Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for
暫譯: Microsoft 安全運營分析師考試參考 SC-200 認證指南:使用 Microsoft 安全堆疊管理、監控和應對威脅

Trevor Stuart , Joe Anich

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for
  • 出版商: Packt Publishing
  • 出版日期: 2022-03-16
  • 售價: $1,830
  • 貴賓價: 9.5$1,739
  • 語言: 英文
  • 頁數: 288
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1803231890
  • ISBN-13: 9781803231891
  • 相關分類: 資訊安全

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Key Features

  • Detect, protect, investigate, and remediate threats using Microsoft Defender for endpoint
  • Explore multiple tools using the M365 Defender Security Center
  • Get ready to overcome real-world challenges as you prepare to take the SC-200 exam

Book Description

Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst.

Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way.

By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.

What you will learn

  • Discover how to secure information technology systems for your organization
  • Manage cross-domain investigations in the Microsoft 365 Defender portal
  • Plan and implement the use of data connectors in Microsoft Defender for Cloud
  • Get to grips with designing and configuring a Microsoft Sentinel workspace
  • Configure SOAR (security orchestration, automation, and response) in Microsoft Sentinel
  • Find out how to use Microsoft Sentinel workbooks to analyze and interpret data
  • Solve mock tests at the end of the book to test your knowledge

Who this book is for

This book is for security professionals, cloud security engineers, and security analysts who want to learn and explore Microsoft Security Stack. Anyone looking to take the SC-200 exam will also find this guide useful. A basic understanding of Microsoft technologies and security concepts will be beneficial.

商品描述(中文翻譯)

**主要特點**

- 使用 Microsoft Defender for endpoint 偵測、保護、調查和修復威脅
- 使用 M365 Defender 安全中心探索多種工具
- 準備克服現實世界的挑戰,為 SC-200 考試做好準備

**書籍描述**

資訊科技中的安全性一直是討論的主題,這個主題涉及各種背景、工具、責任、教育和變化!SC-200 考試涵蓋了廣泛的主題,介紹了 Microsoft 技術和企業安全分析師的一般操作。本書是一本全面的指南,涵蓋了 Microsoft Security Stack 在企業安全運營分析師日常活動中的實用性和適用性。

本書從快速概述考試準備所需的內容開始,幫助您了解如何在現實世界的情境中實施所學。您將學會使用 Microsoft 的安全堆疊,包括 Microsoft 365 Defender 和 Microsoft Sentinel,來偵測、保護和應對企業中的對手威脅。本書將帶您從傳統的本地 SOC 和 DFIR 工具轉向更有效和高效的方式,利用 M365 Defender 套件的各個方面作為現代替代方案。

在本書結束時,您將學會如何在企業中規劃、部署和運營 Microsoft 的安全堆疊,並獲得通過 SC-200 考試的信心。

**您將學到什麼**

- 探索如何為您的組織保護資訊科技系統
- 在 Microsoft 365 Defender 入口網站中管理跨域調查
- 規劃和實施在 Microsoft Defender for Cloud 中使用數據連接器
- 熟悉設計和配置 Microsoft Sentinel 工作區
- 在 Microsoft Sentinel 中配置 SOAR(安全編排、自動化和響應)
- 瞭解如何使用 Microsoft Sentinel 工作簿來分析和解釋數據
- 在書末解決模擬測試以測試您的知識

**本書適合誰**

本書適合希望學習和探索 Microsoft Security Stack 的安全專業人員、雲安全工程師和安全分析師。任何希望參加 SC-200 考試的人也會發現本指南非常有用。對 Microsoft 技術和安全概念的基本理解將是有益的。

作者簡介

Trevor Stuart has over 15 years of experience in IT. He started with SMS and Active Directory and maintained exposure in the field through various naming changes and technical additions. Trevor has a passion for IT but more so with Cybersecurity. Trevor swiftly moved into Cybersecurity and focused on securing privileged access, hardening operating systems, implementing tiering within AD, tying identities to modern authentication mechanisms, scaling out the identity to the hybrid world, application migration in secure manners in Azure, and leveraging built-in security controls in multiple clouds and platforms to secure workloads. Trevor is a technology enthusiast at heart and the world of Cybersecurity only lights the fire of passion inside of him.

Joe Anich has 13 years of experience in the IT industry ranging from endpoint management with a focus in SCCM and Intune, to endpoint security and incident response. As Joe dug deeper into security he realized where his passion resided, and that was in incident response working with the Microsoft Detection and Response Team (DART). Working in incident response has given Joe insight into SOC operations and how to help teams around the world improve their security posture within the Microsoft 365 security stack. Outside of IR, he is in constant pursuit of continued education whether that be SANS courses like the GCED or GCFA, or internal threat hunting training.

作者簡介(中文翻譯)

Trevor Stuart 在資訊科技領域擁有超過 15 年的經驗。他從 SMS 和 Active Directory 開始,並在這個領域中隨著各種名稱變更和技術新增保持接觸。Trevor 對資訊科技充滿熱情,尤其對網路安全更是如此。Trevor 快速轉向網路安全,專注於保護特權訪問、加固作業系統、在 Active Directory 中實施分層、將身份與現代身份驗證機制綁定、將身份擴展到混合環境、在 Azure 中以安全的方式進行應用程式遷移,以及利用多雲和平台中的內建安全控制來保護工作負載。Trevor 本質上是一位技術愛好者,而網路安全的世界更是點燃了他內心的熱情。

Joe Anich 在資訊科技產業擁有 13 年的經驗,涵蓋了以 SCCM 和 Intune 為重點的端點管理、端點安全和事件響應。隨著 Joe 更深入地研究安全性,他意識到自己的熱情所在,那就是在與微軟檢測與響應團隊(DART)合作的事件響應工作中。從事事件響應工作讓 Joe 獲得了對安全運營中心(SOC)運作的洞察,並了解如何幫助全球團隊改善他們在 Microsoft 365 安全堆疊中的安全姿態。在事件響應之外,他不斷追求持續教育,無論是參加 SANS 課程如 GCED 或 GCFA,還是內部威脅獵捕訓練。

目錄大綱

Table of Contents

  1. Preparing for the Microsoft Exam and SC-200 Objectives
  2. The Evolution of Security and Security Operations
  3. Implementing Microsoft Defender for Endpoint
  4. Implementing Microsoft Defender for Identity
  5. Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
  6. An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
  7. Microsoft Defender for Identity: Alerts and Incidents
  8. Microsoft Defender for Office: Threats to Productivity
  9. Microsoft Defender for Cloud Apps and Protecting your Cloud Apps
  10. Setting Up and Configuring Microsoft Sentinel
  11. Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
  12. Knowledge Check

目錄大綱(中文翻譯)

Table of Contents


  1. Preparing for the Microsoft Exam and SC-200 Objectives

  2. The Evolution of Security and Security Operations

  3. Implementing Microsoft Defender for Endpoint

  4. Implementing Microsoft Defender for Identity

  5. Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)

  6. An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards

  7. Microsoft Defender for Identity: Alerts and Incidents

  8. Microsoft Defender for Office: Threats to Productivity

  9. Microsoft Defender for Cloud Apps and Protecting your Cloud Apps

  10. Setting Up and Configuring Microsoft Sentinel

  11. Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel

  12. Knowledge Check

類似商品