Security-Operations-Engineer Exam Question 16
You need to augment your organization's existing Security Command Center (SCC) implementation with additional detectors. You have a list of known IoCs and would like to include external signals for this capability to ensure broad detection coverage. What should you do?
Security-Operations-Engineer Exam Question 17
You are a platform engineer at an organization that is migrating from a third-party SIEM product to Google Security Operations (SecOps). You previously manually exported context data from Active Directory (AD) and imported the data into your previous SIEM as a watchlist when there were changes in AD's user/asset context data. You want to improve this process using Google SecOps. What should you do?
Security-Operations-Engineer Exam Question 18
You were recently hired as a SOC manager at an organization with an existing Google Security Operations (SecOps) implementation. You need to understand the current performance by calculating the mean time to respond or remediate (MTTR) for your cases. What should you do?
Security-Operations-Engineer Exam Question 19
You use Google Security Operations (SecOps) curated detections and YARA-L rules to detect suspicious activity on Windows endpoints. Your source telemetry uses EDR and Windows Events logs. Your rules match on the principal.user.userid UDM field. You need to ingest an additional log source for this field to match all possible log entries from your EDR and Windows Event logs. What should you do?
Security-Operations-Engineer Exam Question 20
You are using Google Security Operations (SecOps) to investigate suspicious activity linked to a specific user. You want to identify all assets the user has interacted with over the past seven days to assess potential impact. You need to understand the user's relationships to endpoints, service accounts, and cloud resources.
How should you identify user-to-asset relationships in Google SecOps?
How should you identify user-to-asset relationships in Google SecOps?
