PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Exam Questions
141 real PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101
Your organization plans to ingest logs from an on-premises MySQL database as a new log source into its Google Security Operations (SecOps) instance. You need to create a solution t...
- Question #102
Your organization is a Google Security Operations (SecOps) customer. You use Google Threat Intelligence to identify cyber threats within your organization's threat profile. You bel...
- Question #103
You are implementing Google Security Operations (SecOps) for your organization. Your organization has their own threat intelligence feed that has been ingested to Google SecOps by...
- Question #104
You are using Google Security Operations (SecOps) to identify and report a repetitive sequence of brute force SSH login attempts on a Compute Engine image that did not result in a...
- Question #105
You are a SOC analyst working a case in Google Security Operations (SecOps). The case contains a file hash that your playbooks have automatically enriched with VirusTotal context a...
- Question #106
You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immedia...
- Question #107
You observe several distinct, low-severity suspicious activities associated with a single internal server. You determine that no single event is a high-confidence IOC. You need to...
- Question #108
Your organization recently adopted Google Security Operations (SecOps), and has configured ingestion, parsing and rules for their log sources. The security operations team is curre...
- Question #109
You were recently hired as a SOC manager at an organization with an existing Google Security Operations (SecOps) implementation. You need to understand the current performance by c...
- Question #110
You received an IOC from your threat intelligence feed that is identified as a suspicious domain used for command and control (C2). You want to use Google Security Operations (SecO...
- Question #111
You are a senior SOC analyst in your organization. You are receiving alerts of traffic to a command and control (C2) IP address. You want to use Google Security Operations (SecOps)...
- Question #112
You are working with your company's analyst team to automate the investigation of phishing alerts ingested directly into Google Security Operations (SecOps) SOAR from an email inbo...
- Question #113
Your Google Security Operations (SecOps) instance is generating alerts for unusual login times from multiple user accounts. Your SOC analysts are reporting a high number of the ale...
- Question #114
You are building a detection rule in Google Security Operations (SecOps) to alert on requests to potentially malicious domains. You are planning to use the logs from your network d...
- Question #115
You are helping a new Google Security Operations (SecOps) customer configure access for their SOC team. The Google SecOps administrators currently have access to the instance. The...
- Question #116
You are a security analyst at an organization that uses Google Security Operations (SecOps). Google SecOps triggered a medium severity alert of Unusual Cloud Storage Access - High...
- Question #117
Your company uses Google-managed images on Compute Engine VM instances extensively and has deployed Security Command Center Enterprise (SCCE) at the organization level Due to a rec...
- Question #118
You work at a financial services company. You need to detect in near real-time when a Cloud Run functions service agent modifies the IAM policy of an Artifact Registry repository....
- Question #119
Your Google Security Operations (SecOps) case queue contains a case with IP address entities. You need to determine whether the entities are internal or external assets and ensure...
- Question #120
Your organization has a standard set of Google Security Operations (SecOps) playbooks that are applied to alerts in different circumstances. One playbook uses an "All" trigger that...
- Question #121
You work for a telecommunications company that wants to monitor their multi-region 5G network logs in Google Security Operations (SecOps). The logs are currently only available on-...
- Question #122
You are responsible for identifying suspicious activity and security events at your organization. You have been asked to search in Google Security Operations (SecOps) for network t...
- Question #123
You are an incident responder at your organization using Google Security Operations (SecOps) for monitonng and investigation. You discover that a critical production server, which...
- Question #124
Your organization uses Google Security Operations (SecOps). You discover frequent file downloads from a shared workspace within a short time window. You need to configure a rule in...
- Question #125
You are implementing Google Security Operations (SecOps) at your organization. You discover that the current detection rules are too noisy. Due to the high volume of alerts, some t...
- Question #126
You are developing a new detection rule in Google Security Operations (SecOps). You are defining the YARA-L logic that includes complex event, match, and condition sections. You ne...
- Question #127
Your organization has recently acquired Company A, which has its own SOC and security tooling. You have already configured ingestion of Company A's security telemetry and migrated...
- Question #128
You have identified and isolated a new malware sample installed by an advanced threat group that you believe was developed specifically for an attack against your organization. You...
- Question #129
Your organization uses Cloud Identity as their identity provider (IdP) and is a Google Security Operations (SecOps) customer You need to grant a group of users access to the Google...
- Question #130
Your team is responsible for cybersecurity for a large multinational corporation. You have been tasked with identifying unknown command and control nodes (C2s) that are potentially...
- Question #131
You received an alert from Container Threat Detection that an added binary has been executed in a business critical workload. You need to investigate and respond to this incident....
- Question #132
An organization detects a successful login to a Google Cloud IAM user from an unfamiliar country, followed by the creation of multiple new service account keys within minutes. No m...
- Question #133
Which Google Cloud log source is MOST critical for detecting unauthorized IAM role changes?
- Question #134
A security analyst wants to detect lateral movement between Compute Engine instances using valid credentials. Which data source is MOST useful?
- Question #135
A SOC team notices repeated outbound HTTPS connections from a Compute Engine instance to an external IP every 60 seconds. CPU usage is normal and no malware signatures trigger. Wha...
- Question #136
Which approach BEST improves detection of compromised service accounts in Google Cloud?
- Question #137
A phishing campaign successfully convinces users to grant OAuth permissions to a malicious third-party application. Which control failure MOST likely allowed this?
- Question #138
Which Google Cloud security feature MOST helps enforce the principle of least privilege at scale?
- Question #139
A workload is created and terminated within five minutes and later linked to cryptomining activity. What MOST complicates the investigation?
- Question #140
A SOC uses Chronicle SIEM and wants to reduce alert fatigue without lowering detection coverage. What is the BEST strategy?
- Question #141
After resolving a confirmed security incident in Google Cloud, what action provides the GREATEST long-term security improvement?