Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft SC-200 Microsoft Security Operations Analyst certification exam.

Exam Ref SC-200 Microsoft Security Operations Analyst offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job. It focuses on the specific areas of expertise modern IT professionals need to demonstrate real-world mastery of threat mitigation with Microsoft 365 and Azure tools. Coverage includes mitigating threats using:

  • Microsoft 365 Defender: Detect, investigate, respond, and remediate threats to the productivity environment, endpoints, and identity; manage cross-domain investigations

  • Azure Defender: Design and configure Azure Defender implementations; plan and implement the use of data connectors to ingest data sources; manage alert rules; configure automation and remediation; investigate alerts and incidents

  • Azure Sentinel: Design and configure a workspace; ingest data sources; manage analytics rules; configure SOAR; manage incidents; use workbooks to analyze and interpret data; hunt for threats

Microsoft Exam Ref publications stand apart from third-party study guides because they:

  • Provide guidance from Microsoft, the creator of Microsoft certification exams

  • Target professional-level exam candidates with content focused on their needs, not one-size-fits-all content

  • Streamline study by organizing material according to the exam objective domain (OD), covering one functional group and its objectives in each chapter

  • Feature Thought Experiments to guide candidates through a set of what if? scenarios, and prepare them more effectively for Pro-level style exam questions

  • Include Need more review? aids pointing you to more study materials if you need them

  • Explore big picture thinking around the professionals job role

For more information on Exam SC-200 and the Microsoft Certified: Security Operations Analyst Associate credential, visit https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a glance
  5. Contents
  6. Acknowledgments
  7. About the authors
  8. Introduction
    1. Organization of this book
    2. Preparing for the exam
    3. Microsoft certification
    4. Errata, updates & book support
    5. Stay in touch
  9. Chapter 1. Mitigate threats using Microsoft 365 Defender
    1. Skill 1-1: Detect, investigate, respond, and remediate threats to the productivity environment using Microsoft Defender for Office 365
    2. Skill 1-2: Detect, investigate, respond, and remediate endpoint threats using Microsoft Defender for Endpoint
    3. Skill 1-3: Detect, investigate, respond, and remediate identity threats
    4. Skill 1-4: Manage cross-domain investigations in the Microsoft 365 Defender Security portal
    5. Thought experiment
    6. Thought experiment answers
    7. Chapter Summary
  10. Chapter 2. Mitigate threats using Azure Defender
    1. Skill 2-1: Design and configure an Azure Defender implementation
    2. Skill 2-2: Plan and implement the use of data connectors for ingestion of data sources in Azure Defender
    3. Skill 2-3: Manage Azure Defender alert rules
    4. Skill 2-4: Configure automation and remediation
    5. Skill 2-5: Investigate Azure Defender alerts and incidents
    6. Thought experiment
    7. Thought experiment answers
    8. Chapter Summary
  11. Chapter 3. Mitigate threats using Azure Sentinel
    1. Skill 3-1: Design and configure an Azure Sentinel workspace
    2. Skill 3-2: Plan and implement the use of data connectors for the ingestion of data sources into Azure Sentinel
    3. Skill 3-3: Manage Azure Sentinel analytics rules
    4. Skill 3-4: Configure Security Orchestration, Automation, and Response (SOAR) in Azure Sentinel
    5. Skill 3-5: Manage Azure Sentinel incidents
    6. Skill 3-6: Use Azure Sentinel workbooks to analyze and interpret data
    7. Skill 3-7: Hunt for threats using the Azure Sentinel portal
    8. Thought experiment
    9. Thought experiment answers
    10. Chapter Summary
  12. Index
  13. Code Snippets