SC-200 Microsoft Security Operations Analyst Course & SIMs

سرفصل های دوره

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

1. Introduction

1. Welcome to the course!

2. Understanding the Microsoft Environment

3. Foundations of Active Directory Domains

4. Foundations of RAS, DMZ, and Virtualization

5. Foundations of the Microsoft Cloud Services

6. DONT SKIP The first thing to know about Microsoft cloud services

7. DONT SKIP Azure AD is now renamed to Entra ID

8. Questions for John Christopher

9. Order of concepts covered in the course

2. Performing hands on activities

1. DONT SKIP Using Assignments in the course

2. Creating a free Microsoft 365 Account

3. Activating licenses for Defender for Endpoint and Vulnerabilities

4. Getting your free Azure credit

3. Mitigate threats to the Microsoft365 environment by using Microsoft 365 Defender

1. Microsoft Defender and Microsoft Purview admin centers

2.1 Microsoft 365 Defender.pdf

2. Introduction to Microsoft 365 Defender

3. Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive

4. Investigate, respond, and remediate threats with Defender for Office 365

5.1 Understanding DLP.pdf

5. Understanding data loss prevention (DLP) in Microsoft 365 Defender

6. Implement data loss prevention policies (DLP) to respond and alert

7. Investigate & respond to alerts generated by data loss prevention (DLP) policies

8.1 Insider Risk Management.pdf

8. Understanding insider risk policies

9. Generating an insider risk policy

10. Investigate and respond to alerts generated by insider risk policies

11.1 Defender for Cloud Apps.pdf

11. Discover and manage apps by using Microsoft Defender for Cloud Apps

12. Identify,investigate, & remediate security risks by using Defender for Cloud App

13. SIMULATION Create a safe attachment policy for Sales with Dynamic Deliver.html

14. SIMULATION Create a custom DLP policy that uses Payroll Keyword sensitivity.html

4. Mitigate endpoint threats by using Microsoft Defender for Endpoint

1.1 Microsoft 365 Defender.pdf

1. Concepts of management with Microsoft Defender for Endpoint

2. Setup a Windows 11 virtual machine endpoint

3. Enrolling to Intune for attack surface reduction (ASR) support

4. Onboarding to manage devices using Defender for Endpoint

5. A note about extra features in your Defender for Endpoint

6. Incidents, alert notifications, and advanced feature for endpoints

7. Review and respond to endpoint vulnerabilities

8. Recommend attack surface reduction (ASR) for devices

9. Configure and manage device groups

10. Identify devices at risk using the Microsoft Defender Vulnerability Management

11. Manage endpoint threat indicators

12. Identify unmanaged devices by using device discovery

13. SIMULATION Create an endpoint device group in Microsoft 365 Defender.html

5. Mitigate identity threats

1. Mitigate security risks related to events for Microsoft Entra ID

2.1 Entra Identity Protection.pdf

2. Concepts of using Microsoft Entra Identity Protection

3. Mitigate security risks related to Microsoft Entra Identity Protection events

4. Mitigate risks related to MS Entra Identity Protection inside Microsoft Defender

5.1 Microsoft Defender for Identity.pdf

5. Understanding Microsoft Defender for Identity

6. Mitigate security risks related to Active Directory (AD DS) using Microsoft DFI

7. SIMULATION Use Entra ID protection to set User Risk to Medium & Above....html

6. Manage extended detection and response (XDR) in Microsoft 365 Defender

1.1 extended detection and response (xdr).zip

1. Concepts of the purpose of extended detection and response (XRD)

2. Setup a simulation lab using Microsoft 365 Defender

3. Run an attack against a device in the simulation lab

4. Manage incidents & automated investigations in the Microsoft 365 Defender portal

5. Run an attack simulation email campaign in Microsoft 365 Defender

6. Manage actions and submissions in the Microsoft 365 Defender portal

7. Identify threats by using Kusto Query Language (KQL)

8. Identify and remediate security risks by using Microsoft Secure Score

9. Analyze threat analytics in the Microsoft 365 Defender portal

10. Configure and manage custom detections and alerts

11. SIMULATION Create an alert policy, high severity, information governance....html

7. Investigate threats by using audit features in MS 365 Defender and MS Purview

1. Understanding unified audit log licensing and requirements

2. Setting unified audit permissions and enabling support

3. Perform threat hunting by using unified audit log

4. Perform threat hunting by using Content Search

5. SIMULATION Perform an audit search in Purview for the first 5 listed Exchange...html

8. Implement and maintain cloud security posture management

1. Overview of Microsoft Defender for Cloud

2. Assign and manage regulatory compliance policies, including MCSB

3. Improve the Microsoft Defender for Cloud secure score by applying remediation's

4. Configure plans and agents for Microsoft Defender for Servers

5. Configure and manage Microsoft Defender for DevOps

6. Configure & manage Microsoft Defender External Attack Surface Management (EASM)

7. SIMULATION Turn on server support and API support for Microsoft Defender....html

9. Configure environment settings in Microsoft Defender for Cloud

1. Plan and configure Microsoft Defender for Cloud settings

2. Configure Microsoft Defender for Cloud roles

3.1 assess and recommend cloud workload protection.zip

3. Assess and recommend cloud workload protection and enable plans

4. Configure automated onboarding of Azure resources

5. Connect compute resources by using Azure Arc

6. Connect multi-cloud resources by using Environment settings

7. SIMULATION Turn on automatic onboarding of servers for Defender for Endpoint.html

10. Respond to alerts and incidents in Microsoft Defender for Cloud

1. Set up email notifications

2. Create and manage alert suppression rules

3. Design and configure workflow automation in Microsoft Defender for Cloud

4. Generate sample alerts and incidents in Microsoft Defender for Cloud

5. Remediate alerts and incidents by using MS Defender for Cloud recommendations

6. Manage security alerts and incidents

7. Analyze Microsoft Defender for Cloud threat intelligence reports

8. SIMULATION Set alert notifications to low & above....html

11. Design and configure a Microsoft Sentinel workspace

1.1 Microsoft Sentinel.pdf

1. Concepts of Microsoft Sentinel

2. Plan a Microsoft Sentinel workspace

3. Configure Microsoft Sentinel roles

4. Design and configure Microsoft Sentinel data storage,log types and log retention

5. SIMULATION Assign JC to the Microsoft Sentinel Contributor role.html

12. Plan and implement the use of data connectors for ingestion of data sources

1.1 identify data sources to be ingested for microsoft sentinel.zip

1. Identify data sources to be ingested for Microsoft Sentinel

2. Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings

3. Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud

4. Design and configure Syslog and Common Event Format (CEF) event collections

5. Design and configure Windows security event collections

6. Configure threat intelligence connectors

7.1 sample.zip

7. Create custom log tables in the workspace to store ingested data

8. SIMULATION Configure the Microsoft Entra ID data connector with Sign-In Log....html

13. Manage Microsoft Sentinel analytics rules

1.1 Sentinel Analytics Rules.pdf

1. Concepts of Microsoft Sentinel analytics rules

2. Configure the Fusion rule

3. Configure Microsoft security analytics rules

4. Configure built-in scheduled query rules

5.1 KQL custom scheduled query.txt

5. Configure custom scheduled query rules

6.1 KQL NRT rule.txt

6. Configure near-real-time (NRT) analytics rules

7. Manage analytics rules from Content hub

8.1 watchlist-sample.csv

8. Manage and use watchlists

9. Manage and use threat indicators

10. SIMULATION Create an incident creation rule for Defender for Identity....html

14. Perform data classification and normalization

1. Classify and analyze data by using entities

2.1 Advanced Security Information Model (ASIM).pdf

2. Query Microsoft Sentinel data by using Advanced Security Information Model(ASIM)

3.1 ASIM example.txt

3. Develop and manage ASIM parsers

15. Configure security orchestration automated response (SOAR) in Microsoft Sentinel

1. Create and configure automation rules

2. Create and configure Microsoft Sentinel playbooks

3. Configure analytic rules to trigger automation rules

4. Trigger playbooks from alerts and incidents

5. SIMULATION Create an automation incident rule that assigns JC as owner....html

16. Manage Microsoft Sentinel incidents

1. Configure an incident generation

2. Triage incidents in Microsoft Sentinel

3. Investigate incidents in Microsoft Sentinel

4. Respond to incidents in Microsoft Sentinel

5. Investigate multi-workspace incidents

6. SIMULATION Configure the Medium Malicious Inbox incident....html

17. Use Microsoft Sentinel workbooks to analyze and interpret data

1. Activate and customize Microsoft Sentinel workbook templates

2. Create custom workbooks

3. Configure advanced visualizations

18. Hunt for threats by using Microsoft Sentinel

1. Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel

2. Customize content gallery hunting queries

3. Create custom hunting queries

4. Use hunting bookmarks for data investigations

5. Monitor hunting queries by using Livestream

6. Retrieve and manage archived log data

7. Create and manage search jobs

8. SIMULATION Select the Malicious Keyword Query in Hunting....html

19. Manage threats by using User and Entity Behavior Analytics

1. Configure User and Entity Behavior Analytics settings

2. Investigate threats by using entity pages

3.1 KQL Anomaly Rule.txt

3. Configure anomaly detection analytics rules

20. Conclusion

1. Cleaning up your lab environment

2. Getting a Udemy certificate

3. BONUS - Where do I go from here

54,900 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy