How to Get Prepped to Take the SC-200 Exam

The SC-200 exam is for the Microsoft Security Operations Analyst and contains questions and content about Azure Defender and Azure Sentinel. Its not a tough exam, by any means – particularly if you have worked with Defender and Sentinel for any length of time.

Here’s the skills that are measured with their approximate percentages of coverage:

  • Mitigate threats using Microsoft 365 Defender (25-30%)
  • Mitigate threats using Azure Defender (25-30%)
  • Mitigate threats using Azure Sentinel (40-45%)

I took it myself during the beta phase and those percentages are much different than what I experienced – so your results may vary. And, at the time of this blog post am still waiting for my results – which is now 8 weeks and counting. <ugghh>.

Taking this single exam give you a brand new certification of Microsoft Certified: Security Operations Analyst Associate.

A LEARN PATH

For those that interested in digging into learning for this exam, there’s already a Learning Path available. You can find that at the bottom of the exam information page: Exam SC-200: Microsoft Security Operations Analyst

I will tell you, though – based on my experience you need actual hands-on with each product. The Learning Path is not enough to pass the exam. If you’ve worked with each product extensively, you should have no problem passing it.

A SKILLS OUTLINE

I’d also recommend downloading the Skills Outline. The Skills Outline gives you a great reference to help potentially identify some of your weak points to enable you to prioritize your study focus.

A BOOK

However, if you want to wait a little bit, a couple colleagues of mine, Yuri Diogenes (ASC/Defender) and Sarah Young (Sentinel), are finishing up an exam reference book that should be released by September 2021. You can pre-order or be notified when its available: Exam Ref Sc-200 Microsoft Security Operations Analyst

UPDATE: Just a couple hours after posting this, my SC-200 results came through. I passed! Incidentally, this is one of those “do as I say, not as I do” scenarios. I took the exam cold. No studying. BUT, I work with these products every single day.

=========================

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

Author