This class was created by Brainscape user Emmanuel Barber-Thomas.
By:
Emmanuel Barber-Thomas
- decks
- flashcards
- learners
Decks in this class (33)
1.1 - Introduction to Microsoft Defender XDR threat protection
- Understand Microsoft Defender XDR solutions by domain
- Understand the Microsoft Defender XDR role in a Modern SOC
34
cards
1.2 - Mitigate incidents using Microsoft Defender
- Manage incidents in Microsoft Defender
- Investigate incidents in Microsoft Defender
- Conduct advanced hunting in Microsoft Defender
127
cards
1.3 - Remediate threats using Microsoft Defender
- Automate threat investigation and response using Microsoft Defender for Office 365.
- Configure Safe Attachments, Safe Links, and anti-phishing policies.
- Use the Phishing Triage Agent to classify and triage phishing emails.
- Simulate attacks to identify vulnerabilities and improve security posture
94
cards
1.4 - Manage Microsoft Entra Identity Protection
- Implement and manage a user risk policy.
- Implement and manage sign-in risk policies.
- Implement and manage MFA registration policy.
- Monitor, investigate, and remediate elevated risky users.
64
cards
1.5 - Safeguard your environment with Microsoft Defender for Identity
- Define the capabilities of Microsoft Defender for Identity.
- Understand how to configure Microsoft Defender for Identity sensors.
- Explain how Microsoft Defender for Identity can remediate risks in your environment.
35
cards
1.6 - Secure your cloud apps and services with Microsoft Defender for Cloud Apps
- Define the Defender for Cloud Apps framework
- Explain how Cloud Discovery helps you see what's going on in your organization
- Understand how to use Conditional Access App Control policies to control access to the apps in your organization
75
cards
2.1 - Introduction to generative AI and agents
- Describe core concepts of generative AI.
- Explain how large language models (LLMs) work.
- Consider how to create effective prompts for LLMs.
- Describe core concepts of agents and agentic AI solutions.
50
cards
2.2 - Describe Microsoft Security Copilot
- Describe what Microsoft Security Copilot is.
- Describe the terminology of Microsoft Security Copilot.
- Describe how Microsoft Security Copilot processes prompt - requests.
- Describe the elements of an effective prompt
- Describe how to enable Microsoft Security Copilot.
94
cards
2.3 - Describe the core features of Microsoft Security Copilot
- Describe the features available in the standalone Copilot experience.
- Describe the plugins available in Copilot.
- Describe custom promptbooks.
- Describe knowledge base connections.
148
cards
2.4 - Describe the embedded experiences of Microsoft Security Copilot
- Describe Copilot in Microsoft Defender XDR.
- Describe Copilot in Microsoft Purview.
- Describe Copilot in Microsoft Entra.
- Describe Copilot in Microsoft Intune.
- Describe Copilot in Microsoft Defender for Cloud.
99
cards
3.1 - Investigate and respond to Microsoft Purview Data Loss Prevention alerts
- Investigate DLP alerts in Microsoft Purview and Microsoft Defender XDR
- Review alert details, related user activities, and matched events
- Apply remediation actions and update alert or incident statuses
- Assign ownership, document decisions, and support accountability
- Recognize when DLP policies might need adjustments based on investigation outcomes
114
cards
3.2 - Investigate insider risk alerts and related activity
- Understand how alerts are generated and prioritized in Insider Risk Management.
- Tune policies and thresholds to manage alert volume effectively.
- Use the Alerts dashboard and alert details to triage and respond to risky activity.
- Investigate behavior using tabs like All risk factors, Activity explorer, and User activity.
- Integrate with Microsoft Defender XDR for broader threat investigation.
- Create, manage, and resolve Insider Risk Management cases.
93
cards
3.3 - Search and investigate with Microsoft Purview Audit
- Identify the differences between Microsoft Purview Audit (Standard) and Audit (Premium).
- Configure Microsoft Purview Audit for optimal log management.
- Perform audits to assess compliance and security measures.
- Analyze irregular access patterns using advanced tools in Purview - Audit (Premium) and PowerShell.
- Ensure regulatory compliance through strategic data management.
96
cards
3.4 - Search for content with Microsoft Purview eDiscovery
- Assign the roles and permissions to access Microsoft Purview eDiscovery
- Create and manage cases used to run eDiscovery searches
- Define search scope and build queries using conditions, keywords, and Copilot-generated prompts
- Run searches and validate results using statistics or random samples
51
cards
4.1 - Protect against threats with Microsoft Defender for Endpoint
- Define the capabilities of Microsoft Defender for Endpoint.
- Understand how to hunt threats within your network.
- Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
54
cards
4.2 - Deploy the Microsoft Defender for Endpoint environment
- Create a Microsoft Defender for Endpoint environment
- Onboard devices to be monitored by Microsoft Defender for Endpoint
- Configure Microsoft Defender for Endpoint environment settings
102
cards
4.3 - Implement Windows security enhancements with Microsoft Defender for Endpoint
- Explain Attack Surface Reduction in Windows
- Enable Attack Surface Reduction rules on Windows 10 devices
- Configure Attack Surface Reduction rules on Windows 10 devices
55
cards
4.4 - Perform device investigations in Microsoft Defender for Endpoint
- Use the device page in Microsoft Defender for Endpoint
- Describe device forensics information collected by Microsoft Defender for Endpoint
- Describe behavioral blocking by Microsoft Defender for Endpoint
82
cards
4.5 - Perform actions on a device using Microsoft Defender for Endpoint
- Perform actions on a device using Microsoft Defender for Endpoint
- Conduct forensics data collection using Microsoft Defender for Endpoint
- Access devices remotely using Microsoft Defender for Endpoint
68
cards
4.6 - Perform evidence and entities investigations using Microsoft Defender for Endpoint
- Investigate files in Microsoft Defender for Endpoint
- Investigate domains and IP addresses in Microsoft Defender for Endpoint
- Investigate user accounts in Microsoft Defender for Endpoint
65
cards
4.7 - Configure and manage automation using Microsoft Defender for Endpoint
- Configure advanced features of Microsoft Defender for Endpoint
- Manage automation settings in Microsoft Defender for Endpoint
50
cards
4.8 - Configure for alerts and detections in Microsoft Defender for Endpoint
- Configure alert settings in Microsoft Defender for Endpoint
- Manage indicators in Microsoft Defender for Endpoint
55
cards
4.9 - Utilize Vulnerability Management in Microsoft Defender for Endpoint
- Describe Vulnerability Management in Microsoft Defender for Endpoint
- Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
- Track emerging threats in Microsoft Defender for Endpoint
37
cards
5.1 - Plan for cloud workload protections using Microsoft Defender for Cloud
- Describe Microsoft Defender for Cloud features
- Microsoft Defender for Cloud workload protections
- Enable Microsoft Defender for Cloud
0
cards
5.2 - Connect Azure assets to Microsoft Defender for Cloud
- Explore Azure assets
- Configure auto provisioning in Microsoft Defender for Cloud
- Describe manual provisioning in Microsoft Defender for Cloud
0
cards
5.3 - Connect non-Azure resources to Microsoft Defender for Cloud
- Connect non-Azure machines to Microsoft Defender for Cloud
- Connect AWS accounts to Microsoft Defender for Cloud
- Connect GCP accounts to Microsoft Defender for Cloud
0
cards
5.4 - Manage your cloud security posture management
- Describe Microsoft Defender for Cloud features.
- Explain the Microsoft Defender for Cloud security posture management protections for your resources.
0
cards
5.5 - Explain cloud workload protections in Microsoft Defender for Cloud
- Explain which workloads are protected by Microsoft Defender for Cloud
- Describe the benefits of the protections offered by Microsoft Defender for Cloud
- Explain how Microsoft Defender for Cloud protections function
0
cards
5.6 - Remediate security alerts using Microsoft Defender for Cloud
- Describe alerts in Microsoft Defender for Cloud
- Remediate alerts in Microsoft Defender for Cloud
- Automate responses in Microsoft Defender for Cloud
0
cards
6.1 - Construct KQL statements for Microsoft Sentinel
- Construct KQL statements
- Search log files for security events using KQL
- Filter searches based on event time, severity, domain, and other relevant data using KQL
0
cards
6.2 - Analyze query results using KQL
- Summarize data using KQL statements
- Render visualizations using KQL statements
0
cards
6.3 - Build multi-table statements using KQL
- Create queries using unions to view results across multiple tables using KQL
- Merge two tables with the join operator using KQL
0
cards
6.4 - Work with data in Microsoft Sentinel using Kusto Query Language
- Extract data from unstructured string fields using KQL
- Extract data from structured string data using KQL
- Create Functions using KQL
0
cards
More about
SC-200: Microsoft Certified - Security Operations Analyst Associate
- Full test name Unspecified
- Test acronym Unspecified
The creator of this class did not yet add a description for what is included in this class.
How studying works.
Brainscape's adaptive web mobile flashcards system will drill you on your weaknesses, using a pattern guaranteed to help you learn more in less time.
Add your own flashcards.
Either request "Edit" access from the author, or make a copy of the class to edit as your own. And you can always create a totally new class of your own too!
What's Brainscape anyway?
Brainscape is a digital flashcards platform where you can find, create, share, and study any subject on the planet.
We use an adaptive study algorithm that is proven to help you learn faster and remember longer....
Looking for something else?
Microsoft Security
- 17 decks
- 259 flashcards
- 8 learners
Decks:
Ms 01 P1 Introduction To Windows Client, Ms 02 P1 Windows Server Enterprise Creat, Ms 03 P1 Domain Name System, And more!
Security Operations Analysis
- 21 decks
- 262 flashcards
- 1 learners
Decks:
Week 1, Week 1 Q S, Week 2, And more!
