Muutke küpsiste eelistusi

E-raamat: Exam Ref SC-200 Microsoft Security Operations Analyst

4.25/5 (4 hinnangut Goodreads-ist)
, ,
  • Formaat: 336 pages
  • Sari: Exam Ref
  • Ilmumisaeg: 31-Aug-2021
  • Kirjastus: Addison Wesley
  • Keel: eng
  • ISBN-13: 9780137568307
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 35,09 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Exam Ref SC-200 Microsoft Security Operations AnalystSuurem pilt
  • Formaat: 336 pages
  • Sari: Exam Ref
  • Ilmumisaeg: 31-Aug-2021
  • Kirjastus: Addison Wesley
  • Keel: eng
  • ISBN-13: 9780137568307
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Prepare for Microsoft Exam SC-200—and help demonstrate your real-world mastery of skills and knowledge required to work with stakeholders to secure IT systems, and to rapidly remediate active attacks. Designed for Windows administrators, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Associate level.

 

Focus on the expertise measured by these objectives:

  • Mitigate threats using Microsoft 365 Defender
  • Mitigate threats using Azure Defender
  • Mitigate threats using Azure Sentinel

 

This Microsoft Exam Ref:

  • Organizes its coverage by exam objectives
  • Features strategic, what-if scenarios to challenge you
  • Assumes you have experience with threat management, monitoring, and/or response in Microsoft 365 environments

 

About the Exam

Exam SC-200 focuses on knowledge needed to detect, investigate, respond, and remediate threats to productivity, endpoints, identity, and applications; design and configure Azure Defender implementations; plan and use data connectors to ingest data sources into Azure Defender and Azure Sentinel; manage Azure Defender alert rules; configure automation and remediation; investigate alerts and incidents; design and configure Azure Sentinel workspaces; manage Azure Sentinel rules and incidents; configure SOAR in Azure Sentinel; use workbooks to analyze and interpret data; and hunt for threats in the Azure Sentinel portal.

 

About Microsoft Certification

Passing this exam fulfills your requirements for the Microsoft 365 Certified: Security Operations Analyst Associate certification credential, demonstrating your ability to collaborate with organizational stakeholders to reduce organizational risk, advise on threat protection improvements, and address violations of organizational policies.

 

See full details at: microsoft.com/learn

Introduction xv
Organization of this book xv
Preparing for the exam xv
Microsoft certification xv
Errata, updates & book support xvi
Stay in touch xvi
Chapter 1 Mitigate threats using Microsoft 365 Defender
1(120)
Skill 1-1 Detect, investigate, respond, and remediate threats to the productivity environment using Microsoft Defender for Office 365
2(38)
Examine a malicious spear phishing email
2(1)
Configuring a Safe Links policy
3(6)
Malicious attachments
9(5)
Anti-phishing policies
14(10)
Attack Simulation Training
24(6)
Data protection, labeling, and insider risk
30(5)
Investigate and remediate an alert raised by Microsoft Defender for Office 365
35(5)
Skill 1-2 Detect, investigate, respond, and remediate endpoint threats using Microsoft Defender for Endpoint
40(49)
Configuring Microsoft Defender for Endpoint
41(14)
Respond to incidents and alerts
55(15)
Creating custom detections
70(11)
Managing risk through security recommendations and vulnerability management
81(8)
Skill 1-3 Detect, investigate, respond, and remediate identity threats--
89(276)
Identifying and responding to Azure Active Directory identity risks
89(6)
Identifying and responding to Active Directory Domain Services threats using Microsoft Defender for Identity
95(4)
Using Microsoft Cloud App Security to identify and respond to threats in Software as a Service
99(5)
Skill 1-4 Manage cross-domain investigations in the Microsoft 365 Defender Security portal
104(1)
Examine a cross-domain incident
105(1)
Manage a cross-domain incident using Microsoft 365 Defender
106(12)
Thought experiment
118(1)
Securing Contoso Corporation from modern threats
118(1)
Thought experiment answers
119(1)
Chapter Summary
119(2)
Chapter 2 Mitigate threats using Azure Defender
121(64)
Skill 2-1 Design and configure an Azure Defender implementation
121(11)
Plan and configure Azure Defender settings, including selecting target subscriptions and workspace
122(2)
Configure Azure Defender roles
124(2)
Configure data retention policies
126(2)
Assess and recommend cloud workload protection
128(4)
Skill 2-2 Plan and implement the use of data connectors for ingestion of data sources in Azure Defender
132(13)
Identify data sources to be ingested for Azure Defender
132(1)
Configure automated onboarding for Azure resources and data collection
133(3)
Connect on-premises computers
136(4)
Connect AWS cloud resources
140(3)
Connect GCP cloud resources
143(2)
Skill 2-3 Manage Azure Defender alert rules
145(8)
Validate alert configuration
146(4)
Set up email notifications
150(1)
Create and manage alert suppression rules
151(2)
Skill 2-4 Configure automation and remediation
153(11)
Configure automated response in Azure Security Center
154(2)
Design and configure a playbook in Azure Defender
156(5)
Remediate incidents by using Azure Defender recommendations
161(2)
Create an automatic response using an Azure Resource Manager template
163(1)
Skill 2-5 Investigate Azure Defender alerts and incidents
164(21)
Describe alert types for Azure workloads
164(9)
Manage security alerts
173(2)
Manage security incidents
175(3)
Analyze Azure Defender threat intelligence
178(1)
Respond to Azure Defender Key Vault alerts
179(2)
Manage user data discovered during an investigation
181(1)
Thought experiment
181(1)
Monitoring security at Tailwind Traders
181(1)
Thought experiment answers
182(1)
Chapter Summary
183(2)
Chapter 3 Mitigate threats using Azure Sentinel
185(118)
Skill 3-1 Design and configure an Azure Sentinel workspace
186(10)
Plan an Azure Sentinel workspace
186(4)
Configure Azure Sentinel roles
190(3)
Design Azure Sentinel data storage
193(2)
Configure Azure Sentinel service security
195(1)
Skill 3-2 Plan and implement the use of data connectors for the ingestion of data sources into Azure Sentinel
196(24)
Identify data sources to be ingested into Azure Sentinel
196(3)
Identify the prerequisites for a data connector
199(1)
Configure and use Azure Sentinel data connectors
200(2)
Design and configure Syslog and CEF event collections
202(3)
Design and configure Windows Events collections
205(6)
Configure custom threat intelligence connectors
211(3)
Create custom logs in Azure Log Analytics to store custom data
214(1)
Custom log ingestion via the Azure Monitor HTTP Data Collector API
215(1)
Custom log ingestion via Azure Logic Apps
215(5)
Skill 3-3 Manage Azure Sentinel analytics rules
220(16)
Design and configure analytics rules
220(4)
Create custom analytics rules to detect threats
224(3)
Activate Microsoft security analytics rules
227(2)
Configure connector-provided scheduled queries
229(1)
Configure custom scheduled queries
230(1)
Define incident creation logic
231(1)
Kusto Query Language (KQL)
232(4)
Skill 3-4 Configure Security Orchestration, Automation, and Response (SOAR) in Azure Sentinel
236(13)
Create Azure Sentinel Playbooks
236(6)
Use Playbooks to remediate threats
242(1)
Use Playbooks to manage incidents
243(1)
Use Playbooks across Microsoft Defender solutions
244(5)
Skill 3-5 Manage Azure Sentinel incidents
249(13)
Investigate incidents in Azure Sentinel
249(5)
Triage incidents in Azure Sentinel
254(1)
Respond to incidents in Azure Sentinel
255(1)
Investigate multi-workspace incidents
256(1)
Identify advanced threats with user and entity behavior analytics (UEBA)
257(5)
Skill 3-6 Use Azure Sentinel workbooks to analyze and interpret data
262(14)
Activate and customize Azure Sentinel workbook templates
262(4)
Create custom workbooks
266(3)
Configure advanced visualizations
269(3)
View and analyze Azure Sentinel data using workbooks
272(2)
Track incident metrics using the security operations efficiency workbook
274(2)
Skill 3-7 Hunt for threats using the Azure Sentinel portal
276(27)
Create custom hunting queries
277(2)
Run hunting queries manually
279(2)
Monitor hunting queries by using Livestream
281(3)
Track query results with bookmarks
284(4)
Use hunting bookmarks for data investigations
288(4)
Convert a hunting query to an analytics rule
292(3)
Perform advanced hunting with notebooks
295(6)
Thought experiment
301(1)
Security operations at Contoso Ltd.
301(1)
Thought experiment answers
301(1)
Chapter Summary
302(1)
Index 303
Yuri Diogenes, MsC is a Master of science in cybersecurity intelligence and forensics investigation (UTICA College), and a Principal Program Manager in the Microsoft CxE ASC Team, where he primarily helps customers onboard and deploy Azure Security Center and Azure Defender as part of their security operations/incident response. Yuri has been working for Microsoft since 2006 in different positions. He spent five years as senior support escalation engineer on the CSS Forefront Edge Team, and from 2011 to 2017, he worked on the content development team, where he also helped create the Azure Security Center content experience since its GA launch in 2016. Yuri has published a total of 26 books, mostly covering information security and Microsoft technologies. Yuri also holds an MBA and many IT/Security industry certifications, such as CISSP, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Cloud Essentials Certified, Mobility+, Network+, CASP, CyberSec First Responder, MCSE, and MCTS. You can follow Yuri on Twitter at @yuridiogenes.

 

Sarah Young is a senior program manager in the Azure Sentinel CxE team, where she works with Microsoft customers to remove technical blockers for deployment. Having worked with Azure Sentinel since it was announced at RSA 2019, Sarah has extensive knowledge of the platform and has helped it develop and grow. Sarah is an experienced public speaker and has presented on a range of IT security and technology topics at industry events, both nationally and internationally. She holds numerous industry qualifications, including CISSP, CCSP, CISM, and Azure Solutions Architect. In 2019, Sarah won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud-native communities. You can follow Sarah on Twitter at @_sarahyo.

 

Jake Mowrer is a Principal Program Manager in the Microsoft 365 Defender Customer Acceleration Team and a 25-year IT veteran. He helps some of the world's largest companies deploy Microsoft Defender for Endpoint and assists security operations teams with integrating Microsoft 365 Defender into their existing processes. Jake's deep knowledge in Microsoft Defender for Endpoint originated in 2016 when he was trained by Microsoft's development team in Herzliya, Israel, and he has since delivered technical sessions for private and public entities, as well as at technical conferences around the world. In 2020, Jake founded IronSpire Internet Security, a company focused on protecting homes and small businesses from cyber threats. You can follow Jake on Twitter at @JakeMowrerMSFT and @IronspireS.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801375683072e.html
Märksõnad: