Microsoft Security Operations Analyst

SC-200

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and  Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organizational risk by:

  • Rapidly remediating active attacks in cloud and on-premises environments.
  • Advising on improvements to threat protection practices.
  • Identifying violations of organizational policies.

As a security operations analyst, you:

  • Perform triage.
  • Respond to incidents.
  • Manage vulnerabilities.
  • Hunt for threats.
  • Evaluate logs.
  • Analyze threat intelligence.

You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:

  • Microsoft Sentinel
  • Microsoft Defender for Cloud
  • Microsoft Defender XDR
  • Third-party security solutions

In this role, you use Kusto Query Language (KQL) for reporting, detections, and investigations. You collaborate with business stakeholders, architects, cloud administrators, endpoint administrators, identity administrators, compliance administrators, and security engineers to secure the digital enterprise.

Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.

This certification measures the following skills:

  • Manage a security operations environment
  • Configure protections and detections
  • Manage incident response
  • Perform threat hunting

SecOps Analyst

SecOps Engineer

As a candidate, you should be familiar with:

  • Microsoft 365
  • Azure cloud services
  • Windows and Linux operating systems

Exam Code: SC-200

Duration: 90 minutes

Exam Domains:

Manage a security operations environment 20-25%
Configure protection and detection 15-20%
Manage incident response 35-40%
Perform threat hunting 15-20%

Upcoming Course Dates

Course Dates
Contact Us

Course Summary

Vendor

Microsoft

Experience Level

Intermediate

Course Type

ILTT/VILT

Course Duration

4 Days

Tech Areas

Security

Related Courses