Advertisement
Join our 3-day virtual Microsoft Security Operations Analyst course! Master Sentinel, Defender, & incident response. Remote or onsite.About this Event
Microsoft Security Operations Analyst Certification Course (SC-200)
KEP Training is excited to offer the 3-day remote Microsoft Security Operations Analyst (SC-200) course, led by expert trainer Doyle Turner from Incremental Systems.
Duration: 3 Days
Delivery Method: Students can attend virtually or in-person in Indianapolis, IN.
Target Audience: Security operations analysts, IT professionals, and anyone preparing for the Microsoft Security Operations Analyst certification (SC-200).
Day 1: Understanding the Role and Core Concepts
Module 1: Introduction to Microsoft Security Operations
Overview of Security Operations Center (SOC)
Understanding the role of a Security Operations Analyst
Key concepts: Zero Trust, Defense in Depth, Incident Response lifecycle
Module 2: Introduction to Microsoft Sentinel
Overview of Microsoft Sentinel
Configuring Microsoft Sentinel workspaces
Data connectors: Ingesting data from Microsoft and third-party sources
Module 3: Managing Microsoft Sentinel
Creating and managing Analytics Rules
Incident creation and investigation basics
Building and visualizing workbooks for data insights
Lab:
Setting up a Microsoft Sentinel workspace and configuring data connectors
Creating analytics rules and exploring incidents
Day 2: Advanced Threat Detection and Incident Response
Module 4: Threat Hunting with Microsoft Sentinel
Understanding threat hunting principles
KQL (Kusto Query Language) for hunting
Building queries for threat analysis
Module 5: Automating Responses with Playbooks
Introduction to Logic Apps
Configuring and managing playbooks for automated responses
Real-world examples of automated incident handling
Module 6: Understanding Microsoft Defender Suite
Overview of Microsoft Defender for Endpoint, Office 365, Identity, and Cloud Apps
Integrating Defender tools with Microsoft Sentinel
Lab:
Hands-on threat hunting using KQL
Configuring a playbook to respond to a phishing attack
Day 3: Securing Environments and Exam Preparation
Module 7: Securing the Microsoft Environment
Understanding security policies and compliance requirements
Hardening identity and access management with Azure AD
Leveraging conditional access policies and MFA for security
Module 8: Incident Response and Forensics
Managing incidents across tools: Sentinel, Defender, and Azure
Post-incident analysis and forensics
Using advanced analytics to identify root causes
Module 9: Preparing for the SC-200 Exam
Overview of the SC-200 exam objectives
Practice exam questions and scenarios
Study strategies and tips from a Microsoft-certified expert
Lab:
Conducting a simulated incident investigation and response
Final exam practice lab
Course Wrap-Up
Key takeaways and next steps
Resources for continued learning: Microsoft Learn, blogs, and communities
Q&A session with the instructor
Advertisement
Event Venue & Nearby Stays
Point Comfort Group, 306 Prospect Street, Ste. 100, Indianapolis, United States
Tickets
USD 850.17 to USD 1063.58
