Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems

Arrow left icon
Profile Icon Trevor Stuart Profile Icon Joe Anich
Arrow right icon
$43.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (8 Ratings)
Paperback Mar 2022 288 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Trevor Stuart Profile Icon Joe Anich
Arrow right icon
$43.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (8 Ratings)
Paperback Mar 2022 288 pages 1st Edition
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$24.99 $35.99
Paperback
$43.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives

Welcome to Microsoft SC-200 Exam Prep and Beyond and Chapter 1, Preparing for Your Microsoft Exam and SC-200 Objectives. This chapter is dedicated to ensuring that you are ready for the Microsoft SC-200 exam and that you fully understand the objectives, along with how they apply in the real world. It's one thing to pass an exam but a whole other thing to apply exam topics to your day-to-day job. Let's get into it!

In both traditional and modern enterprises, the Microsoft security operations analyst is the key pivot point and collaborator with both individual contributors and enterprise stakeholders. This role in most organizations has one goal in mind – to protect against, secure against, detect, and respond to threats present in an enterprise as expeditiously as possible. They are responsible for reducing organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate teams and stakeholders. Historically, this level of responsibility came with a lot of tooling, alert fatigue, manual or human interaction in investigations, and so on.

What we hope to make clear is that there has been a massive evolution of security operations for most enterprises. Tooling has changed, and the power of the cloud has added great value to tools that Security Operations Team (SOC) analysts are required to use day to day to successfully deliver in the Microsoft security operations analyst position for enterprises today.

This chapter will cover the following topics to get us started:

  • Preparing for a Microsoft exam
  • Introducing the resources available and accessing Microsoft Learn
  • Creating a Microsoft demo tenant

It is important to note that in November 21 some Microsoft Security Services have been renamed. These are renamed as follows:

  • Microsoft Cloud App Security (MCAS) is now called Microsoft Defender for Cloud Apps
  • System Center Configuration Manager (SCCM) is now called Microsoft Endpoint Configuration Manager (MECM)
  • Azure Sentinel is now called Microsoft Sentinel
  • Azure defender is now Microsoft Defender for Cloud
  • Azure Security Center is now called Microsoft Defender for Cloud
  • Playbook is now called Workflow automation

Technical requirements

In order to proceed with this chapter, you need to have the following requirements ready:

  • Full understanding of Defender for Endpoint, from onboarding and configuring endpoints to investigating alerts.
  • Understanding of Microsoft 365 Defender with identity protection, Defender for Office, Defender for Identity, Defender for Cloud Apps to DLP, and insider risk.
  • Microsoft Defender for Cloud: Be familiar with Azure services that can be protected.
  • Configuring Sentinel, connecting logs, handling detections, investigations, and threat hunting.
  • Kusto Query Language (KQL).

Preparing for a Microsoft exam

When preparing for a Microsoft exam, there are a few things to keep in mind. First, Microsoft always provides the Skills measured section on the exam page, which will list everything in play for assessment during the exam. In this Skills measured outline, it will also give an estimate of what percentage of the exam will be about that subject. In our experience, those are usually spot on, so it's worth noting that if you're lacking in some of the bigger sections, spend more time studying and practicing in the lab on those subjects.

Another thing worth mentioning is that a lot of the sections mentioned in this Skills measured outline will align with the modules for the SC-200 learning path, so if you incorporate that into your training, you'll find it easy to ramp up in the section of the outline you're looking for. I'll talk more about the learning path modules in the next section. If you're curious about learning more outside of the module links provided on the exam page, go to https://docs.microsoft.com/en-us/learn/ and search for more topics of interest.

Generally, when I prepare for these exams, I'm looking at all resources available, whether that be the product documentation, learning path modules, or testing things out in a lab, with the lab being the most important to me, as that seems to stick out more. We'll cover setting up labs for testing in later sections.

Once you're settled on preparation for the exam, it becomes a lot clearer when considering the resources available, which we will cover in the next section. So, for now, let's focus on diving into what's laid out for us!

Introducing the resources available and accessing Microsoft Learn

When looking at training or studying resources, Microsoft does a great job of giving you structure as it pertains to the exams. The following is the list we're focusing on for resources, starting with the learning paths on the exam page:

When looking into everything available to begin your journey toward taking the SC-200 exam, as well as learning the skills needed to be successful in your career as a SOC analyst specializing in the M365 security stack, it's important to know that it takes time. There is a lot of content for all the features available; therefore, it's beneficial to take your time to pick it all up.

For me, I always start in the order of the bullet list provided at the start of this section, and I'll explain why. I like to go through the learning paths and listen to the content laid out for me. There are some basic knowledge checks to ensure that you're getting the information down. If there are items in the modules that I'm either stuck on or just want additional information on, I start looking for the Docs page that aligns. Once I've completed the learning path, I'll start setting up a lab and essentially starting in the order outlined in the exam.

In the next sections, I will summarize some of the larger portions of the learning paths, as they're critical to ensure that you learn, for both the exam and tasks that you may encounter in your career. As for the third bullet point in the list, we'll discuss that in the next topic of this chapter after learning a little more about what the learning path has to offer!

Microsoft Defender for Endpoint

We will start with Microsoft Defender for Endpoint (MDE), Microsoft's endpoint detection and response platform. Having a basic understanding of this platform will be critical for success, which includes understanding how to create the Defender for Endpoint environment, onboard endpoints to be monitored, and configuring the various settings. So, for example, you will need to be familiar with the rights needed to access the https://securitycenter.windows.com portal for the first time and go through the wizard that guides you through your initial configuration.

Beyond setting up the tenant, you will need to know onboarding devices in your environment quite well. You will want to understand the various operating systems in your environment to ensure they are supported, addressing any down-level devices that may no longer be supported. Make notes, as there are numerous configuration differences as you move down-level, whether that be the type of onboarding method or the state of Microsoft Defender Antivirus, especially if you are running any third-party antivirus software. We will cover that in more depth later in the book.

In Figure 1.1, you can see an example of the onboarding page for MDE, where you'll select the different operating systems and deployment methods. You'll notice that as you change the OS or deployment methods, you're presented with different packages or information to help with onboarding the sensor. Along with this, a command you can run in Command Prompt to throw a test alert is available. This is really just an easy test to see that the sensor is reporting back properly:

Figure 1.1 – Endpoint onboarding

Figure 1.1 – Endpoint onboarding

As you onboard your devices, you will want to start defining who can access what device pages and take what actions on those devices. At this point, understanding Role-Based Access Control (RBAC) will be important, as that will help ensure the various roles in your SOC have the right access to perform their job. Creating your device groups will also be extremely critical to ensure that you have the proper remediation settings for your subsets of devices, as you will be applying different auto-remediation settings to different device groups.

The last topic to familiarize yourself with during that initial tenant setup and device onboarding will be configuring the advanced features. Here, you will switch settings on and off depending on what you want to light up in the environment. These include features such as integration with Microsoft Defender for Identity, Cloud App Security, Azure Information Protection, Secure Score, and Intune.

Being able to detect, investigate, and respond to threats in your environment will be at the forefront of your thinking.

Microsoft 365 Defender

When focusing on the other aspects of Microsoft 365 Defender, you will need to know about protections such as Identity Protection within Azure AD. This means understanding how to configure Azure AD Identity Protection policies such as sign-in risk and user risk, as well as investigating and remediating risks detected by the policies you have put into place.

Another aspect of the Microsoft 365 Defender umbrella is Microsoft Defender for Office (MDO) 365, the set of protections that help safeguard your organization against malware and viruses as they come in through email or malicious links. With MDO, you will need to understand how to configure various policies such as Safe Links or Safe Attachments, as well as policies such as anti-malware, anti-phishing, and anti-spam.

Continuing down the list of capabilities within Microsoft 365 Defender, Microsoft Defender for Identity (MDI) will be especially important to know; I would say more so for real-world skills, as the exam will not go very deep into it. We will cover MDI in much more depth later in the book, as we feel it is one of the, if not the, most important security tools in the suite. For the exam though, have a good understanding of configuring the sensors on your servers, reviewing alerts in the portal, and how MDI integrates into other tools such as Microsoft Defender for Cloud Apps.

Next up is Microsoft Defender for Cloud Apps (MDCA), which we alluded to earlier in the chapter. With MDCA, you will want to have a good understanding of the cloud app security framework, how to explore apps that are discovered within Cloud Discovery, how to protect your data and apps with Conditional Access with App Control policies, classifying and protecting sensitive information, and detecting threats.

Lastly, we need to know about Data Loss Prevention (DLP) and insider risk. Being able to understand and describe the different data loss prevention components in Microsoft 365, such as investigating DLP alerts in the compliance center (a dedicated DLP dashboard), as well as within Microsoft Defender for Cloud Apps where you'll see file policy violation alerts if you have file policies created, will be necessary.

When it comes to insider risk, you will need to be able to understand and explain how to use insider risk management with the Microsoft 365 framework to prevent, detect, and contain internal risks. This will help with scenario-based questions where you need to choose solutions that meet the need. Most of these things we can do with pre-defined policy templates and insider risk policies. With those, knowing and understanding the types of actions you can take on cases within risk management cases will be good to know.

Microsoft Defender for Cloud

Microsoft Defender will be one of the lengthier sections, primarily because you need to understand a good chunk of the Azure services that can be protected. Starting with Microsoft Defender for Cloud, which will be the primary portal for Microsoft Defender for Cloud, you will learn to assess your environment and understand the resources you have that need protection. The integrations available make it quite easy to see the risk and take action to bring that workload into a protected state. Beyond connecting workloads, Azure assets, and non-Azure resources, you will need to understand remediating security alerts within Microsoft Defender for Cloud.

Microsoft Sentinel

Microsoft Sentinel is Microsoft's cloud-native Security Information and Events Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. While it is new in the SIEM space, it has quickly gained much traction within the cybersecurity space due to its scalability, cost benefits as compared to traditional on-premises SIEMS (such as SPLUNK), and its quick integration capabilities to existing systems.

Microsoft Sentinel topics end up being about 20% of the SC-200 exam from a content perspective, and due to that, be prepared to cover the following topics – we will dive a bit deeper than the requirements to merely pass this section of the exam so that you are prepared to immediately apply the knowledge in your enterprise today.

Topics covered in KQL and data analysis are as follows:

  • Begin understanding KQL statement structure: This will be a critical item to begin to know. The main way a Microsoft security operations analyst will begin threat hunting and creating automation will be backed by KQL.
  • Begin understanding results from KQL: This will be another high-priority item to begin to know. It is one thing for a Microsoft security operations analyst to create KQL statements, but being able to confidently understand results will make or break automation and dispositions on threats.
  • Begin to understand how to build multi-table statements using KQL: As we move from basic queries and basic resultant sets of data, we will take it one step further and begin sharing information on how to build multi-table statements using KQL. As a Microsoft security operations analyst, you will find this extremely useful in your day-to-day threat hunting and dashboard building.
  • Begin working with data in Microsoft Sentinel using KQL: Once we have covered the preceding topics, we will move into data manipulation and management. This will be another highly necessary skill set to possess as a Microsoft security operations analyst. We will begin extracting data from structured and unstructured string fields, integrating external data, and creating parsers with functions. Soon, you will see the true power you have at your fingertips using Microsoft Sentinel as your SIEM and SOAR solution.

Topics covered in Setup and configuration are as follows:

  • Create and manage Microsoft Sentinel workspaces: One of the first things the Microsoft security operations analyst will have to decide will be the overall SIEM architecture with Microsoft Sentinel. Will you use one or many workspaces to fuel the data? How will you manage RBAC? What about your cross-workspace queries? Will logging and alerting be centralized? Decentralized? We will look in depth at the options and best practices accordingly.
  • Query logs in Microsoft Sentinel: As a Microsoft security operations analyst, you must be able to understand how to query data, tables, and fields that are ingested into your workspace. This will be critical for not only data discovery and investigation but also knowing where data is from a table perspective, which will allow you to granularly apply RBAC as your enterprise team members need.
  • Using watchlists in Microsoft Sentinel: Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
  • Utilize threat intelligence in Microsoft Sentinel: Learn how the Microsoft Sentinel threat intelligence page enables you to manage threat indicators.

After all this, we're left with the final topic of interest, which is KQL. This will be a staple of the threat hunting aspect within Microsoft 365.

KQL

KQL is the read-only query language that was created to work specifically with large datasets within Azure. You will need to know KQL to be successful on the threat-hunting side of things. Whether you are in the Microsoft 365 security portal or Sentinel, KQL will be needed for hunting.

We will cover the skills needed for both the exam as well as the skills needed to start your threat-hunting journey within the context of Microsoft 365. We will be covering topics such as constructing statements, analyzing the results, as well as building custom detections.

I know that's a lot of information to take in, especially if you're new to it all, but if you stay on course, then it will all come together. Getting through these topics as you work through the learning paths, with subsequent documentation article reading, setting up, and working in a demo tenant in this next section, will help write that to memory! The nice thing about it is you can always go back to a section and walk through what's being discussed within the portal. Let's dive into getting a demo tenant ready!

Creating a Microsoft demo tenant

The following are two URLs that are mentioned a few times in the section. These will be handy to keep bookmarked so that you can quickly get back to them:

One of the absolute best things you can do to get hands-on experience is to build a lab! Many will do this first, and that's totally fine – everyone has their own style of learning. My hesitation for doing that first is that I end up bouncing around all over the place because I don't have any context for what to do or where to start. There are many shiny things to distract me.

Having gone through the learning paths, with various knowledge checks and additional documentation articles, I'm ready to tackle the real thing! I have a sense of structure, where to start, where to end, and what is in between.

To get started with setting up your lab, you'll need to satisfy one of the following licensing requirements. The reason for E5 and A5 is because those contain everything you'll be learning about in the learning paths in one easy package:

  • Windows 10 Enterprise E5
  • Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5), which includes Windows 10 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • MDE

With these subscriptions, you can more freely test with onboarding your own lab devices too, as well as configuring the other components of the license, such as Microsoft Endpoint Manager, formerly Intune. With that, you can learn to configure a host of security features that are otherwise already enabled in the pre-provisioned devices in the evaluation lab aspect of the license.

Some things to note about the evaluation lab aspect of the trial are as follows:

  • Enough device allotment for a month of testing.
  • Renewing resources allowed once a month.
  • Pre-provisioned machines for testing.
  • Full access to the capabilities of MDE.
  • Threat simulators.
  • To get a wonderful overarching picture of the lab itself and what you can get from it, please watch the video at the following link: aka.ms/MDEEvaluation.

The following screenshot shows what the lab section of the portal will look like before you configure it:

Figure 1.2 – The Evaluation Lab setup

Figure 1.2 – The Evaluation Lab setup

Note that when you get to the provisioning screen, you'll select the number of devices you want as well as the duration of each. Now, remember, whatever you select, that's all you get for 30 days, so carefully plan out how you want to test these machines. If you're after more specific tests, perhaps to see how MDE handles various attacks, then the shorter durations may be better suited, but for the use case of studying for an exam, the longer-duration machines may be best.

Summary

In summary, there is a lot to know! It may seem overwhelming if you're new to the Microsoft 365 stack, but as you start learning one area, you'll see how well it translates to other areas, so I advise you to go with the flow and stick with it. As you work through understanding MDE, you'll leave with a great understanding of navigating through the security portal, making it easier to pick up knowledge in other areas.

As Microsoft builds out the Security.Microsoft.com portal, you'll find it easier to start digging into the other areas, such as Defender for Office and Defender for Identity.

With the knowledge you have picked up in those first few sections, moving into Sentinel will be a familiar one, as you continue to build on the nomenclature. With KQL, you'll be able to apply that in any portal where advanced hunting is available, as well as any Log Analytics workspace.

We're both excited to get started on the next chapter to continue your Microsoft 365 Defender adventure! See you in Chapter 2, The Evolution of Security Operations!

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Detect, protect, investigate, and remediate threats using Microsoft Defender for endpoint
  • Explore multiple tools using the M365 Defender Security Center
  • Get ready to overcome real-world challenges as you prepare to take the SC-200 exam

Description

Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst. Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way. By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.

Who is this book for?

This book is for security professionals, cloud security engineers, and security analysts who want to learn and explore Microsoft Security Stack. Anyone looking to take the SC-200 exam will also find this guide useful. A basic understanding of Microsoft technologies and security concepts will be beneficial.

What you will learn

  • Discover how to secure information technology systems for your organization
  • Manage cross-domain investigations in the Microsoft 365 Defender portal
  • Plan and implement the use of data connectors in Microsoft Defender for Cloud
  • Get to grips with designing and configuring a Microsoft Sentinel workspace
  • Configure SOAR (security orchestration, automation, and response) in Microsoft Sentinel
  • Find out how to use Microsoft Sentinel workbooks to analyze and interpret data
  • Solve mock tests at the end of the book to test your knowledge
Estimated delivery fee Deliver to Russia

Economy delivery 10 - 13 business days

$6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 16, 2022
Length: 288 pages
Edition : 1st
Language : English
ISBN-13 : 9781803231891
Category :
Concepts :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Russia

Economy delivery 10 - 13 business days

$6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Mar 16, 2022
Length: 288 pages
Edition : 1st
Language : English
ISBN-13 : 9781803231891
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 134.97
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900
$41.99
Microsoft Information Protection Administrator SC-400 Certification Guide
$48.99
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
$43.99
Total $ 134.97 Stars icon
Banner background image

Table of Contents

18 Chapters
Section 1 – Exam Overview and Evolution of Security Operations Chevron down icon Chevron up icon
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives Chevron down icon Chevron up icon
Chapter 2: The Evolution of Security and Security Operations Chevron down icon Chevron up icon
Section 2 – Implementing Microsoft 365 Defender Solutions Chevron down icon Chevron up icon
Chapter 3: Implementing Microsoft Defender for Endpoint Chevron down icon Chevron up icon
Chapter 4: Implementing Microsoft Defender for Identity Chevron down icon Chevron up icon
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier) Chevron down icon Chevron up icon
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards Chevron down icon Chevron up icon
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards Chevron down icon Chevron up icon
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents Chevron down icon Chevron up icon
Chapter 8: Microsoft Defender for Office – Threats to Productivity Chevron down icon Chevron up icon
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps Chevron down icon Chevron up icon
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel Chevron down icon Chevron up icon
Chapter 10: Setting Up and Configuring Microsoft Sentinel Chevron down icon Chevron up icon
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel Chevron down icon Chevron up icon
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel Chevron down icon Chevron up icon
Chapter 12: Knowledge Check Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(8 Ratings)
5 star 50%
4 star 25%
3 star 25%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Garrett Apr 08, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Reading this book I am ready to take on Russia
Amazon Verified review Amazon
Anthony S Mineer Aug 02, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Another fantastic certification reference book and Beyond by Packt. The SC-200 certification covers Azure and M365 based security tools and the book hit the mark on every major skill covered. As well as how to create a lab environment to gain some hands on experience where you might have been lacking. I was able to take and pass the SC-200 with the content of this book and the Microsoft Learn modules associated, it is well worth the purchase.
Amazon Verified review Amazon
M. Sprague Feb 18, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Pair this with the Microsoft Learn modules and you'll pass this exam ( I did!). It covers all the details and provides useful examples to help you understand the material.
Amazon Verified review Amazon
Rob V Jun 06, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great read for knowledge and testing purposes
Amazon Verified review Amazon
Matt J Nov 30, 2023
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
This is good resource book but for the price you can get 2-4 months subscription from the publisher
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela