Cloud Apps to generate alerts and reports to detect threats
Mitigate endpoint threats by using Microsoft Defender for Endpoint - Manage data retention, alert notification, and advanced features
- Recommend security baselines for devices
- Respond to incidents and alerts
- Manage automated investigations and remediations
- Assess and recommend endpoint configurations to reduce and remediate vulnerabilities by using the Microsoft's threat and vulnerability management solution
- Manage endpoint threat indicators
Mitigate identity threats - Identify and remediate security risks related to events for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra
- Identify and remediate security risks related to Azure AD Identity Protection events
- Identify and remediate security risks related to Azure AD Conditional Access events
- Identify and remediate security risks related to Active Directory Domain Services using Microsoft Defender for Identity
Manage extended detection and response (XDR) in Microsoft 365 Defender - Manage incidents across Microsoft 365 Defender products
- Manage investigation and remediation actions in the Action Center
- Perform threat hunting
- Identify and remediate security risks using Microsoft Secure Score
- Analyze threat analytics
- Configure and manage custom detections and alerts

Mitigate threats using Microsoft Defender for Cloud (20-25%)

Implement and maintain cloud security posture management and workload protection - Plan and configure Microsoft Defender for Cloud settings, including selecting target subscriptions and workspaces
- Configure Microsoft Defender for Cloud roles
- Assess and recommend cloud workload protection
- Identify and remediate security risks using the Microsoft Defender for Cloud Secure Score
- Manage policies for regulatory compliance
- Review and remediate security recommendations
Plan and implement the use of data connectors for ingestion of data sources in Microsoft Defender for Cloud - Identify data sources to be ingested for Microsoft Defender for Cloud
- Configure automated onboarding for Azure resources
- Connect multi-cloud and on-premises resources
- Configure data collections
Configure and respond to alerts and incidents in Microsoft Defender for Cloud - Validate alert configuration
- Set up email notifications
- Create and manage alert suppression rules
- Design and configure workflow automation in Microsoft Defender for Cloud
- Remediate alerts and incidents by using Microsoft Defender for Cloud recommendations
- Manage security alerts and incidents
- Analyze Microsoft Defender for Cloud threat intelligence reports
- Manage user data discovered during an investigation

Mitigate threats using Microsoft Sentinel (50-55%)

Design and configure a Microsoft Sentinel workspace - Plan a Microsoft Sentinel workspace
- Configure Microsoft Sentinel roles
- Design and configure Microsoft Sentinel data storage
- Implement and use Content hub, repositories, and community resources
Plan and Implement the use of data connectors for ingestion of data sources in Microsoft Sentinel - Identify data sources to be ingested for Microsoft Sentinel
- Identify the prerequisites for a Microsoft Sentinel data connector
- Configure and use Microsoft Sentinel data connectors
- Configure Microsoft Sentinel data connectors by using Azure Policy
- Configure Microsoft Sentinel connectors for Microsoft 365 Defender and Microsoft Defender for Cloud
- Design and Configure Syslog and CEF event collections
- Design and configure Windows Security event collections
- Configure custom threat intelligence connectors
Manage Microsoft Sentinel analytics rules - Design and configure analytics rules
- Activate Microsoft security analytics rules
- Configure built-in scheduled queries
- Configure custom scheduled queries
- Define incident creation logic
- Manage and use watchlists
- Manage and use threat indicators
Perform data classification and normalization - Classify and analyze data by using entities
- Create custom logs in Azure Log Analytics to store custom data
- Query Microsoft Sentinel data by using Advanced SIEM Information Model (ASIM) parsers
- Develop and manage ASIM parsers
Configure Security Orchestration, Automation, and Response (SOAR) in Microsoft Sentinel - Configure automation rules
- Create and configure Microsoft Sentinel playbooks
- Configure alerts and incidents to trigger automation
- Use automation to remediate threats
- Use automation to manage incidents
Manage Microsoft Sentinel incidents - Triage incidents in Microsoft Sentinel
- Investigate incidents in Microsoft Sentinel
- Respond to incidents in Microsoft Sentinel
- Investigate multi-workspace incidents
- Identify advanced threats with Entity Behavior Analytics
Use Microsoft Sentinel workbooks to analyze and interpret data - Activate and customize Microsoft Sentinel workbook templates
- Create custom workbooks
- Configure advanced visualizations
- View and analyze Microsoft Sentinel data using workbooks
- Track incident metrics using the security operations efficiency workbook
Hunt for threats using Microsoft Sentinel - Create custom hunting queries
- Run hunting queries manually
- Monitor hunting queries by using Livestream
- Configure and use MSTICPy in notebooks
- Perform hunting by using notebooks
- Track query results with bookmarks
- Use hunting bookmarks for data investigations
- Convert a hunting query to an analytical rule

To ensure success in Microsoft Security Operations Analyst certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Microsoft Security Operations Analyst (SC-200) exam.

Rating: 5 / 5 (72 votes)