Microsoft Security Operations Analyst
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and  Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organizational risk by:
- Rapidly remediating active attacks in cloud and on-premises environments.
- Advising on improvements to threat protection practices.
- Identifying violations of organizational policies.
As a security operations analyst, you:
- Perform triage.
- Respond to incidents.
- Manage vulnerabilities.
- Hunt for threats.
- Evaluate logs.
- Analyze threat intelligence.
You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:
- Microsoft Sentinel
- Microsoft Defender for Cloud
- Microsoft Defender XDR
- Third-party security solutions
In this role, you use Kusto Query Language (KQL) for reporting, detections, and investigations. You collaborate with business stakeholders, architects, cloud administrators, endpoint administrators, identity administrators, compliance administrators, and security engineers to secure the digital enterprise.
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
This certification measures the following skills:
- Manage a security operations environment
- Configure protections and detections
- Manage incident response
- Perform threat hunting
SecOps Analyst
SecOps Engineer
As a candidate, you should be familiar with:
- Microsoft 365
- Azure cloud services
- Windows and Linux operating systems
Exam Code: SC-200
Duration: 90 minutes
Exam Domains:
| Manage a security operations environment | 20-25% |
| Configure protection and detection | 15-20% |
| Manage incident response | 35-40% |
| Perform threat hunting | 15-20% |
Upcoming Course Dates
| Course Dates |
|---|
| Contact Us |
Course Summary
Vendor
Microsoft
Experience Level
Course Type
ILTT/VILT
Course Duration
4 Days
Tech Areas
Security
