Description

Guarantee your SC-200 exam success with examkiller's study guide. The SC-200 practice test questions are developed by experiences Microsoft Certification Professionals who working in todays prospering companies and Microsoft exam data center.

Exam Number: SC-200

Exam Title: Microsoft Security Operations Analyst

Passing Score: 700 (Total Score: 1000)(Tips: You should pass 70% for each section of the exam (bar on the chart), or else you still faild the exam even your total score more than 700 )

Origin Provider: ExamKiller

Total Questions: 182 QAs

Type: Real Exam Questions

Guarantee: 100% Pass Guarantee

Demo: Click Here for Check Demo

Microsoft SC-200 Exam Objectives

Mitigate threats by using Microsoft 365 Defender (25–30%)

Mitigate threats to the Microsoft 365 environment by using Microsoft 365 Defender

• Investigate, respond, and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive
• Investigate, respond, and remediate threats to email by using Microsoft Defender for Office 365
• Investigate and respond to alerts generated from data loss prevention (DLP) policies
• Investigate and respond to alerts generated from insider risk policies
• Discover and manage apps by using Microsoft Defender for Cloud Apps
• Identify, investigate, and remediate security risks by using Defender for Cloud Apps

Mitigate endpoint threats by using Microsoft Defender for Endpoint

• Manage data retention, alert notification, and advanced features
• Recommend attack surface reduction (ASR) for devices
• Respond to incidents and alerts
• Configure and manage device groups
• Identify devices at risk by using the Microsoft Defender Vulnerability Management
• Manage endpoint threat indicators
• Identify unmanaged devices by using device discovery

Mitigate identity threats

• Mitigate security risks related to events for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra
• Mitigate security risks related to Azure AD Identity Protection events
• Mitigate security risks related to Active Directory Domain Services (AD DS) by using Microsoft Defender for Identity

Manage extended detection and response (XDR) in Microsoft 365 Defender

• Manage incidents and automated investigations in the Microsoft 365 Defender portal
• Manage actions and submissions in the Microsoft 365 Defender portal
• Identify threats by using KQL
• Identify and remediate security risks by using Microsoft Secure Score
• Analyze threat analytics in the Microsoft 365 Defender portal
• Configure and manage custom detections and alerts

Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview

• Perform threat hunting by using UnifiedAuditLog
• Perform threat hunting by using Content Search

Mitigate threats by using Defender for Cloud (15–20%)

Implement and maintain cloud security posture management

• Assign and manage regulatory compliance policies, including Microsoft cloud security benchmark (MCSB)
• Improve the Defender for Cloud secure score by remediating recommendations
• Configure plans and agents for Microsoft Defender for Servers
• Configure and manage Microsoft Defender for DevOps

Configure environment settings in Defender for Cloud

• Plan and configure Defender for Cloud settings, including selecting target subscriptions and workspaces
• Configure Defender for Cloud roles
• Assess and recommend cloud workload protection
• Enable Microsoft Defender plans for Defender for Cloud
• Configure automated onboarding for Azure resources
• Connect compute resources by using Azure Arc
• Connect multicloud resources by using Environment settings

Respond to alerts and incidents in Defender for Cloud

• Set up email notifications
• Create and manage alert suppression rules
• Design and configure workflow automation in Defender for Cloud
• Remediate alerts and incidents by using Defender for Cloud recommendations
• Manage security alerts and incidents
• Analyze Defender for Cloud threat intelligence reports

Mitigate threats by using Microsoft Sentinel (50–55%)

Design and configure a Microsoft Sentinel workspace

• Plan a Microsoft Sentinel workspace
• Configure Microsoft Sentinel roles
• Design and configure Microsoft Sentinel data storage, including log types and log retention

Plan and implement the use of data connectors for ingestion of data sources in Microsoft Sentinel

• Identify data sources to be ingested for Microsoft Sentinel
• Configure and use Microsoft Sentinel connectors for Azure resources, including Azure Policy and diagnostic settings
• Configure Microsoft Sentinel connectors for Microsoft 365 Defender and Defender for Cloud
• Design and configure Syslog and Common Event Format (CEF) event collections
• Design and configure Windows security event collections
• Configure threat intelligence connectors
• Create custom log tables in the workspace to store ingested data

Manage Microsoft Sentinel analytics rules

• Configure the Fusion rule
• Configure Microsoft security analytics rules
• Configure built-in scheduled query rules
• Configure custom scheduled query rules
• Configure near-real-time (NRT) query rules
• Manage analytics rules from Content hub
• Manage and use watchlists
• Manage and use threat indicators

Perform data classification and normalization

• Classify and analyze data by using entities
• Query Microsoft Sentinel data by using Advanced Security Information Model (ASIM) parsers
• Develop and manage ASIM parsers

Configure security orchestration automated response (SOAR) in Microsoft Sentinel

• Create and configure automation rules
• Create and configure Microsoft Sentinel playbooks
• Configure analytic rules to trigger automation rules
• Trigger playbooks manually from alerts and incidents

Manage Microsoft Sentinel incidents

• Create an incident
• Triage incidents in Microsoft Sentinel
• Investigate incidents in Microsoft Sentinel
• Respond to incidents in Microsoft Sentinel
• Investigate multi-workspace incidents

Use Microsoft Sentinel workbooks to analyze and interpret data

• Activate and customize Microsoft Sentinel workbook templates
• Create custom workbooks
• Configure advanced visualizations

Hunt for threats by using Microsoft Sentinel

• Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
• Customize content gallery hunting queries
• Create custom hunting queries
• Use hunting bookmarks for data investigations
• Monitor hunting queries by using Livestream
• Retrieve and manage archived log data
• Create and manage search jobs

Manage threats by using entity behavior analytics

• Configure entity behavior settings
• Investigate threats by using entity pages
• Configure anomaly detection analytics rules

Additional Information

0 Reviews for Microsoft SC-200 Real Exam Questions