Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #112
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #112: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #112. The question stem and answer options stay visible for context.
Question
You are working with your company's analyst team to automate the investigation of phishing alerts ingested directly into Google Security Operations (SecOps) SOAR from an email inbox. The analyst team currently uses a SIEM query to search for related information. You need to design a solution to automatically include the query results in the Google SecOps case without writing any new code. What should you do?
Options
- ACreate a custom action in Google SecOps IDE that runs the SIEM query from a playbook through
- BModify the detection rule in the SIEM to include the query results as part of the detection.
- CAdd a widget to the Default Case View in Google SecOps SOAR that allows the analyst team to
- DAdd an action to the playbook that runs the SIEM query and returns the results.
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.