Unlimited Microsoft Training for €6,750! Watch here!

Microsoft - Certified: Security Operations Analyst Associate | Exam SC-200

Duration

Duration:

Only 3 Days

Method

Method:

Classroom / Online / Hybrid

Next date

Next date:

25/1/2023 (Wednesday)

Overview

On this accelerated Microsoft Certified: Security Operations Analyst Associate course, you’ll learn to investigate and respond to threats to your business using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.

In just 3 days, you’ll build knowledge on collaborating with stakeholders to secure information technology systems for your organisation. You’ll also learn how to:

  • Reduce business risk by rapidly remediating active attacks in the environment
  • Advising on improvements to threat protection practices
  • Refer violations of business policies to appropriate stakeholders

At the end of this course, you’ll sit exam Exam SC-200: Microsoft Security Operations Analyst and achieve your certification. As Firebrand are a Microsoft Gold Partner for Learning, you’ll get access to the official exam, Microsoft Official Curriculum (MOCs) and learn from Microsoft Certified Trainers (MCTs).

Through Firebrand’s Lecture | Lab | Review methodology, you’ll achieve your certification twice as fast as traditional training.

Benefits

Other accelerated training providers rely heavily on lecture and independent self-testing and study.

Effective technical instruction must be highly varied and interactive to keep attention levels high, promote camaraderie and teamwork between the students and instructor, and solidify knowledge through hands-on learning.

Firebrand Training provides instruction to meet every learning need:

  • Intensive group instruction
  • One-on-one instruction attention
  • Hands-on labs
  • Lab partner and group exercises
  • Question and answer drills
  • Independent study

Curriculum

Course SC-200T00-A: Microsoft Security Operations Analyst

Module 1: Mitigate threats using Microsoft Defender for Endpoint

  • Protect against threats with Microsoft Defender for Endpoint
  • Deploy the Microsoft Defender for Endpoint environment
  • Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
  • Manage alerts and incidents in Microsoft Defender for Endpoint
  • Perform device investigations in Microsoft Defender for Endpoint
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Perform evidence and entities investigations using Microsoft Defender for Endpoint
  • Configure and manage automation using Microsoft Defender for Endpoint
  • Configure for alerts and detections in Microsoft Defender for Endpoint
  • Utilise Threat and Vulnerability Management in Microsoft Defender for Endpoint

Module 2: Mitigate threats using Microsoft 365 Defender

  • Introduction to threat protection with Microsoft 365
  • Mitigate incidents using Microsoft 365 Defender
  • Protect your identities with Azure AD Identity Protection
  • Remediate risks with Microsoft Defender for Office 365
  • Safeguard your environment with Microsoft Defender for Identity
  • Secure your cloud apps and services with Microsoft Cloud App Security
  • Respond to data loss prevention alerts using Microsoft 365
  • Manage insider risk in Microsoft 365

Module 3: Mitigate threats using Azure Defender

  • Plan for cloud workload protections using Azure Defender
  • Explain cloud workload protections in Azure Defender
  • Connect Azure assets to Azure Defender
  • Connect non-Azure resources to Azure Defender
  • Remediate security alerts using Azure Defender

Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

  • Construct KQL statements for Azure Sentinel
  • Analyse query results using KQL
  • Build multi-table statements using KQL
  • Work with data in Azure Sentinel using Kusto Query Language

Module 5: Configure your Azure Sentinel environment

  • Introduction to Azure Sentinel
  • Create and manage Azure Sentinel workspaces
  • Query logs in Azure Sentinel
  • Use watchlists in Azure Sentinel
  • Utilise threat intelligence in Azure Sentinel

Module 6: Connect logs to Azure Sentinel

  • Connect data to Azure Sentinel using data connectors
  • Connect Microsoft services to Azure Sentinel
  • Connect Microsoft 365 Defender to Azure Sentinel
  • Connect Windows hosts to Azure Sentinel
  • Connect Common Event Format logs to Azure Sentinel
  • Connect syslog data sources to Azure Sentinel
  • Connect threat indicators to Azure Sentinel

Module 7: Create detections and perform investigations using Azure Sentinel

  • Threat detection with Azure Sentinel analytics
  • Threat response with Azure Sentinel playbooks
  • Security incident management in Azure Sentinel
  • Use entity behaviour analytics in Azure Sentinel
  • Query, visualise, and monitor data in Azure Sentinel

Module 8: Perform threat hunting in Azure Sentinel

  • Threat hunting with Azure Sentinel
  • Hunt for threats using notebooks in Azure Sentinel

Exam Track

As part of your accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:

Exam SC-200: Microsoft Security Operations Analyst

  • Exam code: SC-200
  • Language: English
  • Domains:
    • Mitigate threats using Microsoft 365 Defender (25-30%)
    • Mitigate threats using Azure Defender (25-30%)
    • Mitigate threats using Azure Sentinel (40-45%)

What's Included

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free (just pay for accommodation, exams and incidental costs)

Prerequisites

Before taking this accelerated course, you should have a basic understanding of the following topics:

  • Microsoft 365
  • Microsoft security, compliance, and identity products
  • Azure services, specifically Azure SQL Database and Azure Storage
  • Azure virtual machines and virtual networking
  • Scripting concepts

And an intermediate understanding of the following:

  • Windows 10

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.

Reviews

Here's the Firebrand Training review section. Since 2001 we've trained exactly 125505 students and asked them all to review our Accelerated Learning. Currently, 96.58% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.


"The knowledge and professionalism of the instructor, supporting and replaying all our question is really amazing. The Ruwenberg hotel is really nice and the service on the hotel fantastic. Overall, I've had a fantastic experience."
David Alonso. (9/4/2018 (Monday) to 11/4/2018 (Wednesday))

"Good environment for a training, professional people."
Anonymous (9/4/2018 (Monday) to 11/4/2018 (Wednesday))

"A 9 day sprint through all things Azure with a focus on getting through the MSCE exams for architecting and developing cloud solutions. The long days paid off. Comfortable accommodation with knowledgeable and attentive staff."
Graham Morgan, Spatial Consultants Ltd. (10/7/2017 (Monday) to 18/7/2017 (Tuesday))

"We had Phil Anderson, a very nice and intelligent man. He had to put through a lot of information. I did not take the exam at the end of the week, because I am a person who needs more time to process information. The course was structured and well done by Phil. I would recommend him as a trainer. Teacher gets a 9. The facilities of the training were good. Everything was prepared before the training, so it had an easy start. "
Danny van Oijen, Havenziekenhuis. (13/3/2017 (Monday) to 18/3/2017 (Saturday))

"Intense study with a great instructor and awesome co-students."
Martin Petersen, Silvaco A/S. (25/1/2016 (Monday) to 30/1/2016 (Saturday))

Course Dates

Microsoft - Certified: Security Operations Analyst Associate

Start

Finish

Status

Book now

21/9/2022 (Wednesday)

23/9/2022 (Friday)

Finished - Leave feedback

 

25/1/2023 (Wednesday)

27/1/2023 (Friday)

Open

Book now

4/3/2023 (Saturday)

6/3/2023 (Monday)

Open

Book now

26/4/2023 (Wednesday)

28/4/2023 (Friday)

Open

Book now

21/6/2023 (Wednesday)

23/6/2023 (Friday)

Open

Book now

Latest Reviews from our students