Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #71
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #71: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to reveal the answer and full explanation for question #71. The question stem and answer options stay visible for context.
Question
You are an incident response engineer at an organization that uses Google Security Operations (SecOps). You recently started monitoring IOCs in Applied Threat Intelligence using YARA-L rules. You have discovered that there are more false positive alerts than expected, which is causing noise for the SOC team. You need to reduce the number of false positive alerts. What should you do?
Options
- AModify the YARA-L rules to use an indicator confidence score (IC-Score) of 60% and above.
- BConfigure alert grouping for the most repetitive alerts.
- CImplement curated detections instead of custom YARA-L rules.
- DCreate a playbook that automatically tunes the IOC source if its indicator confidence score (IC-
Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER questions. Unlock PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.