Book Image

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

By : Trevor Stuart, Joe Anich
Book Image

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

By: Trevor Stuart, Joe Anich

Overview of this book

Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst. Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way. By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Trevor Stuart | Joe Anich
Mar, 2022 | 288 pages
Small book image
Mastering Microsoft 365 Defender
Ru Campbell | Viktor Hedberg
Jul, 2023 | 572 pages
Small book image
Microsoft Defender for Endpoint in Depth
Paul Huijbregts | Joe Anich | Justen Graves
Mar, 2023 | 362 pages
Small book image
Microsoft 365 Security and Compliance for Administrators
Omar Kudović | Sasha Kranjac
Mar, 2024 | 432 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Share Your Thoughts
1
Section 1 – Exam Overview and Evolution of Security Operations
Section 1 – Exam Overview and Evolution of Security Operations
Free Chapter
2
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives
Technical requirements
Preparing for a Microsoft exam
Creating a Microsoft demo tenant
Summary
3
Chapter 2: The Evolution of Security and Security Operations
Chapter 2: The Evolution of Security and Security Operations
A quick introduction to the terminology
Understanding the traditional approach to security
Introducing the modern approach to security
Getting to know traditional SOC issues
Exploring modern ways to resolve traditional SOC issues
Summary
4
Section 2 – Implementing Microsoft 365 Defender Solutions
Section 2 – Implementing Microsoft 365 Defender Solutions
5
Chapter 3: Implementing Microsoft Defender for Endpoint
Chapter 3: Implementing Microsoft Defender for Endpoint
Technical requirements
Understanding the prerequisites
Deployment options – onboarding
Troubleshooting
Sensor status and verification
Summary
6
Chapter 4: Implementing Microsoft Defender for Identity
Chapter 4: Implementing Microsoft Defender for Identity
Technical requirements
Understanding the prerequisites
Deployment options
A troubleshooting guide
Service status and verification
Summary
7
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
Technical requirements
Introduction to Microsoft Defender for Cloud and ASC
Implementing ASC
Implementing Microsoft Defender for Cloud
How do ASC and Microsoft Defender for Cloud fit into the security of an enterprise?
Summary
8
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
9
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
Before we get started – acronyms and creating your lab!
General portal navigation
Alerts and incidents
How to suppress an alert and create a new suppression rule
Summary
10
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents
Technical requirements
MDI concepts
Understanding and investigating alerts
Triaging and responding to alerts
Summary
11
Chapter 8: Microsoft Defender for Office – Threats to Productivity
Chapter 8: Microsoft Defender for Office – Threats to Productivity
Technical requirements
Threat protection policies
Threat investigation and response capabilities
Automated investigation and response capabilities
Data loss prevention and insider risk
Summary
12
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps
Technical requirements
The MDCA framework
Cloud Discovery
Conditional Access App Control
Classifying and protecting sensitive information
Detecting, investigating, and responding to application threats
Summary
13
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
14
Chapter 10: Setting Up and Configuring Microsoft Sentinel
Chapter 10: Setting Up and Configuring Microsoft Sentinel
Pre-deployment activities
Azure tenant-level prerequisites
Enabling and onboarding Microsoft Sentinel
Global requirements and prerequisites for Microsoft Sentinel
Data residency
Enabling Microsoft Sentinel for your organization
Connecting data sources to Microsoft Sentinel
Summary
15
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
16
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
Technical requirements
Kusto query overview
Advanced threat hunting and the M365 Defender portal
Hunting for threats in Microsoft Sentinel
Summary
17
Chapter 12: Knowledge Check
Chapter 12: Knowledge Check
Example exam questions
Answer key
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Understanding the prerequisites

When it comes to planning your MDE deployments, getting a grasp of the requirements needed for each operating system will only add to a successful project. One of the core differences between, let's say, Server 2019 and Server 2016 is the fact that the Endpoint Detection and Response (EDR) capabilities in Server 2016 are not built in like they are in Server 2019. So, we need to install the Microsoft Monitoring Agent (MMA) in these down-level scenarios so that we can send sensor data to the MDE backend. The same requirements and scenario apply to Windows 10, where Windows 8.1 and older are down-level.

Other prerequisites to look for on down-level operating systems are as follows:

  • If you're using Microsoft Endpoint Configuration Manager (MECM), you'll need to configure System Center Endpoint Protection (SCEP). This also has its own patch requirements as well as configurations. That's not too important for the exam but something...
Previous Section
End of Section 3
Next Section