AZ-500 · SC-100 · SC-200 · SC-300 · SC-401 · SC-500 · SC-730
AZ-500·SC-100·SC-200·SC-300·SC-401·SC-500·SC-730
SC-200

Security Operations Analyst Associate

Microsoft Certified: Security Operations Analyst Associate
PS academy:/courses> Get-Certification -Id SC-200 | Select-Object -ExpandProperty Overview
40–60
Questions
120 min
Duration
700
Passing score / 1000
3
Domains
Associate
Level
PSacademy:/courses/sc-200> Get-DomainWeights | Format-Chart
Mitigate Threats Using Defender XDR
25–30% of exam
Mitigate Threats Using Defender for Cloud
15–20% of exam
Mitigate Threats Using Microsoft Sentinel
50–55% of exam — largest domain
PSacademy:/courses/sc-200> Get-LearningModules -Cert SC-200
MOD 01

Defender XDR — Extended Detection & Response

  • Microsoft Defender for Endpoint
  • Defender for Office 365
  • Defender for Identity
  • Defender for Cloud Apps (MCAS)
  • XDR incident management
  • Hunting in Defender portal
MOD 02

Defender for Cloud

  • Cloud Security Posture Management (CSPM)
  • Cloud Workload Protection (CWP)
  • Defender plans configuration
  • Security alerts and recommendations
  • Regulatory compliance dashboard
  • Multi-cloud security (AWS/GCP)
MOD 03

Microsoft Sentinel — Part I

  • Workspace setup and configuration
  • Data connectors and log ingestion
  • Analytics rules and alert logic
  • Automation rules and playbooks
  • KQL for threat detection
  • Watchlists and threat intelligence
MOD 04

Microsoft Sentinel — Part II

  • Incident investigation and triage
  • Advanced hunting queries
  • UEBA and anomaly detection
  • Notebooks for investigation
  • Sentinel workbooks
  • SOC efficiency metrics

Ready to test your SC-200 knowledge?

Practice all domains, run an exam simulation, or drill into your weak areas.