Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems
- Length: 288 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-03-16
- ISBN-10: 1803231890
- ISBN-13: 9781803231891
- Sales Rank: #135349 (See Top 100 Books)
Remediate active attacks to reduce risk to the organization by investigating, hunting, and responding to threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender
Key Features
- Detect, protect, investigate, and remediate threats using Microsoft Defender for endpoint
- Explore multiple tools using the M365 Defender Security Center
- Get ready to overcome real-world challenges as you prepare to take the SC-200 exam
Book Description
Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst.
Starting with a quick overview of what it takes to prepare for the exam, you’ll understand how to implement the learning in real-world scenarios. You’ll learn to use Microsoft’s security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way.
By the end of this book, you’ll have learned how to plan, deploy, and operationalize Microsoft’s security stack in your enterprise and gained the confidence to pass the SC-200 exam.
What you will learn
- Discover how to secure information technology systems for your organization
- Manage cross-domain investigations in the Microsoft 365 Defender portal
- Plan and implement the use of data connectors in Microsoft Defender for Cloud
- Get to grips with designing and configuring a Microsoft Sentinel workspace
- Configure SOAR (security orchestration, automation, and response) in Microsoft Sentinel
- Find out how to use Microsoft Sentinel workbooks to analyze and interpret data
- Solve mock tests at the end of the book to test your knowledge
Who this book is for
This book is for security professionals, cloud security engineers, and security analysts who want to learn and explore Microsoft Security Stack. Anyone looking to take the SC-200 exam will also find this guide useful. A basic understanding of Microsoft technologies and security concepts will be beneficial.
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide Contributors About the authors About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Reviews Share Your Thoughts Section 1 – Exam Overview and Evolution of Security Operations Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives Technical requirements Preparing for a Microsoft exam Introducing the resources available and accessing Microsoft Learn Microsoft Defender for Endpoint Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Sentinel KQL Creating a Microsoft demo tenant Summary Chapter 2: The Evolution of Security and Security Operations A quick introduction to the terminology Feed Alert Understanding the traditional approach to security Introducing the modern approach to security Getting to know traditional SOC issues Exploring modern ways to resolve traditional SOC issues Summary Section 2 – Implementing Microsoft 365 Defender Solutions Chapter 3: Implementing Microsoft Defender for Endpoint Technical requirements Understanding the prerequisites Deployment options – onboarding Troubleshooting Sensor status and verification Summary Chapter 4: Implementing Microsoft Defender for Identity Technical requirements Understanding the prerequisites Deployment options A troubleshooting guide Service status and verification Summary Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier) Technical requirements Introduction to Microsoft Defender for Cloud and ASC What is ASC? What is Microsoft Defender for Cloud? Implementing ASC Prerequisites Implementation steps Implementing Microsoft Defender for Cloud Prerequisites Implementation steps (single subscription) Implementation steps (multiple subscriptions) Configuring automatic provisioning for agents and extensions from ASC How do ASC and Microsoft Defender for Cloud fit into the security of an enterprise? Summary Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards Before we get started – acronyms and creating your lab! Creating your lab environment General portal navigation Alerts and incidents Alert suppression How to suppress an alert and create a new suppression rule Incident Graph Daily tasks Monthly tasks Quarterly tasks Annual tasks Summary Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents Technical requirements MDI concepts Navigating the portal MDI alert categories and phases Entity profiles Monitored activities Network name resolution Understanding and investigating alerts Triaging and responding to alerts Summary Chapter 8: Microsoft Defender for Office – Threats to Productivity Technical requirements Threat protection policies Anti-phishing Anti-spam Anti-malware Safe attachments Safe links Threat investigation and response capabilities Threat trackers Threat Explorer (real-time detection) Attack simulation training Automated investigation and response capabilities Data loss prevention and insider risk DLP Insider risk Summary Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps Technical requirements The MDCA framework Cloud Discovery Microsoft Defender for Endpoint (MDE) integration Log Collector Secure Web Gateway Cloud Discovery API Conditional Access App Control Classifying and protecting sensitive information Detecting, investigating, and responding to application threats Summary Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel Chapter 10: Setting Up and Configuring Microsoft Sentinel Pre-deployment activities Azure tenant-level prerequisites Enabling and onboarding Microsoft Sentinel Global requirements and prerequisites for Microsoft Sentinel Data residency Enabling Microsoft Sentinel for your organization Connecting data sources to Microsoft Sentinel Summary Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel Technical requirements Kusto query overview Applying query best practices Advanced threat hunting and the M365 Defender portal Community and shared queries Custom detections Hunting for threats in Microsoft Sentinel Custom hunting queries Monitor hunting queries with Sentinel Livestream Working with bookmarks Advanced hunting with notebooks Summary Chapter 12: Knowledge Check Example exam questions Answer key Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.