SC‐200_flashcards_v1 - itnett/FTD02H-N GitHub Wiki

SC-200 Flashcards

Objective 1: Mitigate threats using Microsoft 365 Defender

1.1 Describe the capabilities of Microsoft Defender for Endpoint

  • 🛡️ Capability: Endpoint detection and response (EDR)
  • 🛡️ Capability: Attack surface reduction (ASR)
  • 🛡️ Capability: Automated investigation and response (AIR)

1.2 Investigate alerts and incidents in Microsoft Defender for Endpoint

  • 🔍 Action: Review and analyze alerts
  • 🔍 Action: Investigate incidents and entities
  • 🔍 Action: Use advanced hunting queries

1.3 Mitigate incidents using Microsoft Defender for Office 365

  • 📧 Capability: Threat protection for emails and documents
  • 📧 Capability: Safe attachments and safe links
  • 📧 Capability: Anti-phishing policies

1.4 Mitigate incidents using Microsoft Defender for Identity

  • 👤 Capability: Identity threat detection
  • 👤 Capability: Lateral movement path analysis
  • 👤 Capability: Anomalous activities and user behavior analytics

1.5 Investigate and respond to incidents using Microsoft Defender for Cloud Apps

  • ☁️ Capability: Cloud app security and governance
  • ☁️ Capability: Investigate and remediate alerts
  • ☁️ Capability: Use of policies and anomaly detection

Objective 2: Mitigate threats using Microsoft Sentinel

2.1 Design and configure a Microsoft Sentinel workspace

  • 🛠️ Task: Configure data connectors
  • 🛠️ Task: Set up workbooks and dashboards
  • 🛠️ Task: Manage retention settings

2.2 Query, visualize, and monitor data in Microsoft Sentinel

  • 📊 Task: Use KQL for querying data
  • 📊 Task: Create and customize workbooks
  • 📊 Task: Set up and manage alerts and incidents

2.3 Investigate and respond to incidents using Microsoft Sentinel

  • 🕵️‍♂️ Task: Use investigation tools
  • 🕵️‍♂️ Task: Apply playbooks for automated responses
  • 🕵️‍♂️ Task: Analyze and remediate incidents

2.4 Configure and manage threat intelligence in Microsoft Sentinel

  • 🔐 Task: Integrate threat intelligence sources
  • 🔐 Task: Manage threat intelligence rules
  • 🔐 Task: Analyze and act on threat intelligence data

Objective 3: Mitigate threats using Microsoft Defender for Cloud

3.1 Enable and manage Microsoft Defender for Cloud

  • ☁️ Task: Configure security policies and settings
  • ☁️ Task: Set up continuous export
  • ☁️ Task: Monitor and manage security alerts

3.2 Monitor and remediate security recommendations and alerts

  • 🔔 Task: Review security recommendations
  • 🔔 Task: Implement remediation steps
  • 🔔 Task: Track and resolve security alerts

3.3 Configure workflow automation in Microsoft Defender for Cloud

  • ⚙️ Task: Set up automated workflows
  • ⚙️ Task: Use logic apps for automation
  • ⚙️ Task: Integrate with other security tools

Objective 4: Mitigate threats using third-party security products

4.1 Configure third-party security products in Microsoft 365 Defender

  • 🔧 Task: Integrate third-party security solutions
  • 🔧 Task: Manage data connectors
  • 🔧 Task: Configure alerting and notifications

4.2 Investigate and respond to incidents using third-party security products

  • 🕵️‍♀️ Task: Use third-party tools for incident investigation
  • 🕵️‍♀️ Task: Apply automated responses
  • 🕵️‍♀️ Task: Correlate data across multiple sources

Objective 5: Mitigate threats using Azure Defender

5.1 Configure and manage Azure Defender

  • 🌐 Task: Enable Azure Defender
  • 🌐 Task: Configure security policies
  • 🌐 Task: Monitor security alerts and incidents

5.2 Investigate and respond to alerts using Azure Defender

  • 🔍 Task: Investigate security alerts
  • 🔍 Task: Remediate vulnerabilities
  • 🔍 Task: Apply best practices for securing Azure resources

Objective 6: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

6.1 Write KQL statements to query logs in Microsoft Sentinel

  • 🖋️ Skill: Basic KQL syntax and operators
  • 🖋️ Skill: Filter and sort data
  • 🖋️ Skill: Aggregate and summarize data

6.2 Write KQL statements to correlate data in Microsoft Sentinel

  • 🔗 Skill: Join multiple tables
  • 🔗 Skill: Use subqueries and unions
  • 🔗 Skill: Apply advanced KQL functions

6.3 Write KQL statements to visualize data in Microsoft Sentinel

  • 📈 Skill: Create charts and graphs
  • 📈 Skill: Customize visualizations
  • 📈 Skill: Build and share workbooks

Icons Legend

  • 🛡️ Capability
  • 🔍 Action
  • 📧 Capability
  • 👤 Capability
  • ☁️ Capability
  • 🛠️ Task
  • 📊 Task
  • 🕵️‍♂️ Task
  • 🔐 Task
  • 🔔 Task
  • ⚙️ Task
  • 🔧 Task
  • 🕵️‍♀️ Task
  • 🌐 Task
  • 🖋️ Skill
  • 🔗 Skill
  • 📈 Skill

This layout organizes the flashcards by objectives and includes relevant icons to make the content more visually appealing and easier to navigate.