Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #64
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #64: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #64. The question stem and answer options stay visible for context.
Question
You are the lead engineer on your organization's incident response team. You are running CrowdStrike Falcon and SentinelOne to protect the Windows devices in different regions of your organization. You are ingesting the following logs into Google Security Operations (SecOps): - Azure AD Directory Audit (AZURE_AD_AUDIT) - Crowdstrike Falcon (CS_EDR) - Microsoft Sysmon (WINDOWS_SYSMON) - SentinelOne (SENTINEL_EDR) - Windows Event (WINEVTLOG) You notice that a high volume of ransomware incidents are impacting your team's SLAs. You need to automate the response to ransomware on Windows devices. How should you automate the detection and containment of ransomware incidents? (Choose two.)
Options
- AEnable the Windows Threats category in curated detections to detect the latest Windows threats.
- BEnable the Risk Analytics for User and Endpoint Behavioral Analytics (UEBA) category in curated
- CInstall SOAR EDR integrations for endpoint containment actions. Create a playbook to contain
- DInstall SOAR EDR jobs to execute remote endpoint containment actions. Create a playbook to
- EInstall a SOAR remote agent on each Windows device for endpoint containment actions. Create a
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.