PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Exam Questions
141 real PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER exam questions with expert-verified answers and explanations. Page 2 of 3.
- Question #51
You are a security analyst at a company that uses Google Security Operations (SecOps) Enterprise. Security Command Center Enterprise (SCCE), and Google Threat Intelligence (GTI). Y...
- Question #52
You are developing a playbook to respond to phishing reports from users at your company. You configured a UDM query action to identify all users who have connected to a malicious d...
- Question #53
You are a security engineer at a financial technology company. You need to create a centralized dashboard to provide security posture visibility for your leadership team. The dashb...
- Question #54
Your organization has mission-critical production Compute Engine VMS that you monitor daily. While performing a UDM search in Google Security Operations (SecOps), you discover seve...
- Question #55
You are responsible for identifying suspicious activity and security events in your organization's environment. You discover that some detection rules are being triggered for inter...
- Question #56
Your team has onboarded a new log source from a third-party DNS filtering solution. After ingestion, you observe that key UDM fields such as network.dns.questions.name and metadata...
- Question #57
You are ingesting and parsing logs from an SSO provider and an on-premises appliance using Google Security Operations (SecOps). Users are tagged as "restricted" by an internal proc...
- Question #58
You are receiving security alerts from multiple connectors in your Google Security Operations (SecOps) instance. You need to identify which IP address entities are internal to your...
- Question #59
You have identified a common malware variant on a potentially infected computer. You need to find reliable IOCs and malware behaviors as quickly as possible to confirm whether the...
- Question #60
Your Google Security Operations (SecOps) SOAR integration with Security Command Center (SCC) uses a service account that currently has read access to the findings at the organizati...
- Question #61
You need to augment your organization's existing Security Command Center (SCC) implementation with additional detectors. You have a list of known IOCs and would like to include ext...
- Question #62
Your organization recently implemented Google Security Operations (SecOps). You need to create a solution that allows the security team to monitor data ingestion into Google SecOps...
- Question #63
Your company's Google Security Operations (SecOps) instance has three roles: Tier 1, Tier 2, and Tier 3. Currently, analysts in all tiers can access all cases in Google SecOps. You...
- Question #64
You are the lead engineer on your organization's incident response team. You are running CrowdStrike Falcon and SentinelOne to protect the Windows devices in different regions of y...
- Question #65
You need to ingest audit logs from your organization's entire Google Cloud environment into Google Security Operations (SecOps). This process must include Cloud NAT logs for worklo...
- Question #66
You work for an organization that operates an ecommerce platform. You have identified a remote shell on your company's web host. The existing incident response playbook is outdated...
- Question #67
You recently joined a company that uses Google Security Operations (SecOps) with Applied Threat Intelligence enabled. You have alert fatigue from a recent red team exercise, and yo...
- Question #68
You are managing the integration of Security Command Center (SCC) with downstream tooling. You need to pull security findings from SCC and import those findings as part of Google S...
- Question #69
You are configuring a new integration in Google Security Operations (SecOps) to perform enrichment actions in playbooks. This enrichment technology is located in a private data cen...
- Question #70
You use Google Security Operations (SecOps) curated detections and YARA-L rules to detect suspicious activity on Windows endpoints. Your source telemetry uses EDR and Windows Event...
- Question #71
You are an incident response engineer at an organization that uses Google Security Operations (SecOps). You recently started monitoring IOCs in Applied Threat Intelligence using YA...
- Question #72
You scheduled a Google Security Operations (SecOps) report to export results to a BigQuery dataset in your Google Cloud project. The report executes successfully in Google SecOps,...
- Question #73
Your organization's Google Security Operations (SecOps) tenant is ingesting a vendor's firewall logs in its default JSON format using the Google-provided parser for that log. The v...
- Question #74
Your company uses Cloud Identity to manage employee identities and has Google Security Operations (SecOps) linked to your Google Cloud project. You have assigned the roles/chronicl...
- Question #75
Your company's SOC analysts frequently submit manual change requests to a system administrator to make changes to the firewall rules on a specific router. You have the integration...
- Question #76
You are conducting proactive threat hunting in your company's Google Cloud environment. You suspect that an attacker compromised a developer's credentials and is attempting to move...
- Question #77
During a high-priority phishing incident at your company, Google Security Operations (SecOps) created and assigned the case to a Tier 1 analyst. The analyst added email headers and...
- Question #78
You are writing a Google Security Operations (SecOps) SOAR playbook that uses the VirusTotal v3 integration to look up a URL that was reported by a threat hunter in an email. You n...
- Question #79
You are using Google Security Operations (SecOps) to hunt for signs of lateral movement through Remote Desktop Protocol (RDP) in your organization. You suspect that a compromised a...
- Question #80
You are configuring role-based data access controls for two groups of users in Google Security Operations (SecOps). Group A requires access to all data, and Group B requires access...
- Question #81
You are responsible for developing and configuring data ingestion in Google Security Operations (SecOps) for your organization. Your organization is using a prebuilt parser to pars...
- Question #82
Your company's risk management and compliance team requires regular reporting on compliance with industry standard control frameworks for a regulated business unit that continuousl...
- Question #83
Your team hunts for threats in a large multinational corporation. You have subscriptions to threat intelligence feeds from third-party sources. You want to implement a solution to...
- Question #84
Your company is adopting a multi-cloud environment. You need to configure comprehensive monitoring of threats using Google Security Operations (SecOps). You want to start identifyi...
- Question #85
You have a close relationship with a vendor who reveals to you privately that they have discovered a vulnerability in their web application that can be exploited in an XSS attack....
- Question #86
You have identified a new threat actor group that has several IOCs in Google Threat Intelligence. You want to use some of these IOCs in several detection rules in Google Security O...
- Question #87
You have noticed that a Google Security Operations (SecOps) detection rule that detects excessive network connections is triggering too frequently and creating too many false posit...
- Question #88
You are a SOC analyst at an organization that uses Google Security Operations (SecOps). You are investigating suspicious activity in your organization's environment. Alerts in Goog...
- Question #89
Your company requires PCI DSS v4.0 compliance for its cardholder data environment (CDE) in Google Cloud. You use a Security Command Center (SCC) security posture deployment based o...
- Question #90
You are responsible for managing threat intelligence and IOC lists in your organization. You have compiled a list of IOCs from recent incidents. You want to quickly and efficiently...
- Question #91
You are planning log onboarding for a Google Security Operations (SecOps) SIEM deployment in a cloud-heavy enterprise environment. The detection engineering team is requesting log...
- Question #92
You are responsible for selecting and prioritizing potential sources of data to integrate with Google Security Operations (SecOps). Your company has recently started using several...
- Question #93
You are developing a security strategy for your organization. You are planning to use Google Security Operations (SecOps) and Google Threat Intelligence (GTI). You need to enhance...
- Question #94
Your organization is a Google Security Operations (SecOps) customer. The compliance team requires a weekly export of case resolutions and SLA metrics of high and critical severity...
- Question #95
You are reviewing the results of a UDM search in Google Security Operations (SecOps). The UDM fields shown in the default view are not relevant to your search. You want to be able...
- Question #96
Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives...
- Question #97
Your third-party application data is published in a Pub/Sub topic located in a separate Google Cloud project from your Google Security Operations (SecOps) instance. Your attempts t...
- Question #98
Your organization requires the SOC director to be notified by email of escalated incidents and their results before a case is closed. You need to create a process that automaticall...
- Question #99
You are a security analyst at an organization that uses Google Security Operations (SecOps). You have identified a new IP address that is known to be used by a malicious threat act...
- Question #100
You have been tasked with developing a new response process in a playbook to contain an endpoint. The new process should take the following actions: - Send an email to users who do...