Microsoft · Official Blueprint · Last reviewed May 2026
The official Microsoft SC-200 exam covers 6 domains. The vendor does not publish percentage weights for these domains — treat each as an equal part of the exam blueprint.
Incident response lifecycle, digital forensics, threat hunting, SIEM/SOAR tools, log analysis, and security automation.
Practice Manage a security operations environment questionsCovers the topics, concepts, and applied skills examined under the Respond to security incidents domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Respond to security incidents questionsCovers the topics, concepts, and applied skills examined under the Perform threat hunting domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Perform threat hunting questionsCovers the topics, concepts, and applied skills examined under the Mitigate threats using Microsoft Defender XDR domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Mitigate threats using Microsoft Defender XDR questionsCovers the topics, concepts, and applied skills examined under the Mitigate threats using Microsoft Defender for Cloud domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Mitigate threats using Microsoft Defender for Cloud questionsCovers the topics, concepts, and applied skills examined under the Mitigate threats using Microsoft Sentinel domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Practice Mitigate threats using Microsoft Sentinel questionsThe vendor does not currently publish percentage weights for these domains, so Courseiva does not rank them by weight.
Work through each domain systematically — cover fundamentals first, then applied and scenario-based topics.
Never skip a domain regardless of perceived importance. Full coverage is required to pass.
Use Courseiva domain analytics to track your accuracy per domain and route extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.