nerdexam
Google

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #81

PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #81: Real Exam Question with Answer & Explanation

The correct answer is C. Implement a parser extension on top of the prebuilt parser.. The recommended approach is to implement a parser extension on top of the prebuilt parser. Parser extensions allow you to map additional fields from raw logs to UDM fields without modifying the existing, stable parser. This approach preserves the original parsing logic while enab

Question

You are responsible for developing and configuring data ingestion in Google Security Operations (SecOps) for your organization. Your organization is using a prebuilt parser to parse a complex but stable and common log source. The parser is working correctly. However, your organization now wants you to change the configuration to parse additional fields from the raw logs and map them to UDM fields. What should you do?

Options

  • ADesign and develop a custom parser.
  • BApply any pending updates to the prebuilt parser.
  • CImplement a parser extension on top of the prebuilt parser.
  • DImplement middleware to modify the underlying data structure.

Explanation

The recommended approach is to implement a parser extension on top of the prebuilt parser. Parser extensions allow you to map additional fields from raw logs to UDM fields without modifying the existing, stable parser. This approach preserves the original parsing logic while enabling customization for the new fields.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Practice