Online Security-Operations-Engineer Practice TestMore Google Products >

Free Google Security-Operations-Engineer Exam Dumps Questions

Google Security-Operations-Engineer: Google Cloud Certified - Professional Security Operations Engineer (PSOE) Exam

- Get instant access to Security-Operations-Engineer practice exam questions

- Get ready to pass the Google Cloud Certified - Professional Security Operations Engineer (PSOE) Exam exam right now using our Google Security-Operations-Engineer exam package, which includes Google Security-Operations-Engineer practice test plus an Google Security-Operations-Engineer Exam Simulator.

- The best online Security-Operations-Engineer exam study material and preparation tool is here.

4.5

(10095 ratings)

Question 1

Your organization's Google Security Operations (SecOps) tenant is ingesting a vendor's firewall logs in its default JSON format using the Google-provided parser for that log. The vendor recently released a patch that introduces a new field and renames an existing field in the logs. The parser does not recognize these two fields and they remain available only in the raw logs, while the rest of the log is parsed normally. You need to resolve this logging issue as soon as possible while minimizing the overall change management impact. What should you do?

A. Use the web interface-based custom parser feature in Google SecOps to copy the parser, and modify it to map both fields to UDM.

B. Use the Extract Additional Fields tool in Google SecOps to convert the raw log entries to additional fields.

C. Deploy a third-party data pipeline management tool to ingest the logs, and transform the updated fields into fields supported by the default parser.

D. Write a code snippet, and deploy it in a parser extension to map both fields to UDM.

Correct Answer:D

Question 2

Your organization has mission-critical production Compute Engine VMs that you monitor daily. While performing a UDM search in Google Security Operations (SecOps), you discover several outbound network connections from one of the production VMs to an unfamiliar external IP address occurring over the last 48 hours. You need to use Google SecOps to quickly gather more context and assess the reputation of the external IP address. What should you do?

A. Search for the external IP address in the Alerts & IoCs page in Google SecOps.

B. Perform a UDM search to identify the specific user account that was logged into the production VM when the connections occurred.

C. Examine the Google SecOps Asset view details for the production VM.

D. Create a new detection rule to alert on future traffic from the external IP address.

Correct Answer:A

Question 3

You are responsible for monitoring the ingestion of critical Windows server logs to Google Security Operations (SecOps) by using the Bindplane agent. You want to receive an immediate notification when no logs have been ingested for over 30 minutes. You want to use the most efficient notification solution. What should you do?

A. Configure the Windows server to send an email notification if there is an error in the Bindplane process.

B. Create a new YARA-L rule in Google SecOps SIEM to detect the absence of logs from the server within a 30-minute window.

C. Configure a Bindplane agent to send a heartbeat signal to Google SecOps every 15 minutes, and create an alert if two heartbeats are missed.

D. Create a new alert policy in Cloud Monitoring that triggers a notification based on the absence of logs from the server's hostname.

Correct Answer:D

Question 4

You recently joined a company that uses Google Security Operations (SecOps) with Applied Threat Intelligence enabled. You have alert fatigue from a recent red team exercise, and you want to reduce the amount of time spent sifting through noise. You need to filter out IoCs that you suspect were generated due to the exercise. What should you do?

A. Ask Gemini to provide a list of IoCs from the red team exercise.

B. Filter IoCs with an ingestion time that matches the time period of the red team exercise.

C. Navigate to the IOC Matches pag

D. Identify and mute the IoCs from the red team exercise.

E. Navigate to the IOC Matches pag

F. Review IoCs with an Indicator Confidence Score (IC-Score) label >= 80%.

Correct Answer:C

Question 5

You are a SOC manager guiding an implementation of your existing incident response plan (IRP) into Google Security Operations (SecOps). You need to capture time duration data for each of the case stages. You want your solution to minimize maintenance overhead. What should you do?

A. Create a Google SecOps dashboard that displays specific actions that have been run, identifies which stage a case is in, and calculates the time elapsed since the start of the case.

B. Configure Case Stages in the Google SecOps SOAR settings, and use the Change Case Stage action in your playbooks that captures time metrics when the stage changes.

C. Configure a detection rule in SIEM Rules & Detections to include logic to capture the event fields for each case with the relevant stage metrics.

D. Write a job in the IDE that runs frequently to check the progress of each case and updates the notes with timestamps to reflect when these changes were identified.

Correct Answer:B

Question 6

Your organization uses Google Security Operations (SecOps) for security analysis and investigation. Your organization has decided that all security cases related to Data Loss Prevention (DLP) events must be categorized with a defined root cause specific to one of five DLP event types when the case is closed in Google SecOps. How should you achieve this?

A. Customize the Case Name format to include the DLP event type.

B. Create case tags in Google SecOps SOAR where each tag contains a unique definition of each of the five DLP event types, and have analysts assign them to cases manually.

C. Customize the Close Case dialog and add the five DLP event types as root cause options.

D. Create a Google SecOps SOAR playbook that automatically assigns case tags where each tag contains the unique definition of one of the five DLP event types.

Correct Answer:C

START Security-Operations-Engineer EXAM