Nastavni plan

Pregledaj

Nastavni plan

SC-100: Microsoft Cybersecurity Architect

Module 1: Introduction to Zero Trust and best practice frameworks

You learn what best practices are and how cybersecurity architects use them as well as some key best practice frameworks for Microsoft cybersecurity capabilities. You also learn about the concept of Zero Trust, and how to get started with Zero Trust in an organization.

Module 2: Design solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)

You'll learn about the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF) and how you can use them to design more secure solutions.

Module 3: Design solutions that align with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB)

You learn about the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB) and how you can use them to design more secure solutions.

Module 4: Design a resiliency strategy for common cyberthreats like ransomware

You'll learn about common cyberthreats like ransomware and what kinds of attack patterns an organization must be prepared for.

Module 5: Case study: Design solutions that align with security best practices and priorities

Apply your cybersecurity architect skills on a real business scenario in the area of security operations, identity and compliance. You will analyze design requirements, answer conceptual and technical questions and design a solution to meet the business needs.

Module 6: Design solutions for regulatory compliance

You'll learn how to interpret and translate regulatory requirements into technical solutions. You'll also learn how to use capabilities found in Microsoft Purview, Microsoft Priva, and Defender for Cloud for compliance.

Module 7: Design solutions for identity and access management

You learn about various strategies for managing identities and access to resources, including hybrid and multicloud scenarios, external identities, and conditional access.

Module 8: Design solutions for securing privileged access

You learn advanced techniques for designing solutions that manage privileged access effectively.

Module 9: Design solutions for security operations

You learn techniques to design security operations capabilities including logging, auditing, Security Event Management (SIEM), Security Orchestration and Automated Response (SOAR), and security workflows.

Module 10: Case study: Design security operations, identity and compliance capabilities

Apply your cybersecurity architect skills on a real business scenario in the area of security operations, identity and compliance. You analyze design requirements, answer conceptual and technical questions and design a solution to meet the business needs.

Module 11: Design solutions for securing Microsoft 365

You learn how to design security solutions for Exchange, Sharepoint, OneDrive and Teams.

Module 12: Design solutions for securing applications

You learn how to secure applications, APIs and the development process using techniques like posture management, threat modeling, and secure access for workload identities.

Module 13: Design solutions for securing an organization's data

You learn about designing solutions that secure an organization's data using capabilities like Microsoft Purview, Defender for SQL, Defender for Storage.

Module 14: Case study: Design security solutions for applications and data

Apply your cybersecurity architect skills on a real business scenario in the area of securing applications and data. You will analyze design requirements, answer conceptual and technical questions and design a solution to meet the business needs.

Module 15: Specify requirements for securing SaaS, PaaS, and IaaS services

You learn how to analyze security requirements for different cloud offerings (SaaS, PaaS, and IaaS), IoT workloads, web workloads and containers.

Module 16: Design solutions for security posture management in hybrid and multicloud environments

You learn how to design security posture management solutions that integrate into hybrid and multicloud scenarios using capabilities in Microsoft Defender for Cloud, Azure Arc and Microsoft Cloud Security Benchmark (MCSB).

Module 17: Design solutions for securing server and client endpoints

You learn how to analyze the security requirements for different types of endpoints including servers, clients, IoT, OT, mobile, and embedded devices. These requirements will take into account different platforms and operating systems and set standards for endpoint protection, hardening and configuration.

Module 18: Design solutions for network security

You learn how to design secure network solutions using techniques like network segmentation, traffic filtering, network monitoring and posture management.

Module 19: Design security solutions for infrastructure

Apply your cybersecurity architect skills on a real business scenario in the area of infrastructure security. You analyze design requirements, answer conceptual and technical questions and design a solution to meet the business needs.

SC-200: Microsoft Security Operations Analyst

Module 1: Introduction to Microsoft 365 threat protection

In this module, you'll learn how to use the Microsoft 365 Defender integrated threat protection suite.

Module 2: Mitigate incidents using Microsoft 365 Defender

Learn how the Microsoft 365 Defender portal provides a unified view of incidents from the Microsoft 365 Defender family of products.

Module 3: Protect your identities with Microsoft Entra ID Protection

Use the advanced detection and remediation of identity-based threats to protect your Microsoft Entra identities and applications from compromise.

Module 4: Remediate risks with Microsoft Defender for Office 365

Learn about the Microsoft Defender for Office 365 component of Microsoft 365 Defender.

Module 5: Safeguard your environment with Microsoft Defender for Identity

Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.

Module 6: Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that operates on multiple clouds.

Module 7: Respond to data loss prevention alerts using Microsoft 365

Learn how the data loss prevention alerts will help in your investigation to find the full scope of the incident.

Module 8: Manage insider risk in Microsoft Purview

Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.

Module 9: Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard

This module examines how to search for audited activities using the Microsoft Purview Audit (UAL) solution.

Module 10: Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)

This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium).

Module 11: Investigate threats with Content search in Microsoft Purview

This module examines how to search for content in the Microsoft Purview compliance portal using Content Search functionality.

Module 12: Protect against threats with Microsoft Defender for Endpoint

Learn how Microsoft Defender for Endpoint can help your organization stay secure.

Module 13: Deploy the Microsoft Defender for Endpoint environment

Learn how to deploy the Microsoft Defender for Endpoint environment, including onboarding devices and configuring security.

Module 14: Implement Windows security enhancements with Microsoft Defender for Endpoint

Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity.

Module 15: Perform device investigations in Microsoft Defender for Endpoint

Learn about information available to you through Microsoft Defender for Endpoint that will aid in your investigations. Module 16: Perform actions on a device using Microsoft Defender for Endpoint Learn how Microsoft Defender for Endpoint provides the remote capability to contain devices and collect forensics data. Module 17: Perform evidence and entities investigations using Microsoft Defender for Endpoint Learn about the artifacts in your environment and how they relate to other artifacts and alerts that will provide you with insight to understand the overall impact to your environment. Module 18: Configure and manage automation using Microsoft Defender for Endpoint Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings. Module 19: Configure for alerts and detections in Microsoft Defender for Endpoint Learn how to configure settings to manage alerts and notifications. You'll also learn to enable indicators as part of the detection process. Module 20: Utilize Vulnerability Management in Microsoft Defender for Endpoint Learn about your environment's weaknesses by using Vulnerability Management in Microsoft Defender for Endpoint. Module 21: Plan for cloud workload protections using Microsoft Defender for Cloud Learn the purpose of Microsoft Defender for Cloud and how to enable the system. Module 22: Connect Azure assets to Microsoft Defender for Cloud Learn how to connect your various Azure assets to Microsoft Defender for Cloud to detect threats. Module 23: Connect non-Azure resources to Microsoft Defender for Cloud Learn how you can add Microsoft Defender for Cloud capabilities to your hybrid environment. Module 24: Manage your cloud security posture management Microsoft Defender for Cloud, Cloud Security Posture Management (CSPM) provides visibility into vulnerable resources and provides hardening guidance. Module 25: Explain cloud workload protections in Microsoft Defender for Cloud Learn about the protections and detections provided by Microsoft Defender for Cloud with each cloud workload. Module 26: Remediate security alerts using Microsoft Defender for Cloud Learn how to remediate security alerts in Microsoft Defender for Cloud. Module 27: Construct KQL statements for Microsoft Sentinel KQL is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Microsoft Sentinel. Module 28: Analyze query results using KQL Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel. Module 29: Build multi-table statements using KQL Learn how to work with multiple tables using KQL. Module 30: Work with data in Microsoft Sentinel using Kusto Query Language Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources. Module 31: Introduction to Microsoft Sentinel Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. Module 32: Create and manage Microsoft Sentinel workspaces Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements. Module 33: Query logs in Microsoft Sentinel As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel. Module 34: Use watchlists in Microsoft Sentinel Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries. Module 35: Utilize threat intelligence in Microsoft Sentinel Learn how the Microsoft Sentinel Threat Intelligence page enables you to manage threat indicators. Module 36: Connect data to Microsoft Sentinel using data connectors The primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors. Module 37: Connect Microsoft services to Microsoft Sentinel Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel. Module 38: Connect Microsoft 365 Defender to Microsoft Sentinel Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender. Module 39: Connect Windows hosts to Microsoft Sentinel One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector. Module 40: Connect Common Event Format logs to Microsoft Sentinel Most vendor-provided connectors utilize the CEF connector. Learn about the Common Event Format (CEF) connector's configuration options. Module 41: Connect syslog data sources to Microsoft Sentinel Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data. Module 42: Connect threat indicators to Microsoft Sentinel Learn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors. Module 43: Threat detection with Microsoft Sentinel analytics In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks. Module 44: Automation in Microsoft Sentinel By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management. Module 45: Security incident management in Microsoft Sentinel Learn about security incidents, incident evidence and entities, incident management, and how to use Microsoft Sentinel to handle incidents. Module 46: Identify threats with Behavioral Analytics Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization. Module 47: Data normalization in Microsoft Sentinel By the end of this module, you'll be able to use ASIM parsers to identify threats inside your organization. Module 48: Query, visualize, and monitor data in Microsoft Sentinel This module describes how to query, visualize, and monitor data in Microsoft Sentinel. Module 49: Manage content in Microsoft Sentinel By the end of this module, you'll be able to manage content in Microsoft Sentinel. Module 50: Explain threat hunting concepts in Microsoft Sentinel Learn the threat hunting process in Microsoft Sentinel. Module 51: Threat hunting with Microsoft Sentinel In this module, you'll learn to proactively identify threat behaviors by using Microsoft Sentinel queries. You'll also learn to use bookmarks and livestream to hunt threats. Module 52: Use Search jobs in Microsoft Sentinel In Microsoft Sentinel, you can search across long time periods in large datasets by using a search job. Module 53: Hunt for threats using notebooks in Microsoft Sentinel Learn how to use notebooks in Microsoft Sentinel for advanced hunting.   SC-300: Microsoft Identity and Access Administrator Module 1: Explore identity in Microsoft Entra ID This module covers definitions and available services for identity provided in Microsoft Entra ID and to Microsoft 365. You will start with authentication, authorization, and access tokens then build into full identity solutions. Module 2: Implement initial configuration of Microsoft Entra ID Learn to create an initial Azure Active Directory configuration to ensure all the identity solutions available in Azure are ready to use. This module explores how to build and configure an Azure AD system. Module 3: Create, configure, and manage identities Access to cloud-based workloads needs to be controlled centrally by providing a definitive identity for each user and resource. You can ensure employees and vendors have just-enough access to do their job. Module 4: Implement and manage external identities Inviting external users to use company Azure resources is a great benefit, but you want to do it in a secure way. Explore how to enable secure external collaboration. Module 5: Implement and manage hybrid identity Creating a hybrid-identity solution to use your on-premises active directory can be challenging. Explore how to implement a secure hybrid-identity solution. Module 6: Secure Microsoft Entra users with multifactor authentication Learn how to use multifactor authentication with Microsoft Entra ID to harden your user accounts. Module 7: Manage user authentication There are multiple options for authentication in Microsoft Entra ID. Learn how to implement and manage the right authentications for users based on business needs. Module 8: Plan, implement, and administer Conditional Access Conditional Access gives a fine granularity of control over which users can do specific activities, access which resources, and how to ensure data and systems are safe. Module 9: Manage Microsoft Entra Identity Protection Protecting a user's identity by monitoring their usage and sign-in patterns ensure a secure cloud solution. Explore how to design and implement Microsoft Entra Identity protection. Module 10: Implement access management for Azure resources Explore how to use built-in Azure roles, managed identities, and RBAC-policy to control access to Azure resources. Identity is the key to secure solutions. Module 11: Plan and design the integration of enterprise apps for SSO Enterprise app deployment enables control over which users can access the apps, easily log into apps with single-sign-on, and provide integrated usage reports. Module 12: Implement and monitor the integration of enterprise apps for SSO Deploying and monitoring enterprise applications to Azure solutions can ensure security. Explore how to deploy on-premises and cloud based apps to users. Module 13: Implement app registration Line of business developed in-house need registration in Microsoft Entra ID and assigned to users for a secure Azure solution. Explore how to implement app registration. Module 14: Plan and implement entitlement management When new users or external users join your site, quickly assigning them access to Azure solutions is a must. Explore how to entitle users to access your site and resources. Module 15: Plan, implement, and manage access review Once identity is deployed, proper governance using access reviews is necessary for a secure solution. Explore how to plan for and implement access reviews. Module 16: Plan and implement privileged access Ensuring that administrative roles are protected and managed to increase your Azure solution security is a must. Explore how to use PIM to protect your data and resources. Module 17: Monitor and maintain Microsoft Entra ID Audit and diagnostic logs within Microsoft Entra ID provide a rich view into how users are accessing your Azure solution. Learn to monitor, troubleshoot, and analyze sign-in data.   SC-400: Administering Information Protection and Compliance in Microsoft 365 Module 1: Introduction to information protection and data lifecycle management in Microsoft Purview Learn how Microsoft 365 information protection and data lifecycle management solutions help you protect and govern your data, throughout its lifecycle – wherever it lives, or wherever it travels. Module 2: Classify data for protection and governance Learn about the information available to help you understand your data landscape and know your data. Module 3: Create and manage sensitive information types Learn how to use sensitive information types to support your information protection strategy. Module 4: Understand Microsoft 365 encryption Learn how Microsoft 365 encrypts data-at-rest and in-transit, securely manages encryption keys, and provides key management options to customers to meet their business needs and compliance obligations. Module 5: Deploy Microsoft Purview Message Encryption Learn about the different encryption methods Microsoft Purview provides to protect messages. Module 6: Protect information in Microsoft Purview Learn how to detect sensitive content as it's used and shared throughout your organization, in the cloud and on devices, and help prevent accidental data loss. Module 7: Apply and manage sensitivity labels Learn about how sensitivity labels are used to classify and protect business data while making sure that user productivity and their ability to collaborate are not hindered. Module 8: Prevent data loss in Microsoft Purview Learn how to discover, classify, and protect sensitive and business-critical content throughout its lifecycle across your organization. Module 9: Configure DLP policies for Microsoft Defender for Cloud Apps and Power Platform Learn how to configure and implement data loss prevention policies and integrate them with Microsoft Defender for Cloud Apps. Module 10: Manage data loss prevention policies and reports in Microsoft 365 Learn how to manage data loss prevention policies and mitigate data loss prevention policy violations. Module 11: Manage the data lifecycle in Microsoft Purview Learn how to manage your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you don't. Module 12: Manage data retention in Microsoft 365 workloads Learn how to manage retention for Microsoft 365, and how retention solutions are implemented in the individual Microsoft 365 services. Module 13: Manage records in Microsoft Purview Learn how to use intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization. Module 14: Explore compliance in Microsoft 365 This module explores the tools Microsoft 365 provides to help ensure an organization's regulatory compliance, including the Microsoft Purview compliance portal, Compliance Manager, and the Microsoft compliance score. Module 15: Search for content in the Microsoft Purview compliance portal This module examines how to search for content in the Microsoft Purview compliance portal using Content Search functionality, including how to view and export the search results, and configure search permissions filtering. Module 16: Manage Microsoft Purview eDiscovery (Standard) This module explores how to use Microsoft Purview eDiscovery (Standard) to create an eDiscovery case and a hold for a case, how to manage case content, and how to close, reopen, and delete a case. Module 17: Manage Microsoft Purview eDiscovery (Premium) This module explores how to use Microsoft Purview eDiscovery (Premium) to preserve, collect, analyze, review, and export content that's responsive to an organization's internal and external investigations, and communicate with custodians involved in a case. Module 18: Manage Microsoft Purview Audit (Standard) This module examines how to search for audited activities using the Microsoft Purview Audit (Standard) solution, including how to export, configure, and view the audit log records that were retrieved from an audit log search. Module 19: Prepare Microsoft Purview Communication Compliance Microsoft Purview Communication Compliance is a solution that helps organizations address code-of-conduct policy violations in company communications, while also assisting organizations in regulated industries meet specific supervisory compliance requirements. Module 20: Manage insider risk in Microsoft Purview Microsoft Purview Insider Risk Management helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization. Module 21: Implement Microsoft Purview Information Barriers This module examines how Microsoft Purview uses information barriers to restrict communication and collaboration in Microsoft Teams, SharePoint Online, and OneDrive for Business. Module 22: Manage regulatory and privacy requirements with Microsoft Priva Learn how to use Microsoft Priva to manage privacy risk policies and subject rights requests. Module 23: Implement privileged access management Privileged access management allows granular access control over privileged admin tasks in Office 365. Privileged access management requires users to request just-in-time access to complete elevated and privileged tasks through a highly scoped and time-bound approval workflow. Module 24: Manage Customer Lockbox Customer Lockbox supports requests to access data in Exchange Online, SharePoint Online, and OneDrive when Microsoft engineers need to access customer content to determine root cause and fix an issue. ALGEBRIN ZAVRŠNI ISPIT CERTIFIKACIJSKI ISPIT: Exam SC-100: Microsoft Cybersecurity Architect ili Exam SC-200: Microsoft Security Operations Analyst ili Exam SC-300: Microsoft Identity and Access Administrator ili Exam SC-400: Administering Information Protection and Compliance in Microsoft 365 (fakultativno)

Preuzmi