Dear Microsoft 365 / Azure Security Friends,
To be completely honest, I really had the absolute greatest respect for this test. Why, quite simply Kusto Query Language (KQL) was not necessarily my strength until now. But since this is exactly a big part of this exam, there was already some "discomfort" with it.
But exactly this "discomfort" was the motivation to take on KQL to acquire the knowledge.
In this exam you will be quizzed on topics in Azure Sentinel, Azure Security Center, Microsoft 365 Defender. This spectrum is huge, please take enough time to "explore" these "portals" deeply. This was among other things my way to success!
Now to my preparations for the exam:
1. First of all, I looked at the Exam Topics to get a first impression of the scope of topics.
https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/
Please take a close look at the skills assessed:
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Myp4
2. So that I can prepare for an exam I need an Azure test environment (this is indispensable for me). You can sign up for a free trial here.
https://azure.microsoft.com/en-us/free/
Next, I set up a Microsoft 365 test environment. You can sign up for a free trial here.
https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products
I chose the "Microsoft 365 Business Premium" plan for my testing.
3. Now it goes to the Microsoft Learn content. These learn paths (as you can see below, all 8) I have worked through completely and "mapped"/reconfigured as much as possible in my test environment.
https://docs.microsoft.com/en-us/learn/paths/sc-200-mitigate-threats-using-microsoft-defender-for-en...
https://docs.microsoft.com/en-us/learn/paths/sc-200-mitigate-threats-using-microsoft-365-defender/
https://docs.microsoft.com/en-us/learn/paths/sc-200-mitigate-threats-using-azure-defender/
https://docs.microsoft.com/en-us/learn/paths/sc-200-utilize-kql-for-azure-sentinel/
https://docs.microsoft.com/en-us/learn/paths/sc-200-configure-azure-sentinel-environment/
https://docs.microsoft.com/en-us/learn/paths/sc-200-connect-logs-to-azure-sentinel/
https://docs.microsoft.com/en-us/learn/paths/sc-200-create-detections-perform-investigations-azure-s...
https://docs.microsoft.com/en-us/learn/paths/sc-200-perform-threat-hunting-azure-sentinel/
4. Register for the exam early. This creates some pressure and you stay motivated.
https://docs.microsoft.com/en-us/learn/certifications/security-operations-analyst/
5. Please also have a look at Thomas Maurer's website!
https://www.thomasmaurer.ch/2021/03/new-microsoft-security-certification-exams-in-beta/
6. The Azure Sentinel book from the Microsoft Press Store has also been super helpful to me!
https://www.microsoftpressstore.com/store/microsoft-azure-sentinel-planning-and-implementing-9780136...
I know you've probably read and heard this many times: read the exam questions slowly and accurately. Well, that was the key to success for me. It's the details that make the difference between success and failure.
One final tip: When you have learned something new, try to explain what you have learned to another person (whether or not they know your subject). If you can explain it in your own words, you understand the subject. That is exactly how I do it, except that I do not explain it to another person, but record a video for YouTube!
I hope this information helps you and that you successfully pass the exam. I wish you success!
Kind regards, Tom Wechsler
