Book description
Prepare for Microsoft Exam SC-200 and help demonstrate your real-world mastery of skills and knowledge required to work with stakeholders to secure IT systems, and to rapidly remediate active attacks. Designed for Windows administrators, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Associate level.
Focus on the expertise measured by these objectives:
Mitigate threats using Microsoft 365 Defender
Mitigate threats using Azure Defender
Mitigate threats using Azure Sentinel
This Microsoft Exam Ref:
Organizes its coverage by exam objectives
Features strategic, what-if scenarios to challenge you
Assumes you have experience with threat management, monitoring, and/or response in Microsoft 365 environments
About the Exam
Exam SC-200 focuses on knowledge needed to detect, investigate, respond, and remediate threats to productivity, endpoints, identity, and applications; design and configure Azure Defender implementations; plan and use data connectors to ingest data sources into Azure Defender and Azure Sentinel; manage Azure Defender alert rules; configure automation and remediation; investigate alerts and incidents; design and configure Azure Sentinel workspaces; manage Azure Sentinel rules and incidents; configure SOAR in Azure Sentinel; use workbooks to analyze and interpret data; and hunt for threats in the Azure Sentinel portal.
About Microsoft Certification
Passing this exam fulfills your requirements for the Microsoft 365 Certified: Security Operations Analyst Associate certification credential, demonstrating your ability to collaborate with organizational stakeholders to reduce organizational risk, advise on threat protection improvements, and address violations of organizational policies.
See full details at: microsoft.com/learn
..
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Contents at a glance
- Contents
- Acknowledgments
- About the authors
- Introduction
-
Chapter 1. Mitigate threats using Microsoft 365 Defender
- Skill 1-1: Detect, investigate, respond, and remediate threats to the productivity environment using Microsoft Defender for Office 365
- Skill 1-2: Detect, investigate, respond, and remediate endpoint threats using Microsoft Defender for Endpoint
- Skill 1-3: Detect, investigate, respond, and remediate identity threats
- Skill 1-4: Manage cross-domain investigations in the Microsoft 365 Defender Security portal
- Thought experiment
- Thought experiment answers
- Chapter Summary
-
Chapter 2. Mitigate threats using Azure Defender
- Skill 2-1: Design and configure an Azure Defender implementation
- Skill 2-2: Plan and implement the use of data connectors for ingestion of data sources in Azure Defender
- Skill 2-3: Manage Microsoft Defender for Cloud alert rules
- Skill 2-4: Configure automation and remediation
- Skill 2-5: Investigate Azure Defender alerts and incidents
- Thought experiment
- Thought experiment answers
- Chapter Summary
-
Chapter 3. Mitigate threats using Azure Sentinel
- Skill 3-1: Design and configure an Azure Sentinel workspace
- Skill 3-2: Plan and implement the use of data connectors for the ingestion of data sources into Azure Sentinel
- Skill 3-3: Manage Azure Sentinel analytics rules
- Skill 3-4: Configure Security Orchestration, Automation, and Response (SOAR) in Azure Sentinel
- Skill 3-5: Manage Azure Sentinel incidents
- Skill 3-6: Use Azure Sentinel workbooks to analyze and interpret data
- Skill 3-7: Hunt for threats using the Azure Sentinel portal
- Thought experiment
- Thought experiment answers
- Chapter Summary
- Index
- Code Snippets
Product information
- Title: Exam Ref SC-200 Microsoft Security Operations Analyst
- Author(s):
- Release date: September 2021
- Publisher(s): Microsoft Press
- ISBN: 9780137568338
You might also like
book
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Remediate active attacks to reduce risk to the organization by investigating, hunting, and responding to threats …
video
SC-200: Microsoft Security Operations Analyst
The Microsoft security operations analyst works with organizational stakeholders to secure the organization’s information technology systems. …
book
Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals
Prepare for Microsoft Exam SC-900 and help demonstrate your real-world knowledge of the fundamentals of security, …
book
Microsoft Cybersecurity Architect Exam Ref SC-100
Advance your knowledge of architecting and evaluating cybersecurity services to tackle day-to-day challenges Key Features Gain …