SC-200: Microsoft Security Operations Analyst

SC-200: Microsoft Security Operations Analyst

This exam measures your ability to accomplish the following technical tasks: mitigate threats by using Microsoft 365 Defender; mitigate threats by using Defender for Cloud; and mitigate threats by using Microsoft Sentinel.

As a Microsoft security operations analyst, you reduce organizational risk by:

◉ Rapidly remediating active attacks in the environment.
◉ Advising on improvements to threat protection practices.
◉ Referring violations of organizational policies to appropriate stakeholders.

You perform:

◉ Triage.
◉ Incident response.
◉ Vulnerability management.
◉ Threat hunting.
◉ Cyber threat intelligence analysis.

As a Microsoft security operations analyst, you monitor, identify, investigate, and respond to threats in multicloud environments by using:

◉ Microsoft Sentinel
◉ Microsoft Defender for Cloud
◉ Microsoft 365 Defender
◉ Third-party security solutions

In this role, you collaborate with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to secure IT systems for the organization.

As a candidate, you should be familiar with:

◉ Microsoft 365
◉ Azure cloud services
◉ Windows and Linux operating systems

Microsoft Security Operations Analyst Exam Summary:


Exam Name Microsoft Certified - Security Operations Analyst Associate
Exam Code   SC-200
Exam Price  $165 (USD)
Exam Price  120 mins
Number of Questions  40-60
Passing Score  700 / 1000
Books / TrainingCourse SC-200T00: Microsoft Security Operations Analyst
Sample Questions Microsoft Security Operations Analyst Sample Questions
Practice Exam  Microsoft SC-200 Certification Practice Exam

Microsoft SC-200 Exam Syllabus Topics:


Topic Details 
Mitigate threats by using Microsoft 365 Defender (25-30%)
Mitigate threats to the Microsoft 365 environment by using Microsoft 365 Defender - Investigate, respond, and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive
- Investigate, respond, and remediate threats to email by using Microsoft Defender for Office 365
- Investigate and respond to alerts generated by data loss Prevention (DLP) policies
- Investigate and respond to alerts generated by insider risk policies
- Discover and manage apps by using Microsoft Defender for Cloud Apps
- Identify, investigate, and remediate security risks by using Defender for Cloud Apps
Mitigate endpoint threats by using Microsoft Defender for Endpoint - Manage data retention, alert notification, and advanced features
- Recommend attack surface reduction (ASR) for devices
- Respond to incidents and alerts
- Configure and manage device groups
- Identify devices at risk by using the Microsoft Defender Vulnerability Management
- Manage endpoint threat indicators
- Identify unmanaged devices by using device discovery
Mitigate identity threats - Mitigate security risks related to events for Microsoft Entra ID
- Mitigate security risks related to Microsoft Entra Identity Protection events
- Mitigate security risks related to Active Directory Domain Services (AD DS) by using Microsoft Defender for Identity
Manage extended detection and response (XDR) in Microsoft 365 Defender - Manage incidents and automated investigations in the Microsoft 365 Defender portal
- Manage actions and submissions in the Microsoft 365 Defender portal
- Identify threats by using Kusto Query Language (KQL)
- Identify and remediate security risks by using Microsoft Secure Score
- Analyze threat analytics in the Microsoft 365 Defender portal
- Configure and manage custom detections and alerts
Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview - Perform threat hunting by using unified audit log
- Perform threat hunting by using Content Search
- Use the guided hunting mode in Microsoft 365 Defender
- Use the advanced hunting mode in Microsoft 365 Defender
Mitigate threats by using Defender for Cloud (15-20%)
Implement and maintain cloud security posture management - Assign and manage regulatory compliance policies, including Microsoft cloud security benchmark (MCSB)
- Improve the Microsoft Defender for Cloud secure score by applying recommended remediations
- Configure plans and agents for Microsoft Defender for Servers
- Configure and manage Microsoft Defender for DevOps
- Configure and manage Microsoft Defender External Attack Surface Management (EASM)
Configure environment settings in Microsoft Defender for Cloud - Plan and configure Microsoft Defender for Cloud settings, including selecting target subscriptions and workspaces
- Configure Microsoft Defender for Cloud roles
- Assess and recommend cloud workload protection
- Enable plans for Microsoft Defender for Cloud
- Configure automated onboarding of Azure resources
- Connect compute resources by using Azure Arc
- Connect multi-cloud resources by using Environment settings
Respond to alerts and incidents in Microsoft Defender for Cloud - Set up email notifications
- Create and manage alert suppression rules
- Design and configure workflow automation in Microsoft Defender for Cloud
- Remediate alerts and incidents by using Microsoft Defender for Cloud recommendations
- Manage security alerts and incidents
- Analyze Microsoft Defender for Cloud threat intelligence reports
Mitigate threats by using Microsoft Sentinel (50-55%)
Design and configure a Microsoft Sentinel workspace - Plan a Microsoft Sentinel workspace
- Configure Microsoft Sentinel roles
- Design and configure Microsoft Sentinel data storage, including log types and log retention
Plan and Implement the use of data connectors for ingestion of data sources in Microsoft Sentinel - Identify data sources to be ingested for Microsoft Sentinel
- Configure and use Microsoft Sentinel connectors for Azure resources, including Azure Policy and diagnostic settings
- Configure Microsoft Sentinel connectors for Microsoft 365 Defender and Defender for Cloud
- Design and configure Syslog and Common Event Format (CEF) event collections
- Design and configure Windows Security event collections
- Configure threat intelligence connectors
- Create custom log tables in the workspace to store ingested data
Manage Microsoft Sentinel analytics rules - Configure the Fusion rule
- Configure Microsoft security analytics rules
- Configure built-in scheduled query rules
- Configure custom scheduled query rules
- Configure near-real-time (NRT) analytics rules
- Manage analytics rules from Content hub
- Manage and use watchlists
- Manage and use threat indicators
Perform data classification and normalization - Classify and analyze data by using entities
- Query Microsoft Sentinel data by using Advanced Security Information Model (ASIM) parsers
- Develop and manage ASIM parsers
Configure Security Orchestration automated response (SOAR) in Microsoft Sentinel - Create and configure automation rules
- Create and configure Microsoft Sentinel playbooks
- Configure analytic rules to trigger automation rules
- Trigger playbooks from alerts and incidents
Manage Microsoft Sentinel incidents - Configure an incident generation
- Triage incidents in Microsoft Sentinel
- Investigate incidents in Microsoft Sentinel
- Respond to incidents in Microsoft Sentinel
- Investigate multi-workspace incidents
Use Microsoft Sentinel workbooks to analyze and interpret data - Activate and customize Microsoft Sentinel workbook templates
- Create custom workbooks
- Configure advanced visualizations
Hunt for threats by using Microsoft Sentinel - Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
- Customize content gallery hunting queries
- Create custom hunting queries
- Use hunting bookmarks for data investigations
- Monitor hunting queries by using Livestream
- Retrieve and manage archived log data
- Create and manage search jobs
Manage threats by using User and Entity behavior analytics - Configure User and Entity Behavior Analytics settings
- Investigate threats by using entity pages
- Configure anomaly detection analytics rules

0 comments:

Post a Comment