Security-Operations-Engineer Google Exam Questions and Free Practice Test

Question 13

Your organization plans to ingest logs from an on-premises MySQL database as a new log source into its Google Security Operations (SecOps) instance. You need to create a solution that minimizes effort. What should you do?

A. Configure and deploy a Bindplane collection agent

B. Configure a third-party API feed in Google SecOps.

C. Configure direct ingestion from your Google Cloud organization.

D. Configure and deploy a Google SecOps forwarder.

Correct Answer:D

Question 14

During a proactive threat hunting exercise, you discover that a critical production project has an external identity with a highly privileged IAM role. You suspect that this is part of a larger intrusion, and it is unknown how long this identity has had access. All logs are enabled and routed to a centralized organization-level Cloud Logging bucket, and historical logs have been exported to BigQuery datasets.
You need to determine whether any actions were taken by this external identity in your environment.
What should you do?

A. Analyze IAM recommender insights and Security Command Center (SCC) findings associated with the external identity.

B. Use Policy Analyzer to identify the resources that are accessible by the external identit

C. Examine the logs related to these resources in the centralized Cloud Logging bucket and the BigQuery dataset.

D. Execute queries against the centralized Cloud Logging bucket and the BigQuery dataset to filter for logs where the principal email matches the external identity.

E. Analyze VPC Flow Logs exported to BigQuery, and correlate source IP addresses with potential login events for the external identity.

Correct Answer:C

Question 15

Your company's analyst team uses a playbook to make necessary changes to external systems that are integrated with the Google Security Operations (SecOps) platform. You need to automate the task to run once every day at a specific time. You want to use the most efficient solution that minimizes maintenance overhead.

A. Write a custom Google SecOps SOAR job in the IDE using the code from the existing playbook actions.

B. Create a Cron Scheduled Connector for this use cas

C. Configure a playbook trigger to match the cases created by the connector that runs the playbook with the relevant actions.

D. Create a Google SecOps SOAR request and a playbook trigger to match the request from the user to start the playbook with the relevant actions.

E. Use a VM to host a script that runs a playbook via an API call.

Correct Answer:B

Question 16

Your company requires PCI DSS v4.0 compliance for its cardholder data environment (CDE) in Google Cloud. You use a Security Command Center (SCC) security posture deployment based on the PCI DSS v4.0 template to monitor for configuration drift.1 This posture generates a finding indicating that a Compute Engine VM within the CDE scope has been configured with an external IP address. You need to take an immediate action to remediate the compliance drift identified by this specific SCC posture finding. What should you do?

A. Enable and enforce the constraints/compute.vmExternalIpAccess organization policy constraint at the project level for the project where the VM resides.

B. Remove the CDE-specific tag from the VM to exclude the tag from this particular PCI DSS posture evaluation scan.

C. Reconfigure the network interface settings for the VM to explicitly remove the assigned external IP address.

D. Navigate to the underlying Security Health Analytics (SHA) finding for public_ip_address on the V

E. and mark this finding as fixed.

Correct Answer:C

START Security-Operations-Engineer EXAM