SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate

by

SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate! The Microsoft Cybersecurity Analyst Professional Certificate is designed to help individuals launch a career in the rapidly growing field of cybersecurity.

It focuses on providing job-ready skills, particularly those involving AI, to prepare learners for the evolving demands of cybersecurity roles. Preparing for the Microsoft Cybersecurity Analyst Professional Certificate involves mastering various cybersecurity topics, including foundational principles, hands-on skills, and exam-specific content like the Microsoft SC-900 certification.

The Microsoft SC-900 exam, called Microsoft Security, Compliance, and Identity Fundamentals, checks your understanding of basic cybersecurity ideas and Microsoft’s security tools. It’s a great starting point for people new to cybersecurity, and the exam mainly covers the basic knowledge you need to get familiar with security and identity concepts.

This post will provide an in-depth Exam Preparation Guide for the Microsoft Cybersecurity Analyst Professional Certificate. It focuses on the key components you need to master to pass the exam and earn the certification successfully.

Patch My PC

What is the SC-900 Exam?

Exam-Preparation-Guide-Microsoft-Cybersecurity

The SC-900 exam, officially known as the Microsoft Security, Compliance, and Identity Fundamentals exam, is an entry-level certification designed to validate your understanding of foundational concepts related to security, compliance, identity, etc.

How Much Does the SC-900 Exam Cost?

Exam-Preparation-Guide-Microsoft-Cybersecurity

The exam voucher for the SC-900 exam costs USD 99.

What Languages Is the SC-900 Exam Available In?

Exam-Preparation-Guide-Microsoft-Cybersecurity

The SC-900 exam is in English, Japanese, Korean, and Simplified Chinese.

What is the Format of the SC-900 Exam?

The SC-900 exam consists of multiple-choice and multiple-answer questions.

How Do I Mark an Answer as Accepted on this Platform?

To mark an answer as accepted, click the checkmark icon next to the answer. This will highlight the answer and indicate that your issue has been resolved.

Why should I Mark an Answer as Accepted?

Marking an answer as accepted helps other users know which response successfully addressed the question, making it easier for them to find helpful information.

How can I Ensure my Answers are Practical on this Platform?

When providing answers, ensure they are Clear, Helpful and well formatted.

1. Clear and Concise – Directly address the question with relevant information.
2. Helpful – Provide detailed steps, explanations, or solutions.
3. Well-Formatted – Use Markdown to structure your answer for better readability.

SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate

Cybersecurity keeps systems, networks, devices, and data safe from online attacks, theft, or damage. It uses tools, methods, and best practices to protect important information and critical systems from threats like viruses, phishing scams, ransomware, and hackers.

  • The goal is to prevent unauthorized access and ensure that data remains secure and systems work correctly.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate - Fig.1
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Fig.1

Microsoft Cybersecurity Architect Certification Details SC-100

As a Microsoft Cybersecurity Architect, you play a crucial role in converting cybersecurity strategies into practical measures that protect an organization’s assets, business processes, and operations. Your responsibilities include designing, overseeing, implementing, and maintaining security solutions that align with Zero Trust principles and best practices.

Your expertise covers many areas, including security strategies for identity management, devices, data, artificial intelligence, applications, networks, infrastructure, and DevOps. Furthermore, you will develop solutions for Governance and Risk Compliance (GRC), security operations, and managing security posture.

Key Responsibilities

Collaborate with leaders and practitioners in security, privacy, engineering, and other roles to plan and implement a cybersecurity strategy that meets organizational business needs. Continuously assess and enhance security measures per evolving threats and best practices.

Candidate Profile

As a candidate for the SC-100 exam, you should have experience implementing or administering solutions in the following areas. You should possess expert skills in at least one of these areas and have experience designing security solutions incorporating Microsoft security technologies.

  • Identity and Access Management
  • Platform Protection
  • Security Operations
  • Data and AI Security
  • Application Security
  • Hybrid and Multicloud Infrastructures
  • You should possess expert skills in at least one of these areas and have experience designing security solutions incorporating Microsoft security technologies.
Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate - Fig.2 - Creds to MS
Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Fig.2 – Creds to MS

Microsoft Cybersecurity Analyst Professional Certificate SC-900

The Microsoft Cybersecurity Analyst program offered through Coursera includes the following courses. These courses provide a comprehensive foundation in cybersecurity principles and practices, equipping learners with the skills necessary to excel in the field.

  • Microsoft SC-900 Exam Preparation and Practice
  • Advanced Cybersecurity Concepts and Capstone Project
  • Introduction to Networking and Cloud Computing
  • Cybersecurity Threat Vectors and Mitigation
  • Cybersecurity Tools and Technologies
  • Introduction to Computers, Operating Systems, and Security
  • Cybersecurity Solutions with Microsoft Defender
  • Cybersecurity Management and Compliance
  • Identity and Access Management Solutions using Azure Active Directory (Azure AD)
  • These courses provide a comprehensive foundation in cybersecurity principles and practices, equipping learners with the skills necessary to excel in the field.

You will get the following by enrolling in the Microsoft Cybersecurity Analyst Professional Certificate.

  • Understand the cybersecurity landscape and learn the concepts of critical security, compliance, and identity solutions.
  • Identify vulnerabilities in an organization’s network and learn how to protect data by mitigating attacks on network infrastructure.
  • Develop and implement strategies to reduce threats by applying effective cybersecurity practices within Azure.
  • Showcase your skills through a capstone project and prepare for the Microsoft SC-900 Certification exam, which is recognized in the industry.
Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate - Fig.3 - Creds to MS
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Fig.3 – Creds to MS

Study Guide for Exam SC-200 Microsoft Security Operations Analyst

The study guide for Exam SC-200: Microsoft Security Operations Analyst covers essential skills needed to mitigate cybersecurity threats and manage security operations. It focuses on managing a security operations environment, configuring protections and detections, responding to security incidents, and managing security threats across cloud and on-premises environments.

Skill AreaTask
Manage a Security Operations Environment(20–25%)
Configure settings in Microsoft Defender XDRConfigure alert and vulnerability notification rules.
Configure Microsoft Defender for Endpoint advanced features.
Configure endpoint rules settings.
Manage automated investigation and response capabilities.
Configure automatic attack disruption in Microsoft Defender XDR.
Manage Assets and EnvironmentsConfigure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint.
Identify unmanaged devices in Microsoft Defender for Endpoint.
Discover unprotected resources by using Microsoft Defender for Cloud.
Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management.
Mitigate risk by using Exposure Management in Microsoft Defender XDR.
Design and Configure a Microsoft Sentinel WorkspacePlan a Microsoft Sentinel workspace.
Configure Microsoft Sentinel roles.
Specify Azure RBAC roles for Microsoft Sentinel configuration.
Design and configure Microsoft Sentinel data storage, including log types and log retention.
Ingest Data Sources in Microsoft SentinelIdentify data sources to be ingested for Microsoft Sentinel.
Implement and use Content hub solutions.
Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings.
Plan and configure Syslog and CEF event collections.
Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF).
Create custom log tables in the workspace to store ingested data.
Monitor and optimize data ingestion.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 1

Configure Protections and Detections

Configuring protections and detections is crucial for maintaining a secure environment. In Microsoft Defender security technologies, protections safeguard devices, networks, and identities from various threats through features like antivirus, firewall, and vulnerability management.

Configure Protections and Detections(15–20%)
Configure protections in Microsoft Defender security technologiesConfigure policies for Microsoft Defender for Cloud Apps.
Configure policies for Microsoft Defender for Office 365.
Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules.
Configure cloud workload protections in Microsoft Defender for Cloud.
Configure Detections in Microsoft Defender XDRConfigure and manage custom detection rules.
Manage alerts, including tuning, suppression, and correlation.
Configure deception rules in Microsoft Defender XDR.
Configure Detections in Microsoft SentinelClassify and analyze data by using entities.
Configure and manage analytics rules.
Query Microsoft Sentinel data by using ASIM parsers.
Implement behavioral analytics.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 2

Manage Incident Response

Managing incident response involves effectively responding to security threats and alerts across various platforms. In the Microsoft Defender portal, teams can respond to alerts and incidents by analyzing threats and taking appropriate actions such as mitigation or remediation.

Manage Incident Response(25–30%)
Respond to alerts and incidents in the Microsoft Defender portalInvestigate and remediate threats by using Microsoft Defender for Office 365.
Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption.
Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies.
Investigate and remediate threats identified by Microsoft Purview insider risk policies.
Respond to Alerts and Incidents Identified by Microsoft Defender for EndpointInvestigate device timelines.
Perform actions on the device, including live response and collecting investigation packages.
Investigate Microsoft 365 ActivitiesInvestigate threats by using the unified audit log.
Investigate threats by using Content Search.
Investigate threats by using Microsoft Graph activity logs.
Respond to Incidents in Microsoft SentinelInvestigate and remediate incidents in Microsoft Sentinel.
Create and configure automation rules.
Create and configure Microsoft Sentinel playbooks.
Run playbooks on on-premises resources.
Implement and Use Copilot for SecurityCreate and use promptbooks.
Manage sources for Copilot for Security, including plugins and files.
Integrate Copilot for Security by implementing connectors.
Manage permissions and roles in Copilot for Security.
Monitor Copilot for Security capacity and cost.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 3

Manage Security Threats

Manage Security Threats, including Microsoft Defender XDR, Hunting for Threats Using Microsoft Sentinel, and Creating and Configuring Microsoft Sentinel Workbooks. The table below provides more details.

Manage Security Threats(15–20%)
Hunt for threats by using Microsoft Defender XDRIdentify threats by using Kusto Query Language (KQL).
Interpret threat analytics in the Microsoft Defender portal.
Hunt for Threats Using Microsoft SentinelAnalyze attack vector coverage by using the MITRE ATT&CK matrix.
Manage and use threat indicators.
Create and manage hunts.
Create and monitor hunting queries.
Create and Configure Microsoft Sentinel WorkbooksActivate and customize workbook templates.
Create custom workbooks that include KQL.
Configure visualizations.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 4

Study Guide for Exam SC-100 Microsoft Cybersecurity Architect

The study guide for Exam SC-100: Microsoft Cybersecurity Architect focuses on the skills required to design and implement comprehensive security strategies for an organization. It emphasizes creating security solutions that follow Zero Trust principles and best practices across various domains, including identity, data, applications, networks, infrastructure, and DevOps.

Skill AreaTask
Design solutions that align with security best practices and priorities(20–25%)
Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
Design a security strategy to support business resiliency goals, including identifying and prioritizing threats to business-critical assets.

Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore for hybrid and multicloud environments.

Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
Evaluate solutions for security updates.
Design solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)
Design solutions that align with best practices for cybersecurity capabilities and controls.

Design solutions that align with best practices for protecting against insider, external, and supply chain attacks.

Design solutions that align with best practices for Zero Trust security, including the Zero Trust Rapid Modernization Plan (RaMP).
Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework
Design a new or evaluate an existing strategy for security and governance based on the Microsoft Cloud Adoption Framework (CAF) for Azure and the Microsoft Azure Well-Architected Framework.

Recommend solutions for security and governance based on the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected Framework.

Design solutions for implementing and governing security by using Azure landing zones.

Design a DevSecOps process that aligns with best practices in the Microsoft Cloud Adoption Framework (CAF).
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 5

Design Security Operations Identity and Compliance Capabilities

The details of the design security operations, identity, and compliance capabilities are shown in the table below.

Design security operations, identity, and compliance capabilities(25–30%)
Design solutions for security operations
		Design a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM).Design a solution for centralized logging and auditing, including Microsoft Purview Audit.

Design monitoring to support hybrid and multicloud environments.

Design a solution for security orchestration automated response (SOAR), including Microsoft Sentinel and Microsoft Defender XDR.

Design and evaluate security workflows, including incident response, threat hunting, and incident management.

Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS.
Design solutions for identity and access managementDesign a solution for access to software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), hybrid/on-premises, and multicloud resources, including identity, networking, and application controls.Design a solution for Microsoft Entra ID, including hybrid and multi-cloud environments.Design a solution for external identities, including business-to-business (B2B), business-to-customer (B2C), and decentralized identity.

Design a modern authentication and authorization strategy, including Conditional Access, continuous access evaluation, risk scoring, and protected actions.

Validate the alignment of Conditional Access policies with a Zero Trust strategy.

Specify requirements to harden Active Directory Domain Services (AD DS).

Design a solution to manage secrets, keys, and certificates.
Design solutions for securing privileged accessDesign a solution for assigning and delegating privileged roles by using the enterprise access model.

Evaluate the security and governance of Microsoft Entra ID, including Microsoft Entra Privileged Identity Management (PIM), entitlement management, and access reviews.

Evaluate the security and governance of on-premises Active Directory Domain Services (AD DS), including resilience to common attacks.

Design a solution for securing the administration of cloud tenants, including SaaS and multicloud infrastructure and platforms.

Design a solution for cloud infrastructure entitlement management that includes Microsoft Entra Permissions Management.

Evaluate an access review management solution that includes Microsoft Entra Permissions Management.

Design a solution for Privileged Access Workstation (PAW), including remote access.
Design solutions for regulatory compliance
		Translate compliance requirements into security controls.

Design a solution to address compliance requirements by using Microsoft Purview.

Design a solution to address privacy requirements, including Microsoft Priva.

Design Azure Policy solutions to address security and compliance requirements.

Evaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for Cloud.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 6

Design Security Solutions for Infrastructure

Designing security solutions for infrastructure includes critical aspects like managing security in hybrid and multicloud environments and securing both server and client endpoints.

Design security solutions for infrastructure(25–30%)
Design solutions for security posture management in hybrid and multicloud environmentsEvaluate security posture by using Microsoft Defender for Cloud, including the Microsoft cloud security benchmark (MCSB).

Evaluate security posture by using Microsoft Secure Score.

Design integrated security posture management solutions that include Microsoft Defender for Cloud in hybrid and multi-cloud environments.

Select cloud workload protection solutions in Microsoft Defender for Cloud.

Design a solution for integrating hybrid and multicloud environments by using Azure Arc.

Design a solution for Microsoft Defender External Attack Surface Management (Defender EASM).

Specify requirements and priorities for a posture management process that uses Exposure Management attack paths, attack surface reduction, security insights, and initiatives.
Specify requirements for securing server and client endpointsSpecify security requirements for servers, including multiple platforms and operating systems.

Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration.

Specify security requirements for IoT devices and embedded systems.Evaluate solutions for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoT.

Specify security baselines for server and client endpoints.

Evaluate Windows Local Admin Password Solution (LAPS) solutions.
Specify requirements for securing SaaS, PaaS, and IaaS services
		Specify security baselines for SaaS, PaaS, and IaaS services.

Specify security requirements for IoT workloads.

Specify security requirements for web workloads.

Specify security requirements for containers.Specify security requirements for container orchestration.Evaluate solutions that include Azure AI Services Security.
Evaluate solutions for network security and Security Service Edge (SSE)
		Evaluate network designs to align with security requirements and best practices.

Evaluate solutions that use Microsoft Entra Internet Access as a secure web gateway.

Evaluate solutions that use Microsoft Entra Internet Access to access Microsoft 365, including cross-tenant configurations.

Evaluate solutions that use Microsoft Entra Private Access.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 7

Design Security Solutions for Applications and Data

The Design security solutions for applications and data sessions covered the following details.

Design security solutions for applications and data(20–25%)
Evaluate solutions for securing Microsoft 365
		Evaluate security posture for productivity and collaboration workloads by using metrics, including Microsoft Secure Score.

Evaluate solutions that include Microsoft Defender for Office and Microsoft Defender for Cloud Apps.

Evaluate device management solutions that include Microsoft Intune.

Evaluate solutions for securing data in Microsoft 365 by using Microsoft Purview.

Evaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 services.
Design solutions for securing applicationsEvaluate the security posture of existing application portfolios.Evaluate threats to business-critical applications by using threat modelling.Design and implement a full lifecycle strategy for application security.

Design and implement standards and practices for securing the application development process.

Map technologies to application security requirements.

Design a solution for workload identity to authenticate and access Azure cloud resources.

Design a solution for API management and security.

Design solutions that secure applications by using Azure Web Application Firewall (WAF).
Design solutions for securing an organization’s dataEvaluate solutions for data discovery and classification.Specify priorities for mitigating threats to data.Evaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryption.

Design a security solution for data in Azure workloads, including Azure SQL, Azure Synapse Analytics, and Azure Cosmos DB.

Design a security solution for data in Azure Storage.

Design a security solution that includes Microsoft Defender for Storage and Microsoft Defender for Databases.
SC-900 Exam Preparation Guide Microsoft Cybersecurity Analyst Professional Certificate – Table 8

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Resources

Microsoft Certified: Security, Compliance, and Identity Fundamentals – Certifications | Microsoft Learn

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment