I recently passed my SC-200. Go me!
My last exam was back in January of last year. I wrote about it in a blog post. The Security+ was a fun one to study for. It was far more about the fundamentals and was vendor agnostic, which is great for an entry level cert.
The SC-200 is not that. It’s a Microsoft specific certification, and goes pretty in depth into Licensing, using Azure, and the (often confusing) number of security products that come with their security offerings. It wasn’t fun. It took a lot of time to study and I felt more confused towards the end of some subjects than I did going in.
The passing score is 700. I managed a score of 720. Professor Messer (a great resource when it comes to exam prep) has made a good point about the grade not really mattering. If you only barely scrape by with a score of 700 then you’ve still passed. You studied just the right amount to pass.
If you’ve never used Sentinel, or managed an Azure tenant, then the SC-200 will be a beast. The Security+ didn’t really require previous experience with a SIEM or with specific tools. I suppose that’s where the difference in vendor agnostic and vendor specific certifications lie. Comptia offer some pretty good certifications entry-level certifications, but if you’re applying to a MS-Only shop then you’ll probably need some Microsoft specific certs.
Resources
Microsoft offer a free training course that covered everything in the exam. It’s available here and I highly recommend using it.
My only problem with the course, and with all of learn.microsoft.com, is that once you complete a module (A course is made of Learning Paths, and paths are made of modules) you’re just given a list of other modules with no suggestion on which one to choose. There doesn’t seem to be a linear learning path. I found myself getting confused just trying to find the study material.
There are ~5 different ‘Defender for x’ products. I’ve written this just a few days after I achieved the SC-200, and I’m still not sure on the final amount. Azure is big and getting a grasp of what every product does is a big part of the exam. It’s something I struggled with for a while. Ultimately I just studied enough of what each version of Defender does before moving on. As it turns out I only had one or two questions about this in the exam.
There are Udemy/Pluralsight/LinkedIn learning courses that I’m sure work well. There are plenty of YouTube courses that will teach you the same information, and they’re free. I’m not going to suggest any specific YouTube series’ because the exam has recently been updated. Just search for ‘SC-200’ and check by newest. You’ll find it.
Next steps
I’ve been lacking on completing certifications. It’s been over a year since I achieved my last and I just need to knuckle down and study.
My rough plan for the rest of this year is;
- CC
- SAL1
- CySA+
I had a longer list at one point, but three exams over the next 167 days sounds doable. That comes to 55.666666666666664 days per exam!
As I mentioned previously, I’ve been meaning to do this exam for over a year now. When it comes to exams I tend to over-prepare. If there is a topic that I’m not 100% sure on then I’ll put it off for another month and study up.
For the above exams I won’t be doing that. With a timeframe of ~50 days per exam I’ll just book the exam for a specific date, then study as much as I can until then. Setting a deadline for myself is the best move here.
Azure is fine. I’ve got no major issues with Sentinel or Defender. I feel like Microsoft stretches itself thin trying to provide a solution for everything. I don’t make business decisions though. As long as Sentinel pays the bills I’ll be studying for it.
Stay tuned for my CC/SAL1/CySA+ posts. Thanks for reading.