Security-Operations-Engineer 무료 덤프문제 온라인 액세스

You are responsible for evaluating the level of effort required to integrate a new third-party endpoint detection tool with Google Security Operations (SecOps). Your organization's leadership wants to minimize customization for the new tool for faster deployment. You need to verify that the Google SecOps SOAR and SIEM support the expected workflows for the new third-party tool.
You must recommend a tool to your leadership team as quickly as possible. What should you do?
(Choose two.)

• A.Review the architecture of the tool to identify the cloud provider that hosts the tool.
• B.Configure a Pub/Sub topic to ingest raw logs from the third-party tool and build custom YARA-L rules in Google SecOps to extract relevant security events.
• C.Identify the tool in the Google SecOps Marketplace and verify support for the necessary actions in the workflow.
• D.Review the documentation to identify if default parsers exist for the tool, and determine whether the logs are supported and able to be ingested.
• E.Develop a custom integration that uses Python scripts and Cloud Run functions to forward logs and orchestrate actions between the third-party tool and Google SecOps.

Your company's SOC recently responded to a ransomware incident that began with the execution of a malicious document. EDR tools contained the initial infection. However, multiple privileged service accounts continued to exhibit anomalous behavior, including credential dumping and scheduled task creation. You need to design an automated playbook in Google Security Operations (SecOps) SOAR to minimize dwell time and accelerate containment for future similar attacks. Which action should you take in your Google SecOps SOAR playbook to support containment and escalation?

• A.Add a YARA-L rule that sends an alert when a document is executed using a scripting engine such as wscript.exe.
• B.Create an external API call to VirusTotal to submit hashes from forensic artifacts.
• C.Add an approval step that requires an analyst to validate the alert before executing a containment action.
• D.Configure a step that revokes OAuth tokens and suspends sessions for high-privilege accounts based on entity risk.

You are a security analyst at an organization that uses Google Security Operations (SecOps).
You notice suspicious login attempts on several user accounts. You need to determine whether these attempts are part of a coordinated attack as quickly as possible. What action should you take first?

• A.Look for correlations across impacted users in the Risk Analytics dashboard.
• B.Remove user accounts that have repeated invalid login attempts.
• C.Enable default curated detections to automatically block suspicious IP addresses.
• D.Use UDM Search to query historical logs for recent IOCs associated with the suspicious login attempts.

Your organization uses the curated detection rule set in Google Security Operations (SecOps) for high priority network indicators. You are finding a vast number of false positives coming from your on-premises proxy servers. You need to reduce the number of alerts. What should you do?

• A.Configure a rule exclusion for the target.domain field.
• B.Configure a rule exclusion for the network.asset.ip field.
• C.Configure a rule exclusion for the principal.ip field.
• D.Configure a rule exclusion for the target.ip field.

Your company's SOC analysts frequently submit manual change requests to a system administrator to make changes to the firewall rules on a specific router. You have the integration for the firewall installed and configured with credentials. You want to use the integration to trigger firewall rule changes directly from the Google Security Operations (SecOps) SOAR. Your system administrator requires the ability to manually approve the requested changes prior to deployment.
How should you implement the workflow for analysts to trigger on demand?

• A.Create a playbook where the firewall rule change is a manual step, allowing the analyst to edit the firewall rule as a pending action. Have the analyst email the system administrator with the change. Once approved, the analyst lets the playbook continue.
• B.Create a request in the Google SecOps SOAR settings that includes a field for the firewall rule.Create a playbook that is triggered by this request. Configure the playbook step that makes the firewall rule change to send an approval request from the system administrator. The approval request must include the parameter being changed.
• C.Create an email template for the analyst to get approval for the change from the system administrator. Have the analyst fill out the needed fields, and send the email for approval. Once approved, use a manual action to make the change to the firewall rule from any open case.
• D.Create an account for the system administrator in your Google SecOps instance to allow the system administrator to make the changes from Google SecOps directly. Add an escalation step to enable the analyst to assign the case to the system administrator.