1. Estrutura do Exame
1.1. Objetivos
1.1.1. Mitigar Ameaças ([Documentação Oficial](https://learn.microsoft.com/pt-br/certifications/exams/sc-200/))
1.1.2. Monitorar o Ambiente ([Microsoft Sentinel](https://learn.microsoft.com/azure/sentinel/overview))
1.1.3. Investigar Incidentes ([Microsoft Defender for Endpoint](https://learn.microsoft.com/defender-endpoint/))
1.1.4. Responder a Incidentes ([Playbooks no Sentinel](https://learn.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook))
1.2. Peso dos Tópicos
1.2.1. 25-30%: Mitigação de Ameaças Ameaças ([Políticas de Segurança no Azure](https://learn.microsoft.com/azure/security-center/security-policy))
1.2.2. 25-30%: Detecção de Ameaças ([Consultas KQL](https://learn.microsoft.com/azure/data-explorer/kql-quick-reference))
1.2.3. 20-25%: Investigação de Incidentes Incidentes ([Análise Forense](https://learn.microsoft.com/defender-endpoint/investigate-incidents))
1.2.4. 15-20%: Resposta a Incidentes ([Automatização de Respostas](https://learn.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook))
1.3. Formato
1.3.1. Múltipla Escolha ([Exemplo de Questões](https://www.examtopics.com/exams/microsoft/sc-200/))
1.3.2. Cenários Práticos Práticos ([Simulados MeasureUp](https://www.measureup.com/microsoft-sc-200-practice-test.html))
1.3.3. Duração: ~120 Minutos ([Detalhes do Exame](https://learn.microsoft.com/pt-br/certifications/exams/sc-200/))
2. Recursos de Estudo
2.1. Microsoft Learn
2.1.1. Caminho de Aprendizado SC-200 ([Caminho SC-200](https://learn.microsoft.com/pt-br/certifications/exams/sc-200/))
2.1.2. Laboratórios Gratuitos ([Microsoft Learn Sandbox](https://learn.microsoft.com/pt-br/training/modules/))
2.1.3. Documentação Oficial ([Microsoft Docs](https://learn.microsoft.com/pt-br/))
2.2. Cursos Pagos
2.2.1. Udemy ([Cursos SC-200](https://www.udemy.com/topic/sc-200/))
2.2.2. Coursera ([Cursos Microsoft Security](https://www.coursera.org/courses?query=microsoft%20security))
2.2.3. Pluralsight ([Pluralsight SC-200](https://www.pluralsight.com/paths/microsoft-security-operations-analyst-sc-200))
2.3. Livros
2.3.1. Exam Ref SC-200 (Microsoft Press) ([Livro Oficial](https://learn.microsoft.com/pt-br/certifications/exams/sc-200/#resources))
2.4. Comunidades Online
2.4.1. LinkedIn ([Grupo SC-200](https://www.linkedin.com/groups/?keywords=sc-200))
2.4.2. Reddit ([r/AzureSecurity](https://www.reddit.com/r/AzureSecurity/))
2.4.3. TechNet ([Fórum TechNet](https://social.technet.microsoft.com/Forums/en-US/home?category=azuresecurity))
3. Ferramentas e Laboratórios
3.1. Microsoft Sentinel
3.1.1. Configurar Workspaces ([Configurar Workspace](https://learn.microsoft.com/azure/sentinel/quickstart-onboard))
3.1.2. Consultas KQL
3.1.3. Playbooks Automatizados ([Criar Playbooks](https://learn.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook))
3.2. Microsoft Defender for Endpoint
3.2.1. Simular Ataques ([Atomic Red Team](https://github.com/redcanaryco/atomic-red-team))
3.2.2. Investigar Alertas ([Investigar Alertas](https://learn.microsoft.com/defender-endpoint/investigate-alerts))
3.2.3. Configurar Políticas ([Políticas de Proteção](https://learn.microsoft.com/defender-endpoint/configuration-policies))
3.3. Azure Monitor
3.3.1. Configurar Alertas ([Alertas no Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/alerts/alerts-overview))
3.3.2. Painéis de Monitoramento ([Criar Painéis](https://learn.microsoft.com/azure/azure-monitor/visualizations))
3.4. Laboratórios Gratuitos
3.4.1. Microsoft Learn Sandbox ([Sandbox](https://learn.microsoft.com/pt-br/training/modules/))
3.4.2. Conta Gratuita do Azure ([Conta Gratuita](https://azure.microsoft.com/free/))
4. Estratégias de Estudo
4.1. Planejamento
4.1.1. Rotina Semanal ([Dicas de Planejamento](https://meuplannerdeestudos.com.br/?utm_source=chatgpt.com/))
4.1.2. Tempo para Teoria e Prática ([Balancear Estudos](https://www.examtopics.com/discussions/microsoft/view/104896-how-to-balance-theory-and-practice-for-sc-200/))
4.2. Metodologia
4.2.1. Teoria: Documentação e Vídeos ([Documentação](https://learn.microsoft.com/pt-br/))
4.2.2. Prática: Laboratórios e Simulações ([Laboratórios](https://learn.microsoft.com/pt-br/training/modules/))
4.2.3. Revisão: Flashcards e Resumos ([Flashcards](https://www.brainscape.com/subjects/microsoft-certification))
4.3. Foco nos Tópicos
4.3.1. Mitigação de Ameaças ([Mitigação](https://learn.microsoft.com/azure/security-center/security-policy))
4.3.2. Detecção de Ameaças ([Detecção](https://learn.microsoft.com/azure/sentinel/detect-threats-built-in))
4.3.3. Investigação de Incidentes ([Investigação](https://learn.microsoft.com/defender-endpoint/investigate-incidents))
4.4. Simulados
4.4.1. MeasureUp ([MeasureUp](https://www.measureup.com/microsoft-sc-200-practice-test.html))
4.4.2. Whizlabs ([Whizlabs](https://www.whizlabs.com/microsoft-certification/sc-200-exam/))
5. Tópidos Principais
5.1. Mitigação de Ameaças
5.1.1. Configurar Políticas de Segurança ([Políticas](https://learn.microsoft.com/azure/security-center/security-policy))
5.1.2. Proteger Cargas de Trabalho ([Proteção](https://learn.microsoft.com/azure/security-center/secure-score-security-controls))
5.1.3. Reduzir Superfícies de Ataque ([Redução](https://learn.microsoft.com/azure/security-center/reduce-your-attack-surface))
5.2. Detecção de Ameaças
5.2.1. Coletar e Analisar ([Logs](https://learn.microsoft.com/azure/sentinel/connect-data-sources))
5.2.2. Consultas ([KQL](https://learn.microsoft.com/azure/data-explorer/kql-quick-reference))
5.2.3. Configurar Regras de Detecção ([Regras](https://learn.microsoft.com/azure/sentinel/detect-threats-custom))
5.3. Investigação de Incidentes
5.3.1. Análise ([Forense](https://learn.microsoft.com/defender-endpoint/investigate-incidents))
5.3.2. Identificar ([Escopo](https://learn.microsoft.com/defender-endpoint/investigate-incidents)) e Impacto
5.3.3. ([Ferramentas](https://learn.microsoft.com/defender-endpoint/investigation-tools)) de Investigação
5.4. Resposta a Incidentes
5.4.1. Automatizar com ([Playbooks](https://learn.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook))
5.4.2. ([Isolar](https://learn.microsoft.com/defender-endpoint/isolate-machines)) Dispositivos Comprometidos
5.4.3. Documentar e ([Comunicar](https://learn.microsoft.com/defender-endpoint/incident-responses)) Incidentes