1.1 SC-200 Exam Facts
Key Takeaways
- SC-200 has roughly 40-60 questions, a 100-minute time limit, and requires 700 out of 1000 (about 70%) to pass.
- The exam fee is $165 USD in the United States, with regional pricing variations, delivered through Pearson VUE at a test center or online proctored.
- Passing SC-200 earns the Microsoft Certified: Security Operations Analyst Associate certification.
- The certification validates skills across Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Defender for Cloud.
- The credential is valid for one year and renews for free through an online assessment on Microsoft Learn.
About the SC-200 Exam
Quick Answer: SC-200 is a Microsoft exam of roughly 40-60 questions delivered in 100 minutes. You need a scaled score of 700 out of 1000 (about 70%) to pass. It costs $165 USD through Pearson VUE. Passing earns the Microsoft Certified: Security Operations Analyst Associate certification, which renews free every year on Microsoft Learn.
The SC-200 exam, formally Exam SC-200: Microsoft Security Operations Analyst, is the single exam required to earn the Microsoft Certified: Security Operations Analyst Associate certification. It validates the ability to operate as a Security Operations Center (SOC) analyst inside the Microsoft security stack.
Exam Logistics
| Detail | Information |
|---|---|
| Exam code | SC-200 |
| Number of questions | Typically 40-60 |
| Time limit | 100 minutes |
| Passing score | 700 / 1000 (scaled, about 70%) |
| Exam fee | $165 USD (regional pricing varies) |
| Delivery | Pearson VUE — test center or online proctored |
| Certification validity | 1 year |
| Renewal | Free online assessment on Microsoft Learn |
Microsoft does not publish the exact question count in advance — it varies by exam form. The scaled score of 700/1000 is not a raw percentage: questions carry different weights, so you cannot simply divide correct answers by total questions. Treat roughly 70% as a working target.
What the Certification Covers
The Security Operations Analyst Associate certification proves you can detect, investigate, respond to, and hunt threats across three core Microsoft platforms:
- Microsoft Defender XDR (Extended Detection and Response) — the unified portal at security.microsoft.com that correlates signals from Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps.
- Microsoft Sentinel — Microsoft's cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform.
- Microsoft Defender for Cloud — cloud workload protection for servers, containers, storage, databases, and other Azure and multicloud resources.
Question Formats
SC-200 mixes several interaction styles. Expect multiple choice, multiple select ("select all that apply"), drag-and-drop ordering, active-screen interactive scenarios, and short case studies that present one environment description followed by several linked questions.
Certification Validity and Renewal
Unlike legacy certifications that expired after a fixed multi-year window, the Security Operations Analyst Associate certification is valid for one year. Microsoft sends a renewal window starting six months before expiration. Renewal is a free, unproctored online assessment taken on Microsoft Learn — there is no fee and no need to retake the full SC-200 exam.
What scaled score is required to pass the SC-200 exam?
Which three platforms are central to the Microsoft Certified: Security Operations Analyst Associate certification?
How is the SC-200 certification renewed once earned?