Microsoft Security Operations Analyst Exam (SC-200) Exam measures your ability to accomplish the following technical tasks including mitigating threats using Microsoft 365 Defender; mitigate threats using Azure Defender, and mitigate threats using Azure Sentinel.

The SC-200 Exam consists of 40-60 questions that must be answered within 150 minutes, including about 30 minutes for the surveys and the ssessments, which gives you roughly 120 minutes for the exam. Different types of questions are asked during the exam, including case study, short answers, multiple choice questions, note review, drag and drop, etc. In addition, the exam will cost you 165 USD. But keep in mind that you need to score 700 points or more to pass the Microsoft SC-200 exam.

Skills Acquired

• Firstly, as a Microsoft Security Operations Analyst, you will be required to perform threat management, monitoring, and response by using a variety of security solutions across their environment.

• The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.

Skills Measured

• NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list Is NOT definitive or exhaustive.

• NOTE: Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

1) Mitigate threats using Microsoft 365 Defender (25-30%)

• Detect, investigate, respond, and remediate threats to the productivity environment by using Microsoft Defender for Office 365

• Detect, investigate, respond, and remediate endpoint threats by using Microsoft Defender for Endpoint

• Detect, investigate, respond, and remediate identity threats

• Detect, investigate, respond, and remediate application threats

• Manage cross-domain investigations in Microsoft 365 Defender portal

2) Mitigate threats using Azure Defender (now Microsoft Defender for Cloud) (25-30%)

• Design and configure an Microsoft Defender for Cloud implementation

• Plan and implement the use of data connectors for ingestion of data sources in Microsoft Defender for Cloud

• Manage Microsoft Defender for Cloud alert rules

• Configure automation and remediation

• Investigate Azure Defender (now Microsoft Defender for Cloud) alerts and incidents

3) Mitigate threats using Azure Sentinel (now Microsoft Sentinel) (40-45%)

• Design and configure a Microsoft Sentinel workspace

• Plan and Implement the use of data connectors for ingestion of data sources in Microsoft Sentinel

• Manage Microsoft Sentinel analytics rules

• Configure Security Orchestration Automation and Response (SOAR) in Microsoft Sentinel

• Manage Microsoft Sentinel Incidents

• Use Azure Sentinel Microsoft Sentinel workbooks to analyze and interpret data

• Hunt for threats using the Microsoft Sentinel portal