Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #108
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #108: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #108. The question stem and answer options stay visible for context.
Question
Your organization recently adopted Google Security Operations (SecOps), and has configured ingestion, parsing and rules for their log sources. The security operations team is currently triaging alerts one at a time using several external product dashboards with alerts and enrichment data. You want to use the case management functionality in Google SecOps to reduce the amount of pivoting between products your SOC analysts are required to do. You want to minimize development effort. What should you do first?
Options
- ABuild a playbook for each detection rule to enrich and remediate alerts relative to the particular
- BBuild a playbook for each of the noisiest alert sources to gather additional context on the case
- CBuild a job to periodically iterate over recent cases, determine relevant context, and enrich alerts.
- DBuild a low-priority, catch-all playbook for enrichment of entities in a case using threat intelligence
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.