Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
eBook - ePub

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

  1. 288 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

About this book

Remediate active attacks to reduce risk to the organization by investigating, hunting, and responding to threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 DefenderKey Featuresβ€’ Detect, protect, investigate, and remediate threats using Microsoft Defender for endpointβ€’ Explore multiple tools using the M365 Defender Security Centerβ€’ Get ready to overcome real-world challenges as you prepare to take the SC-200 examBook DescriptionSecurity in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst.Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way.By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.What you will learnβ€’ Discover how to secure information technology systems for your organizationβ€’ Manage cross-domain investigations in the Microsoft 365 Defender portalβ€’ Plan and implement the use of data connectors in Microsoft Defender for Cloudβ€’ Get to grips with designing and configuring a Microsoft Sentinel workspaceβ€’ Configure SOAR (security orchestration, automation, and response) in Microsoft Sentinelβ€’ Find out how to use Microsoft Sentinel workbooks to analyze and interpret dataβ€’ Solve mock tests at the end of the book to test your knowledgeWho this book is forThis book is for security professionals, cloud security engineers, and security analysts who want to learn and explore Microsoft Security Stack. Anyone looking to take the SC-200 exam will also find this guide useful. A basic understanding of Microsoft technologies and security concepts will be beneficial.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere β€” even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide by Trevor Stuart,Joe Anich in PDF and/or ePUB format, as well as other popular books in Informatica & Sicurezza informatica. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2022
eBook ISBN
9781803237510
Edition
1
Topic
Informatica
Subtopic
Sicurezza informatica

Section 1 – Exam Overview and Evolution of Security Operations

Section 1 will give you an understanding of the exam, as well as providing evolutionary context to how security operations have changed over time.
This part of the book comprises the following chapters:
  • Chapter 1, Preparing for the Microsoft Exam and SC-200 Objectives
  • Chapter 2, The Evolution of Security and Security Operations

Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives

Welcome to Microsoft SC-200 Exam Prep and Beyond and Chapter 1, Preparing for Your Microsoft Exam and SC-200 Objectives. This chapter is dedicated to ensuring that you are ready for the Microsoft SC-200 exam and that you fully understand the objectives, along with how they apply in the real world. It's one thing to pass an exam but a whole other thing to apply exam topics to your day-to-day job. Let's get into it!
In both traditional and modern enterprises, the Microsoft security operations analyst is the key pivot point and collaborator with both individual contributors and enterprise stakeholders. This role in most organizations has one goal in mind – to protect against, secure against, detect, and respond to threats present in an enterprise as expeditiously as possible. They are responsible for reducing organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate teams and stakeholders. Historically, this level of responsibility came with a lot of tooling, alert fatigue, manual or human interaction in investigations, and so on.
What we hope to make clear is that there has been a massive evolution of security operations for most enterprises. Tooling has changed, and the power of the cloud has added great value to tools that Security Operations Team (SOC) analysts are required to use day to day to successfully deliver in the Microsoft security operations analyst position for enterprises today.
This chapter will cover the following topics to get us started:
  • Preparing for a Microsoft exam
  • Introducing the resources available and accessing Microsoft Learn
  • Creating a Microsoft demo tenant
It is important to note that in November 21 some Microsoft Security Services have been renamed. These are renamed as follows:
  • Microsoft Cloud App Security (MCAS) is now called Microsoft Defender for Cloud Apps
  • System Center Configuration Manager (SCCM) is now called Microsoft Endpoint Configuration Manager (MECM)
  • Azure Sentinel is now called Microsoft Sentinel
  • Azure defender is now Microsoft Defender for Cloud
  • Azure Security Center is now called Microsoft Defender for Cloud
  • Playbook is now called Workflow automation

Technical requirements

In order to proceed with this chapter, you need to have the following requirements ready:
  • Full understanding of Defender for Endpoint, from onboarding and configuring endpoints to investigating alerts.
  • Understanding of Microsoft 365 Defender with identity protection, Defender for Office, Defender for Identity, Defender for Cloud Apps to DLP, and insider risk.
  • Microsoft Defender for Cloud: Be familiar with Azure services that can be protected.
  • Configuring Sentinel, connecting logs, handling detections, investigations, and threat hunting.
  • Kusto Query Language (KQL).

Preparing for a Microsoft exam

When preparing for a Microsoft exam, there are a few things to keep in mind. First, Microsoft always provides the Skills measured section on the exam page, which will list everything in play for assessment during the exam. In this Skills measured outline, it will also give an estimate of what percentage of the exam will be about that subject. In our experience, those are usually spot on, so it's worth noting that if you're lacking in some of the bigger sections, spend more time studying and practicing in the lab on those subjects.
Another thing worth mentioning is that a lot of the sections mentioned in this Skills measured outline will align with the modules for the SC-200 learning path, so if you incorporate that into your training, you'll find it easy to ramp up in the section of the outline you're looking for. I'll talk more about the learning path modules in the next section. If you're curious about learning more outside of the module links provided on the exam page, go to https://docs.microsoft.com/en-us/learn/ and search for more topics of interest.
Generally, when I prepare for these exams, I'm looking at all resources available, whether that be the product documentation, learning path modules, or testing things out in a lab, with the lab being the most important to me, as that seems to stick out more. We'll cover setting up labs for testing in later sections.
Once you're settled on preparation for the exam, it becomes a lot clearer when considering the resources available, which we will cover in the next section. So, for now, let's focus on diving into what's laid out for us!

Introducing the resources available and accessing Microsoft Learn

When looking at training or studying resources, Microsoft does a great job of giving you structure as it pertains to the exams. The following is the list we're focusing on for resources, starting with the learning paths on the exam page:
  • The learning path for the SC-200 exam: https://aka.ms/LearnSC200.
  • Search for the Docs page that aligns with Skills measured: Docs.microsoft.com.
  • The Microsoft Defender for Endpoint Evaluation lab: https://aka.ms/MDEEvaluation.
When looking into everything available to begin your journey toward taking the SC-200 exam, as well as learning the skills needed to be successful in your career as a SOC analyst specializing in the M365 security stack, it's important to know that it takes time. There is a lot of content for all the features available; therefore, it's beneficial to take your time to pick it all up.
For me, I always start in the order of the bullet list provided at the start of this section, and I'll explain why. I like to go through the learning paths and listen to the content laid out for me. There are some basic knowledge checks to ensure that you're getting the information down. If there are items in the modules that I'm either stuck on or just want additional information on, I start looking for the Docs page that aligns. Once I've completed the learning path, I'll start setting up a lab and essentially starting in the order outlined in the exam.
In the next sections, I will summarize some of the larger portions of the learning paths, as they're critical to ensure that you learn, for both the exam and tasks that you may encounter in your career. As for the third bullet point in the list, we'll discuss that in the next topic of this chapter after learning a little more about what the learning path has to offer!

Microsoft Defender for Endpoint

We will start with Microsoft Defender for Endpoint (MDE), Microsoft's endpoint detection and response platform. Having a basic understanding of this platform will be critical for success, which includes understanding how to create the Defender for Endpoint environment, onboard endpoints to be monitored, and configuring the various settings. So, for example, you will need to be familiar with the rights needed to access the https://securitycenter.windows.com portal for the first time and go through the wizard that guides you through your initial configuration.
Beyond setting up the tenant, you will need to know onboarding devices in your environment quite well. You will want to understand the various operating systems in your environment to ensure they are supported, addressing any down-level devices that may no longer be ...

Table of contents

  1. Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
  2. Contributors
  3. Preface
  4. Section 1 – Exam Overview and Evolution of Security Operations
  5. Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives
  6. Chapter 2: The Evolution of Security and Security Operations
  7. Section 2 – Implementing Microsoft 365 Defender Solutions
  8. Chapter 3: Implementing Microsoft Defender for Endpoint
  9. Chapter 4: Implementing Microsoft Defender for Identity
  10. Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
  11. Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
  12. Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
  13. Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents
  14. Chapter 8: Microsoft Defender for Office – Threats to Productivity
  15. Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps
  16. Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
  17. Chapter 10: Setting Up and Configuring Microsoft Sentinel
  18. Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
  19. Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
  20. Chapter 12: Knowledge Check
  21. Other Books You May Enjoy