🥳🥳Launch week sale🥳🥳75% off all exams for a limited time celebrating our launch!!
75% off$39 $9.75Shop the sale
Microsoft

Microsoft Certified: Security Operations Analyst Associate

Security operations analyst certification for Microsoft Defender XDR, Microsoft Sentinel, incident response, detection engineering, automation, and threat hunting.

Practice

Learn at your own pace. Answer questions one at a time with instant feedback and explanations.

Start practice

Mock exam

Simulate the real thing. Take a timed, full-length test and review your score and weak areas.

Sign up to start
Get full access Unlimited practice and timed mock exams for 90 days. Create your account at checkout.
$39 You save $29.25 today

Study your way: beyond Practice and Mock exam, choose adaptive, hard mode, ready review, objective coverage, or retry-your-misses — and set your own question count, timer, and pass mark.

About this exam

SC-200 validates security operations skills for monitoring, identifying, investigating, responding to, and hunting threats across Microsoft Defender XDR, Microsoft Sentinel, Microsoft Entra ID, Microsoft Purview, and Defender for Cloud.

Who should take this exam

Security operations analysts who perform triage, incident response, threat hunting, detection engineering, automation, and SOC platform operations.

Career benefits

Demonstrates current Microsoft SOC capability using Defender XDR, Sentinel, KQL, automation, incident response, hunting, and AI-assisted investigation patterns.

How to prepare

Use the official SC-200 certification page and study guide, then practice with Defender XDR, Sentinel, KQL, connectors, analytics rules, playbooks, workbooks, incident investigation, and threat hunting.

Quick facts

Exam costPrice based on the country or region in which the exam is proctored.
Valid for1 year; renewable by Microsoft Learn assessment
Length100 minutes
Passing score700
FormatProctored Microsoft certification exam; multiple question types and possible interactive components
Practice questions125
Objectives3
Blueprint as ofApril 16, 2026
Official pageView

What's covered

1. Manage a security operations environment

40–45%
  • 1.1 Configure automation for Microsoft Defender XDR and Microsoft Sentinel
  • 1.2 Configure the Microsoft Sentinel SIEM and platform
  • 1.3 Ingest data into the Microsoft Sentinel SIEM and platform
  • 1.4 Configure detections

2. Respond to security incidents

35–40%
  • 2.1 Respond to alerts and incidents in Microsoft Defender XDR
  • 2.2 Respond to alerts and incidents in Microsoft Defender for Endpoint
  • 2.3 Investigate Microsoft 365 activities to identify threats

3. Perform threat hunting

20–25%
  • 3.1 Detect threats by using Microsoft Defender XDR
  • 3.2 Detect threats by using the Microsoft Sentinel platform

Frequently asked questions

Are these real exam questions?

No. These are original practice questions written to match the exam objectives, each with an explanation so you actually learn the material — not exam dumps.

How does practice mode work?

You answer questions one at a time with instant feedback and explanations. Over time the app adapts, prioritizing the objectives and questions you struggle with most.

What is a mock exam?

A timed, full-length simulation that holds feedback until the end, then shows your score, pass/fail result, and a breakdown by objective.

Can I customize how I study?

Yes. Pick the study mode that fits — adaptive practice, hard mode, ready-for-review, objective coverage, or retrying questions you've missed — and set your own question count, timer, and passing score for each session.

Do I need an account?

You can try free questions for this exam without signing in. Create a free account to save your progress, track weak objectives, and unlock the full question bank.

Study resources

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.