Opis
Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst.Starting with a quick overview of what it takes to prepare for the exam, youll understand how to implement the learning in real-world scenarios. Youll learn to use Microsofts security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way.By the end of this book, youll have learned how to plan, deploy, and operationalize Microsofts security stack in your enterprise and gained the confidence to pass the SC-200 exam. Spis treści:Microsoft Security Operations Analyst Exam Ref SC-200 Certification GuideContributorsAbout the authorsAbout the reviewersPrefaceWho this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchReviewsShare Your ThoughtsSection 1 Exam Overview and Evolution of Security OperationsChapter 1: Preparing for Your Microsoft Exam and SC-200 ObjectivesTechnical requirementsPreparing for a Microsoft examIntroducing the resources available and accessing Microsoft LearnMicrosoft Defender for EndpointMicrosoft 365 DefenderMicrosoft Defender for CloudMicrosoft SentinelKQLCreating a Microsoft demo tenantSummaryChapter 2: The Evolution of Security and Security OperationsA quick introduction to the terminologyFeedAlertUnderstanding the traditional approach to securityIntroducing the modern approach to securityGetting to know traditional SOC issuesExploring modern ways to resolve traditional SOC issuesSummarySection 2 Implementing Microsoft 365 Defender SolutionsChapter 3: Implementing Microsoft Defender for EndpointTechnical requirementsUnderstanding the prerequisitesDeployment options onboardingTroubleshootingSensor status and verificationSummaryChapter 4: Implementing Microsoft Defender for IdentityTechnical requirementsUnderstanding the prerequisitesDeployment optionsA troubleshooting guideService status and verificationSummaryChapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)Technical requirementsIntroduction to Microsoft Defender for Cloud and ASCWhat is ASC?What is Microsoft Defender for Cloud?Implementing ASCPrerequisitesImplementation stepsImplementing Microsoft Defender for CloudPrerequisitesImplementation steps (single subscription)Implementation steps (multiple subscriptions)Configuring automatic provisioning for agents and extensions from ASCHow do ASC and Microsoft Defender for Cloud fit into the security of an enterprise?SummarySection 3 Familiarizing Yourself with Alerts, Incidents, Evidence, and DashboardsChapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and DashboardsBefore we get started acronyms and creating your lab!Creating your lab environmentGeneral portal navigationAlerts and incidentsAlert suppressionHow to suppress an alert and create a new suppression ruleIncident GraphDaily tasksMonthly tasksQuarterly tasksAnnual tasksSummaryChapter 7: Microsoft Defender for Identity, What Happened, Alerts, and IncidentsTechnical requirementsMDI conceptsNavigating the portalMDI alert categories and phasesEntity profilesMonitored activitiesNetwork name resolutionUnderstanding and investigating alertsTriaging and responding to alertsSummaryChapter 8: Microsoft Defender for Office Threats to ProductivityTechnical requirementsThreat protection policiesAnti-phishingAnti-spamAnti-malwareSafe attachmentsSafe linksThreat investigation and response capabilitiesThreat trackersThreat Explorer (real-time detection)Attack simulation trainingAutomated investigation and response capabilitiesData loss prevention and insider riskDLPInsider riskSummaryChapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud AppsTechnical requirementsThe MDCA frameworkCloud DiscoveryMicrosoft Defender for Endpoint (MDE) integrationLog CollectorSecure Web GatewayCloud Discovery APIConditional Access App ControlClassifying and protecting sensitive informationDetecting, investigating, and responding to application threatsSummarySection 4 Setting Up and Connecting Data Sources to Microsoft SentinelChapter 10: Setting Up and Configuring Microsoft SentinelPre-deployment activitiesAzure tenant-level prerequisitesEnabling and onboarding Microsoft SentinelGlobal requirements and prerequisites for Microsoft SentinelData residencyEnabling Microsoft Sentinel for your organizationConnecting data sources to Microsoft SentinelSummarySection 5 Hunting Threats within Microsoft 365 Defender and Microsoft SentinelChapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and SentinelTechnical requirementsKusto query overviewApplying query best practicesAdvanced threat hunting and the M365 Defender portalCommunity and shared queriesCustom detectionsHunting for threats in Microsoft SentinelCustom hunting queriesMonitor hunting queries with Sentinel LivestreamWorking with bookmarksAdvanced hunting with notebooksSummaryChapter 12: Knowledge CheckExample exam questionsAnswer keyWhy subscribe?Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts
english time, ce lingua, egzamin gimnazjalny matematyka online, doświadczenia chemiczne w domu starsze dziecko
https://pawelpietras.pl/przeniesienie-kredytu-do-innego-banku
