Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems

Arrow left icon
Profile Icon Trevor Stuart Profile Icon Joe Anich
Arrow right icon
AU$24.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (8 Ratings)
Paperback Mar 2022 288 pages 1st Edition
eBook
AU$33.99 AU$48.99
Paperback
AU$60.99
Subscription
Free Trial
Renews at AU$24.99p/m
Arrow left icon
Profile Icon Trevor Stuart Profile Icon Joe Anich
Arrow right icon
AU$24.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (8 Ratings)
Paperback Mar 2022 288 pages 1st Edition
eBook
AU$33.99 AU$48.99
Paperback
AU$60.99
Subscription
Free Trial
Renews at AU$24.99p/m
eBook
AU$33.99 AU$48.99
Paperback
AU$60.99
Subscription
Free Trial
Renews at AU$24.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $24.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives

Welcome to Microsoft SC-200 Exam Prep and Beyond and Chapter 1, Preparing for Your Microsoft Exam and SC-200 Objectives. This chapter is dedicated to ensuring that you are ready for the Microsoft SC-200 exam and that you fully understand the objectives, along with how they apply in the real world. It's one thing to pass an exam but a whole other thing to apply exam topics to your day-to-day job. Let's get into it!

In both traditional and modern enterprises, the Microsoft security operations analyst is the key pivot point and collaborator with both individual contributors and enterprise stakeholders. This role in most organizations has one goal in mind – to protect against, secure against, detect, and respond to threats present in an enterprise as expeditiously as possible. They are responsible for reducing organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate teams and stakeholders. Historically, this level of responsibility came with a lot of tooling, alert fatigue, manual or human interaction in investigations, and so on.

What we hope to make clear is that there has been a massive evolution of security operations for most enterprises. Tooling has changed, and the power of the cloud has added great value to tools that Security Operations Team (SOC) analysts are required to use day to day to successfully deliver in the Microsoft security operations analyst position for enterprises today.

This chapter will cover the following topics to get us started:

  • Preparing for a Microsoft exam
  • Introducing the resources available and accessing Microsoft Learn
  • Creating a Microsoft demo tenant

It is important to note that in November 21 some Microsoft Security Services have been renamed. These are renamed as follows:

  • Microsoft Cloud App Security (MCAS) is now called Microsoft Defender for Cloud Apps
  • System Center Configuration Manager (SCCM) is now called Microsoft Endpoint Configuration Manager (MECM)
  • Azure Sentinel is now called Microsoft Sentinel
  • Azure defender is now Microsoft Defender for Cloud
  • Azure Security Center is now called Microsoft Defender for Cloud
  • Playbook is now called Workflow automation

Technical requirements

In order to proceed with this chapter, you need to have the following requirements ready:

  • Full understanding of Defender for Endpoint, from onboarding and configuring endpoints to investigating alerts.
  • Understanding of Microsoft 365 Defender with identity protection, Defender for Office, Defender for Identity, Defender for Cloud Apps to DLP, and insider risk.
  • Microsoft Defender for Cloud: Be familiar with Azure services that can be protected.
  • Configuring Sentinel, connecting logs, handling detections, investigations, and threat hunting.
  • Kusto Query Language (KQL).

Preparing for a Microsoft exam

When preparing for a Microsoft exam, there are a few things to keep in mind. First, Microsoft always provides the Skills measured section on the exam page, which will list everything in play for assessment during the exam. In this Skills measured outline, it will also give an estimate of what percentage of the exam will be about that subject. In our experience, those are usually spot on, so it's worth noting that if you're lacking in some of the bigger sections, spend more time studying and practicing in the lab on those subjects.

Another thing worth mentioning is that a lot of the sections mentioned in this Skills measured outline will align with the modules for the SC-200 learning path, so if you incorporate that into your training, you'll find it easy to ramp up in the section of the outline you're looking for. I'll talk more about the learning path modules in the next section. If you're curious about learning more outside of the module links provided on the exam page, go to https://docs.microsoft.com/en-us/learn/ and search for more topics of interest.

Generally, when I prepare for these exams, I'm looking at all resources available, whether that be the product documentation, learning path modules, or testing things out in a lab, with the lab being the most important to me, as that seems to stick out more. We'll cover setting up labs for testing in later sections.

Once you're settled on preparation for the exam, it becomes a lot clearer when considering the resources available, which we will cover in the next section. So, for now, let's focus on diving into what's laid out for us!

Introducing the resources available and accessing Microsoft Learn

When looking at training or studying resources, Microsoft does a great job of giving you structure as it pertains to the exams. The following is the list we're focusing on for resources, starting with the learning paths on the exam page:

When looking into everything available to begin your journey toward taking the SC-200 exam, as well as learning the skills needed to be successful in your career as a SOC analyst specializing in the M365 security stack, it's important to know that it takes time. There is a lot of content for all the features available; therefore, it's beneficial to take your time to pick it all up.

For me, I always start in the order of the bullet list provided at the start of this section, and I'll explain why. I like to go through the learning paths and listen to the content laid out for me. There are some basic knowledge checks to ensure that you're getting the information down. If there are items in the modules that I'm either stuck on or just want additional information on, I start looking for the Docs page that aligns. Once I've completed the learning path, I'll start setting up a lab and essentially starting in the order outlined in the exam.

In the next sections, I will summarize some of the larger portions of the learning paths, as they're critical to ensure that you learn, for both the exam and tasks that you may encounter in your career. As for the third bullet point in the list, we'll discuss that in the next topic of this chapter after learning a little more about what the learning path has to offer!

Microsoft Defender for Endpoint

We will start with Microsoft Defender for Endpoint (MDE), Microsoft's endpoint detection and response platform. Having a basic understanding of this platform will be critical for success, which includes understanding how to create the Defender for Endpoint environment, onboard endpoints to be monitored, and configuring the various settings. So, for example, you will need to be familiar with the rights needed to access the https://securitycenter.windows.com portal for the first time and go through the wizard that guides you through your initial configuration.

Beyond setting up the tenant, you will need to know onboarding devices in your environment quite well. You will want to understand the various operating systems in your environment to ensure they are supported, addressing any down-level devices that may no longer be supported. Make notes, as there are numerous configuration differences as you move down-level, whether that be the type of onboarding method or the state of Microsoft Defender Antivirus, especially if you are running any third-party antivirus software. We will cover that in more depth later in the book.

In Figure 1.1, you can see an example of the onboarding page for MDE, where you'll select the different operating systems and deployment methods. You'll notice that as you change the OS or deployment methods, you're presented with different packages or information to help with onboarding the sensor. Along with this, a command you can run in Command Prompt to throw a test alert is available. This is really just an easy test to see that the sensor is reporting back properly:

Figure 1.1 – Endpoint onboarding

Figure 1.1 – Endpoint onboarding

As you onboard your devices, you will want to start defining who can access what device pages and take what actions on those devices. At this point, understanding Role-Based Access Control (RBAC) will be important, as that will help ensure the various roles in your SOC have the right access to perform their job. Creating your device groups will also be extremely critical to ensure that you have the proper remediation settings for your subsets of devices, as you will be applying different auto-remediation settings to different device groups.

The last topic to familiarize yourself with during that initial tenant setup and device onboarding will be configuring the advanced features. Here, you will switch settings on and off depending on what you want to light up in the environment. These include features such as integration with Microsoft Defender for Identity, Cloud App Security, Azure Information Protection, Secure Score, and Intune.

Being able to detect, investigate, and respond to threats in your environment will be at the forefront of your thinking.

Microsoft 365 Defender

When focusing on the other aspects of Microsoft 365 Defender, you will need to know about protections such as Identity Protection within Azure AD. This means understanding how to configure Azure AD Identity Protection policies such as sign-in risk and user risk, as well as investigating and remediating risks detected by the policies you have put into place.

Another aspect of the Microsoft 365 Defender umbrella is Microsoft Defender for Office (MDO) 365, the set of protections that help safeguard your organization against malware and viruses as they come in through email or malicious links. With MDO, you will need to understand how to configure various policies such as Safe Links or Safe Attachments, as well as policies such as anti-malware, anti-phishing, and anti-spam.

Continuing down the list of capabilities within Microsoft 365 Defender, Microsoft Defender for Identity (MDI) will be especially important to know; I would say more so for real-world skills, as the exam will not go very deep into it. We will cover MDI in much more depth later in the book, as we feel it is one of the, if not the, most important security tools in the suite. For the exam though, have a good understanding of configuring the sensors on your servers, reviewing alerts in the portal, and how MDI integrates into other tools such as Microsoft Defender for Cloud Apps.

Next up is Microsoft Defender for Cloud Apps (MDCA), which we alluded to earlier in the chapter. With MDCA, you will want to have a good understanding of the cloud app security framework, how to explore apps that are discovered within Cloud Discovery, how to protect your data and apps with Conditional Access with App Control policies, classifying and protecting sensitive information, and detecting threats.

Lastly, we need to know about Data Loss Prevention (DLP) and insider risk. Being able to understand and describe the different data loss prevention components in Microsoft 365, such as investigating DLP alerts in the compliance center (a dedicated DLP dashboard), as well as within Microsoft Defender for Cloud Apps where you'll see file policy violation alerts if you have file policies created, will be necessary.

When it comes to insider risk, you will need to be able to understand and explain how to use insider risk management with the Microsoft 365 framework to prevent, detect, and contain internal risks. This will help with scenario-based questions where you need to choose solutions that meet the need. Most of these things we can do with pre-defined policy templates and insider risk policies. With those, knowing and understanding the types of actions you can take on cases within risk management cases will be good to know.

Microsoft Defender for Cloud

Microsoft Defender will be one of the lengthier sections, primarily because you need to understand a good chunk of the Azure services that can be protected. Starting with Microsoft Defender for Cloud, which will be the primary portal for Microsoft Defender for Cloud, you will learn to assess your environment and understand the resources you have that need protection. The integrations available make it quite easy to see the risk and take action to bring that workload into a protected state. Beyond connecting workloads, Azure assets, and non-Azure resources, you will need to understand remediating security alerts within Microsoft Defender for Cloud.

Microsoft Sentinel

Microsoft Sentinel is Microsoft's cloud-native Security Information and Events Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. While it is new in the SIEM space, it has quickly gained much traction within the cybersecurity space due to its scalability, cost benefits as compared to traditional on-premises SIEMS (such as SPLUNK), and its quick integration capabilities to existing systems.

Microsoft Sentinel topics end up being about 20% of the SC-200 exam from a content perspective, and due to that, be prepared to cover the following topics – we will dive a bit deeper than the requirements to merely pass this section of the exam so that you are prepared to immediately apply the knowledge in your enterprise today.

Topics covered in KQL and data analysis are as follows:

  • Begin understanding KQL statement structure: This will be a critical item to begin to know. The main way a Microsoft security operations analyst will begin threat hunting and creating automation will be backed by KQL.
  • Begin understanding results from KQL: This will be another high-priority item to begin to know. It is one thing for a Microsoft security operations analyst to create KQL statements, but being able to confidently understand results will make or break automation and dispositions on threats.
  • Begin to understand how to build multi-table statements using KQL: As we move from basic queries and basic resultant sets of data, we will take it one step further and begin sharing information on how to build multi-table statements using KQL. As a Microsoft security operations analyst, you will find this extremely useful in your day-to-day threat hunting and dashboard building.
  • Begin working with data in Microsoft Sentinel using KQL: Once we have covered the preceding topics, we will move into data manipulation and management. This will be another highly necessary skill set to possess as a Microsoft security operations analyst. We will begin extracting data from structured and unstructured string fields, integrating external data, and creating parsers with functions. Soon, you will see the true power you have at your fingertips using Microsoft Sentinel as your SIEM and SOAR solution.

Topics covered in Setup and configuration are as follows:

  • Create and manage Microsoft Sentinel workspaces: One of the first things the Microsoft security operations analyst will have to decide will be the overall SIEM architecture with Microsoft Sentinel. Will you use one or many workspaces to fuel the data? How will you manage RBAC? What about your cross-workspace queries? Will logging and alerting be centralized? Decentralized? We will look in depth at the options and best practices accordingly.
  • Query logs in Microsoft Sentinel: As a Microsoft security operations analyst, you must be able to understand how to query data, tables, and fields that are ingested into your workspace. This will be critical for not only data discovery and investigation but also knowing where data is from a table perspective, which will allow you to granularly apply RBAC as your enterprise team members need.
  • Using watchlists in Microsoft Sentinel: Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
  • Utilize threat intelligence in Microsoft Sentinel: Learn how the Microsoft Sentinel threat intelligence page enables you to manage threat indicators.

After all this, we're left with the final topic of interest, which is KQL. This will be a staple of the threat hunting aspect within Microsoft 365.

KQL

KQL is the read-only query language that was created to work specifically with large datasets within Azure. You will need to know KQL to be successful on the threat-hunting side of things. Whether you are in the Microsoft 365 security portal or Sentinel, KQL will be needed for hunting.

We will cover the skills needed for both the exam as well as the skills needed to start your threat-hunting journey within the context of Microsoft 365. We will be covering topics such as constructing statements, analyzing the results, as well as building custom detections.

I know that's a lot of information to take in, especially if you're new to it all, but if you stay on course, then it will all come together. Getting through these topics as you work through the learning paths, with subsequent documentation article reading, setting up, and working in a demo tenant in this next section, will help write that to memory! The nice thing about it is you can always go back to a section and walk through what's being discussed within the portal. Let's dive into getting a demo tenant ready!

Creating a Microsoft demo tenant

The following are two URLs that are mentioned a few times in the section. These will be handy to keep bookmarked so that you can quickly get back to them:

One of the absolute best things you can do to get hands-on experience is to build a lab! Many will do this first, and that's totally fine – everyone has their own style of learning. My hesitation for doing that first is that I end up bouncing around all over the place because I don't have any context for what to do or where to start. There are many shiny things to distract me.

Having gone through the learning paths, with various knowledge checks and additional documentation articles, I'm ready to tackle the real thing! I have a sense of structure, where to start, where to end, and what is in between.

To get started with setting up your lab, you'll need to satisfy one of the following licensing requirements. The reason for E5 and A5 is because those contain everything you'll be learning about in the learning paths in one easy package:

  • Windows 10 Enterprise E5
  • Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5), which includes Windows 10 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • MDE

With these subscriptions, you can more freely test with onboarding your own lab devices too, as well as configuring the other components of the license, such as Microsoft Endpoint Manager, formerly Intune. With that, you can learn to configure a host of security features that are otherwise already enabled in the pre-provisioned devices in the evaluation lab aspect of the license.

Some things to note about the evaluation lab aspect of the trial are as follows:

  • Enough device allotment for a month of testing.
  • Renewing resources allowed once a month.
  • Pre-provisioned machines for testing.
  • Full access to the capabilities of MDE.
  • Threat simulators.
  • To get a wonderful overarching picture of the lab itself and what you can get from it, please watch the video at the following link: aka.ms/MDEEvaluation.

The following screenshot shows what the lab section of the portal will look like before you configure it:

Figure 1.2 – The Evaluation Lab setup

Figure 1.2 – The Evaluation Lab setup

Note that when you get to the provisioning screen, you'll select the number of devices you want as well as the duration of each. Now, remember, whatever you select, that's all you get for 30 days, so carefully plan out how you want to test these machines. If you're after more specific tests, perhaps to see how MDE handles various attacks, then the shorter durations may be better suited, but for the use case of studying for an exam, the longer-duration machines may be best.

Summary

In summary, there is a lot to know! It may seem overwhelming if you're new to the Microsoft 365 stack, but as you start learning one area, you'll see how well it translates to other areas, so I advise you to go with the flow and stick with it. As you work through understanding MDE, you'll leave with a great understanding of navigating through the security portal, making it easier to pick up knowledge in other areas.

As Microsoft builds out the Security.Microsoft.com portal, you'll find it easier to start digging into the other areas, such as Defender for Office and Defender for Identity.

With the knowledge you have picked up in those first few sections, moving into Sentinel will be a familiar one, as you continue to build on the nomenclature. With KQL, you'll be able to apply that in any portal where advanced hunting is available, as well as any Log Analytics workspace.

We're both excited to get started on the next chapter to continue your Microsoft 365 Defender adventure! See you in Chapter 2, The Evolution of Security Operations!

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Detect, protect, investigate, and remediate threats using Microsoft Defender for endpoint
  • Explore multiple tools using the M365 Defender Security Center
  • Get ready to overcome real-world challenges as you prepare to take the SC-200 exam

Description

Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst. Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way. By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.

Who is this book for?

This book is for security professionals, cloud security engineers, and security analysts who want to learn and explore Microsoft Security Stack. Anyone looking to take the SC-200 exam will also find this guide useful. A basic understanding of Microsoft technologies and security concepts will be beneficial.

What you will learn

  • Discover how to secure information technology systems for your organization
  • Manage cross-domain investigations in the Microsoft 365 Defender portal
  • Plan and implement the use of data connectors in Microsoft Defender for Cloud
  • Get to grips with designing and configuring a Microsoft Sentinel workspace
  • Configure SOAR (security orchestration, automation, and response) in Microsoft Sentinel
  • Find out how to use Microsoft Sentinel workbooks to analyze and interpret data
  • Solve mock tests at the end of the book to test your knowledge

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 16, 2022
Length: 288 pages
Edition : 1st
Language : English
ISBN-13 : 9781803231891
Category :
Concepts :

What do you get with a Packt Subscription?

Free for first 7 days. $24.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Mar 16, 2022
Length: 288 pages
Edition : 1st
Language : English
ISBN-13 : 9781803231891
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
AU$24.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
AU$249.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just AU$5 each
Feature tick icon Exclusive print discounts
AU$349.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just AU$5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total AU$ 186.97
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900
AU$57.99
Microsoft Information Protection Administrator SC-400 Certification Guide
AU$67.99
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
AU$60.99
Total AU$ 186.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Section 1 – Exam Overview and Evolution of Security Operations Chevron down icon Chevron up icon
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives Chevron down icon Chevron up icon
Chapter 2: The Evolution of Security and Security Operations Chevron down icon Chevron up icon
Section 2 – Implementing Microsoft 365 Defender Solutions Chevron down icon Chevron up icon
Chapter 3: Implementing Microsoft Defender for Endpoint Chevron down icon Chevron up icon
Chapter 4: Implementing Microsoft Defender for Identity Chevron down icon Chevron up icon
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier) Chevron down icon Chevron up icon
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards Chevron down icon Chevron up icon
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards Chevron down icon Chevron up icon
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents Chevron down icon Chevron up icon
Chapter 8: Microsoft Defender for Office – Threats to Productivity Chevron down icon Chevron up icon
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps Chevron down icon Chevron up icon
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel Chevron down icon Chevron up icon
Chapter 10: Setting Up and Configuring Microsoft Sentinel Chevron down icon Chevron up icon
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel Chevron down icon Chevron up icon
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel Chevron down icon Chevron up icon
Chapter 12: Knowledge Check Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(8 Ratings)
5 star 50%
4 star 25%
3 star 25%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Garrett Apr 08, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Reading this book I am ready to take on Russia
Amazon Verified review Amazon
Anthony S Mineer Aug 02, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Another fantastic certification reference book and Beyond by Packt. The SC-200 certification covers Azure and M365 based security tools and the book hit the mark on every major skill covered. As well as how to create a lab environment to gain some hands on experience where you might have been lacking. I was able to take and pass the SC-200 with the content of this book and the Microsoft Learn modules associated, it is well worth the purchase.
Amazon Verified review Amazon
M. Sprague Feb 18, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Pair this with the Microsoft Learn modules and you'll pass this exam ( I did!). It covers all the details and provides useful examples to help you understand the material.
Amazon Verified review Amazon
Rob V Jun 06, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great read for knowledge and testing purposes
Amazon Verified review Amazon
Matt J Nov 30, 2023
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
This is good resource book but for the price you can get 2-4 months subscription from the publisher
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.