Question No 1

You need to augment your organization's existing Security Command Center (SCC) implementation with additional detectors. You have a list of known IoCs and would like to include external signals for this capability to ensure broad detection coverage. What should you do?

Choose the Choices:

Create a custom posture for your organization that combines the prebuilt Event Threat Detection and Security Health Analytics (SHA) detectors.

Create a Security Health Analytics (SHA) custom module using the compute address resource.

Create an Event Threat Detection custom module using the "Configurable Bad IP" template.

Create a custom log sink with internal and external IP addresses from threat intelligence. Use the SCC API to generate a finding for each event.

Question No 2

You have identified a common malware variant on a potentially infected computer. You need to find reliable IoCs and malware behaviors as quickly as possible to confirm whether the computer is infected and search for signs of infection on other computers. What should you do?

Choose the Choices:

Search for the malware hash in Google Threat Intelligence, and review the results.

Run a Google Web Search for the malware hash, and review the results.

Create a Compute Engine VM, and perform dynamic and static malware analysis.

Perform a UDM search for the file checksum in Google Security Operations (SecOps). Review activities that are associated with, or attributed to, the malware.

Question No 3

You scheduled a Google Security Operations (SecOps) report to export results to a BigQuery dataset in your Google Cloud project. The report executes successfully in Google SecOps, but no data appears in the dataset. You confirmed that the dataset exists. How should you address this export failure?

Choose the Choices:

Grant the Google SecOps service account the roles/iam.serviceAccountUser IAM role to itself.

Set a retention period for the BigQuery export.

Grant the user account that scheduled the report the roles/bigquery.dataEditor IAM role on the project.

Grant the Google SecOps service account the roles/bigquery.dataEditor IAM role on the dataset.

Question No 4

You are a security engineer at a managed security service provider (MSSP) that is onboarding to Google Security Operations (SecOps). You need to ensure that cases for each customer are logically separated. How should you configure this logical separation?

Choose the Choices:

In Google SecOps SOAR settings, create a role for each customer.

In Google SecOps Playbooks, create a playbook for each customer.

In Google SecOps SOAR settings, create a permissions group for each customer.

In Google SecOps SOAR settings, create a new environment for each customer.

Question No 5

Your organization has mission - critical production Compute Engine VMs that you monitor daily. While performing a UDM search in Google Security Operations (SecOps), you discover several outbound network connections from one of the production VMs to an unfamiliar external IP address occurring over the last 48 hours. You need to use Google SecOps to quickly gather more context and assess the reputation of the external IP address. What should you do?

Choose the Choices:

Search for the external IP address in the Alerts & IoCs page in Google SecOps.

Perform a UDM search to identify the specific user account that was logged into the production VM when the connections occurred.

Examine the Google SecOps Asset view details for the production VM.

Create a new detection rule to alert on future traffic from the external IP address.

Practice Google security-operations-engineer Exam Questions

Question No 1

Question No 2

Question No 3

Question No 4

Question No 5

security-operations-engineer Exam Features

security-operations-engineer PDF Dumps