Trending Courses

Microsoft Security Operations Analyst Certification Tests

Description

The Microsoft Security Operations Analyst  certificates examination assesses your capability to do technical actions corresponding to defending in opposition to threats with Microsoft 365 Defender, defending in opposition to threats with Azure Defender, and defending in opposition to threats with Azure Sentinel. As an Operations Analyst, you’ll be engaged on the group’s data safety and be certain that the general purpose is achieved.

Abilities Acquired

Beneath is the listing of abilities and data you’ll be taught:

  • Firstly, as a Microsoft Security Operations Analyst, you’ll be required to carry out risk administration, monitoring, and response through the use of a wide range of safety options throughout their surroundings.
  • The function primarily investigates, responds to, and hunts for threats utilizing Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party safety merchandise.

Examination Overview

  • Firstly, the Microsoft Security Operations Analyst examination  examination payment is $165 USD.
  • Secondly, speaking concerning the Microsoft Security Operations Analyst examination questions, there might be 40-60 questions.
  • Thirdly, the examination is out there within the English language solely.
  • Subsequent, the passing mark for Microsoft Security Operations Analyst is 700 on a scale of 1-1000.
  • Lastly, the SC-200 examination format is a number of selection and a number of response questions.

Mitigate threats utilizing Microsoft 365 Defender (25-30%)

Detect, examine, reply, and remediate threats to the productiveness surroundings through the use of Microsoft Defender for Workplace 365

  • Firstly, detect, examine, reply, remediate Microsoft Groups, SharePoint, and OneDrive for Enterprise threats (Microsoft Documentation: Understanding Risk Explorer and Actual-time detections, Understanding Risk investigation and response, Understanding Risk intelligence to guard, detect & reply to threats, Understanding Remediate malicious electronic mail delivered in Workplace 365)
  • Secondly, detect, examine, reply, remediate threats to electronic mail through the use of Defender for Workplace 365 (Microsoft Documentation: Understanding Risk Explorer and Actual-time detections, Understanding Automated investigation & response in Defender for Workplace 365, Understanding AIR in Microsoft Defender for Workplace 365, Understanding Remediation actions in Microsoft Defender for Workplace 365)
  • handle knowledge loss prevention coverage alerts (Microsoft Documentation: Understanding Overview and handle Microsoft DLP alerts, Understanding Configure and think about alerts for DLP insurance policies)
  • assess and suggest sensitivity labels (Microsoft Documentation: Studying about Use sensitivity labels to prioritize incident response)
  • assess and suggest insider danger insurance policies (Microsoft Documentation: Understanding Insider danger administration insurance policies)

Detect, examine, reply, and remediate endpoint threats through the use of Microsoft Defender for Endpoint

  • configure gadget assault floor discount guidelines (Microsoft Documentation: Understanding Allow assault floor discount guidelines, Understanding Use assault floor discount guidelines to stop malware an infection)
  • configure and handle customized detections and alerts (Microsoft Documentation: Understanding Customized detections overview, Understanding Create customized detection guidelines, Understanding Overview alerts in Microsoft Defender for Endpoint)
  • reply to incidents and alerts (Microsoft Documentation: Understanding Take response actions on a tool)
  • handle automated investigations and remediations Assess and suggest endpoint (Microsoft Documentation: Understanding Overview of automated investigations, Understanding Configure automated investigation & remediation capabilities)
  • configurations to cut back and remediate vulnerabilities through the use of Microsoft’s Risk and Vulnerability Administration resolution (Microsoft Documentation: Understanding Microsoft’s Risk & Vulnerability Administration, Understanding Risk and vulnerability administration, Understanding Remediate vulnerabilities with risk & vulnerability administration)
  • handle Microsoft Defender for Endpoint risk indicators (Microsoft Documentation: Understanding Handle indicators)
  • analyze Microsoft Defender for Endpoint risk analytics (Microsoft Documentation: Perceive the analyst report in risk analytics)

Detect, examine, reply, and remediate identification threats

  • Firstly, establish and remediate safety dangers associated to sign-in danger insurance policies (Microsoft Documentation: Understanding Unblocking primarily based on sign-in danger)
  • Secondly, establish and remediate safety dangers associated to Conditional Entry occasions (Microsoft Documentation: Understanding Configure Conditional Entry in Microsoft Defender)
  • Thirdly, establish and remediate safety dangers associated to Azure Energetic Listing (Microsoft Documentation: Understanding Remediate dangers in Azure AD, Understanding Remediate customers flagged for danger in Azure AD)
  • establish and remediate safety dangers utilizing Safe Rating (Microsoft Documentation: Understanding Remediate suggestions in Azure Security Middle)
  • establish, examine, and remediate safety dangers associated to privileged identities (Microsoft Documentation: Understanding Decrease publicity of privileged accounts)
  • configure detection alerts in Azure AD Identification Safety (Microsoft Documentation: Understanding Detect dangers with Azure AD Identification Safety insurance policies, Understanding Azure Energetic Listing Identification Safety notifications)
  • establish and remediate safety dangers associated to Energetic Listing Area Companies utilizing Microsoft Defender for Identification (Microsoft Documentation: Understanding Examine a site)
  • establish, examine, and remediate safety dangers through the use of Microsoft Cloud Software Security (MCAS) (Microsoft Documentation: Understanding Examine cloud app dangers & suspicious exercise)
  • configure MCAS to generate alerts and reviews to detect threats (Microsoft Documentation: Understanding Handle alerts, Understanding Generate knowledge administration reviews)

Handle cross-domain investigations in Microsoft 365 Defender Portal

  • Firstly, handle incidents throughout Microsoft 365 Defender merchandise (Microsoft Documentation: Understanding Handle incidents in Microsoft 365 Defender)
  • Secondly, handle actions pending approval throughout merchandise (Microsoft Documentation: Understanding The Motion middle, Understanding View and handle actions within the Motion middle)
  • carry out superior risk looking (Microsoft Documentation: Understanding Hunt threats with superior looking in Microsoft 365 Defender, Understanding Proactively hunt for threats with superior looking)

Mitigate threats utilizing Azure Defender (25-30%)

Design and configure an Azure Defender implementation

  • plan and configure an Azure Defender workspace (Microsoft Documentation: Understanding Allow Azure Defender)
  • configure Azure Defender roles (Microsoft Documentation: Understanding Create & handle roles for role-based entry management, Understanding Handle portal entry utilizing RBAC)
  • configure knowledge retention insurance policies (Microsoft Documentation: Understanding Microsoft’s knowledge retention coverage)
  • assess and suggest cloud workload safety (Microsoft Documentation: Understanding Introduction to Azure Defender)

Plan and implement the usage of knowledge connectors for ingestion of information sources in Azure Defender

  • establish knowledge sources to be ingested for Azure Defender (Microsoft Documentation: Understanding Categorize Microsoft alerts throughout knowledge sources)
  • configure Automated Onboarding for Azure assets (Microsoft Documentation: Understanding Automate onboarding, Understanding Automate onboarding of Azure Security Middle)
  • join non-Azure machine onboarding (Microsoft Documentation: Understanding Join non-Azure machines)
  • Subsequent, join AWS cloud assets (Microsoft Documentation: Understanding Join your AWS accounts, Understanding Join your AWS accounts to Azure Security Middle)
  • join GCP cloud assets (Microsoft Documentation: Understanding Join your GCP accounts, Understanding Join your GCP accounts to Azure Security Middle)
  • configure knowledge assortment (Microsoft Documentation: Understanding Allow knowledge assortment)

Handle Azure Defender alert guidelines

  • validate alert configuration (Microsoft Documentation: Understanding Validating Azure Defender for DNS alerts, Understanding Alert validation in Azure Security Middle)
  • setup electronic mail notifications (Microsoft Documentation: Understanding Configure electronic mail notifications for safety alerts)
  • create and handle alert suppression guidelines (Microsoft Documentation: Understanding Suppress alerts from Azure Defender, Understanding Handle suppression guidelines)

Configure automation and remediation

  • Firstly, configure automated responses in Azure Security Middle (Microsoft Documentation: Understanding Automate responses to Security Middle triggers)
  • Secondly, design and configure playbook in Azure Defender (Microsoft Documentation: Understanding Reconnaissance playbook)
  • Thirdly, remediate incidents through the use of Azure Defender suggestions (Microsoft Documentation: Understanding Remediate suggestions in Azure Security Middle)
  • create an computerized response utilizing an Azure Useful resource Supervisor template (Microsoft Documentation: Understanding Create an computerized response utilizing an ARM template)

Examine Azure Defender alerts and incidents

  • Firstly, describe alert sorts for Azure workloads (Microsoft Documentation: Understanding Security alerts – a reference information)
  • Secondly, handle safety alerts (Microsoft Documentation: Understanding What are safety alerts?
  • Thirdly, handle safety incidents (Microsoft Documentation: Understanding Incidents in Azure Security Middle
  • analyze Azure Defender risk intelligence (Microsoft Documentation: Understanding Risk intelligence, Understanding Azure Defender powered by Microsoft risk intelligence
  • reply to Azure Defender for Key Vault alerts (Microsoft Documentation: Understanding Reply to Azure Defender for Key Vault alerts)
  • handle consumer knowledge found throughout an investigation (Microsoft Documentation: Understanding How does Azure Security Middle helps analyze assaults utilizing Investigation?)

Mitigate threats utilizing Azure Sentinel (40-45%)

Design and configure an Azure Sentinel workspace

  • Firstly, plan an Azure Sentinel workspace (Microsoft Documentation: Understanding Plan for the Azure Sentinel workspace)
  • Secondly, configure Azure Sentinel roles (Microsoft Documentation: Understanding Permissions in Azure Sentinel)
  • Thirdly, design Azure Sentinel knowledge storage (Microsoft Documentation: Understanding Transfer Azure Sentinel logs to long-term storage, Understanding Use Azure Information Explorer for retention of Azure Sentinel logs)
  • configure Azure Sentinel service safety (Microsoft Documentation: Understanding Azure safety baseline for Azure Sentinel)

Plan and Implement the usage of Information Connectors for Ingestion of Information Sources in Azure Sentinel

  • establish knowledge sources to be ingested for Azure Sentinel (Microsoft Documentation: Understanding Join knowledge sources)
  • establish the conditions for an information connector (Microsoft Documentation: Understanding On-board Azure Sentinel)
  • configure and use Azure Sentinel knowledge connectors (Microsoft Documentation: Understanding Join knowledge to Azure Sentinel utilizing knowledge connectors)
  • design Syslog and CEF collections (Microsoft Documentation: Understanding Accumulate knowledge from Linux-based sources utilizing Syslog, Understanding Join your exterior resolution utilizing Frequent Occasion Format, Understanding Greatest Practices for CEF assortment in Azure Sentinel)
  • design and Configure Home windows Occasions collections (Microsoft Documentation: Understanding Join Home windows safety occasions)
  • configure customized risk intelligence connectors (Microsoft Documentation: Understanding Join knowledge from risk intelligence suppliers)
  • create customized logs in Azure Log Analytics to retailer customized knowledge (Microsoft Documentation: Understanding Accumulate customized logs with Log Analytics agent)

Handle Azure Sentinel analytics guidelines

  • design and configure analytics guidelines (Microsoft Documentation: Understanding Outline rule question logic & configure settings)
  • create customized analytics guidelines to detect threats (Microsoft Documentation: Understanding Create a customized analytics rule with a scheduled question)
  • activate Microsoft safety analytical guidelines (Microsoft Documentation: Understanding Utilizing Microsoft Security incident creation analytics guidelines)
  • configure connector supplied scheduled queries (Microsoft Documentation: Understanding Azure Sentinel: The connectors grand)
  • Subsequent, configure customized scheduled queries (Microsoft Documentation: Understanding Create a customized analytics rule with a scheduled question)
  • outline incident creation logic (Microsoft Documentation: Understanding Configure the incident creation settings)

Configure Security Orchestration Automation and Remediation (SOAR) in Azure Sentinel

  • Firstly, create Azure Sentinel playbooks (Microsoft Documentation: Understanding Use playbooks with automation guidelines in Azure Sentinel)
  • Secondly, configure guidelines and incidents to set off playbooks (Microsoft Documentation: Understanding Select the set off, Understanding Automate risk response with playbooks in Azure Sentinel)
  • Thirdly, use playbooks to remediate threats (Microsoft Documentation: Understanding Use playbooks with automation guidelines in Azure Sentinel)
  • Subsequent, use playbooks to handle incidents
  • Final however not least, use playbooks throughout Microsoft Defender options (Microsoft Documentation: Understanding Security automation & orchestration)

Handle Azure Sentinel Incidents

  • Firstly, examine incidents in Azure Sentinel (Microsoft Documentation: Understanding Examine incidents with Azure Sentinel)
  • Secondly, triage incidents in Azure Sentinel (Microsoft Documentation: Understanding Triage safety alerts)
  • Thirdly, reply to incidents in Azure Sentinel (Microsoft Documentation: Understanding Reply to a safety alert)
  • examine multi-workspace incidents (Microsoft Documentation: Understanding Work with incidents in lots of workspaces without delay)
  • establish superior threats with Consumer and Entity Habits Analytics (UEBA) (Microsoft Documentation: Understanding Determine superior threats with UEBA in Azure Sentinel)

Use Azure Sentinel workbooks to research and interpret knowledge

  • Firstly, activate and customise Azure Sentinel workbook templates (Microsoft Documentation: Understanding Workbooks vs. workbook templates, Understanding ARM template for deploying a workbook template)
  • Secondly, create customized workbooks (Microsoft Documentation: Understanding Create new workbooks)
  • Subsequent, configure superior visualizations (Microsoft Documentation: Understanding Question and visualize knowledge with Azure Sentinel Workbooks)
  • view and analyze Azure Sentinel knowledge utilizing workbooks (Microsoft Documentation: Understanding Visualize and monitor your knowledge, Understanding Visualize knowledge in Azure Sentinel)
  • observe incident metrics utilizing the safety operations effectivity workbook (Microsoft Documentation: Understanding Handle your SOC higher with incident metrics)

Hunt for threats utilizing the Azure Sentinel portal

  • Firstly, create customized looking queries (Microsoft Documentation: Understanding Create customized queries to refine risk looking)
  • Secondly, run looking queries manually (Microsoft Documentation: Understanding Hunt for threats through the use of Azure Sentinel)
  • monitor looking queries through the use of Livestream (Microsoft Documentation: Understanding Handle looking and Livestream queries in Azure Sentinel)
  • carry out superior looking with notebooks (Microsoft Documentation: Understanding Use Jupyter Pocket book to hunt for safety threats, Understanding Hunt for threats utilizing notebooks in Azure Sentinel)
  • observe question outcomes with bookmarks (Microsoft Documentation: Understanding Monitor question outcomes)
  • use looking bookmarks for knowledge investigations (Microsoft Documentation: Understanding Discover bookmarks within the investigation graph)
  • convert a looking question to an analytical rule (Microsoft Documentation: Understanding Risk looking vs Analytics rule)

Who this course is for:

  • All Ranges



Join us on telegram for Course Updates


Join Whatsapp Group for Daily Free Courses

Leave a Reply

Your email address will not be published. Required fields are marked *