Security-Operations-Engineer 무료 덤프문제 온라인 액세스

Your organization has recently acquired Company A, which has its own SOC and security tooling. You have already configured ingestion of Company A's security telemetry and migrated their detection rules to Google Security Operations (SecOps). You now need to enable Company A's analysts to work their cases in Google SecOps. You need to ensure that Company A's analysts:
* do not have access to any case data originating from outside of Company A.
* are able to re-purpose playbooks previously developed by your organization's employees.
You need to minimize effort to implement your solution. What is the first step you should take?

• A.Define a new SOC role for Company A.
• B.Create a Google SecOps SOAR environment for Company A.
• C.Acquire a second Google SecOps SOAR tenant for Company A.
• D.Provision a new service account for Company A.

You use Google Security Operations (SecOps) curated detections and YARA-L rules to detect suspicious activity on Windows endpoints. Your source telemetry uses EDR and Windows Events logs. Your rules match on the principal.user.userid UDM field. You need to ingest an additional log source for this field to match all possible log entries from your EDR and Windows Event logs. What should you do?

• A.Ingest logs from Windows Sysmon.
• B.Ingest logs from Windows PowerShell.
• C.Ingest logs from Microsoft Entra ID.
• D.Ingest logs from Windows Procmon.

You have identified a common malware variant on a potentially infected computer. You need to find reliable IoCs and malware behaviors as quickly as possible to confirm whether the computer is infected and search for signs of infection on other computers. What should you do?

• A.Perform a UDM search for the file checksum in Google Security Operations (SecOps). Review activities that are associated with, or attributed to, the malware.
• B.Run a Google Web Search for the malware hash, and review the results.
• C.Create a Compute Engine VM, and perform dynamic and static malware analysis.
• D.Search for the malware hash in Google Threat Intelligence, and review the results.

Your company is adopting a multi-cloud environment. You need to configure comprehensive monitoring of threats using Google Security Operations (SecOps). You want to start identifying threats as soon as possible.
What should you do?

• A.Use curated detections from the Cloud Threats category to monitor your cloud environment.
• B.Use curated detections for Applied Threat Intelligence to monitor your company's cloud environment.
• C.Ask Cloud Customer Care to provide a set of rules recommended by Google to monitor your company's cloud environment.
• D.Use Gemini to generate YARA-L rules for multi-cloud use cases.

Your organization requires the SOC director to be notified by email of escalated incidents and their results before a case is closed. You need to create a process that automatically sends the email when an escalated case is closed. You need to ensure the email is reliably sent for the appropriate cases. What process should you use?

• A.Write a job to check closed cases for incident escalation status, pull the case status details if a case has been escalated, and send an email to the director.
• B.Create a playbook block that includes a condition to identify cases that have been escalated. The two resulting branches either close the alert and email the notes to the director, or close the alert without sending an email.
• C.Navigate to the Alert Overview tab to close the Alert. Run a manual action to gather the case details. If the case was escalated, email the notes to the director. Use the Close Case action in the UI to close the case.
• D.Use the Close Case button in the UI to close the case. If the case is marked as an incident, export the case from the UI and email it to the director.